M Ayyan Irfan

MI

Open to opportunities

M Ayyan Irfan

@mayyanirfan

Cybersecurity engineer focused on web app penetration testing and impactful exploit development.

What I'm looking for

I’m looking for an Offensive Security role where I can perform web app penetration testing and security audits, develop impactful exploits, and help teams strengthen security posture through clear, standards-aligned findings and remediation guidance.

I’m a cybersecurity engineer with 3 years of experience in web app penetration testing, security audits, and policy design. I bring a strong grasp of industry standards, and I’m skilled in developing impactful exploits that improve real-world security outcomes.

I’ve worked as a Red Teamer with Bugcrowd for almost 2.5 years, where I consistently evaluated application behavior under adversarial conditions. I’ve also contributed through Offensive Security work with YesWeHack and completed an Offensive Security internship at ITSOLERA, strengthening my execution, reporting, and remediation-focused mindset.

In security testing engagements, I’ve identified and validated meaningful vulnerabilities—like a rate-limiting issue, a CSRF vulnerability, and a session identification flaw that could lead to user session invalidation (Session Hijacking). I also found a blind XSS vulnerability reflected in the admin panel (enabling potential admin panel hijacking), and uncovered multiple medium-priority issues including XSS, IDOR, and information disclosure.

I’m dedicated to enhancing security posture and fostering cybersecurity awareness, translating findings into clear, actionable guidance for stakeholders. With my certifications and hands-on experience across real targets, I’m ready to help teams reduce risk and build stronger defenses.

Experience

Work history, roles, and key accomplishments

IT

Offensive Security Intern

ITSolera

Jun 2025 - Aug 2025 (2 months)

Completed a 3-month offensive security internship focused on web application security testing. Supported security evaluations by identifying issues and helping document findings for remediation.

Offensive Security Internship Security Testing Vulnerability Assessment OWASP Testing Web Security

YE

Offensive Security

YesWeHack

Nov 2024 - Jun 2025 (7 months)

Conducted offensive security testing for web applications, focusing on finding and validating security issues. Produced actionable findings to help teams strengthen defenses and reduce exposure.

OWASP Testing IDOR Testing Risk Analysis

BU

Red Teamer

Jun 2022 - Nov 2024 (2 years 5 months)

Performed web application penetration testing and security assessments, identifying vulnerabilities and supporting remediation through clear reporting. Contributed to improving client security posture through ongoing offensive security work.

Penetration Testing Security Auditing Vulnerability Research Exploit Development OWASP Testing CSRF XSS Session Hijacking

Education

Degrees, certifications, and relevant coursework

VU

Virtual University

Bachelor of Science, Computer Science

2025 -

Bachelor of Science in Computer Science at Virtual University (Jan 2025–present).

SB

Shalimar College Bagbanpura

Intermediate, ICS

2020 - 2022

Intermediate in ICS at Shalimar College Bagbanpura (May 2020–Oct 2022).

Tech stack

Software and tools used professionally

Bugcrowd

Gmail

Find your dream job

Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!