Kinshuk Karmakar
Cyber Security Professional
Pune
Summary
Senior Cyber Security professional with 3+ years of hands-on experience in product security, application security testing, vulnerability management, and Secure Software Development Life Cycle (S-SDLC). Strong expertise in mobile application security (Android & iOS), API security, CI/CD security integration, threat modeling, and penetration testing. Proven ability to define and implement security controls, perform risk assessments, and support vulnerability response across large-scale, high-impact applications.
Overview
5
5
years of professional experience
3
3
Certifications
Work History
Senior Domain Manager (Cyber Security)
BAJAJ FINANCE LTD
07.2022 - Current
- Defined and implemented cybersecurity requirements and security controls across Android, iOS, web, and API-based applications, supporting enterprise-scale digital platforms.
- Led application security testing programs, including SAST, DAST, and manual penetration testing, across multiple product releases.
- Integrated secure SDLC controls into CI/CD pipelines for Android, iOS native, and PWA deployments, enforcing automated security validation, and InfoSec compliance.
- Performed threat modeling and abuse-case analysis for mobile and backend architectures to identify attack vectors, and recommend mitigations early in the development lifecycle.
- Acted as a key contributor in vulnerability response activities, including severity assessment, risk communication, remediation validation, and closure tracking.
- Conducted extensive mobile security hardening, developing mitigations against root detection bypass, SSL pinning bypass, biometric bypass, Frida, Zygisk, KernelSU, and runtime tampering.
- Managed security for 29 high-priority applications under high-pressure delivery timelines.
- Executed static and dynamic security analysis using tools such as Burp Suite, OWASP ZAP, and Appknox.
- Led security and compliance assessments for 700+ APIs hosted on the API gateway, ensuring adherence to organizational security standards.
- Built and integrated AppProtect infrastructure, strengthening runtime application self-protection and threat signal visibility.
- Collaborated with third-party vendors for benchmarking, performance optimization, and cold-start issue analysis.
- Led threat intelligence and brand monitoring initiatives using iZoologic, Cloudsek, and Cyble to detect phishing, impersonation, and data-leak risks.
- Mentored junior engineers, and conducted internal workshops on secure coding and security testing best practices.
- Supported security assessments for connected application ecosystems, including mobile apps communicating with backend services via secured APIs.
- Ensured security controls were addressed during the design and development phases, and validated through production releases and post-deployment monitoring.
Internship – Cyber Security
Bajaj Finance Ltd
07.2021 - 07.2022
- Performed web and mobile (Android/iOS) penetration testing, identifying and reporting security vulnerabilities.
- Conducted brand monitoring and dark-web analysis to proactively identify emerging cyber threats.
- Utilized tools such as Burp Suite, OWASP ZAP, MobSF, APKTool, Jadx, JD-GUI, Frida, Objection, Magisk, Shadow, iZoologic, Cloudsek, and BeVigil/XVigil.
- Supported early-stage vulnerability detection to reduce security risks across business-critical applications.
Education
Bachelor of Technology (BTech) - Specialization in Cyber Security And Forensics
03.2022
Skills
Product Security Engineering
Secure Software Development Life Cycle (S-SDLC)
Threat Modeling & Abuse-Case Analysis
Vulnerability Management & Risk Assessment
Penetration Testing (Web, Mobile, API)
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST)
Software Composition & Dependency Risk Analysis
Mobile Application Security (Android, iOS)
Root / Jailbreak / Hooking Detection & Mitigation
CI/CD Pipeline Security (DevSecOps)
API Gateway & Backend Security Assessments
Secure Coding Practices
Threat Intelligence & Brand Monitoring
Accomplishments
- Bajaj Finserv Kudos Award – Exceptional Contribution
- Bajaj Finserv HEROES Award – Outstanding Individual Contribution
- Bajaj Finserv Service Excellence Champion Award
- Second Runner-Up – IBM Hackathon
Certification
Certified Ethical Hacker (CEH)
Timeline
Certified APPSEC Practitioner (CAP):** 9166903 (The SecOps Group)
03-2024
Certified Blockchain Practitioner (CBP):** 9180073 (The SecOps Group)
03-2024
Certified Ethical Hacker (CEH)
07-2023
Senior Domain Manager (Cyber Security) - BAJAJ FINANCE LTD
07.2022 - Current
Internship – Cyber Security - Bajaj Finance Ltd
07.2021 - 07.2022
Sandip University, Nashik, Maharashtra - Bachelor of Technology (BTech), Specialization in Cyber Security And Forensics
Skills
- Product Security Engineering
- Secure Software Development Life Cycle (S-SDLC)
- Cyber Threat Analysis
- Threat Modeling & Abuse-Case Analysis
- Vulnerability Management & Remediation Validation
- Risk Assessment and Mitigation
- Penetration Testing (Web, Mobile, API)
- Mobile Application Security (Android, iOS)
- Runtime Application Self-Protection (RASP)
- Root / Jailbreak / Hooking Detection & Mitigation
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- API Security Assessment
- CI/CD Pipeline Security (DevSecOps)
- Static and Dynamic Code Analysis
- Security Auditing
- Threat Intelligence and Monitoring
- Security Incident Response
- Blockchain Security
- Linux Environments
- Secure Coding Practices
- Vulnerability Assessment