root@kali:~/portfolio — bash — 120×38
[root@kali ~/]# whoami
HEMANTH KUMAR MJ
VAPT ENGINEER & SECURITY RESEARCHER
LOC: Bengaluru, KA, IN
ROLE: Security Tester @ Deloitte
STATUS: ACTIVE
HoF: NASA · NCIIPC · + more
VULNS: 500+ Identified
[root@kali ~/]# cat skills.summary
Full-Scope VAPT (Web · API · AI · Desktop)  |  OWASP Top 10  |  OWASP GEN AI Top 10  |  Burp Suite  |  Metasploit
Post-Quantum Cryptography  |  CTF Player  |  React / TypeScript  |  Python  |  VAPT Automation
[ GITHUB ] [ LINKEDIN ] [ WEBSITE ] [ CONTACT ]
↓ SCROLL TO EXPLORE ↓
professional_experience
Jan 2025
Present
Deloitte · Bengaluru, IN
Security Tester — Full Time
  • Conduct Application Security Penetration Testing to identify vulnerabilities in internally developed applications, and deliver comprehensive mitigation strategies.
  • Perform full-scope VAPT across all asset types: web applications, REST APIs, AI-powered applications, and desktop applications.
  • Guide and mentor team members on security testing best practices; independently lead assessments and take ownership of delivery.
  • Built multiple internal tools to identify vulnerabilities at early development phases and automated VAPT workflows using AI agents — enabling QA and development teams to surface security issues proactively.
VAPTAppSecAPI SecurityAI SecurityOWASP Top 10AutomationMentoring
Jul 2024
Jan 2025
Deloitte · Bengaluru, IN
Developer — Full Time
  • Contributed to a React and TypeScript-based frontend application within a collaborative, cross-functional team environment.
  • Gained hands-on experience in production-grade development workflows, code reviews, and team-based feature delivery.
ReactTypeScriptFrontendTeam Development
Jan 2024
Jun 2024
Deloitte · Bengaluru, IN
Product Engineer Intern
  • Designed and built a CLI tool to automatically convert certain Excel macros into equivalent Python code, acting as an automated migration translator.
  • Developed core components including lexical analysis (Lex & Yacc), syntax validation, grammar checks, AST generation, and macro-to-Python AST mapping.
  • Engineered a robust transformation pipeline that converts certain macro ASTs into Python ASTs and generates executable Python output.
PythonLex/YaccASTCLIAutomation
May 2023
Jul 2023
Deloitte · Bengaluru, IN
Product Engineer Intern — Summer
  • Developed a Proof of Concept (PoC) for an enterprise-level Identity and Access Management (IAM) implementation.
  • Conducted Static Application Security Testing (SAST) using Fortify SSC and SCA tooling.
  • Applied Secure Software Development Lifecycle (SDLC) principles and OWASP best practices; developed a strong foundation in threat modelling, secure coding, and risk mitigation strategies for enterprise applications.
IAMSASTFortify SSCSDLCOWASPThreat Modelling
technical_skills
> Core Proficiency
Python95
Burp Suite92
Nmap / Metasploit90
React / TypeScript72
Flask / SQL80
Bash / C / C++85
> VAPT Toolkit
Burp Suite · Nmap · Metasploit · BeEF · SQLmap · Nikto · Wireshark · OWASP ZAP · Gobuster · John the Ripper · Hashcat · Fortify SSC · Postman
> InfoSec Specializations
OWASP Top 10 OWASP Gen AI Top 10 Penetration Testing Vulnerability Assessment API Security AI Application Security Desktop App Security Web Testing Bug Hunting Ethical Hacking Vulnerability Scanning Cyber Kill Chain Malware Analysis Reverse Engineering Post-Quantum Cryptography Cryptography SAST DAST SCA IAM SSDLC Threat Modelling CTF Offensive Security Cyber Forensics Digital Forensics Exploitation Cyber Threat Intelligence Threat Detection Network Security Network Vulnerability Information Security Email Security Cyber Best Practices Privacy & Data Confidentiality Compiler Design
> Platforms & Tools
Kali Linux · WSL · Windows · Git / GitHub · Postman · Microsoft Excel Macros · Fortify SSC · Wireshark · JavaScript · HTML / CSS
> Languages
PythonCC++ JavaJavaScriptBash HTML5CSSMySQLFlask
key_projects
// 01
CSRF PoC Generator
A Cross-Site Request Forgery Proof-of-Concept generator built on a TCP Server-Client model. The VBA client provides an interactive UI for inputting HTTP method, encoding type, data, and URI parameters. The Python TCP server dynamically generates CSRF attack payloads and returns them as deployable HTML files.
PythonVBATCPPoCCSRF
→ VIEW ON GITHUB
// 02
Vulnerable Web App Lab
A collection of deliberately vulnerable web applications built with Flask and hosted on Render. Designed for security enthusiasts to practise penetration testing techniques including SQLi, XSS, CSRF, IDOR, and other OWASP Top 10 vulnerabilities in a legal, controlled environment.
FlaskPythonPentest LabOWASP
→ LIVE DEMO
// 03
URLSFECTHER
