Sumit Karak
Madhubani
Summary
Application Security Engineer specializing in end-to-end VAPT, API security, and mobile application security. Experienced in identifying and remediating critical vulnerabilities, validating fixes, and driving secure development practices. Strong background in fintech security and audit readiness, with recognition for high-impact vulnerability discoveries.
Overview
5
5
years of professional experience
1
1
Certification
Work History
Senior Executive – Information Security
Angel One Ltd
09.2023 - Current
- Conduct end-to-end VAPT across web, mobile, and API platforms, identifying and validating critical security vulnerabilities.
- Collaborate closely with development, QA, and infrastructure teams for remediation guidance, fix validation, and continuous vulnerability closure tracking.
- Maintain regulatory and audit compliance (SEBI, NSE/BSE, internal audits) through structured evidence collection and security documentation.
- Optimize AppSec workflows by standardizing reporting formats, automating revalidation activities, and improving remediation turnaround times.
- Drive security testing strategies for high-impact, customer-facing applications to prevent data leakage and unauthorized access in production environments.
Penetration Tester
Freelancer
03.2023 - 08.2023
- Conducted web application and network penetration testing for multiple clients, identifying and validating security vulnerabilities.
- Performed bug hunting on public and private programs, discovering issues aligned with OWASP Top 10 categories.
- Received bug bounty rewards and Hall of Fame recognition from organizations including MoneyBox, Government of Quebec, and Ooredoo for responsible vulnerability disclosures.
Security Analyst
Paramount Computer Systems LLC, Dubai
11.2021 - 03.2023
- Performed external and internal network VAPT (black/grey/white box) and web application penetration testing across multiple client environments.
- Conducted Android application security testing, secure code reviews, and network device configuration reviews.
- Executed phishing simulations and supported client security awareness initiatives.
- Delivered technical walkthrough and presentations to technical and non-technical stakeholders.
- Reviewed penetration testing reports and optimized internal testing processes for efficiency and consistency.
- Performed internal penetration testing for the organization.
Intern
Ehack AcademyAcadem
10.2020 - 04.2021
- Assisted in LAN design and implementation for small-scale network environments.
- Configured and troubleshot routing protocols including static, default, and dynamic routing (EIGRP, OSPF, BGP).
- Implemented switching technologies such as VLANs, STP, Router-on-a-Stick (ROAS), and Multilayer Switching (MLS).
- Applied network security controls using Access Control Lists (ACLs).
Education
Bachelor of Engineering - Information Science
Sapthagiri College of Engineering
Bengaluru, India01.2019
Skills
- Vulnerability Assessment
- Penetration Testing
- Web Application Security Testing
- Mobile Application Security Testing
- API Security Assessment
- Source Code Review
- Configuration reviews of network devices
Certification
- EC-Council Certified Security Analyst (ECSA)
- Completed CEHv10 Training from EC Council
- Certified Security Penetration Tester (ISSS, UK)
Timeline
Senior Executive – Information Security
Angel One Ltd
09.2023 - Current
Penetration Tester
Freelancer
03.2023 - 08.2023
Security Analyst
Paramount Computer Systems LLC, Dubai
11.2021 - 03.2023
Intern
Ehack AcademyAcadem
10.2020 - 04.2021
Bachelor of Engineering - Information Science
Sapthagiri College of Engineering
Knowledge of Security Tools
- Burp Suite
- Nmap
- Nessus
- Postman
- MobSF
- Wireshark
- Acunetix
- Sonarqube
Key Achievements
- Identified and remediated multiple high and critical vulnerabilities, preventing potential PII exposure and unauthorized access.
- Maintained zero non-compliance observations across SEBI, NSE/BSE, and internal cybersecurity audits through proactive VAPT evidence management.
- Received Bug Bounty and Hall of Fame recognition for responsible disclosure of high-impact vulnerabilities in web and API platforms.
- Honored for Outstanding Contributions and Team Excellence under:
Honorary Team of Angelites – Information Security
Angel One’s Extraordinaire – Information Security
Career Highlight
- Strengthened the organization’s application security posture by proactively identifying and closing vulnerabilities across critical business platforms.
- Prevented potential security incidents through early discovery of authentication, authorization, and access control flaws.
- Led collaborative fix validation efforts to ensure vulnerabilities were effectively remediated before production release.
- Played a key role in maintaining continuous audit readiness and regulatory compliance across internal and external reviews.
Key Projects
Trading Platform Security Assessment & Risk Remediation
- Led security testing and remediation validation for a production trading platform, identifying and resolving critical issues related to authentication, injection flaws, and token handling logic.
API Security Assessment Program
- Conducted large-scale API security testing, identifying broken authorization, excessive data exposure, and logic flaws, and supporting closure tracking.
Audit & Compliance Evidence Management
- Built and maintained centralized VAPT and compliance documentation supporting SEBI CSCRF and NSE/BSE audits, resulting in zero adverse observations.