Open to opportunities

yash varde

@yashvarde

Message

Skilled Information Security Analyst with expertise in risk management.

India

Message

What I'm looking for

I am looking for opportunities that allow me to enhance my skills in cybersecurity, work with innovative teams, and contribute to impactful security projects.

I am a dedicated Senior Security Consultant with over 4 years of experience in the field of cybersecurity, specializing in vulnerability assessment and penetration testing (VAPT). My expertise lies in identifying and mitigating security threats across web and mobile applications, utilizing tools such as Burp Suite, ZAP, and MobSF. I have a proven track record of executing comprehensive assessments, uncovering critical vulnerabilities, and collaborating with development teams to enhance security protocols.

Throughout my career, I have successfully conducted grey and black box penetration tests, analyzed application binaries, and developed client-specific deployment guides to streamline security processes. My commitment to continuous learning is evident in my pursuit of certifications like eJPT and my engagement in various projects, including freelancing on Upwork. I thrive in dynamic environments where I can apply my skills to protect organizations from emerging threats and contribute to their overall security posture.

Experience

Work history, roles, and key accomplishments

Current

Senior Security Analyst

Current

TechDefenceLabs

Dec 2024 - Present (6 months)

Performed grey and black box penetration testing of web and mobile applications using Burp Suite, ZAP, MobSF, and Frida. Executed in-depth assessments of REST and GraphQL APIs, uncovering flaws such as BOLA and broken authentication. Conducted VA Scans on Nessus, supported secure deployment, and collaborated with teams for remediation.

Burp suite ZAP MobSF Frida Postman Wireshark Nessus OWASP Top 10

Consultant – Security Verification Services

Aujas Cybersecurity Limited

Aug 2023 - Nov 2024 (1 year 3 months)

Conducted grey and black box penetration tests on web, mobile (iOS), and thick client applications using tools like Frida, Objection, Procmon, dnSpy, and HxD. Analyzed application binaries and communication protocols for security flaws. Troubleshot deployment issues, created guides/SOPs, and conducted pre/post-deployment testing.

Frida Objection Procmon DnSpy IOS Pentest Thick Client Pentest

Senior Security Engineer – Application Security Assurance

5SEC CyberPWN Technologies Pvt. Ltd

Jun 2022 - Aug 2023 (1 year 2 months)

Performed grey and black box penetration tests on web, mobile, and API applications. Led API threat modeling and security assessments for complex microservice architectures. Conducted in-depth testing for JWT vulnerabilities, IDOR, and improper OAuth 2.0 / OpenID Connect implementations.

Objection API Testing Postman JWT IDOR OAuth 2.0 Fortify

Test Engineer

NOVAC TECHNOLOGY

Nov 2021 - May 2022 (6 months)

Conducted grey and black box penetration tests on web and mobile applications, including API security assessments using Burp Suite, Postman, and OWASP ZAP. Collaborated with development and DevOps teams to analyze source code and configurations. Documented vulnerabilities with POCs and provided remediation guidance.

Burp suite Postman OWASP MobSF Objection

Associate Information Security Trainee

XIARCH SOLUTIONS

May 2021 - Oct 2021 (5 months)

Conducted grey and black box penetration tests on web and mobile applications, simulating authenticated user and external attacks. Uncovered logic flaws, broken access controls (IDOR, BOLA), and insecure session handling. Performed reconnaissance and vulnerability discovery using Nmap, Dirb, and Google Dorking.

Black Box Testing Authenticated Attacks Logic Flaws IDOR BOLA Nmap