Pentester

Penetration Testing (Pen Tester) Analyst
Report

Report Abuse

Go Back

Candidate Information

Full Name
Sushant Kumar
Age
34
Education
M.E (ECE), MBA (HRM)
Experience
9+
Job Type
Full-time

Contact Details

Phone
+91-7033687490
Email
kumarsushant3009@gmail.com
Address
Greater Noida
State
Uttar Pradesh
Country
India

About candidate

About you
With 9+ years of experience in Application Security and Ethical Hacking, I specialize in identifying and mitigating vulnerabilities across web, mobile, and cloud-based applications. My expertise spans penetration testing, Application Security testing, and helping organizations strengthen their defenses against cyber threats.

Core Skills & Expertise:
Penetration Testing (Web, Mobile, API, Cloud) – Manual & Automated (Burp Suite, OWASP ZAP, Metasploit)
Vulnerability Management (CVE, CVSS Scoring, Remediation Guidance)
Compliance & Standards: OWASP Top 10, NIST, ISO 27001, PCI-DSS, GDPR
What are you looking for in a new role?
Remote Work (Mandatory due to some personal family reason): I thrive in a fully remote environment and have successfully contributed to security projects across global teams.
Open to occasional travel for team meetings or engagements, but remote-first is a must.

Challenging Security Projects: Opportunities to perform advanced penetration testing, red teaming, or security research on complex systems. Interest in cutting-edge tech (AI/ML security, cloud-native apps, zero-trust architectures).

Impactful Security Leadership: Roles where I can mentor junior security engineers, improve security processes, or drive DevSecOps adoption. Ability to influence secure-by-design principles in development lifecycles.

Strong Security Culture: Companies that value security as a business enabler, not just compliance. Teams that encourage ethical hacking, bug bounty participation, or open-source security contributions.

Flexible & Growth-Oriented Environment: Support for continuous learning (conferences, certifications, research time). Autonomy to innovate (tool development, automation, threat intelligence initiatives).

Why Remote?

Proven track record of delivering high-impact security assessments remotely for past 6 years before pandamic also.

Prefer async communication (documentation, clear reporting) with flexibility for deep-focus security work.
What you are interested in working with us?
I’m excited about the opportunity to bring my 9+ years of ethical hacking and AppSec expertise to your team. Your focus on cutting-edge security research, innovative products, or a strong security culture aligns perfectly with my passion for identifying and mitigating complex vulnerabilities.

I thrive in remote, high-impact roles where I can perform deep security assessments, automate offensive security tasks, and mentor teams—all while contributing to a safer digital ecosystem. Let’s collaborate to strengthen your defenses and stay ahead of threats.
What has been most challenging experience in a past role?
Critical API Vulnerability Exposed After Bypassing SSL Pinning & Root Detection

Challenge:
During a red team engagement for a connected car platform, the vendor assured us their app was "secure" due to SSL pinning, root/jailbreak detection, and obfuscated APIs. However, I discovered a chain of flaws leading to remote car control.
Attack Path:
Bypassed SSL Pinning: Used Frida hooking to intercept/modify traffic despite certificate pinning. Discovered hardcoded API keys in the app’s obfuscated Kotlin code.

Evaded Root/Jailbreak Detection: Patched the app’s root checks using Magisk modules + custom tweaks.

Exploited Unsecured Telematics API

Impact:

Full remote car hijacking: Attacker could locate, unlock, start, and disable any vehicle.

Cover latter

SUSHANT KUMAR
Greater Noida
Gautam Buddha Nagar, Uttar Pradesh 201306
kumarsushant3009@gmail.com
+91-7033687490

08-05-2025

Subject: Application for Remote Penetration Testing (Pen Tester) Analyst

Dear Team,

I am excited to apply for the Pen Tester Analyst position at Naukri Mitra. With 9+ years of experience in Penetration Testing and Application Security, including work in Android, iOS, Web Applications, and Network PT, I have developed a deep expertise in identifying and mitigating critical security risks. My role in PFR (Penetration Testing & Red Teaming) has allowed me to uncover high-impact vulnerabilities in complex environments, ensuring robust security for clients across industries.

One of my most challenging engagements involved bypassing SSL pinning and root detection in a connected car platform, where I discovered an API flaw that could have led to remote vehicle hijacking. Through reverse engineering and custom exploit development, I demonstrated how an attacker could control critical systems, leading to major security enhancements in the automotive client’s infrastructure. My ability to think like an attacker while delivering actionable defenses has helped organizations preemptively secure their assets.

I am eager to bring my offensive security skills to your team, helping to strengthen defenses, automate security testing, and mentor junior analysts. I thrive in collaborative, remote environments and am passionate about staying ahead of emerging threats.

I would welcome the opportunity to discuss how my experience aligns with your security goals. Thank you for your time and consideration—I look forward to your response.

Best regards,
Sushant Kumar