Rachit Verma | Security Engineer, Pentester & Bug Bounty Hunter

[ PROFILE ]

Senior Security Engineer with 5+ years of industry experience and 5+ years in VDP/bug bounty programs. Specialized in Penetration Testing, Application Security, Cloud Security and Red Teaming. Recognized for innovative problem solving and expertise across web, mobile, API and cloud platforms.

ORGANIZATIONS RECOGNIZED

100+

YEARS EXPERIENCE

5+

CRITICAL VULNS FOUND

100+

DETECTION TIME REDUCED

30%

$ whoami
Security Engineer • Pentester • Red Teamer

$ cat certs.txt
> OSCP+ - OffSec Certified Professional
> eWPTXv2 - Web Application Penetration Tester
> CAP - Certified AppSec Practitioner

[ MAJOR ACHIEVEMENTS ]

🎖️ Red Team - G20 Leaders Summit 2023

C-DAC, Critical Security Assessment

September 2023

🏆 100+ VDP Acknowledgments

Microsoft, Apple, Sony, Intel, NCSC.nl, Zomato, IOTA

Government & Enterprise Recognition

📊 30% Incident Detection Improvement

Advanced Threat Hunting & SIEM Optimization

Curefit Security 2025

🔐 FDA Compliance Framework

ISO/IEC 27001, 27002, 62304, 13485 Healthcare AI

Anumana Current

[ CAREER TIMELINE ]

Senior Cyber Security Engineer

Anumana | AI-driven Healthcare

Dec 2025 - Present

Product Security • ISO/IEC 27001/27002/62304/13485 • Healthcare SaMD Security

Security Engineer

Curefit - House of Cult

June 2025 - Dec 2025

SAST/DAST Testing • CI/CD Security Automation • Threat Hunting • Cloud Security (AWS/GCP)

Security Engineer

C-DAC, Hyderabad | MeitY, Government of India

Aug 2021 - June 2025

Pentesting • Application Security • Complaince • Red Team

100+ RECOGNIZED ORGANIZATIONS:

Microsoft

Apple

Sony

Intel

Zomato

IOTA

CERT Global

[ SECURITY ARSENAL ]

CORE EXPERTISE:

Penetration Testing

Application Security

Red Teaming

API Security

Cloud Security

Active Directory

Threat Hunting

Code Review

OFFENSIVE TOOLS & FRAMEWORKS:

Burp Suite

Metasploit

Nmap

Nessus

BloodHound

Mimikatz

Ligolo-ng

CrackMapExec

MobSF

Frida

AUTOMATION & DEFENSE:

SAST/DAST

Semgrep

Gitleaks

TruffleHog

Trivy

Nuclei

SIEM/Coralogix

DevSecOps

LANGUAGES & PLATFORMS:

Python

Bash

PowerShell

AWS

Azure

GCP

Kubernetes

Docker

Blockchain

[ BUG BOUNTY RESEARCH & WRITEUPS ]

Curated bug bounty and penetration testing stories focused on real world vulnerabilities, clear impact and practical lessons for security engineers, pentesters and developers.

How Ignoring One Field Led to Zomato Account Takeover

Category: Account Takeover, Web Application Security, Bug Bounty

Disclosed: 2018 • Program: Zomato

A logic flaw in Zomato's email verification flow that allowed login to newly created, unverified user accounts using only a predictable user ID, without a password or valid verification code.

💡 More writeups coming soon. Follow my research on Twitter and LinkedIn.

[ CONNECT ]

$ echo "Expertise in Security Engineering"

$ contact
> Email: b43kd00r@gmail.com
> Topmate: https://topmate.io/b43kd00r
> Portfolio: https://b43kd00r.ninja
> LinkedIn: linkedin.com/in/b43kd00r
> GitHub: github.com/b43kd00r

$ echo "Open for security consulting, red team ops & collaboration"

📧 Email

🔴 Topmate

🐙 GitHub

🐦 Twitter

💼 LinkedIn