Amit Kumar
Senior Product Security Engineer with 6+ years of experience in AppSec, DevSecOps, threat modeling, secure code review, and practical security automation.
Product security, AppSec, and DevSecOps
Threat modeling, architecture review, and code review
Web, mobile, API, and cloud security testing
AI-driven security automation and open-source research
Security profile
Focused on product security, secure architecture, mobile AppSec, and scaling security across engineering teams.
Real project work
Top real repositories selected from your public GitHub profile, prioritizing stronger stars and forks over placeholders.
Android BugBazaar
Open-source mobile AppSec playground showcasing insecure design patterns, threat modeling, and exploitation scenarios.
Open on GitHubOpen Source β’ Dec 2024 β PresentiOS BugBazaar
Open-source iOS AppSec playground focused on product-security-first misconfiguration exploitation.
Open on GitHub97 stars β’ 25 forks β’ Pugninjasworkout
Vulnerable NodeJS Web Application
Open on GitHub43 stars β’ 5 forks β’ ShellApkRecon
Scanning APK file for URIs, endpoints & secrets.
Open on GitHub4 stars β’ 0 forks β’ HTMLAppSecBytes
Deep dives into application vulnerabilities, CVEs, bug bounty reports, and practical defensive insights.
Open on GitHub2 stars β’ 0 forks β’ Learning resourcesecurity-study-plan
Complete practical study plan for cybersecurity paths like Pentest, AppSec, Cloud Security, and DevSecOps.
Open on GitHubCore strengths
Animated expertise bars that visually show depth across key security domains.
Professional experience
Experience highlights from the resume, with company names intentionally omitted.
Senior Product Security Engineer
- Owned end-to-end security architecture reviews and data handling assessments for critical business systems.
- Led advanced threat modeling across applications and cloud infrastructure to identify design flaws early in the SDLC.
- Designed and maintained DevSecOps pipelines with SAST, DAST, SCA, secrets detection, and policy enforcement.
- Built AI-driven security agents for automated code review, vulnerability triage, and security signal correlation.
Security Engineer
- Performed security architecture and data handling reviews with actionable recommendations for product teams.
- Executed manual and automated penetration testing for web, mobile, and API applications.
- Embedded security checks into developer workflows to automate compliance validation and reduce release bottlenecks.
- Partnered with engineering and DevOps teams to drive secure-by-design adoption and secure coding practices.
Lead Security Consultant
- Delivered product security consulting and defined security requirements and risk acceptance criteria across sectors.
- Performed VAPT for web, API, mobile, and infrastructure applications with OWASP-focused remediation guidance.
- Conducted automated and manual secure code reviews in Python, Java, NodeJS, and PHP.
- Integrated SAST, DAST, and IaC scanning into CI/CD pipelines and guided teams on secure development practices.
Security Consultant
- Performed end-to-end security assessments of web, mobile, and infrastructure applications including penetration testing and risk reporting.
How I contribute
Practical contribution areas that show impact beyond a project list.
Open-source security projects
Building and sharing practical repositories, experiments, and learning resources through GitHub.
Technical security writing
Publishing hands-on blog content around DevSecOps, supply chain security, and mobile testing.
Community knowledge sharing
Contributing through walkthroughs, research notes, and practical explanations that help other engineers learn faster.
Talks and sessions
Selected speaking and showcase highlights from the resume.
Showcased Android BugBazaar
Presented open-source mobile AppSec playground work built around insecure design patterns and exploitation scenarios.
Android AppSec speaker
Presented on Android security bypasses, protected components, and automation with Semgrep.