Profile

About me

Hey there, I'm a Security Engineer from India currently working at a FinTech startup. I spent years on the offensive side—previously at Payatu, where I co-led the Red Team Tower and worked alongside some incredibly sharp cybersecurity engineers. These days, I channel that breaking-things mindset into building things that don't break easily: designing secure infrastructure, automating detection pipelines, and hunting for weak points before attackers do. Whether I'm hardening cloud environments, shipping security tooling, or burning through Boot2Root machines in my homelab, I'm driven by the same challenge—turning complex security problems into clean, practical defenses. I'm deeply passionate about solving complex cybersecurity challenges—whether they come through real-world projects, CTFs, Boot2Root Machines, or personal Homelab projects.

As someone who is entrusted with the task of protecting organizations from cyber risks and vulnerabilities, I evaluate their products and infrastructure, pinpoint potential issues, and offer comprehensive remediation plans to minimize the risk of cyber-security incidents. Moreover, I maintain a platform where I share my views on different Cyber Security matters. Interested readers can explore my blog to find such articles.

P.S: If it interests you to know why I go by the alias 0xpurecha0s, read this.

What I'm doing

  • Infrastructure & Network Security

    I can help perform in-depth infrastructure and network security assessments for your organization. These assessments are designed to uncover misconfigurations, exposed services, insecure protocols, and architectural weaknesses across on-prem, cloud, and hybrid environments. I've conducted such evaluations for numerous organizations, including several in the Fortune 500, helping them strengthen their foundational security posture and mitigate real-world risks.

  • Website Pentesting

    I offer comprehensive web application penetration testing to identify and exploit vulnerabilities in websites, APIs, and associated backend components. These assessments simulate real-world attack scenarios — including injection flaws, authentication bypasses, business logic abuse, and client-side attacks — to evaluate the security of your application. I've tested a wide range of applications, from startups to enterprise-grade platforms.

  • Mobile Application Pentesting

    I also have some background in testing for security issues in Mobile Application (iOS/Android).

  • Cloud

    I have a very strong background in testing for security issues on cloud platforms like Azure and AWS. I have highlighted very serious configuration issues which have helped organization in securing their Cloud Infrastructure.

Career

Resume

Education

  1. Dronacharya College of Engineering, Gurgaon

    2015 — 2019

    Bachelors of Technology (B.Tech) - Information Technology

Work Experience

  1. FinTech (Confidential)

    February 2026 - Present
    Security Engineer - SDE II (DevOps and Security)
    1. Architecting and implementing DevSecOps pipelines by integrating automated security controls across CI/CD workflows, ensuring vulnerabilities are identified and remediated pre-deployment across multiple engineering teams.
    2. Owning Kubernetes cluster security by enforcing pod security policies, RBAC configurations, network policies, and runtime threat detection to ensure container workloads meet compliance and security benchmarks.
    3. Driving cloud security posture management across cloud environments, identifying misconfigurations, enforcing least-privilege access controls, and establishing guardrails to protect critical financial infrastructure.
    4. Collaborating with engineering and product teams to embed security best practices into the software development lifecycle (SDLC), delivering training and guidance on secure coding, secrets management, and dependency hygiene.

  2. Confidential (Security Consulting)

    August 2024 - February 2026
    Security Engineer
    1. Working on multiple projects involving Infrastructure, Network, and Cloud Security assessments concurrently, offering guidance on understanding their business implications and devising actionable remediation strategies.
    2. Undertook comprehensive security measures for both AWS cloud and on-premise infrastructure within the Red Team, ensuring complete protection and responsible red teaming practices.
    3. Designed and implemented custom security assessment tools and automation scripts to enhance testing efficiency, evidence collection, and reporting accuracy across multiple client engagements.

  3. Payatu

    October 2021 - August 2024
    Senior Security Engineer (April 2023 - August 2024)
    1. Managed multiple projects involving Red Team/Adversary Simulation, Network, and Cloud Security assessments concurrently, offering guidance on understanding their business implications and devising actionable remediation strategies.
    2. Automated provisioning and configuration of Red Team infrastructure, including C2 servers, GoPhish, and Evilginx, utilizing Terraform, Ansible, and Docker automation. Achieved a 67% reduction in weaponization efforts through streamlining processes.
    3. Undertook comprehensive security measures for both AWS cloud and on-premise infrastructure within the Red Team, ensuring complete protection and responsible red teaming practices.
    4. Crafted a documentation framework employed as a collaborative knowledge repository for Red Team Assessments, facilitating the generation of timelines, recording significant events and details, ensuring thorough documentation of assessment's activity.
    5. Conducted client training sessions aimed at safeguarding against social engineering threats. Delivered comprehensive instruction on various techniques and tactics to fortify defenses against these types of attacks.
    Security Engineer (May 2022 - March 2023)
    1. As a Co-Lead, provided guidance and oversight within the Red Team. Developed strategies for continuous training to ensure Red Team remained current with the latest technologies, resulting in a highly effective team within the organization.
    2. Communicated and collaborated with clients, vendors, and relevant authorities to contribute to strategic planning, identify potential vulnerabilities, and devise effective risk mitigation strategies.
    3. Developed and documented strategies and Standard Operating Procedures (SOPs) to optimize Vulnerability Assessments/Penetration Testing (VAPT) and Adversary Simulation (Red Team) practices within the organization, enhancing efficiency and effectiveness.
    4. Crafted numerous Capture The Flag (CTF) challenges centered around Network and Cloud domains to support a recruitment campaign.
    Associate Security Engineer (October 2021 - April 2022)
    1. Performed comprehensive security evaluations on client infrastructure and web applications through vulnerability assessments, penetration tests, red team simulations, and social engineering attacks. To identify security vulnerabilities, expedited remediation processes, and minimized overall risk exposure.
    2. Automated internal and external network vulnerability and service scanning using wrapper scripts for tools like nmap, masscan, and nuclei, optimizing workload distribution and improving result accuracy while reducing scan time by 52% and inaccuracy by 3%.

  4. Web and Solution Architect (Intern) at Panchsheel Pvt. Ltd.

    January 2019 — May 2019

    Interned as a Web and Solutions Architect at Panchsheel Pvt. Ltd. Introduced many changes to their website incorporating many performances and security issues. Created several tests and scripts for optimisation & deployment of production-level changes eventually leading to faster deployments according to requirements from the Marketing and Sales team.

  5. Solutions Architect and Android Engineer (Intern) at Orgzit

    June 2018 — July 2018

    Interned as a Solutions Architect and Android Engineer at Orgzit. Created close to 50 Unique Solutions and Project Templates specially catering to the requirements and problems faced by Clients from various sectors/industries. Resolved some performance issues on Orgzit's mobile platform leading to better end-user satisfaction.

My skills

  • Web Application Security
    75%
  • Cloud & Offensive Security
    85%
  • Network VAPT
    90%
  • Social Engineering & OSINT
    80%

Reach Out

Contact

Get in Touch ?

As another option, you could choose to complete and submit this form.