January 4, 2023

Varun Bhat
Contact Security Analyst
Information MCA Post Graduate with 3+ years of experience in the Phone: (91) 9449441363
Cyber Security Industry
R V College of Engineering E-mail: v.bhat24@gmail.com
Bangalore, Karnataka

#826 Girija
10th Cross, 3rd Block 3rd Cross
Koramangala
Bangalore, Karnataka
Pin-560034
LinkedIn - https://www.linkedin.com/in/evils0cket/

Career Objective To obtain an opportunity to work with experienced product security engineers that will help me
enhance my analytical and problem solving skills in the Product Security Domain.

Profile Summary Experienced security consultant with a demonstrated history of working in the IT security industry.
Skilled in Dynamic (web) application security testing ,Vulnerability Assessment and Penetration
testing of Web Services (APIs)
Skilled in execution of Internal and External Network Pentests
Skilled in Performing Cloud Baseline Audits (AWS, Azure, GCP)
Ability to perform Deep Dive Audits and Config Reviews for AWS
Skilled in Static and Dynamic source code security reviews.

Work Experience Appsecco

Remote (Full-Time)
Security Consultant
Subcontracted to Razorpay
August 2022 - Present

ˆ Worked on VAPT assessments for Razorpay Web Applications and third party integrations
(Whitebox)
ˆ Involved in Pentesting several APIs and internal Microservices in Razorpay Products
ˆ Performed Code Reviews alongside VAPT
ˆ Performed SAST and DAST using Semgrep (PHP, Golang)
ˆ Involved in payment gateway security testing for several bank intergations
ˆ Tools and Technologies Used: Burp Suite, Semgrep, Jira, Git, Nuclei

Security Analyst
October 2020 - August 2022

ˆ Worked on VAPT assessments for various internal and external Web Applications (Blackbox)
ˆ Worked extensively on resarch and execution of OSINT engagements for clients
ˆ Worked on API Pentesting
ˆ Worked on Internal and External Network Pentests
ˆ Worked on Cloud Baseline Audits for GCP, Azure and AWS environments
 ˆ Worked on Deep Dive AWS audits
ˆ Tools and Technologies Used: Burp Suite, Nessus, Metasploit, Nuclei, Nmap

OffensiveAI Now branded as Red Sentry

Remote (Part-Time)
Security Programming Extern
March 2020 - August 2020

ˆ Responsible for coding the Reconnaissance module of the bug bounty automation tool
ˆ Closely involved in the analysis of open source tools available in the market, customize the
tools and add it to the already developed engine
ˆ Involved in collection and storage of payloads used in disclosed reports from various bug bounty
websites
ˆ Worked on templating various CVEs to be used for automated detection of vulnerabilities in
targets
ˆ Programming Languages Used: Python

Texas Instruments
Bangalore
Reporting Analyst Intern
Feb 2019 - June 2019

ˆ Responsible for the design and development of New Product Development Design Dashboard
ˆ Worked with the Supply Chain TMG team to develop a SAP Business Object dashboard that
allows quick global tracking of design site metrics.
ˆ Automated the process of report generation from Excel to Business Objects
ˆ Developed a generic report easily replicable at each design site across TI - WW
ˆ Optimized Query Perfomance to achieve faster report generation
ˆ Primary Skills: Advanced Excel, SQL, Report Development in SAP Business Objects
ˆ Tools and Technologies Used: Oracle 11g, SAP BO Web Intelligence, PL/SQL Developer,
SAP BO Universe Designer Tool

Education R V College of Engineering, Bangalore, Karnataka August 2016 - July 2019

Master of Computer Applications (CGPA 7.83/10)

Surana College, Bangalore, Karnataka 2013 - 2016

Bachelor of Computer Applications 60%

National Public School Koramangala, Bangalore (CBSE), Karnataka 2011 - 2013

All India Senior School Certificate Examination 69.4%

The Indian High School, Dubai (CBSE) 2003 - 2011

Secondary School, All India Secondary School Examination (CGPA 8.2/10)

Certifications Burp Suite Certified Practitioner:- Portswigger Expected Q1 2023

HackTheBox Certified Bug Bounty Hunter:- Hackthebox Expected Q1 2023
Microsoft Certified: Azure Security Engineer Associate (AZ-500):- Microsoft 2023
AWS Certified Security Specialty (SCS-01):- AWS 2021
EC-Council Certified Security Analyst(ECSA v10 Masters):- EC Council 2020
 Certified Ethical Hacker(CEH v10 Masters):- EC Council 2020

Additional Web Application Security Portswigger Web Security Academy

Training Cloud Security Cloud Academy
Cloud Security, AWS Pentester Academy
Web Application Security PentesterLabs
Pentesting Hackthebox Academy
Pentesting Tryhackme

