Rohit Sharma
Offensive Security professional specializing in Web, API, Mobile, and Network Security with 500+ vulnerabilities reported and 70+ pentests delivered.
Cyber Security Analyst with 4+ years of specialized experience in bug bounty and professional pentesting. Specialized expertise across web, API, mobile, infrastructure, and custom phishing assessments.
400+
Penetration Tests
1500+
Vulnerabilities Identified
Recognized By
Apple (11x)
+ NVIDIA, RedHat, SAP
Published
2 CVEs
CVE-2022-3774, 2023-5302
About Me
I'm a Cyber Security Analyst focused on offensive security and continuous improvement. I conduct VAPT with an emphasis on black-box testing and exploit development to uncover critical vulnerabilities. With 4+ years of experience, I've reported 500+ vulnerabilities and completed 70+ professional pentest engagements, helping teams reduce misconfigurations and strengthen security posture across web, mobile, APIs, and networks.
Vulnerabilities Identified
1500+
Critical to informational
Penetration Tests
400+
Web, mobile, infrastructure
Industry Recognition
50+
Hall of Fame acknowledgments
Experience
- R
Security Analyst — Breachlock
- Pentesting across web, API, thick client, Android/iOS, and internal/external networks.
- PCI DSS testing, phishing assessments, OSINT, and Microsoft 365 reviews.
- Cloud audits on Azure, AWS, GCP, O365; streamlined PTaaS workflows and remediation tracking.
- Mentored junior analysts on methodologies and exploitation techniques.
- A
Security Analyst Trainee — Appzlogic
- Led SAST/DAST and VAPT across web and API applications; authored security test cases.
- Manually found 120+ vulnerabilities across 14+ pentests; improved client awareness.
- F
Freelance Cyber Security Analyst — Various
- Reduced vulnerabilities for clients by 30% through detailed reporting and VAPT.
- Secured a proprietary trading platform handling $3.7M+ weekly payouts.
- Specialized in OWASP Top Ten; contributed to security research with payouts.
- I
Cyber Security Summer Intern — Cyber Cell
- Assisted in investigations and incident response; conducted forensics and OSINT.
- Created checklists, guidance for public security hygiene, and authored reports.
- B
Bug Bounty & CVEs
- Apple Inc. Hall of Fame (10x) through April 2024.
- Nvidia Hall of Fame (Oct 2022); RedHat acknowledgment (Jul 2022); Lenovo InfoSec (May 2022).
- Published CVEs: CVE-2022-3774, CVE-2023-5302.
Technical Skills & Expertise
- OWASP Top 10
- SAST/DAST
- Secure Code Review
- iOS / Android
- OWASP MSTG
- Binary Analysis
- REST / SOAP
- AuthN/AuthZ
- Scope Validation
- Internal/External
- Threat Modeling
- Privilege Escalation
- AWS / Azure / GCP
- O365
- PCI DSS
- SIEM Awareness
- VAPT Reporting
- PTaaS Workflows
Based on 400+ completed assessments
Security Services for Companies
Comprehensive penetration testing and security assessments tailored to strengthen your organization's security posture. Leveraging 400+ pentests and identification of 1500+ vulnerabilities across enterprises.
Specialized in creating and deploying targeted phishing campaigns for internal security testing and employee education. My custom email templates are designed to realistically simulate threats while providing valuable insights into your organization's security awareness.
Email Template Design
Custom-crafted templates mimicking real-world phishing scenarios, credential harvesting, and social engineering tactics
Campaign Management
End-to-end phishing simulation with user tracking, detailed reporting, and follow-up security training recommendations
• Black/gray box VAPT
• OWASP Top 10 assessment
• Privilege escalation
• Remediation guidance
• iOS & Android testing
• OWASP MSTG compliance
• Secure storage audit
• Runtime protection checks
• Microsoft 365 audit
• AWS, Azure, GCP review
• Identity hardening
• Incident readiness
• Scope validation
• Testing strategy
• Risk prioritization
• Compliance alignment
Resume & Credentials
Resume.pdf
Rohit Sharma - Security Analyst
View or download my comprehensive resume featuring my experience, skills, certifications, and professional achievements in cybersecurity.
Hall of Fame
50+ Security Acknowledgments
Recognized by leading organizations worldwide for responsible security disclosure
11 Times
July 2021 - July 2024
Multiple security acknowledgments across iOS, macOS, and web services
Hall of Fame
Oct 2022
Graphics and AI platform security
Hall of Fame
Jul 2022
Enterprise Linux and cloud security
Hall of Fame
Jun 2023
Enterprise software security
Hall of Fame
May 2022
Hardware and firmware security
Hall of Fame
Jun 2022
Cybersecurity platform vulnerabilities
Acknowledgment
Apr 2022
Academic infrastructure security
Acknowledgment
Sep 2022
Educational platform security
Acknowledgment
Feb 2023
Research system security
Acknowledgment
2022
Campus network security
Hall of Fame
Sep 2022
Industrial equipment security
Hall of Fame
Apr 2022
Automotive platform security
Hall of Fame
Jun 2021
Telecommunications security
Hall of Fame
May 2021
Network infrastructure security
Hall of Fame
Sep 2021
Mobile network security
Hall of Fame
Nov 2021
Automotive systems security
Recognition 2024
Oct 2024
Open-source security bug identification and reporting
Government Recognition
Mar 2021
Critical infrastructure vulnerability disclosure
Published CVEs
CVE-2022-3774
Security vulnerability disclosure
CVE-2023-5302
Coordinated vulnerability disclosure
Achievements & Recognition
- CVE-2022-3774
Vulnerability disclosure and remediation guidance
- CVE-2023-5302
Coordinated disclosure improving ecosystem security
Blog
Visit MediumLet's Connect
Open to security consulting, pentesting, and research collaborations. Reach out on LinkedIn for the fastest response.
For the fastest response and professional inquiries, connect with me on LinkedIn. I'm actively looking for security consulting opportunities and collaboration.