Dhanvinesh K | Application Security Engineer

I'm Dhanvinesh K Application Security Engineer

AppSec Engineer at Snapdeal. I secure web, API, Android, and cloud systems — focusing on business-logic flaws, authorization issues, and real-world abuse paths that automated tools miss.

● Security Engineer @ Snapdeal

Web & API Security

Android Security

Cloud Security

Experience & Education

APR 2026 — PRESENT

Security Engineer I

Current

Snapdeal

Application security engineering at one of India's leading e-commerce platforms. Securing web, API, and mobile surfaces across the product stack.

AppSec API Security E-commerce

FEB 2024 — MAR 2026

Security Analyst II · Progressed from Intern

2 yrs

MobiKwik

Led application & API security testing across 50+ services, identifying 30+ high-impact business logic, authorization, and fintech-specific flaws including privilege escalation. Performed secure code reviews on 800+ changes and developed custom test cases beyond OWASP Top 10. Assessed 300+ servers using Nessus/Qualys; contributed to cloud security testing and Golden AMI hardening. Built automation to detect exposed dashboards and actuator endpoints. Enhanced Cloudflare WAF posture via ASN filtering and rule tuning. Led bug bounty triage (200+ reports) and handled 6,000+ threat intel alerts.

Fintech AppSec Secure Code Review Cloudflare WAF Nessus / Qualys Bug Bounty Triage Threat Intel AWS / GCP

2020 — 2024

B.Tech — Computer Science & Engineering

First Class with Distinction

Amrita Vishwa Vidyapeetham · Cybersecurity Specialization

Specialized in cybersecurity alongside core CS fundamentals. Published two research papers on CTF methodology and cloud/edge computing security. Active CTF competitor throughout, winning national and international competitions.

Cybersecurity Specialization Research Papers CTF Competitions

Core Expertise

Application Security

Web & API Pentesting95%

Business Logic & AuthZ Flaws90%

Android Application Security80%

Secure Code Review88%

Cloud & Infrastructure

AWS / GCP78%

Server Hardening & Golden AMI80%

Docker / Kubernetes70%

Cloudflare WAF / Akamai82%

Tools & Automation

Python / Bash Automation92%

Burp Suite / Frida90%

Nessus / Qualys / Fortify82%

SAST / DAST / CI-CD Security78%

Security Certifications

Certified Ethical Hacker (CEH v12)

Verified

EC-Council

Cert ID CEH-XXXX-XXXX

Verify on EC-Council →

Certified in Cybersecurity (CC)

Verified

(ISC)²

Candidate ID ISC2-XXXXXX

Verify on (ISC)² →

eJPT v2 — Junior Penetration Tester

Verified

INE Security

Certificate ID INE-eJPT-XXXX

Verify on INE →

INE Certified Cloud Associate

Verified

INE Security

Focus Cloud Security

Verify on INE →

Cybersecurity 101 (SEC1)

Verified

TryHackMe

Platform Rank Top 1% · 0xD LEGEND

View on TryHackMe →

Projects

🔬

GrimTunnel

Fully automated VPN-based invisible proxy to intercept mobile app traffic, bypassing traditional proxy restrictions. Integrates OpenVPN, iptables, and Burp Suite for full traffic capture across iOS and Android apps.

OpenVPNiptablesBurp SuiteAndroidiOS

🏰

Cyber Maze Arena

Security learning platform simulating real-world exploitation paths with guided remediation. Covers Web Exploitation, Cryptography, Reverse Engineering, OSINT, and Steganography — from novice to advanced.

Web ExploitationCryptoRev EngOSINT

⚡

Automated Exploiter

Python3 + Metasploit-powered framework to automate vulnerability scanning and exploitation across Linux/Windows environments. Streamlines PoC development for penetration testing engagements.

Python3MetasploitLinuxWindows

██████╗ ███████╗ ██████╗ ██████╗ ███████╗ ██████╗ ██╔════╝ ██╔════╝ ██╔═══██╗██╔════╝ ██╔════╝ ██╔═══██╗ █████╗ █████╗ ██████╔╝███████╗█████╗ ██████╔╝ ██╔══╝ ██╔══╝ ██╔══██╗╚════██║██╔══╝ ██╔══██╗ ███████╗███████╗██║ ██║██████╔╝███████╗██║ ██║ ╚══════╝╚══════╝╚═╝ ╚═╝╚═════╝ ╚══════╝╚═╝ ╚═╝

Recent Activity

Experience & Education

Core Expertise

Application Security

Cloud & Infrastructure

Tools & Automation

Security Certifications

Projects