AK

Looking for a job

Anuj Kumar

@anujkumar7

I am an offensive security engineer specializing in red teaming and application security.

What I'm looking for

I seek a senior red team or application security role where I can run deep-dive assessments, embed secure engineering, validate bounty findings, and harden cloud-native applications within collaborative, impact-focused teams.

I am an offensive security engineer with 5+ years of hands-on experience in red teaming, application security, and dynamic/static analysis, backed by certifications including CISSP, OSEP, and OSCE.

At Expedia Group I delivered deep-dive pentests, red team simulations, and high-impact risk identification across cloud-native environments, led security reviews for new features, triaged bounty reports, and collaborated with product engineering to embed secure development practices.

I have delivered freelance engagements across banking, telecom, and education, performed source-code reviews, developed custom tooling and exploits, and maintained offensive infrastructure; I am also a Top 100 RingZer0CTF player and served as a jury member for a national cybersecurity competition.

I communicate technical risk clearly to engineering and business teams, thrive on validating and remediating high-risk findings, and focus on impactful offensive work that improves secure engineering and resilience in production systems.

Experience

Work history, roles, and key accomplishments

EG

Software Security Engineer III

Expedia Group

Jul 2020 - Nov 2024 (4 years 4 months)

Led red team exercises and deep-dive penetration tests across cloud-native products, triaged crowd-sourced bug bounties and validated PoCs, and collaborated with engineering to embed secure development practices and reduce exploitable risk.

Red Team Penetration Testing Application Security Cloud Security Static Analysis Python Threat Modeling

EG

Security Engineer I

Expedia Group

Nov 2019 - Feb 2020 (3 months)

Performed dynamic testing on CI/CD pipelines and internal cloud services, led targeted threat simulations aligned with attacker TTPs, and authored secure engineering advisories to drive remediation.

CI CD Cloud Security Secure Advisories Code Review Burp suite

FR

Security Consultant / Penetration Tester

Freelance

Jan 2011 - Jan 2019 (8 years)

Delivered penetration tests and vulnerability assessments for banking, telecom, and education clients, reviewed source code and implemented mitigations, and produced compliance-mapped reports with executive summaries.

Pentesting Vulnerability Assessment Source Code Review Exploit Development Python Reporting Remediation Testing

Education

Degrees, certifications, and relevant coursework

SE

Self-taught

Self-directed study, Cybersecurity

Activities and societies: Certifications: CISSP, OSEP, OSCE; Top 100 RingZer0CTF player; practical red teaming and application security projects.

Self-taught cybersecurity professional with certifications (CISSP, OSEP, OSCE) and hands-on experience in red teaming and application security.

Tech stack

Software and tools used professionally

Cloudflare

Jenkins

Gmail

Python

HTML5

Java

CSS 3

PowerShell

Wireshark

ZAP

Docker

Zap

Burp Suite

sqlmap

Metasploit

Find your dream job

Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!