Warner Bros Discovery — Critical RCE bounty
TikTok — Business logic vulnerability disclosure
Government of India (NCIIPC) — Critical infrastructure security acknowledgement
CREST Practitioner Security Analyst (CPSA)2025
Founding Engineer · HacktronAIApr 2026 – Present
- Redesigned the repository analysis pipeline with census-driven structural classification and high-precision path inference eliminating context starvation in downstream agents while reducing runtime by an order of magnitude on large repositories.
- Collaborated in improving call-graph building pipeline that directly influenced downstream quality and coverage of vulnerability findings.
- Contributed to autonomous blackbox DAST architecture supporting authenticated scanning, reachability validation, exploit chaining, and environment-dependent vulnerability confirmation.
- Architected and implemented dynamic vulnerability validation for code reviews that supported custom environment builds on-demand to remain tech-stack agnostic and multi-agent system to carry out true validation and exploitation over theoretical metrics.
- Improved multi-agent validation precision across judge pipelines by reducing false-positive propagation through structured context enrichment.
Security Product Engineer · SecurityReviewAI (we45)Jan 2025 – Apr 2026
- Core architect of Orchestron v2 (O2), an autonomous pentest orchestrator spanning reverse engineering, API testing, and authenticated web-application scanning.
- Implemented persistent agent memory enabling multi-step vulnerability chaining and threat-scenario reasoning across attack surfaces.
- Built MCP servers integrating Claude and OpenAI SDK workflows for tool-augmented execution.
- Reduced per-review LLM cost by 88% via Langfuse trace-level observability and workflow optimization.
- Developed SecurityReview-Kit enabling inline developer threat modeling during code generation workflows.
- Automated DevSecOps scanning pipelines adopted org-wide, reducing vulnerability backlog by 90%.
- Performed security architecture reviews for multi-tenant Kubernetes ML inference systems (PyTorch, Ray Serve).
- Audited legacy C/C++ enterprise codebases uncovering memory-safety and privilege-escalation vulnerabilities.
- Designed libAFL fuzzing harnesses discovering parser corruption and deserialization flaws.
- Reverse engineered closed-source binaries using IDA Pro and Ghidra to reproduce exploit chains.
- Technical advisor for global HackerOne triage operations improving classification accuracy and turnaround efficiency.
Languages — Python, Rust, C, C++, Java, Assembly (x86_64 / Armv8)
Agentic Systems — Claude Agent SDK, OpenAI SDK, LangChain, LangGraph, MCP architectures
Backend — FastAPI, Pydantic, APScheduler, Temporal
Program Analysis — IDA Pro, Ghidra, Binary Ninja, AFL++, libFuzzer, Frida
Infra — Docker, Kubernetes, GCP, GitHub Actions, PostgreSQL
Awesome OffSec Claude
- Curated reusable offensive-security agent skills and prompt schemas for reconnaissance, vulnerability discovery, and exploitation workflows.
WordPress Plugin SAST Automation
- Automated security analysis across top plugins using Semgrep + CodeQL with SARIF reporting pipelines.
Techno Main Salt Lake — Bachelor's in Computer Application2021 – 2024