HITESH RAJPUT
Chennai
Summary
I am a cybersecurity professional with three years of experience specializing in VAPT, Infrastructure Security, API testing, and phishing mitigation. My expertise lies in identifying and mitigating security risks through comprehensive assessments, detailed reporting, and effective remediation strategies. I strive for continuous learning to maintain high ethical standards in all security assessments.
Overview
3
3
years of professional experience
1
1
Certification
Work History
Associate Consultant
Ernst & Young
Chennai
07.2022 - Current
- Company Overview: A leading global professional services firm providing consulting, assurance, and tax services.
- Independently led an Application Security Initiative, conducting comprehensive security assessments across web, on-prem, thick client, and O365 applications.
- Performed in-depth manual security testing, identifying critical vulnerabilities, including SQL Injection, XSS, Authentication Bypass, IDOR, ACL weaknesses, DLL hijacking, and LFI/RFI.
- Successfully secured 45+ applications, ensuring their production readiness, and strengthening the overall security posture.
- Performed a web application assessment for a leading automobile manufacturer. As part of testing, sensitive information related to more than 15,000 users of the application was retrieved.
- Conducted a network security assessment for a leading auto electrical company in India, identifying multiple critical vulnerabilities, including SQL injection, leading to employee credential exposure, and remote code execution (RCE) compromising system integrity.
- Conducted a mobile security assessment of 10 or more applications for a leading insurance company in India, evaluating both Android and iOS applications. Successfully identified authenticated account takeover and ACL vulnerabilities, which exposed the sensitive information of admin users and employees.
- Performed a phishing assessment for India's leading auto electrical company, successfully identifying security gaps that led to credential compromise and the exposure of sensitive data for over 100 employees.
- Performed OSINT and asset discovery for a global commercial vehicle manufacturer, scanning over 150 IPs and multiple domains using Shodan, Censys, Wayback Machine, Maltego, and other reconnaissance tools, uncovering critical exposures and misconfigurations.
- Designed and developed Capture the Flag (CTF) challenge machines for the EY-DSCI National Cybersecurity Hackathon 2024, integrating cryptography, QR code exploitation, and steganography.
- Engage in a variety of penetration testing assessments, including network (internal and external), web application, mobile application (Android and iOS), API testing, and thick client.
- Managed project timelines and deliverables, ensuring timely completion within budget.
- Prepared detailed reports and documentation on project progress and outcomes.
- A leading global professional services firm providing consulting, assurance, and tax services.
Intern
Ernst & Young
03.2022 - 07.2022
- Accomplish the web application testing for a banking software company. As part of testing, I was able to identify a critical file upload-related vulnerability that has a high impact on the business model.
- Performed web-based security testing for a leading manufacturer of tractors, farm machinery, and diesel engines. As a part of testing, I identified a critical vulnerability that reveals the logger details, which has a severe impact on the application.
- Conducted manual and automated vulnerability assessments using industry standard tools such as Nessus, Metasploit, Nmap, Burp Suite.
Education
Bachelor of Technology - Electronic and Communication Engineering
Lakshmi Narain College of Technology & Science
Bhopal, MP06.2022
Coursework
- Web Application Security
- Mobile Application Security (Android/iOS)
- Network Security (Internal/External Penetration Testing)
- API Security Assessment
- Thick Client Application Security
- Phishing Assessment
- OSINT and Asset Discovery
- Risk Assessment and Management
Tools And Technology
- Burp Suite
- Metasploit Framework
- SQLMap
- Amass
- Nessus
- Frida
- Nmap
- DirBuster
- GoBuster
- Feroxbuster
- Nuclei
- Nikto
- Postman
- Shodan
- Censys
- Wayback
- HCL AppScan
- GoPhish
- Hydra
Certification
- Certified AppSec Practitioner (CAP)
- Microsoft Azure Fundamentals (AZ-900)
- Certified AppSec Pentester (CAPen)
Timeline
Associate Consultant
Ernst & Young
07.2022 - Current
Intern
Ernst & Young
03.2022 - 07.2022
Bachelor of Technology - Electronic and Communication Engineering
Lakshmi Narain College of Technology & Science
Similar Profiles
Kaushik NamboorKaushik Namboor
Senior Consultant at Ernst & YoungSenior Consultant at Ernst & Young
Peter AkindelePeter Akindele
Senior Tax Advisor at Ernst & YoungSenior Tax Advisor at Ernst & Young
Ankita GhoshAnkita Ghosh
Functional Analyst, Oracle Cloud ERP at Ernst & YoungFunctional Analyst, Oracle Cloud ERP at Ernst & Young
Carlos BruneCarlos Brune
Senior Regional Recruiter at Ernst & YoungSenior Regional Recruiter at Ernst & Young
Kalairani KKalairani K
Supply Chain Analyst / Buyer / Configuration Analyst (Team Lead) at HCL TechSupply Chain Analyst / Buyer / Configuration Analyst (Team Lead) at HCL Tech