Summary
Overview
Work History
Education
Skills
Certification
Accomplishments
Languages
Projects
Tools & Technologies
Websites, Portfolios and Profiles
Timeline
Generic
Sivakumar Kondreddy

Sivakumar Kondreddy

Hyderabad

Summary

Application Security Engineer with 4+ years of experience in VAPT, web, and API security testing. Proven ability to identify critical vulnerabilities, improve detection coverage, and deliver actionable remediation strategies to enhance application security.

Overview

4
4
years of professional experience
1
1
Certification

Work History

Application Security Engineer

FLYROTECH TECHNOLOGIES
HYDERABAD
05.2022 - Current
  • Conducted thorough analysis of application architecture to identify potential vulnerabilities across 10+ web and mobile applications, uncovering 25+ critical and high-severity issues.
  • Developed and executed comprehensive penetration tests, identifying and exploiting OWASP Top 10 vulnerabilities (XSS, SQL Injection, CSRF, IDOR, SSRF) to uncover weaknesses before production release.
  • Designed and implemented detailed test plans and procedures for application penetration testing engagements across web, mobile, and API environments.
  • Performed DAST using Burp Suite, OWASP ZAP, and Nessus, reducing false positives by ~30% through manual testing and improving security findings accuracy.
  • Conducted REST API security testing, identifying 10+ API-specific vulnerabilities including authentication bypass and improper authorization.
  • Integrated DevSecOps practices into CI/CD pipelines using tools like Jenkins and GitHub Actions, performing code reviews, vulnerability assessments (SAST/DAST), and enforcing secure coding standards to strengthen application security.
  • Secured cloud and containerized environments (AWS/Azure/GCP, Docker, Kubernetes), automated security monitoring and compliance checks.
  • Collaborated with cross-functional development teams to remediate vulnerabilities and integrate secure SDLC practices, reducing average remediation time by ~25%.
  • Delivered detailed vulnerability reports with actionable remediation recommendations, leveraging CVE analysis and CVSS scoring for risk prioritization.

Education

B.Tech - ELECTRONICS AND COMMUNICATION ENGINEERING

Lovely Professional University
Punjab
06.2022

DIPLOMA - ELECTRONICS AND COMMUNICATION ENGINEERING

Rise Polytechnic college
Ongole, Andhra Pradesh
05.2019

Skills

  • Vulnerability Assessment & Penetration Testing (VAPT)
  • Web & Mobile Application Security Testing
  • REST API Security Testing
  • OWASP Top 10 & Threat Modeling
  • CVE Analysis & CVSS-Based Risk Prioritization
  • Bug Bounty Hunting
  • Vulnerability Reporting & Remediation
  • Secure SDLC Practices
  • Risk Assessment & Management
  • Cross-team Collaboration

Certification

  • Ethical Hacking (CEH-aligned Training) – Edu-versity
  • CCNA - Cisco Certified Network Associate

Accomplishments

  • Active bug bounty hunter on HackerOne, applying real-world VAPT skills to identify OWASP Top 10 vulnerabilities and deliver structured, high-quality reports with clear impact analysis.
  • Reduced false positives by ~30% through manual validation of automated scans using tools like Burp Suite and OWASP ZAP, enhancing accuracy of security findings.
  • Identified and validated 25+ critical and high-severity vulnerabilities across 10+ web and mobile applications, significantly improving overall application security posture.

Languages

English
Telugu
Hindi

Projects

API Security Testing
→ github.com/sivakumarkondredy47-web/api-security-testing-lab

- Performed REST API security testing by analyzing JSON-based requests
 and responses to identify authentication and input validation vulnerabilities
- Tested API endpoints using Postman, identifying broken authentication,
 insecure endpoints, and input validation flaws
- Documented findings with payloads, impact analysis, and remediation
 recommendations following OWASP API Security Top 10

Web Application Security Testing
→ github.com/sivakumarkondredy47-web/webapp-security-testing-lab

- Performed web application security testing on DVWA, identifying
 XSS, SQL Injection, and CSRF vulnerabilities through manual testing
- Utilized Burp Suite to intercept and analyze HTTP requests and
 responses, validating vulnerabilities
- Documented detailed remediation recommendations following
 OWASP Top 10 and industry best practices

Tools & Technologies

Penetration Testing : Burp Suite, OWASP ZAP, Nessus, Kali Linux, Metasploit

API Testing : Postman, REST APIs, JSON, OAuth 2.0

Mobile Application Security:MobSF (Mobile Security Framework), ADB (Android Debug Bridge), Frida, Jadx (APK Decompiler), Android Studio Emulator

Vulnerability Management : OWASP Top 10, CVE Analysis, CVSS Scoring

Reporting & Documentation : Vulnerability Reports, Remediation Docs, Risk Assessments

Websites, Portfolios and Profiles

  • https://github.com/sivakumarkondredy47-web
  • https://www.linkedin.com/in/sivakumar-reddy-457b233b8/
  • https://hackerone.com/siva_vapt

Timeline

Application Security Engineer

FLYROTECH TECHNOLOGIES
05.2022 - Current

B.Tech - ELECTRONICS AND COMMUNICATION ENGINEERING

Lovely Professional University

DIPLOMA - ELECTRONICS AND COMMUNICATION ENGINEERING

Rise Polytechnic college

Similar Profiles

CREATE PROFILE
Sivakumar Kondreddy