Hi, I'm Rounak and I'm a Penetration Tester

Download résumé Quick view résumé Start a conversation

01 / About

A bit about me.

I'm a penetration tester based in Mumbai. For the last couple of years, at PwC and now KPMG, I've spent my days breaking into web apps, APIs, mobile apps and Active Directory, then explaining plainly how I got in and how to shut it down.

I hold OSCP+, OSCP, OSWP, CPENT and CEH. What I enjoy most is the hunt: chaining a few small mistakes into a real compromise, and writing the kind of report a team actually wants to act on, not one that gathers dust.

Quick view résumé Download PDF

02 / Credentials

Certifications & awards.

Click any badge to open the full certificate.

OSCP+ badge OSCP+ OffSec Certified Professional Plus OS ID: 167705778 OSCP badge OSCP OffSec Certified Professional ID: 57174075 OSWP badge OSWP OffSec Wireless Professional KLCP badge KLCP Kali Linux Certified Professional CPENT badge CPENT Certified Penetration Testing Professional ID: ECC2710645893 CEH v12 badge CEH v12 Certified Ethical Hacker ID: ECC9714386025 CAP badge CAP Certified AppSec Practitioner (Merit) ID: 9340974

Recognition

Above & Beyond Award
Above & Beyond Award Outstanding NAC bypass & security testing · PwC India
Client Appreciation Award
Client Appreciation Award Exceptional client performance & dedication · PwC India
Earlier certificates & participation
30 Days of Google Cloud 30 Days of Google Cloud Fundamentals of Digital Marketing · Google Fundamentals of Digital Marketing · Google Responsive Web Design · freeCodeCamp Responsive Web Design · freeCodeCamp Complete Ethical Hacking Course Complete Ethical Hacking Course Complete JavaScript Course Complete JavaScript Course Complete C Programming Tutorial Complete C Programming Tutorial Smart India Hackathon (Internal) · Won Smart India Hackathon (Internal) · Won Multi-tech Hackathon 2020 Multi-tech Hackathon 2020 VYRO 2019 Bug-Debug VYRO 2019 Bug-Debug

03 / Experience

Where I've operated.

  1. Associate Consultant

    KPMG India

    Apr 2026 - Present
    • Web · API · Mobile · Infra VAPT
    • Active Directory
    • Red Team
    • AI Tooling
    • Performed Active Directory configuration reviews (PingCastle, Purple Knight) and supported authenticated AD penetration testing (BloodHound, Impacket, NetExec), identifying misconfigurations, stale accounts, excessive delegation, weak Kerberos encryption and Kerberoastable service accounts.
    • Supported a Red Team engagement, performing external reconnaissance through OSINT, subdomain enumeration and attack-surface mapping.
    • Performed black-box security testing on Android and iOS applications per OWASP MASVS and NPCI guidelines, covering certificate pinning, insecure data storage, traffic interception and IPC exposure.
    • Contributed to an internal AI-powered penetration testing tool, reviewing model-generated findings and flagging false positives and negatives to improve accuracy.

  2. Associate

    PwC India

    Sep 2023 - Jul 2025
    • Web · API · Mobile · Infra VAPT
    • Red Team
    • CERT-IN
    • Secure Code Review
    • Conducted VAPT for 100+ applications (Web, API, Mobile) and 5000+ IPs; triaged and reported 400+ high/critical findings and delivered prioritized remediation guidance.
    • Key contributor to CERT-IN Empanelment VAPT, achieving 90%+ vulnerability coverage across enterprise infrastructure.
    • Executed full-scale Red Team operations, improving client detection/response by 20-30%.
    • Conducted assessments of SaaS / cloud integrations (SOC2 readiness, IAM validation, config auditing).
    • Authored 100+ detailed security reports including PoCs, exploit chains, lateral movement paths and prioritized remediation.
    • Performed secure code review for 200k+ LOC using Fortify / SonarQube, identifying logic flaws.
    • Automated enumeration and reporting processes, reducing manual testing effort by 25%.
    • Received 2 “Above and Beyond” Awards for exceptional NAC Bypass and Red Teaming contributions.

  1. Cybersecurity Consultant Intern

    Vaisansar Technologies Pvt. Ltd

    Internship
    • Malware Defence
    • Web Security
    • Monitored malware-detection projects, reducing attacks on CDNs and SSL cross-site scripting by 15%.
    • Ran security inspections for a 1,500+ user site and scanned regularly for malware, protecting 5,000+ machines.
    • Discovered 3+ web-server vulnerabilities and recommended upgrades.

  2. Web Development Intern

    Nibodh Educare Pvt. Ltd

    Internship
    • Web Dev
    • UI/UX
    • Designed UI/UX and built responsive interfaces for web-based systems.
    • Delivered hands-on Adobe-software training to the technical team.
    • Assisted with website maintenance and troubleshooting.
    View certificate

  3. Summer Intern

    Nibodh Educare Pvt. Ltd

    Internship
    • Web Security
    • Mentoring
    • Resolved issues from testing and customer feedback while mentoring a team of 4 developers, improving performance by 35%.
    • Designed and implemented website security measures such as firewalls and login encryption.
    View certificate

04 / Capabilities

Core competencies.

Web Application VAPT Expert
API Security Testing Expert
Network / Infrastructure VAPT Advanced
Mobile Application Pentesting Advanced
Red Team Operations Advanced
Secure Code Review Advanced

Arsenal

Tools & stack.

Tools

  • Nmap
  • Burp Suite
  • Nessus
  • Metasploit
  • Cobalt Strike
  • BloodHound
  • Impacket
  • NetExec
  • PingCastle
  • Purple Knight
  • Wireshark
  • OWASP ZAP
  • Frida
  • SQLmap
  • Postman
  • Fortify
  • SonarQube

Programming

  • Python
  • Java
  • SQL
  • Bash
  • PowerShell

Standards

  • OWASP Top 10
  • OWASP MASVS
  • NPCI Security Guidelines
  • NIST

Operating Systems

  • Windows
  • Linux (Kali, Ubuntu, CentOS)
  • macOS

Web Development

  • HTML
  • CSS
  • JavaScript
  • PHP

Databases

  • MySQL
  • MongoDB

05 / Projects

Selected work.

Estate Digitization using Blockchain

Estate Digitization using Blockchain

  • Ethereum
  • Solidity
  • React.js
  • IJRAR Published

A consensus-based land registry on Ethereum that makes records immutable via smart contracts while keeping transfers transparent and real-time. Published in IJRAR (Apr 2023).

Object Recognition for the Visually Impaired

Object Recognition for the Visually Impaired

  • Google Cloud Vision
  • Raspberry Pi
  • gTTS
  • IJSRD Published

An assistive object-detection system using Google Cloud Vision API on Raspberry Pi that returns audio output, helping visually impaired users identify surroundings and navigate.

06 / Contact

Let's talk security.

Open to offensive-security consulting, Red Team engagements and VAPT collaborations.