Sourav Kumar

souravkumar1691@gmail.com | github.com/souravkr529 | souravkr529.github.io | Delhi, India

Professional Summary

Senior Security Engineer with 5 years of experience in application security, cloud security, and VAPT. Experienced in leading security initiatives, mentoring and guiding teams, working closely with development and cloud infrastructure teams, and driving risk-based security decisions in Agile delivery environments.

Professional Experience

EDTECH COMPANY Delhi
Security Engineer L2 Jul 2024 - Present
  • Led a team of security analysts, overseeing end-to-end security Vulnerability Assessment and Penetration Testing for web applications, APIs, and Android mobile platforms
  • Integrated security best practices with dev teams, reducing incidents by 30% through VA&PT audits
  • Managed AWS infrastructure with an outsourced team, ensuring secure daily operations while implementing cost-optimization strategies that reduced overall cloud spend by approximately 30%
  • Guided team to configure AWS WAF, GuardDuty & Security Hub, reducing attack surface by 40%
  • Integrated Wazuh SIEM with active response for real-time threat detection and incident response
  • Supported ISO 27001 (ISMS) & ISO 27701 (PIMS) implementation - cloud & application security controls
MULTIPLE PRODUCT DISTRIBUTOR COMPANY Noida
Security Analyst Jan 2022 - Jun 2024
  • Identified 50+ critical vulnerabilities through static and dynamic analysis of web apps
  • Managed security tools: Burp Suite, MobSF, APKtool, Frida, Nmap, Nessus, SonarQube, OWASP ZAP
  • Reduced security incidents by 25% through comprehensive security policies and training
  • Trained 20+ developers on OWASP Top 10, improving secure coding practices
CYBERSECURITY COMPANY Lucknow
Junior Security Analyst Jun 2021 - Dec 2021
  • Discovered 15+ vulnerabilities in client applications through VA&PT assessments
  • Conducted security scans using Nmap, Nikto, OWASP ZAP; documented findings and remediation steps

Technical Skills

Security Testing: VAPT, Burp Suite, OWASP ZAP, Nessus, Nmap, Nikto, SonarQube, SAST/DAST
Mobile Security: MobSF, APKtool, Jadx-gui, Frida, Android Security Testing
AWS Security & DevSecOps: GuardDuty, Security Hub, AWS Inspector, IAM, CI/CD Security, CloudTrail
SIEM & Logging: Wazuh, Syslog, CloudFront, ALB, VPC Flow Logs, Apache/Nginx Logs, Web Application Firewall (WAF)
AI/ML: Ollama LLM, AWS Rekognition, LLM Fine-tuning, Serper API, Cert: Open-source LLMs & RAG
Compliance: ISO 27001 (ISMS), ISO 27701 (PIMS), ISO 9001 (QMS), DPDP Act, PII Protection

Achievements & Certifications

ā€¢ CVE-2022-3585 ā€” Author of CVE
ā€¢ EC-Council CEH (Certified Ethical Hacker)
ā€¢ Hall of Fame ā€” U.S. Dept of Energy, TrendMicro
ā€¢ AWS Certified Cloud Practitioner
ā€¢ Bug Bounty ā€” Urban.io, CircleCI & more
ā€¢ Certified ScrumMaster (CSM)

Open Source Projects

Local ReconX VAPT Recon
Malware Analyzer AI Static Analysis
AWS ALB Analyzer Bandwidth Cost Saver
Private RAG Chatbot TinyLlama + Local RAG