Hitesh Patra

Experienced IT Security Researcher with 3+ years of expertise in securing networks, web, mobile, and cloud platforms. Proven record of reporting 500+ vulnerabilities and advancing product security through threat modeling, penetration testing, and vulnerability research. Passionate about tackling complex security challenges and driving innovative solutions in a rapidly evolving threat landscape.

What I Do

Pentesting (Network/Web/API/Mobile)

Conducting comprehensive security assessments to uncover vulnerabilities in web applications, networks, and systems. With hands-on experience in exploiting CVEs, I ensure proactive identification and mitigation of risks, safeguarding both Cloud and On-prem solutions.

Secure Code Review

Analyzing source code meticulously to identify and address potential security flaws. Leveraging my expertise in application security, I collaborate with development teams to enhance code integrity and ensure robust, secure deployments.

Red Team Operations

Simulating real-world adversarial attacks to evaluate an organization’s defenses. By leveraging advanced techniques and tools, I deliver actionable insights that enhance detection, response, and overall resilience to sophisticated threats.

Vulnerability Research

Delving into the depths of software and systems to uncover zero-day vulnerabilities. From discovering critical CVEs to writing exploit codes, my research strengthens security products like FortiDAST and aids in fortifying organizations' defenses against emerging threats.

AI & Cloud Security

Focusing on securing cutting-edge technologies, including AI-driven systems and multi-cloud environments. My work emphasizes defending against evolving threats in these domains, combining innovation with proven security practices.

Security Automation

Designing and implementing automated solutions to streamline and enhance security processes. From integrating vulnerability assessments into CI/CD pipelines to automating exploit testing in tools like FortiDAST, I focus on improving efficiency and reducing response times for evolving threats.

Testimonials

Achievements

Patent

ASSET CRAWLING WITH INTERNET ARCHIVES FOR ENHANCED WEB APPLICATION SCANNING - US Patent Filed with No. FOR-474

Capture The Flag Contest

Won 10+ CTF contests and Hacking challenges.

Hackerearth's Challenge

Top 10 in Hackerearth's Cybersecurity Problem Setter Challenge

Certifications

Fun Facts

Bug Bounty HoF

200+

Pentest Completed

340+

CTF's Won

14

Resume

Experience

Feb, 2024 - Present
Fortinet Technologies India Pvt. Ltd.

Security Researcher - II

• Working on FortiDAST - Dynamic Application Security Testing tool.
Product Security Testing - Web Application (DAST) and (SAST) for major Fortinet products.
• Vulnerability Research and Exploit development in Lua and Python to fit in Fortinet scripting engine (FSE) for
disclosed and undisclosed CVE’s based on CVSS scoring.
Analyzing recent impactful CVE’s and implementing the detection of OBA (Outbreak Alert) in FortiDAST.
• Hands-on Threat Modelling and Secure Code Review of multiple Fortinet products.
• Hands-on Cloud Configuration Review on AWS, Azure and Network Architecture Review for Fortinet Cloud
products.
• Hands-on experience in External Network Penetration Testing, API Review, Firewall Review, Secure code
review.
• Research on Fuzzer and crawler enhancements for efficient scanning and detection capabilities.
• Proficiently working with the development team to address security issues.
• Strong Management skills while handling multiple Comprehensive Security Review projects.

Nov, 2022 - Feb, 2024
Fortinet Technologies India Pvt. Ltd.

Security Researcher - I

• Working on FortiDAST - Dynamic Application Security Testing tool.
• Product Security Testing - Web Application (DAST) and (SAST) for major Fortinet products.
• Hands-on experience in External Network Penetration Testing, API Review, Firewall Review, Secure code
review.
• Research on Fuzzer and crawler enhancements for efficient scanning and detection capabilities.

Nov, 2021 - Oct, 2022
Deloitte Touche Tohmatsu India LLP

Retainer Analyst (Risk Advisory)

Worked on Risk Advisory, Cyber and Strategic Risk domain.

Hands on practical knowledge of Vulnerability Assessment and VAPT of Web Applications and Android Applications (SAST and DAST) in India’s top financial banks.

Hands on experience on External Network Penetration Testing, REST API Review, Secure code review.

Has to carry out Threat Modelling for client applications.

Has to carry out Secure Network Architecture Review (SNA).

Has to carry out Secure Configuration Review (SCR) and Firewall Review.

Has to carry out manual and automated testings.

Consulting the clients with the best security measures and help them fix the vulnerabilities efficiently.

Strong Management skills while handling multiple Comprehensive Security Review projects.

May, 2021 - Oct, 2021
Hacktify Cybersecurity LLP.

Security Analyst Intern

Worked on Web Application Vulnerability Assessment and Penetration Testing.

Worked on live simulation of Vulnerable Web Application Labs.

Built set of vulnerable machines, CTF Challenges, VAPT reports and Cybersecurity blogs.

Mar, 2020 - Present
VULNCON Security Conference & Trainings

Organizer

Conducting Cybersecurity Training, CTFs, Conference and exhibition annually in Bangalore.

Conducting International CTF contests and International Security Conference VULNCON in Bangalore, India.

Leading a strong and determined team of more than 30 security professionals to make an impact within Infosec

communities in India.

Education

Jul, 2018 - July, 2022
Lovely Professional University, Punjab

B. Tech - CSE

Graduated with Bachelor in Computer Science & Engineering from Lovely Professional University, Jalandhar, Punjab.

April, 2016 - Mar, 2018
Vikas Residential School, BBSR

+2 Science, CBSE

Completed +2 Science schooling from Vikas Residential School, Bhubaneswar, Odisha.

Specialization

Web/API Security

90%

External/Internal Pentest

85%

Secure Code Review

80%

Mobile Pentesting

65%

Threat Modelling

75%

Network Architecture Review

75%

Automation

83%

Secure SDLC

75%

Cloud Configuration Review

84%

Cloud/Networking

AWS

60%

Azure

78%

GCP

80%

Docker

90%

Vagrant

80%

Ansible

75%

Coding Skills

Python

85%

LUA

80%

Bash

90%

C

85%

Javascript

87%

Tools

  • Fortify SCA
  • BurpSuite
  • Nessus
  • Git
  • Metasploit
  • nmap
  • mimikatz
  • frida
  • adb
  • Rubeus
  • Objection
  • Qualys
  • Accunatix
  • Semgrep

Certificates

Contact

Bangalore, India

Freelance Available