about
skills
Security
Penetration TestingVAPTCode ReviewSIEMBug Bounty
Languages
GoPythonRustTypeScriptLuaBash
Cloud & IaC
AzureTerraformDockerSentinel
Frameworks
SvelteKitNext.jsExpress
certifications
education
MSc Network & Information Security
Kingston University · 2025
BSc (Hons) IT - Cyber Security
SLIIT · 2021 - 2024
experience
Security Engineer & Penetration Tester
Surge Global
Nov 2023 - Present
- > Performed VAPT on in-house and client web applications
- > Found 10-20 critical vulnerabilities per application on average
- > Conducted security code reviews on client codebases
- > Built Microsoft Sentinel SIEM solution with Terraform IaC
Cyber Security Intern
Surge Global
May 2023 - Oct 2023
- > Performed VAPT on client applications
- > Code review for vulnerability detection
- > R&D on prompt injection prevention methods
Bug Bounty
OpenSea - Sensitive Data Exposure
Found hardcoded credentials in JavaScript allowing authentication bypass
BugCrowd · June 2024
projects
A knowledge repository with easy-to-understand explanations of complex concepts
SveltemdsvexTypeScript
Post-quantum steganography tool using ML-KEM-768 and AES-256-GCM
SvelteTypeScriptWebCrypto
achievements
capture the flag
SLIIT ISACA CTF
Solo vs 15 four-member teams
CICRA 10th Summit CTF
Duo vs 40+ teams
Enigma CTF
19 participants
Manthra CTF
30+ participants
Medusa CTF
Consistently placed in the top 3 across all CTF competitions.
contact
Interested in working together or have a security concern? Feel free to reach out.