Sparsh Gulati

• Conducted comprehensive security assessments across web, API, mobile,
network, cloud, and AI/LLM-based applications to identify and validate security
vulnerabilities.
• Performed security testing on client-facing AI bots and LLM-enabled
applications, assessing risks such as prompt injection, insecure input handling,
misuse scenarios, and application-layer weaknesses.
• Partnered with product and development teams throughout the SDLC to
implement security best practices and strengthen application security from
design through deployment.
• Developed controlled proof-of-concept malware and ransomware samples in
secure testing environments to demonstrate the impact of vulnerabilities such as
Remote Code Execution (RCE) and insecure file upload.
• Performed in-depth manual source code reviews to identify vulnerabilities and
improve application security posture.
• Prepared executive and technical reports aligned with OWASP, CVSS, and
organizational security standards.
• Strengthened IT security posture by performing Vulnerability Assessment and
Penetration Testing (VAPT) on critical infrastructure components, including
Active Directory, Domain Controllers, Layer 3 Switches, and Firewalls.
• Conducted security design reviews and threat modeling exercises to identify
architectural and implementation-level security risks.
• Developed automation scripts to streamline recurring security assessment and
operational tasks.

*Conducted comprehensive security assessments across web, API, mobile,
network, cloud, and AI/ LLM-based applications to identify and validate security
vulnerabilities.
• Performed security testing on client-facing AI bots and LLM-enabled
applications, assessing risks such as prompt injection, insecure input handling,
misuse scenarios, and application-layer weaknesses.
• Partnered with product and development teams throughout the SDLC to
implement security best practices and strengthen application security from
design through deployment.
• Developed controlled proof-of-concept malware and ransomware samples in
secure testing environments to demonstrate the impact of vulnerabilities such as
Remote Code Execution (RCE) and insecure file upload.
• Performed in-depth manual source code reviews to identify vulnerabilities and
improve application security posture.
• Prepared executive and technical reports aligned with OWASP, CVSS, and
organizational security standards.
• Strengthened IT security posture by performing Vulnerability Assessment and
Penetration Testing (VAPT) on critical infrastructure components, including
Active Directory, Domain Controllers, Layer 3 Switches, and Firewalls.
• Conducted security design reviews and threat modeling exercises to identify
architectural and implementation-level security risks.
• Developed automation scripts to streamline recurring security assessment and
operational tasks.

• Conducted end-to-end Vulnerability Assessment and Penetration Testing (VAPT)
on enterprise web applications to identify, validate, and mitigate security
vulnerabilities.
• Performed mobile application penetration testing across Android and iOS
platforms, identifying application-layer and client-side security weaknesses.
• Leveraged tools such as Coverity and Black Duck to automate code analysis and
improve security review coverage.
• Executed detailed manual source code reviews to uncover vulnerabilities and
strengthen secure coding practices.
• Implemented and validated SAST and DAST security gate checks within CI/CD
pipelines to reinforce DevSecOps and secure application delivery.

• Performed security assessments across web applications, APIs, mobile
applications, and network environments to identify and validate security
vulnerabilities.
• Executed manual source code reviews to uncover security flaws and support
secure coding improvements.
• Conducted security audits and vulnerability assessments to identify weaknesses
across applications and supporting systems.
• Identified common application security vulnerabilities aligned with OWASP Top
10, including XSS, CSRF, authentication weaknesses, and access control issues.
• Collaborated with product teams during closing discussions to communicate
findings, explain business impact, and recommend mitigation strategies.
• Prepared structured vulnerability reports including proof of concept, risk
impact, and remediation guidance.
• Developed automation scripts to reduce manual effort and improve efficiency in
recurring security assessment tasks.

- Executed comprehensive security assessments across web, API, mobile, and network environments.
- Facilitated closing meetings with product teams to review assessment findings and discuss mitigation strategies.
- Conducted meticulous manual source code reviews to identify and address potential vulnerabilities at the code level.
- Performed security audits to uncover vulnerabilities within systems.
- Developed a script to automate routine security tasks, enhancing efficiency.