Download PDF

Vivek Ghinaiya

Application Security Engineer | Penetration Tester
Surat, Gujarat, INDIAeJPT CertifiedISO/IEC 27001TryHackMe Top 1%
Download ResumeView GitHub
Summary

Application Security Engineer with 4+ years of experience securing web applications, APIs, mobile apps, and cloud-native environments across Azure, AWS, and Kubernetes. I specialize in finding vulnerabilities — and more importantly, figuring out why they keep happening and building guardrails so they don't come back, helping reduce critical risk exposure by over 60% by focusing on root causes rather than just individual findings.

I've built AI-assisted security tools and worked with LLMs to automate vulnerability triage and detection workflows. On the DevSecOps side, I've integrated SAST, SCA, DAST, and secrets detection into CI/CD pipelines to make secure development the easiest path for engineers, not the hardest. Beyond AppSec, I monitor and investigate security incidents daily using Wazuh, manage EDR across enterprise endpoints, and enforce cloud security controls across Azure and AWS environments — taking end-to-end ownership from threat modeling and identifying gaps to writing fixes and closing the loop with engineering teams.

Certifications
eJPT
eLearnSecurity
eLearn Security Junior Penetration Tester
AZ-900
Microsoft
Microsoft Azure Fundamentals
ISO 27001
Skillfront
ISO/IEC 27001 Information Security
Work Experience
FYNXT, Surat, Gujarat
Application Security Engineer (Lead Penetration Tester)
MAY 2025 – PRESENT
  • Conduct penetration testing on web applications, APIs, networks, Docker, and Kubernetes environments to identify, validate, and remediate critical security vulnerabilities.
  • Develop custom tools and scripts to automate vulnerability detection, streamline assessments, and enhance testing efficiency within the CI/CD pipeline.
  • Perform Threat Modeling (STRIDE, data flow diagrams, risk analysis) during application design and architecture reviews.
  • Monitor and triage daily security alerts through SIEM tools (Wazuh), ensuring rapid incident validation and timely threat response.
  • Built AI-assisted security tools using LLMs to automate vulnerability triage, streamline PR security reviews, and speed up initial incident analysis.
  • Implement secure SDLC pipelines integrating SAST, SCA, and DAST to strengthen code security and minimize production risks.
  • Managed EDR (endpoint detection and response) across enterprise endpoints; enforced cloud security controls across Azure and AWS.
  • Lead comprehensive VAPT cycles aligned with product releases, producing detailed reports with risk classifications and remediation guidance.
  • Led security incident response as primary point of contact across applications and infrastructure.
  • Execute phishing awareness campaigns, security simulations, and internal training sessions.
  • Designed and reviewed cybersecurity architecture for application and infrastructure environments.
  • Create and maintain Internal Threat Intelligence Reports, analysing threats, attack trends, and indicators.
  • Support internal and external ISMS audits as both auditee and internal auditor.
  • Lead internal Red Team Exercises including phishing campaigns, social engineering simulations, and physical security testing.
  • Participated in ISO/IEC 27001 ISMS implementation and internal audits, including risk assessment and control mapping.
SecIQ Technology, Bangalore, Karnataka (Remote)
Senior Security Analyst
SEP 2024 – APRIL 2025
  • Conduct web, API, and Android penetration tests to identify and remediate vulnerabilities.
  • Provide security consulting to global clients, ensuring compliance with best practices.
  • Perform SCA, SAST, DAST, and cloud security assessments for data protection.
  • Develop secure coding guidelines and train teams on integrating security into SDLC.
  • Addressed over 300+ vulnerabilities, contributing to improved product security.
  • Executed comprehensive network security assessments to uncover critical weaknesses.
  • Created detailed vulnerability reports with actionable remediation plans.
  • Conducted workshops on secure development practices, boosting team security capabilities.
SecIQ Technology, Bangalore, Karnataka (Remote)
Security Analyst
MAR 2022 – AUG 2024
  • Conducted web, API, and Android penetration tests.
  • Performed cloud security assessments to ensure safety and security of client data.
  • Collaborated with cross-functional teams to enhance cybersecurity awareness.
  • Provided security consulting to global clients, ensuring compliance with best practices.
Virtually Testing Foundation, USA (Remote)
Security Analyst Intern
OCT 2021 – FEB 2022
  • Gained hands-on experience with OWASP Top-10 vulnerabilities and practical labs.
  • Developed foundational knowledge in Kubernetes, virtualization, and network security.
  • Gained industry-level knowledge about cybersecurity and professional development.
Technical Skills
Penetration Testing
  • Web Applications
  • REST APIs
  • Mobile (Android)
  • Cloud
  • Kubernetes
  • Thick Client
  • Manual Testing
  • Exploitation
  • Remediation
Cloud Security
  • Azure
  • AWS
  • Docker
  • Kubernetes
  • Container Misconfig Assessment
  • LLM Integration
  • AI-Powered Security Agents
  • Automated Triage Pipelines
Network Security
  • Vulnerability Management
  • Firewall Review
  • SIEM
  • Endpoint Security
  • OSINT
  • Network Analysis
DevSecOps & Secure SDLC
  • SAST
  • SCA
  • DAST
  • CI/CD Integration
  • SonarQube
  • Trivy
  • Secrets Detection
  • Secure Coding Guidelines
Security Tools
  • Burp Suite Pro
  • OWASP ZAP
  • Nmap
  • Nessus
  • Postman
  • Wireshark
  • Nuclei
  • Metasploit
  • SQLmap
  • Recon-ng
  • Wazuh
Automation & Scripting
  • Python
  • Bash
  • Custom Vuln Enumeration Scripts
  • AI-Assisted Security Tools
  • LLM Workflows
Red Teaming
  • Adversary Simulation
  • Social Engineering
  • Physical Security Testing
  • Assumed Breach
  • Lateral Movement
  • Threat Hunting
  • Reconnaissance
  • Incident Response
CTF & Bug Bounty
  • Hack The Box
  • TryHackMe (Top 1%)
  • HackerOne
  • Bugcrowd
  • Intigriti
Key Achievements
300+
Vulnerabilities Identified & Remediated
Across web, API, mobile, and cloud environments throughout career.
60%+
Critical Risk Exposure Reduced
Through structured VAPT cycles and proactive security engineering.
Top 1%
TryHackMe Global Ranking
Active contributor on HackerOne, Bugcrowd, and Intigriti with acknowledged responsible disclosures.
2023
Best Employee Award
Awarded Best Employee of 2023 at SecIQ Technologies for outstanding security contributions.
Bug Bounty
HackerOne
Bugcrowd
Intigriti
TryHackMe
Hack The Box

Active contributor with acknowledged responsible disclosures across SaaS, fintech, and e-commerce platforms. Ranked Top 1% on TryHackMe globally.

Education
St. Xavier's College
Bachelor of Science
Ahmedabad, Gujarat
CGPA: 6.4
2019 – 2022

Designed with Next.js, Framer Motion & TailwindCSS

© 2026 Vivek Ghinaiya. All rights reserved.