Technical Strongest Areas: OSINT, Network Pentesting, Computer Networks, Cloud Security Audits and
Skills Config Reviews (AWS)
Web Application Security, Internet of Things
Programming and Scripting Languages: Python, Shell Scripting (Bash), PHP
Operating Systems: Windows, Windows WSL, Ubuntu, Kali Linux, Parrot
Tools/Frameworks: Git, Bootstrap, Advanced Excel, Powerpoint, Django, LATEX
Security Tools: Nessus, Burp Suite, Metasploit, Hydra, Sqlmap, Aircrack-ng, Other OSS Tools
Database Tools: Oracle, MySQL, PL/SQL, SQLite, Redis

Relevant Data Structures and Algorithms, Operating Systems, Databases

Courses of Advanced Object Oriented Programming, Enterprise Applications Programming,
Interest Mobile Application Development, Network Security

Summary Of ˆ Well acquainted with exploitation tools such as Metasploit,Hydra,Burpsuite,aircrack-ng,sqlmap

Relevant
ˆ Stellar problem solving and critical thinking skills
Skills
ˆ Sound analytical skills in detecting anamolies in Web application and sound knowledge of
Cryptography Principles
ˆ Profound knowledge of VAPT, Network Pentests, OSINT and Cloud Audits
ˆ Self-directed with the ability to meet deadlines
ˆ Fast learner with the ability to learn new skills and Application/Product technologies

Summary of ˆ Samsung India Customer Base PII - (Private)

Substantial Bug
ˆ Sensitive Data Exposure through public API - Dotpe
Bounty Findings
ˆ Sensitive Data Exposure through Public API - Lazypay
ˆ Sensitive Data Exposure through Public API, Pivoting Access to Internal Customer Portals -
Shiprocket
ˆ Sensitive Data Exposure through Public API , OpenRedirect - StarHealth
ˆ Sensitive Data Exposure through Public API - Swiggy

Selected Projects ˆ Counter Strike Skin Trading Bot

Technologies Used: Python
Description: A python script designed to scrape prices of in-game items from various 3rd
party websites and map it to market price based on certain profitable conditions. The script
finds out cheapest and profitable CSGO trade offers across multiple sites in an automated
fashion.
 ˆ Web of Things Portal for Home Automation
Technologies Used: Python, NodeJS, Bootstrap
Description: A NodeJS web application that allows users to control home appliances. The
application also provides live streaming of security cameras installed at the home premises.
Users can view the state of home appliances. Real-time monitoring of Temperature, Humidity
and Gas Levels along with SMS and email notifications are also enabled.
ˆ Home Automation using Flask
Technologies Used: Python, Flask, Bootstrap
Description: A portal developed using Flask that allows easy control of various actuators
and sensors connected to the Raspberry Pi.
ˆ Smart Pet Feeder
Technologies Used: Python, PHP, MySQL, Bootstrap
Description: An IoT enabled pet feeding system. RFID tags enable pets to be fed custom
amounts of food based on their age and weight. The system can also be controlled using email
commands. The project uses a PHP web interface to monitor the feeding logs. Users can
live stream their pets from anywhere in the world. Feeding details are sent out via SMS and
email. portal developed using Flask that allows easy control of various actuators and sensors
connected to the Raspberry Pi.
ˆ Online Recharge Wallet
Technologies Used: PHP, MySQL, Bootstrap
Description: An online wallet which enables user’s to recharge DTH, Prepaid Phones and
pay Postpaid bills. Administrators have access to adding plans, updating and deleting plans,
viewing feedback from users, responding to user tickets and viewing transactions.

Interpersonal ˆ Attentive
Skills
ˆ Determined
ˆ Good Team Player
ˆ Stellar Communication

Awards And ˆ Secured 26th Rank All India in PGCET Entrance Exam, Karnataka, 2016
Achievements
ˆ Secured 1st Place in Web Designing MCA IT Forum, R V College of Engineering, Bangalore,
2016
ˆ Secured 2nd Place in Web Designing Christ University, Bangalore, 2015
ˆ Secured 1st Place in Web Designing Presidency College, Bangalore, 2015
ˆ Secured 2nd Place in Web Designing KLE College, Bangalore, 2014

Hobbies Bug Bounty Hunting, Reading Novels, Watching Documentaries, Solving Puzzles, Playing Chess

Personal Name : Varun Jayaram Bhat

Profile Date of Birth : 26th June 1995
Languages Known : English, Konkani, Hindi, Kannada

Declaration I hereby declare that the information given above is true and correct to the best of my knowledge
and belief.

Place: Bangalore
Date: (VARUN JAYARAM BHAT)