Security Researcher & AppSec Engineer

Salmon.
Kumar

@0xSalm0n  ·  Security Engineer  ·  Penetration Tester  ·  AppSec

I break applications for a living — then help teams build them right. Specializing in web application, API, network, and mobile (Android) penetration testing, I combine a developer's understanding of codebases with an attacker's mindset to find what automated scanners miss.

Available for Security Collaborations & CTF Teams

1yr+

AppSec Experience

OWASP+

Standards Applied

4x

Attack Surfaces

Dev → Sec

Full-Stack Background

AppSec Focus Areas

Primary Domain

Web Application Pentesting

API Security

REST · GraphQL · Auth Flows

Mobile

Android (APK Analysis)

Methodology

OWASP Top 10 · PTES

Secure Dev

SAST · Code Review · Hardening

Goal

Red Team Operations

Core Competencies

🔍

Vulnerability Research

Identifying logic flaws, injection points, and authentication bypasses in web apps and APIs beyond what automated scanners surface.

📋

Pentest Reporting

Delivering developer-friendly reports with clear risk ratings, PoC evidence, and actionable remediation mapped to OWASP and CVSS.

🛡️

Secure Code Review

Reviewing source code and collaborating with dev/DevOps teams to enforce secure coding standards before code ships to production.

⚙️

Attack Surface Reduction

Endpoint hardening, infrastructure security, and threat modeling to shrink the attack surface and reduce organizational risk.

Technical Skills

Security Tools

Burp Suite Metasploit Nmap SQLMap Nessus Wireshark OWASP ZAP Postman

Languages

Python Bash JavaScript SQL C

Platforms

Linux Docker Git Android

Practices

Threat Modeling VAPT Exploit Development SAST Secure SDLC

Experience

Cybersecurity Engineer @ Talrop Jan 2025 – Present

• Conducting VAPT on web apps, networks, and APIs — identifying critical vulnerabilities before attackers do.
• Collaborating directly with developers and DevOps to remediate findings against OWASP standards within sprint cycles.
• Performing endpoint hardening and simulating real-world attack scenarios to validate detection and response capabilities.
• Researching emerging threats and producing detailed security reports with severity ratings and remediation roadmaps.

Full-Stack Developer Intern @ Talrop May 2024 – Dec 2024

• Built and maintained web applications with a security-first development approach — giving me the developer context attackers exploit.
• Worked across backend APIs, database management, and CI/CD pipelines, understanding the full attack surface from the inside.
• Developed the attacker-developer perspective that now drives more accurate vulnerability discovery and remediation guidance.

CTF Platforms

TryHackMe

Hack The Box

Education

B.E. Computer Science & Engineering 2020 – 2024

• SCAD College of Engineering and Technology, Tirunelveli — CGPA: 7.8/10

Higher Secondary Certificate (HSC) – Maths Biology 2019 – 2020

• Amir Jamal Higher Secondary School, Tirunelveli

Resume

Full work history, certifications, and detailed project context.

↓  Download Resume PDF

Last updated: December 2025

Let's Connect

Open to security research collaborations, red team engagements, CTF partnerships, and AppSec conversations. If you're hiring a pentest engineer or want to swap vulnerability war stories — reach out.

✉ salmonkumar1337@gmail.com Email in linkedin.com/in/0xsalmon LinkedIn ⌥ github.com/0xSalm0n GitHub 𝕏 twitter.com/0xSalm0n X / Twitter

"There is no patch for human stupidity."

— Kevin Mitnick