GAAbout Gaurav
Pentester & Security Engineer with over 5 years of hands-on experience in vulnerability assessment, penetration testing, and cloud security across web, mobile, network, and thick client environments. Proficient in secure code review, identifying logic flaws, and detecting insecure coding patterns. Experienced in securing cloud infrastructures (AWS, Azure, GCP) and assessing them against real-world attack scenarios. Known for delivering actionable security findings, supporting remediation efforts, and contributing to the development of secure systems.
Certifications:
- CREST CRT – CREST Registered Penetration Tester (09/)
- CREST CPSA – CREST Practitioner Security Analyst (09/)
- AWS Certified Security – Specialty (09/)
- OSCP+ – OffSec Certified Professional+ (06/2025)
- SecOps Group AI/ML Pentester (C-AI/MLPEN) – Credential ID: 10492478 (09/2025)
- eMAPT eLearnSecurity : Mobile Application Penetration Tester (06/2023)
- eLearnSecurity eCPPT : Certified Professional Penetration Tester (01/2023)
- eLearn Security eWPTXv2 : Web Application Penetration Tester Xtream (08/2022)
English
Native or bilingual
Remote only
Primarily works remotely
Experience
- BMCSoftware India Pvt LtdProduct Security EngineerNovember 2022 - Today (3 years and 7 months)Pune, Maharashtra, IndiaResponsibilitiesConducting securityassessments on web, mobile, thick-client applications, network infrastructure, and cloud environments to identify vulnerabilities, perform risk assessments, and ensure compliance with security standards. Experienced in secure code review to detect and mitigate application-level risks. Performing static code reviews (SAST) to detect vulnerabilities, ensure secure coding practices, and collaboratewith development teams on remediation. Validate, reproduce, and triage security issues reported by researchers and customers, coordinating remediation with relevant teams. Performimg threat modeling and risk assessments to prioritize security vulnerabilities and recommend mitigation strategies. Executing SASTand DAST to identifyvulnerabilities in source code and runtime, providing comprehensive security insights. Maintaining and organizing securityassessmentartifacts, including vulnerability reports, riskanalysis, and remediation tracking.
- SecurityboatCybersecuritySolutionsApplication Security EngineerJanuary 2021 - October 2022 (1 year and 9 months)Pune, Maharashtra, IndiaConducted penetration testing on web, mobile,API, and networkapplicationsacrossvarious clientenvironments, identifying vulnerabilitiesand providing detailed remediation guidance. Successfullydelivered 40+ securityassessment projects for diverse clients, covering OWASPTop 10, SANS 25, and business logic flaws. Collaborated with clientdevelopmentand security teams to reproduce, explain, and remediatevulnerabilities, ensuring secure design and coding practices. Maintained and organized assessmentdocumentation, including detailed security reports, riskanalysis, and remediation tracking forcompliance and audit purposes.
Recommendations
Be the first to recommend Gaurav
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- CREST CRT : CREST Registered Penetration Tester2028CREST CRT : CREST Registered Penetration Tester
- CREST CPSA : CREST Practitioner Security Analyst2028CREST CPSA : CREST Practitioner Security Analyst