Open to opportunities

Tanvi Pandya

@tanvipandya

Message

Application security analyst specializing in VAPT, Android security, and automation.

India

Message

What I'm looking for

I'm seeking a product- or application-security role where I can lead VAPT and SAST automation, advance mobile/Android security research, practice threat modeling, and contribute to secure-by-design teams in a collaborative, growth-oriented environment.

I am an application security professional focused on web, mobile, and application security, with hands-on expertise in VAPT and Android reversing.

I have executed VAPT on 20+ government web apps and integrated SAST tools like Checkmarx, Veracode, and SonarQube into CI/CD pipelines to enable secure code analysis across microservices. I build automation and security tooling—Playwright-based scan automation, CLI log analyzers, and SAST report parsers—and publish select tools on GitHub. My work blends offensive research and defensive engineering, including threat modeling (STRIDE, PASTA) and GDPR/ISO 27001-aligned control assessments.

I'm seeking roles where I can advance product and mobile security through automation, secure-by-design reviews, and collaborative DevSecOps practices.

Experience

Work history, roles, and key accomplishments

Current

Product Security Engineer

Current

CredO

Apr 2025 - Present (5 months)

Implemented secure-by-design architecture reviews and AI-based anomaly detection for distributed systems, and conducted STRIDE and PASTA threat modeling on decentralized application flows. Integrated SAST tools into CI/CD and defined security controls aligned to GDPR and ISO 27001 across microservices.

Threat Modeling STRIDE Model PASTA SAST Veracode SonarQube GDPR)DevSecOps Microservices Anomaly Detection

Current

Security Automation Projects

Current

Independent

Jan 2023 - Present (2 years 8 months)

Developed modular Python automation for XSS, SQLi and IDOR scanning using Playwright and Selenium, built a CLI log-analysis tool with real-time alerting, and published tools on GitHub to streamline SAST report parsing. Automated SAST analysis via SonarQube and Checkmarx APIs to accelerate code-security assessments.

Python Playwright Selenium CLI Log Analysis SAST Automation)GitHub

Security Software Developer

BISAG-N

Nov 2024 - Mar 2025 (4 months)

Performed manual and automated VAPT on 20+ government web applications using Burp Suite, SQLmap and Ghauri, and automated repetitive security scans with Playwright. Contributed to security automation and improved testing coverage across government web assets.

VAPT Burp suite Sqlmap Ghauri Playwright DAST Application Security Automation)

Graduate Intern

RSA Security

Aug 2023 - Aug 2024 (1 year)

Developed PL/SQL and Java authentication modules with secure access control and contributed to product security implementation within the IG&L platform. Implemented secure coding practices for authentication flows.

Pl SQL Java Authentication Secure Coding Access Control Product Security IG&L

Jr. Business Development Executive

Cypherox Technologies

Jan 2022 - Aug 2022 (7 months)

Assisted technical and sales teams to define and communicate project goals with clients, improving alignment and clarity of deliverables across engagements. Supported proposal and client-communication activities for technical projects.

Client Communication Technical Sales Support Requirement gathering Project Coordination Proposal Development Stakeholder Management