Vivek Yadav

Senior Security Expert • OSCP, CREST • Freelance Cybersecurity Consultant

Cybersecurity leader with 7+ years in offensive security, AppSec/VAPT, cloud security, and AI/LLM security — available for Freelance and Contract engagements.

View Projects Email Download Resume
Portrait of Vivek Yadav

About Me

I'm a Cyber Security Engineer with over 7 years of experience, seeking opportunities in a progressive organization focused on IT Security. I am passionate about continuous learning and growth in the cybersecurity field.

Certifications

Offensive Security Certified Professional (OSCP)

Advanced hands-on penetration testing certification demonstrating expertise in exploit development, lateral movement, and real-world adversary tradecraft.

CREST Certifications

Practitioner Security Analyst (CPSA) and Registered Penetration Tester (CRT) validating professional-grade penetration testing methodology and reporting.

Certified in Cyber Security — (ISC)² CC

Foundation-level certification covering security principles, network, access management, and incident response.

ISO/IEC 27001 — ISMS Lead Auditor

Lead auditing of information security management systems aligned with ISO 27001 controls and governance.

Freelance Cybersecurity Consulting & Penetration Testing

Freelance availability for limited side engagements. Hire me for high-impact assessments and advisory.

  • Web,Mobile and API Penetration Testing (black/gray box)
  • Infra and Network Security Testing
  • Application Security Reviews (SAST, dependency risk, secure SDLC)
  • Cloud Security Assessments (AWS/Azure/GCP)
  • DevSecOps
  • Threat Modeling Workshops (STRIDE, attack trees)
  • Bug Bounty Program Design & Triage
  • AI/LLM Security Audits (prompt injection, data exfiltration, jailbreaks)
  • Red Teaming & Adversary Emulation
  • Security Automation & Tooling
Book a Freelance Consultation See Projects

Hall of Fame & Appreciations

SkyScanner
Under Armour
Redox
Western Union
Indeed
Binance
Intel
Govt. Websites

Professional Experience

  1. June 2024 — Present

    Product Security Analyst — HackerOne

    • Application Security (VAPT/Pentesting)
    • Bug Bounty Triaging & Bug Bounty Hunting
    • Security Issue Mitigation
  2. May 2021 — June 2024

    Senior Security Expert — ixigo (Le Travenues)

    • Sensitive information Monitoring
    • Security Automation
    • Employee Security Awareness
    • PII Security
    • Financial Services (APIs) Security
    • Phishing/Spoofing Protection
    • Cloud & Infra Security
    • Code Security (SAST, Dependency scanning)
    • Internal Security Policy
    • Application Security
    • Google Workspace Security
    • Public Asset Monitoring (Git, Shodan, S3)
    • Bug Bounty Process Implementation
    • Threat Modeling (STRIDE)
    • Domain Infringement Protection
    • ISO 27001, PCI-DSS, DL-SAR Audits
  3. Feb 2020 — May 2021

    Cyber Security Engineer — InfoEdge India Ltd.

    • Security Automation Using Python
    • Fraud Analysis and Prevention
    • Secure Code Review & Automated Dependency Patching
    • Web & Mobile Application Security
    • Network/Server/Cloud/Docker/VOIP/OS Security
    • Active Directory Penetration Testing
    • Code Coverage (CodePulse)
    • Threat Monitoring (Watcher)
    • Docker Security Scanning
  4. Mar 2018 — Feb 2020

    Cyber Security Analyst — Kratikal Tech Pvt. Ltd.

    • Security testing across Web, APIs, Infra, Network, Mobile, Cloud, Thin-Client, E-Commerce Payment, Wireless
    • Forensic analysis of data breach cases using logs and traces

Education

  • MCA — Dev Bhoomi Group of Institutions, Dehradun
  • BCA — Nehru Gram Bharati Deemed University
  • Class X — Army School Barrackpore, Kolkata

Courses

  • Diploma in Information Security — Appin Technology Labs
  • Certification in Python — Acadview
  • Certification in Python — Ducat

Projects

Proof of Concept for CVE-2019-14287

Proof of Concept for CVE-2019-14287

Exploit PoC and write-up for sudo vulnerability enabling privilege escalation under specific misconfigurations.

Repository
InstaBot

InstaBot

Automation utility for Instagram actions for research and testing purposes.

Repository
Spy Chat

Spy Chat

Secure messaging prototype showcasing steganography and simple crypto for educational use.

Repository
Sharp Scan

Sharp Scan

Host and network scanning toolkit with reporting integrations.

Repository
HotshotBot

HotshotBot

Automation bot for repetitive security research tasks and data collection.

Repository
Network Device Security Auditing Tool

Network Device Security Auditing Tool

Repository

Skills

  • Web Applications Pen-testing
  • API Security Testing
  • Mobile Application Security Testing
  • Network Security Testing
  • Network Device Config Security Auditing
  • Cloud Security Testing
  • Open Source Intelligence (OSINT)
  • Social Engineering
  • Server Security & Hardening
  • Wireless Pen-testing
  • Metasploit Framework
  • Scripting to Automate Security Testing
  • VoIP Security
  • Docker Security
  • Active Directory Penetration Testing
  • Payment Gateway (E-Commerce) Security
  • Threat Modeling (STRIDE)
  • PII Security
  • Managing Bug Bounty Programs
  • AI for CyberSecurity
  • AI / LLM Security
  • MLSecOps
  • Cloud Security Posture Mgmt (CSPM)
  • Web3/Blockchain (Smart Contract) Security
  • AI Prompt Injection
  • OWASP
  • SANS
  • NIST
  • MITRE ATT&CK

Programming Languages

  • Python
  • C#
  • C/C++