Tuhin Mukherjee
Summary
Dynamic security consultant with extensive experience at Pentest People, excelling in penetration testing and vulnerability research. Achieved a 30% reduction in report delivery time while enhancing client security postures. Proficient in web application security and critical thinking, driving impactful results through innovative solutions and effective team leadership.
Overview
9
9
years of professional experience
1
1
Certification
Work History
Researcher
CSIRT.global
05.2023 - Current
- Conducted in-depth vulnerability research and facilitated responsible disclosure for 100+ internet-facing systems worldwide.
- Performed weekly scans of 10,000+ domains to identify critical CVEs, proactively notifying over 100 affected organizations.
- Collaborated with DIVD and CSIRT teams to streamline incident response workflows and enhance coordinated disclosure processes.
Consultant
Pentest People
04.2023 - 03.2025
- Executed 50+ comprehensive penetration tests across Web, AWS, API, and Android platforms.
- Discovered and reported 200+ vulnerabilities, including 25+ high/critical issues using tools like Burp Suite, Caido, Nmap, Postman, Frida, and Jadx.
- Led post-engagement debriefs, helping clients improve their security posture by up to 80%.
- Reduced report delivery time by 30% through the creation of reusable content templates.
Consultant
Presidio Information Risk Management LLP
Pune
01.2017 - 04.2023
- Led 60+ black-box and Gray-box security assessments across web, mobile, internal networks, and AWS cloud environments.
- Delivered remediation strategies to 25+ clients, reducing average risk exposure by 65%.
- Managed a team of 6 consultants, improving delivery efficiency by 20% through training and process optimization.
- Served as Subject Matter Expert (SME) for offensive security, supporting business development and proposal success.
Security Trainer
Innobuzz Knowledge Solutions
Siliguri
12.2016 - 12.2018
- Trained 50+ students and professionals in ethical hacking, vulnerability assessment, and web application security.
Education
Diploma - Electronics & Telecommunication Engineering
WBUT
Falakata01.2011
Skills
- Web application security
- Vulnerability research
- Penetration testing
- Security assessment
- Critical thinking
- Continuous learning
- OWASP Top 10
- Business logic flaws
- API security
- Mobile security
- Android and iOS application penetration testing
- Static analysis
- Dynamic analysis
- Cloud security (AWS and Azure)
- AI model security
- Application testing (Burp Suite, Caido, Postman, MobSF, FFUF, Sqlmap, Frida, Jadx)
- Network and infrastructure security (Nmap, Wireshark, Metasploit, Nessus, Amass, Shodan)
- Automation and reconnaissance (custom Python/Bash scripts, asset discovery, enumeration pipelines
Certification
- Certified Web Application Security Tester - Innobuzz
- Certified Exploit Writing Expert - Innobuzz
- Advanced Penetration Testing - Craw Security
- Mobile Application Penetration Testing - TCM Security
- AWS Security - Craw Security
- API Penetration Testing - APIsec University
- Practical Ethical Hacking - TCM Security
- NSD Certified Bug Bounty Researcher - ISAC India
- The Bug Hunter's Methodology (Live Class) - Jason Haddix
- GNIIT (Software Engineering) - NIIT
Projects
Reported 50+ security vulnerabilities to global organizations including BMW, Sony, Mastercard, Disney, Dell, indeed, and FCA through responsible disclosure and coordinated bug bounty platforms. Achieved multiple Hall of Fame recognitions and monetary bounties via Hackerone, Bugcrowd, Intigriti, and private bounty programs. Developed and maintained custom tools and scripts to automate vulnerability identification and reconnaissance processes, reducing manual effort by up to 60%.
Timeline
Researcher
CSIRT.global
05.2023 - Current
Consultant
Pentest People
04.2023 - 03.2025
Consultant
Presidio Information Risk Management LLP
01.2017 - 04.2023
Security Trainer
Innobuzz Knowledge Solutions
12.2016 - 12.2018
Diploma - Electronics & Telecommunication Engineering
WBUT
Similar Profiles
Bao Tran NguyenBao Tran Nguyen
Researcher at HUTECH Institute of Applied Sciences (HIAS)Researcher at HUTECH Institute of Applied Sciences (HIAS)
Emmeline ShachoryEmmeline Shachory
Researcher at Wild TerrainsResearcher at Wild Terrains
Collins RuttoCollins Rutto
Researcher at Southern Illinois University School of MedicineResearcher at Southern Illinois University School of Medicine
CHELSA SUSAN SUNNYCHELSA SUSAN SUNNY
Researcher at PGM College MG UniversityResearcher at PGM College MG University
SRIVIKAS RAMINEEDUSRIVIKAS RAMINEEDU
Application Security Engineer at Bank of AmericaApplication Security Engineer at Bank of America