Tanvi Pandya
@tanvipandya
Application security analyst specializing in VAPT, Android security, and automation.
What I'm looking for
I am an application security professional focused on web, mobile, and application security, with hands-on expertise in VAPT and Android reversing.
I have executed VAPT on 20+ government web apps and integrated SAST tools like Checkmarx, Veracode, and SonarQube into CI/CD pipelines to enable secure code analysis across microservices. I build automation and security tooling—Playwright-based scan automation, CLI log analyzers, and SAST report parsers—and publish select tools on GitHub. My work blends offensive research and defensive engineering, including threat modeling (STRIDE, PASTA) and GDPR/ISO 27001-aligned control assessments.
I'm seeking roles where I can advance product and mobile security through automation, secure-by-design reviews, and collaborative DevSecOps practices.
Experience
Work history, roles, and key accomplishments
Product Security Engineer
CredO
Apr 2025 - Present (5 months)
Implemented secure-by-design architecture reviews and AI-based anomaly detection for distributed systems, and conducted STRIDE and PASTA threat modeling on decentralized application flows. Integrated SAST tools into CI/CD and defined security controls aligned to GDPR and ISO 27001 across microservices.
Security Automation Projects
Independent
Jan 2023 - Present (2 years 8 months)
Developed modular Python automation for XSS, SQLi and IDOR scanning using Playwright and Selenium, built a CLI log-analysis tool with real-time alerting, and published tools on GitHub to streamline SAST report parsing. Automated SAST analysis via SonarQube and Checkmarx APIs to accelerate code-security assessments.
Security Software Developer
BISAG-N
Nov 2024 - Mar 2025 (4 months)
Performed manual and automated VAPT on 20+ government web applications using Burp Suite, SQLmap and Ghauri, and automated repetitive security scans with Playwright. Contributed to security automation and improved testing coverage across government web assets.
Developed PL/SQL and Java authentication modules with secure access control and contributed to product security implementation within the IG&L platform. Implemented secure coding practices for authentication flows.
Jr. Business Development Executive
Cypherox Technologies
Jan 2022 - Aug 2022 (7 months)
Assisted technical and sales teams to define and communicate project goals with clients, improving alignment and clarity of deliverables across engagements. Supported proposal and client-communication activities for technical projects.
Education
Degrees, certifications, and relevant coursework
Amrita Vishwa Vidyapeetham
Master of Technology, Cyber Security
2022 - 2024
Completed M.Tech in Cyber Security at Amrita Vishwa Vidyapeetham from 2022 to 2024.
Darshan Institute of Engineering and Technology
Bachelor of Engineering, Computer Engineering
2018 - 2022
Completed Bachelor of Engineering in Computer Engineering at Darshan Institute of Engineering and Technology from 2018 to 2022.
Availability
Location
Authorized to work in
Job categories
Skills
Interested in hiring Tanvi?
You can contact Tanvi and 90k+ other talented remote workers on Himalayas.
Message TanviFind your dream job
Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!
