Available for engagements

AI/ML PENTEST // VAPT // RED TEAM // CLOUD SECURITY

SUNILTRIPATHY

— Security Researcher

I help organisations stay one breach ahead — building offensive simulations, hardening cloud estates and running 24/7 SOC operations that actually catch real threats.

LinkedIn ↗

// SCROLL TO EXPLORE📍 Bangalore, India

01DOSSIER

● REC // LIVE

ID // $UN!L // CLEARANCE: RED

I build systems
attackers hate.

Over years of hands-on work across penetration testing, incident response and cloud security, I've shipped findings that moved security postures from compliant-on-paper to genuinely resilient. My approach is part adversary, part architect: break it loud, fix it quietly, document everything.

I work across pentest, SOC and cloud — bridging offensive findings with defensive engineering, and documenting work that survives team turnover.

10+

Years in Security

120+

Pentests Delivered

Critical CVEs Found

2.4K

SOC Incidents Triaged

02CAPABILITIES & CERTS

Stack I bring
to every engagement.

Offensive Security

▸VAPT (Web, API, Network, Infra)
▸Secure Code Review (Java, .NET, Node.js)
▸Smart Contract Audit (Solidity / EVM)
▸AI/ML & LLM Pentesting
▸Active Directory Attacks
▸Red Team Engagements
▸C2 Frameworks (Cobalt Strike, Sliver, Mythic, Havoc)
▸Social Engineering

Defensive / SOC

▸SIEM (Splunk, Sentinel, ELK)
▸Threat Hunting
▸Incident Response
▸Forensics & Log Analysis
▸Detection Engineering

Cloud Security

▸AWS / Azure / GCP Hardening
▸IAM & Zero-Trust
▸Container & K8s Security
▸CSPM / CNAPP
▸DevSecOps Pipelines

AI/ML Security

▸LLM Prompt Injection & Jailbreaks
▸Model Extraction & Inversion
▸Training Data Poisoning
▸RAG / Agent Abuse Testing
▸MLOps Pipeline Hardening
▸OWASP LLM Top 10

Tooling

▸Burp Suite
▸Cobalt Strike / Sliver / Mythic
▸BloodHound
▸Metasploit
▸Wireshark
▸Nmap
▸Splunk
▸Python
▸Bash

CERTIFICATIONS

OSCP

Offensive Security Certified Professional

CRTO

Certified Red Team Operator

CAISR

Certified AI Security Researcher — 8kSec

CEH

Certified Ethical Hacker

AWS-SCS

AWS Certified Security – Specialty

CompTIA Sec+

Security+ ce

03OPERATIONAL HISTORY

Where I've worked
in the trenches.

2024 — Present

Lead Security Engineer

@ Resillion

//Lead AI/ML penetration testing engagements — LLM prompt-injection, model extraction, training-data poisoning, RAG abuse and MLOps pipeline attacks.
//Run red-team simulations with custom C2 infrastructure (Cobalt Strike, Sliver, Mythic) against critical banking & enterprise infrastructure.
//Built detection rules cutting MTTR by 42% across the SOC and designed cloud guardrails for a 4-account AWS landing zone.

2024 — Present

Independent Security Researcher

@ Immunefi · Web3 Bug Bounty

//Hunt high-impact bugs across DeFi, NFT and L2 protocols on Immunefi — focus on smart-contract logic, oracle abuse and access-control flaws.
//Deliver smart-contract security audits for Solidity / EVM projects, with PoCs and remediation guidance.
//Active on bounty leaderboards; payouts on critical findings.

2021 — 2024

Security Lead

@ Accenture · Worked with: AWS

//Led security workstreams for an AWS enterprise client — cloud security reviews, IAM hardening and threat modeling for production workloads.
//Delivered 80+ pentests across fintech, healthcare and SaaS engagements.
//Reported 9 critical vulnerabilities including 2 CVEs; authored client-facing remediation playbooks.

2016 — 2020

VAPT Engineer & Secure Code Reviewer

@ Tata Consultancy Services (TCS)

//Led secure code reviews across Java, .NET and Node.js codebases — flagging injection, auth and crypto flaws before production.
//Delivered vulnerability assessments and penetration tests across enterprise web, network and infrastructure assets.
//Partnered with SOC teams on incident triage and detection tuning, building SOC-aware remediation playbooks.

04SELECTED CASE FILES

Things I've broken
and then fixed.

CASE / 01

LLM Red Team — Enterprise GenAI Platform

Adversarial assessment of a production LLM platform. Bypassed guardrails via indirect prompt injection through RAG sources, achieved data exfil from connected tools, and reported model-extraction risk.

LLMPrompt InjectionRAGOWASP LLM

CASE / 02

Red Team Engagement — Indian BFSI

Full-scope adversary simulation against a Tier-1 bank: phishing, OT pivot, domain escalation. Closed with C-suite tabletop debrief.

Cobalt StrikeC2ADPhishing

CASE / 03

AWS Cloud Security Audit

Reviewed 6 production AWS accounts. Found IAM privilege creep, exposed S3 sinks and crypto-mining via stale Lambda. Hardened landing zone.

AWSIAMCSPMTerraform

CASE / 04

Kubernetes Threat Detection

Authored Falco + Splunk detections for container escape, sidecar tampering and crypto-jacking. Now part of org-wide baseline.

K8sFalcoSplunkPython

06OFF THE CLOCK

Beyond the
terminal.

When the laptop closes, I'm usually somewhere with bad Wi-Fi, fresh air and a backpack. These are the side quests that keep me sharp.

Traveller

Always one boarding pass away from the next city.

Fridge Magnet Collector

A magnet from every place I've stood in.

Photo Hoarder

Capturing skylines, strangers and street food.

Coffee Operator

Three shots before any pentest report.

05ESTABLISH SECURE CHANNEL

Let's talk
securely.

For engagements, advisory work, talks or just to trade war stories — send a message. Most replies within 48h.

linkedin.com/in/suniltripathy contact.suniltripathy@gmail.com

Bangalore, India