ABOUT EXPERIENCE SKILLS BOUNTY CERTS CONTACT
AVAILABLE_FOR_HIRE
SENIOR_SECURITY_ENGINEER.exe

AJITH
KUMAR

AppSec · Pentester · Bug Hunter · Red Team _

SYNACK RED TEAM YOGOSHA STRIKE FORCE OSWE CERTIFIED CRTP CERTIFIED 6+ YEARS EXP 70+ HALL OF FAME
INITIATE_CONTACT VIEW_INTEL RESUME.PDF
6+
YEARS_IN_CYBERSEC
70+
HALL_OF_FAME
T300
SYNACK_ALL_TIME
T200
YOGOSHA_ALL_TIME
SCROLL
01.

ABOUT.

Senior security engineer with over 6+ years of deep cybersecurity experience. I specialize in application security, penetration testing, source code analysis, secure design review, threat modeling, and red teaming.

A seasoned Bug Bounty hunter and active member of the Synack Red Team and Yogosha Strike Force, recognized in 70+ Hall of Fame programs worldwide.

Currently researching emerging and under-explored attack vectors including cache vulnerabilities, TOCTOU race conditions, and dependency confusion.

whoami.sh
➜ ~ cat profile.json {   "name": "Ajith Kumar",   "role": "Sr. Product Security Engineer",   "location": "Hyderabad, India",   "exp_years": 6,   "current_employer": "ServiceNow",   "bug_bounty_rank": "Elite",   "hof_count": "70+" }
➜ ~ ./research_focus.sh # Currently targeting: → Web Cache Deception → TOCTOU Race Conditions → Dependency Confusion → Client Side Path Traversal
02.

EXPERIENCE.

ServiceNow
SEP 2025 → PRESENT
Senior Product Security Engineer · Hyderabad
  • XSS variant hunting — discovered multiple variants within the ServiceNow platform and implemented platform-level fixes
  • Found remote code execution vectors via reference qualifiers in the ServiceNow platform
  • Researched and implemented Client Side Path Traversal attacks; built Fortify rules for release capture
  • Performed security architecture reviews for applications and feature releases
  • Conducted internal Brown Bags on MCP Server Security and AI in Security
Zoho
MAY 2024 → PRESENT
Member Technical Staff — Application Security Engineer · Chennai
  • Manual code reviews and design reviews for new features using in-house SAST tool (Hacksaw)
  • Threat modeling using STRIDE methodology for new features and native applications
  • Triaged and managed bug bounty tickets from external and internal researchers
  • Built automations for code reviews, bug bounty management, and a daily security news bot (Rorschach)
  • Pentested Android mobile apps and researched XSS prevention filter bypasses
Securin
OCT 2021 → MAY 2024
Security Analyst — Penetration Tester · Chennai
  • Large-scale Network Penetration Testing including Active Directory environments
  • Web application, REST API, GraphQL and Thick-Client penetration testing
  • Developed multiple plugins for the Sonar vulnerability scanner
  • On-site Network Penetration Testing at Equinix Singapore
  • iOS application security testing and assessment
Avasoft
DEC 2019 → SEP 2021
Software Engineer — Penetration Tester · Chennai
  • Led a team in vulnerability identification across web, mobile, and network security assessments
  • Integrated automated SAST/DAST and vulnerability scanning into CI/CD pipelines
  • Built an internal application using ReactJS and micro-container architecture
03.

ARSENAL.

OFFENSIVE SECURITY
BurpSuite Caido OWASP ZAP Web App Pentesting API Pentesting Mobile Pentesting Network Pentesting GraphQL
APPLICATION SECURITY
Source Code Review Threat Modeling STRIDE Design Reviews Secure Coding Semgrep Snyk Hacksaw
VULNERABILITY SCANNING
Nessus Acunetix Decompilers Exploit Automation Active Directory Thick-Client
LANGUAGES & SCRIPTING
Python JavaScript C# Java PHP Deluge Bash ReactJS
PLATFORMS & OS
Linux macOS Windows GIT CI/CD Security AWS
RED TEAM & RESEARCH
Red Teaming Cache Deception TOCTOU Dep. Confusion Race Conditions CTF Development
04.

BUG BOUNTY.

ELITE TEAM
T300
Synack Red Team
All-time Top 300 on the prestigious Synack Red Team — one of the world's most vetted private bug bounty platforms
STRIKE FORCE
T200
Yogosha Strike Force
All-time Top 200 on Yogosha's exclusive Strike Force — a curated elite team of security researchers
RECOGNITION
70+
Hall of Fame
Acknowledged in 70+ bug bounty programs' Hall of Fame for responsible disclosure of critical security vulnerabilities
ACTIVE
Current Research
Attack Vector Research
Web Cache Deception · TOCTOU Race Conditions · Dependency Confusion · Client Side Path Traversal · XSS Filter Bypasses
05.

CERTIFICATIONS.

OSWE
Offensive Security Web Expert
by Offsec
CRTP
Certified Red Team Professional
by Pentester Academy
CEH
Certified Ethical Hacker
by EC-Council
AWS
AWS Certified Security Specialty
In Progress — Amazon Web Services
06.

CONTACT.

// INITIATING SECURE CHANNEL

Let's work
together.

ajithyodo@gmail.com LinkedIn Profile +91 7904 2818 05