About Sunil
I’m a Pentester with over 6+ years of hands-on experience in application and infrastructure security. I’ve worked on a wide range of assessments including web apps, APIs, mobile applications (Android and iOS), thick clients, and network environments. I specialize in manually identifying critical issues like IDOR, RCE, SQL injection, authentication bypasses, and business logic flaws.
Alongside my full-time role as a Security Engineer at Funding Societies, I actively work as a freelance pentester on platforms like Cobalt, Synack (Level 4), and HackerOne,
I’m certified in:
eWPTXv2 – Web Application Penetration Tester eXtreme (eLearnSecurity)
eMAPT – Mobile Application Penetration Tester (eLearnSecurity)
CEH – Certified Ethical Hacker (EC-Council)
English
Native or bilingual
Remote only
Primarily works remotely
Experience
- Security Innovation India Pvt Ltd,Security EngineerFebruary 2021 - September 2021 (7 months)Pune, Maharashtra, India➼ Worked as a Security Engineer; my responsibilities have expanded to include client engagement, project estimation, advanced VAPT, research, report preparation and review, managing security projects, mentoring team members, etc.Responsibilities:➼ Working on reviewing application code against the secure coding baseline and practices.➼ Provide required reports to management and client Handle the project as well as BAU operations➼ Perform Web applications, Thick-client Applications, Mobile Applications, API and Network➼ Penetration Testing with Automated Tools and Manually.➼ Have Hands-on Experience in OWASP top 10 and Complete threat Modal.➼ Analyze data, such as logs or packet captures, from various sources within the enterprise and conclude past and future security incidents➼ Application Security - Threat modeling, Source Code Review and Delivering Report.➼ Performed the static and dynamic analysis testing of Android and iOS application.➼ Proficient in identifying various core Mobile vulnerabilities like Deep linking exploit, Local file stealing using LFI, Local SQL Injection, Abusing WebView XSS, Bypassing application workflow➼ Developing security tools to automate (Using python and bash) the penetration testing process➼ Mentoring junior colleagues in information security➼ Network vulnerability assessment & manual penetration testing tools Nessus, Nmap, Nexpose, Metasploit and Armitage.➼ Web Application Penetration Testing.➼ Configuration Audit of Network Devices & Operating System➼ Worked on cloud environments such as AWS, GCP, Azure and Ali Cloud;➼ Worked on security risk management, security governance framework and compliance (IT Security Audit/log review), Vulnerability Assessment, Penetration Testing (Manually)
- Synack Red TeamerBug Bounty HunterJune 2020 - Today (6 years)➼ Working as part-time bug bounty hunter. (Lx4)➼Working as pentester and bugbounty hunter submitted more than 200 valid security issues
- ArisGlobal Pvt LtdSecurity ConsultantOctober 2021 - August 2022 (10 months)Worked as a Security Engineer; my responsibilities have expanded to include client engagement, project estimation, advanced VAPT, research, report preparation and review, managing security projects, mentoring team members, etc.
Recommendations
Be the first to recommend Sunil
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- CEH (Certified Ethical Hacker)EC-Council.CEH (Certified Ethical Hacker)
- eWPTXv2 (Web Applica1on Penetra1on TestereXtreme)eWPTXv2 (Web Applica1on Penetra1on Tester
Certifications
- OffSec Certified Professional+ (OSCP+)Offsec2025