Rahul Mandal.

Application Security Engineer/VAPT & Red Team/Secure SDLC & DevSecOps

I help product and platform teams ship securely. Over 4+ years delivering enterprise-grade assessments across web, API, mobile, thick-client, network, and cloud - paired with SAST/DAST tooling, secure code review, and red-team simulation aligned to OWASP and MITRE ATT&CK.

Aligned toOWASP Top 10OWASP ASVSMITRE ATT&CKSecure SDLCDevSecOps
scroll
0+
Years in Full-Stack
0+
Years in Security
0
Security Domains
0
Cloud Platforms
0
Frameworks & Standards
Experience

From building software to breaking it on purpose.

Three roles, one continuous thread - the path from full-stack development into application security.

April 2022 - Present

Security Analyst II

Current
Strobes SecurityRemotely · Hyderabad, India

Lead technical contributor on client-facing security engagements across application, infrastructure, and cloud surfaces.

  • Delivered enterprise-grade assessments across web, mobile, API, and thick-client environments aligned with OWASP
  • Translated technical findings into business risk for client executives and management
  • Managed end-to-end engagements: discovery, scoping, execution, remediation guidance, post-engagement support
  • Configured and integrated SAST/DAST tooling within GitHub Actions and GitLab CI pipelines
  • Conducted secure code reviews with developer-friendly remediation aligned to Secure SDLC and DevSecOps
  • Performed cloud configuration audits across AWS, Azure, and GCP - IAM gaps, misconfigurations, compliance
  • Executed red-team and adversary-simulation assessments and presented findings to leadership
  • Authored architecture diagrams, threat models, executive reports, and operational runbooks
Stack
Burp SuiteNmapMetasploitWiresharkAWSAzureGCPGitHub ActionsPythonOWASP TOP 10MITRE ATT&CK
February 2022 - March 2022

Research Intern - Cyber Security

Internship
SISTMR AustraliaVirtual · In association with VPKBIET, Baramati

Two-month Virtual Cyber Security Industry Internship that formalised my transition from full-stack development into application and offensive security.

  • Completed the Virtual Cyber Security Industry Internship program in association with VPKBIET, Baramati
  • Researched real-world attack surfaces, reconnaissance techniques, and exploitation primitives
  • Produced structured technical write-ups translating research into reproducible findings
  • Awarded Best Award by SISTMR Australia upon program completion
Stack
Cyber SecurityResearchReconnaissanceExploitationTechnical Writing
June 2019 - October 2021

Associate UI Engineer

DIPCAhmedabad, India

Built user-facing and backend components for internal and public-facing platforms - gaining the systems intuition I now apply to security review.

  • Developed and deployed user-facing and backend components for internal and public platforms
  • Gained hands-on experience with web servers, application servers, and XML/SOAP integrations
  • Set up and configured development and production environments on Windows and Linux
  • Worked with relational databases for application data layers and schema changes
  • Collaborated with UI/UX, QA, and backend teams on responsive, accessible applications
  • Documented system designs, integration patterns, and deployment procedures for onboarding
Stack
MERN StackHTMLJavaScriptMySQLLinuxWindows Server
Certifications & Learning

Continuous study, deliberate breadth.

In Progress
AI / LLM Security

OSAI+ - AI / LLM Security Certification

Specialised certification focused on offensive and defensive security for AI-integrated applications, prompt injection, and LLM supply-chain risk.

Completed
Offensive Security

Penetration Testing Essential Training

Foundational penetration testing methodology, exploitation primitives, and structured engagement workflow.

Completed
Ethical Hacking

Practical Ethical Hacking Course

Hands-on training across reconnaissance, exploitation, privilege escalation, and reporting against realistic targets.

Completed
Networking

Complete Networking Fundamentals

TCP/IP, routing, switching, and the underlying network primitives that every network and infrastructure assessment depends on.

Contact

Let's get in touch.

Open to security engagements, advisory work, and full-time roles. The fastest way to reach me is email.

Send a message