A high-performance URL enumeration & crawling tool for bug bounty and recon. Combines Wayback Machine, Common Crawl, live HTML crawling, and JS endpoint extraction - all in a single lightweight script.
PythonWayback APICommon CrawlJS ExtractionBug BountyRecon
→ GITHUB
// 04
scan4xss
A fast async browser-based XSS scanner that uses real Chromium (Playwright) to detect actual JavaScript execution with minimal false positives.
PythonPlaywrightXSS ScannerAsyncBug BountyWeb Security
→ GITHUB
// 05
abcd
A abc gfd efnb weifoh oiwhe fgworeh qwefugw erfug sdfbwref weirfuh weifuhw erfi uwehf iuwehf weiufhbw eiufh wiwefwefwrefgw tgw rtgr5tg 3r5gt 35g 345tg 354gt354rwgrweg.
wefgwegfXSwegS wegfAswegfwegyncBuwegg BoweguntyWewefwefty
→ GITHUB
// 06
abcd
A abc gfd efnb weifoh oiwhe fgworeh qwefugw erfug sdfbwref weirfuh weifuhw erfi uwehf iuwehf weiufhbw eiufh wiwefwefwrefgw tgw rtgr5tg 3r5gt 35g 345tg 354gt354rwgrweg.
wefgwegfXSwegS wegfAswegfwegyncBuwegg BoweguntyWewefwefty
→ GITHUB
// 07
abcd
A abc gfd efnb weifoh oiwhe fgworeh qwefugw erfug sdfbwref weirfuh weifuhw erfi uwehf iuwehf weiufhbw eiufh wiwefwefwrefgw tgw rtgr5tg 3r5gt 35g 345tg 354gt354rwgrweg.
wefgwegfXSwegS wegfAswegfwegyncBuwegg BoweguntyWewefwefty
→ GITHUB
// 08
abcd
A abc gfd efnb weifoh oiwhe fgworeh qwefugw erfug sdfbwref weirfuh weifuhw erfi uwehf iuwehf weiufhbw eiufh wiwefwefwrefgw tgw rtgr5tg 3r5gt 35g 345tg 354gt354rwgrweg.
wefgwegfXSwegS wegfAswegfwegyncBuwegg BoweguntyWewefwefty
→ GITHUB
// 09
abcd
A abc gfd efnb weifoh oiwhe fgworeh qwefugw erfug sdfbwref weirfuh weifuhw erfi uwehf iuwehf weiufhbw eiufh wiwefwefwrefgw tgw rtgr5tg 3r5gt 35g 345tg 354gt354rwgrweg.
wefgwegfXSwegS wegfAswegfwegyncBuwegg BoweguntyWewefwefty
→ GITHUB
achievements_and_research
🛸
20+
Thanks Received
🔥
500+
Vulns Identified
📄
Springer
Research Published
> Hall of Fame & Recognition
NASA NCIIPC — Indian Government 🇮🇳 Bureau of Reclamation (USA) Railroad Retirement Board (USA) + Multiple Organizations
"Quantum-Proof Security: Post-Quantum Cryptography for Resilient Distributed Computing"
Presented at the International Conference on Distributed Wireless Communication and IoT  ·  April 2025
Proceedings submitted to Springer's IoT and Wireless Communication Networks series
"abcd defg hij klmn opqr qstu vwxy z abcdef ghijklmnopqrstuvwxyz"
abcd abcd · 2026
abcd defg hij klmn opqr qstu vwxy z abcdef ghijklmnopqrstuvwxyz
"abcd defg hij klmn opqr qstu vwxy z abcdef ghijklmnopqrstuvwxyz"
abcd Phase · 2026
abcd defg hij klmn opqr qstu vwxy z abcdef ghijklmnopqrstuvwxyz
"abcd defg hij klmn opqr qstu vwxy z abcdef ghijklmnopqrstuvwxyz"
abcd Phase · 2026
abcd defg hij klmn opqr qstu vwxy z abcdef ghijklmnopqrstuvwxyz
licenses_and_certifications
Cisco
Ethical Hacker
Issued May 2025
Ethical Hacking Penetration Testing Network Security Web Testing Vulnerability Scanning
Cisco
Cisco Network Certifications
Issued May 2025
Cyber Best Practices Cybersecurity Threat Detection Network Vulnerability Privacy & Data Confidentiality
Cisco
Digital Awareness
Issued May 2025
Digital Literacy Cybersecurity
arcX
Cyber Threat Intelligence 101
Issued May 2025
Cyber Threat Intelligence (CTI)
The Open University
Information Security
Issued May 2025
Information Security
The Open University
Network Security
Issued May 2025
Network Security Network Vulnerability
The Open University
Digital Forensics
Issued May 2025
Digital Forensics
PowerDMARC
Email Authentication Advanced
Issued May 2025
Email Information Security
PowerDMARC
Email Authentication Fundamentals
Issued May 2025
Email Authentication
Great Learning
AI Knight Rises Program
Issued Oct 2025
Artificial Intelligence Machine Learning
NPTEL
The Joy of Computing Using Python
Issued Aug 2023
Python Programming
Udemy
Malware Analysis & Reverse Engineering
Self-paced
Malware Analysis Reverse Engineering
education_and_volunteering
// degree
BE — Information Science & Engineering
JSS Science and Technology University (SJCE), Mysuru
2020 – 2024  ·  CGPA: 8.93
DSAComputer NetworksDBMS OOPOSCloud ComputingBlockchainWeb DevelopmentData Mining System DesignAgile
// pre-university
Sadvidya Composite PU College, Mysuru
Pre-University Course — Science
Jun 2018 – Apr 2020
PCMBKannadaEnglish
// csr & volunteering
Community Initiatives
Corporate Social Responsibility
  • UniFly Collective NGO — conducted menstrual and hormonal health awareness sessions for school children
  • AMC (Association for the Mentally Challenged) — supported office exposure visits and interactive sessions for students with intellectual disabilities
get_in_touch

INITIATE
CONNECTION

Open to collaborations on security research, bug bounty programmes, CTF teams, and consulting engagements. Available for speaking on application security.

in
linkedin.com/in/hemanth-kumar-mj-24b50a256
gh
github.com/hkmj19
hemanthkumarmj.com
Bengaluru, Karnataka, India