Surya Lakshmanan L

Junior Security Engineer @ Brisk Infosec | Application Security | VAPT · API · Cloud · DevSecOps | Bug Bounty | AI Security Tools Builder

Greater Chennai Area

About

Security Engineer with a builder's mindset. I work at the intersection of application security, offensive testing, and intelligent tooling — finding vulnerabilities across the full application stack and building systems to fight them. Currently a Junior Security Engineer at Brisk Infosec, I bring 1.5+ years of hands-on experience in: Application Security — Web, API, and cloud-layer security assessments VAPT — 20+ documented vulnerabilities with CVSS v3.1 scoring across real client environments Cloud & DevSecOps — CI/CD pipeline security monitoring on GCP and GitHub Actions AI-Powered Security Tools — Built H-CARF (AI recon framework) and NeuroShield (pipeline threat monitor) using Python and reinforcement learning Bug Bounty — Active hunter on HackerOne and Bugcrowd I don't just test applications — I understand how they're built, where they break, and how to fix them at the root. 📌 Role: Junior Security Engineer @ Brisk Infosec Domains: AppSec | VAPT | API Security | Cloud Security | DevSecOps Certification: CompTIA Security+ (Target: Q3 2026) GitHub: github.com/suryalakshmanan1 [email protected]

Experience

  • Junior Security Engineer at Briskinfosec
    Apr 2026 - Present · 4 mos

    Working as a Junior Security Engineer handling application-level security assessments across web, API, and cloud environments. - Conducting VAPT engagements across web and API layers aligned with OWASP Top 10 and ASVS standards - Performing threat modeling, security code reviews, and risk assessments for client applications - Producing CVSS-scored vulnerability reports with proof-of-concept and remediation guidance - Supporting secure SDLC practices and post-assessment developer consultation - Gaining hands-on exposure to cloud security and DevSecOps security controls

  • Security Researcher at HackerOne / Bugcrowd
    2026 - Present · 7 mos

    Actively identifying and reporting vulnerabilities in public bug bounty programs, applying OWASP Top 10 methodology to real-world production targets including IDOR, XSS, broken authentication, and business logic flaws. Reporting findings following responsible disclosure practices and industry-standard formats, including severity classification, reproduction steps, and impact assessment. Building hands-on experience in live production environments to complement internship and academic background.

  • Auriseg (1 yr 11 mos)
    • Cyber security intern
      Oct 2024 - Present · 1 yr 10 mos

      Completed a full internship cycle in web application penetration testing across real client environments, culminating in a final capstone assessment. - Identified and documented 20+ vulnerabilities across client web applications with CVSS v3.1 scoring - Performed manual and automated testing across OWASP Top 10 vulnerability classes — XSS, IDOR, SQLi, broken authentication, and security misconfigurations - Delivered structured pentest reports with proof-of-concept demonstrations and actionable remediation steps - Completed a final end-to-end web application VAPT assessment as a capstone project

    • Cyber Security Engineer
      Feb 2025 - May 2026 · 1 yr 4 mos

    • Cyber Security Specialist
      Sep 2024 - Mar 2026 · 1 yr 7 mos

      Demonstrated ability to identify, exploit, and validate vulnerabilities in real-world client environments following industry-standard penetration testing methodologies. Executed Web Application Penetration Testing (WAPT) on 5+ client applications following OWASP Top 10 methodology, identifying SQL Injection, XSS, IDOR, and security misconfiguration vulnerabilities. Identified and reported 20+ High and Medium severity vulnerabilities across client applications, each documented with CVSS scores, proof-of-concept reproduction steps, and prioritised remediation guidance. Conducted network reconnaissance across 10+ hosts and applications using Nmap and Nessus, mapping exposed services, open ports, and attack surface to inform risk prioritisation. Produced structured vulnerability assessment reports with risk-ranked findings; validated remediations through re-testing in Kali Linux to confirm fix closure and reduce false positives.