Summary
Overview
Skills
Work History
Websites
Certification
Projects And Hackathons
Capture The Flag Competitions
Awards
Education
Timeline
Interests
CustomerServiceRepresentative

Mohamed Althaf S

Security Engineer
Kodaikanal,TN

Summary

Security Enthusiast with 2+ years of hands-on experience in manual and automated penetration testing across Web Applications, APIs, Android, Thick Clients, LLMs, and Network Infrastructure. Skilled in Offensive security techniques and active in the Bug Bounty community, contributing to improved organizational security through responsible vulnerability disclosure. Passionate tech enthusiast with a continuous drive to explore and learn across emerging domains in cybersecurity.

Overview

3
3
years of professional experience

Skills

  • Web App Pentest
  • Desktop App Pentest
  • Cloud Config reviews
  • SAST & DAST
  • API Pentesting
  • Android Pentest
  • Threat Modeling Matrix
  • Bug Bounty Hunting
  • Network Pentest [IPT & EPT]
  • Large Language Model Pentest
  • SOP & Documentation
  • Capture the Flag

Work History

Security Consultant

Payatu Security Consulting Pvt Ltd
Pune
12.2022 - Current
  • Performed manual and automated VAPT for web apps, APIs, networks, and thick clients. Identified vulnerabilities and provided effective remediation steps to improve security posture.
  • Conducted manual penetration testing on LLM applications. Evaluated AI-based systems for risks to ensure secure deployment and mitigate ML-specific threats.
  • Executed Black Box, White Box, and Grey Box assessments. Adapted testing strategies based on system access and architecture to uncover vulnerabilities.
  • Participated in Red Team engagements and physical security assessments. Simulated real-world attack scenarios to test and strengthen organizational defenses.
  • Applied deep knowledge of OWASP Top 10, SANS Top 25, and protocols like OAuth, SAML, SSO, and LDAP. Assessed authentication flows for security gaps.
  • Tested complex enterprise platforms including Salesforce, Oracle, SAP, and AEM. Secured application layers and ensured system integrity across tech stacks.
  • Conducted static and dynamic code analysis (SAST/DAST). Evaluated source code and live applications to identify and mitigate risks in the codebase.
  • Worked across diverse industries including E-Commerce, Healthcare, Crypto, Payments, and Retail. Adapted security testing to meet domain-specific needs.
  • Performed security research using OSINT and CVEs to find emerging threats. Developed Bash and Python tools to automate and optimize testing workflows.
  • Published an eBook on authentication methods and attacks; regularly share blogs on security vulnerabilities, CTFs, and bug bounty findings on Medium and Payatu

VAPT Analyst Intern

Cybersecurity Hive
Banglore
04.2022 - 10.2022
  • Web & Network Penetration Testing: Conducted comprehensive Web Application, API, and Internal/External Network VAPT as an intern, managing end-to-end security assessments for multiple MNC clients. Ensured timely delivery, technical accuracy, and alignment with industry standards.
  • Reporting, Remediation & Tool Optimization: Delivered detailed, client-tailored penetration testing reports with actionable remediation guidance. Managed internal security tools to enhance testing efficiency and automate recurring tasks.

Websites

Certification

  • Web Application Penetration Tester eXtreme (eWPTXv2), INE
  • Junior Penetration Tester (eJPTv2), INE
  • SC-900 (Microsoft Certified: Security, Compliance, and Identity Fundamentals), Microsoft
  • Certified AppSec Practitioner (CAP), The SecOps Group

Projects And Hackathons

  • Network Watch Dog, The project works as an IDS to detect malicious traffic and identifies attacks like DOS, brute-force, Ping of death, etc.
  • Smart India Hackathon 2022, Winners of Smart India Hackathon 2022 Software Edition with the problem statement 'Criminal Identification through CCTV Footage' - Deep Learning
  • Manthan Hackathon 2021, Finalist in Manthan Hackathon 2021 (Cybersecurity) and ranked in the Top 50 at Interizon International Hackathon 2021 for work in the security domain.

Capture The Flag Competitions

Achieved top rankings in global CTFs including HTB Cyber Apocalypse, VU Cyberthon, Kalmar, and Pragyan, with expertise in web, stegno, reversing, forensics, blockchain, cloud, and misc challenges.

Awards

  • Received Google Honorable Mention for responsibly disclosing security vulnerabilities
  • Featured 4 times in Apple Hall of Fame for identifying security issues.
  • Recognized in ZOHO Hall of Fame and awarded bounty for impactful vulnerability reporting.
  • Acknowledged by the United Nations for ethical hacking contributions and given the HOF
  • Secured and reported vulnerabilities in 50+ websites, including OPPO, LG, Lenovo, Panasonic, Airship, MyDukaan, Lemi, Riipen, Deribit, NodeBB, Sololearn, and more.
  • Received 50+ Government acknowledgements, including from NIC-CERT (Govt of India), for vulnerability disclosures.
  • Earned multiple bounties ($$$$) from public and private bug bounty programs for reporting security flaws.

Education

MSc - Computer Science with Cyber Forensics and Information Security

University of Madras
09.2025

BSc - Computer Science with Cloud Technology and Information Security

Rathinam College of Arts & Science
06.2023

Timeline

Security Consultant

Payatu Security Consulting Pvt Ltd
12.2022 - Current

VAPT Analyst Intern

Cybersecurity Hive
04.2022 - 10.2022

MSc - Computer Science with Cyber Forensics and Information Security

University of Madras

BSc - Computer Science with Cloud Technology and Information Security

Rathinam College of Arts & Science

Interests

Writing Blogs

Football

Similar Profiles

  • MARSHA CROSBY

    MARSHA CROSBYMARSHA CROSBY

    Information Systems Manager at CISC, Information System Security Management ConsultingInformation Systems Manager at CISC, Information System Security Management Consulting

  • Chancellor Bublitz

    Chancellor BublitzChancellor Bublitz

    Recruiter - Low-Voltage (AV) & Electrical at Security Search & ConsultingRecruiter - Low-Voltage (AV) & Electrical at Security Search & Consulting

  • DONALD G. LANE

    DONALD G. LANEDONALD G. LANE

    Chief Executive Officer, Chief Consultant at Python Security Consulting, LLCChief Executive Officer, Chief Consultant at Python Security Consulting, LLC

  • Manoj Kumar

    Manoj KumarManoj Kumar

    Subject Matter Expert at Cognizant Technologies SolutionsSubject Matter Expert at Cognizant Technologies Solutions

  • Jerry Prasath M

    Jerry Prasath MJerry Prasath M

    Manager - Controls & Robotics at Difacto Robotics & Automation Pvt. Ltd.Manager - Controls & Robotics at Difacto Robotics & Automation Pvt. Ltd.

CREATE PROFILE
Mohamed Althaf SSecurity Engineer