DEVANSH
BORDIA

Security Engineer | Vulnerability Researcher

Security Engineer with 4+ years of professional experience spanning penetration testing, vulnerability research, and developer security enablement. Hands-on expertise across web applications, mobile (Android/iOS), cloud infrastructure, and API security.

Recognized as Bugcrowd MVP Q2 2020 with 4 published CVEs and 1000+ vulnerabilities discovered across 300+ assessments. Partners with engineering teams to integrate security into SDLC through threat modeling, secure code review, and security tooling implementation.

Author of AWS Security Series with 1M+ impressions on Twitter. Published articles for Detectify, ProjectDiscovery, Trickest, WPSec, and Spearbit.

Devansh Bordia

About Me

Hey World, I am Devansh Bordia, a Security Engineer with a passion for finding and fixing security vulnerabilities.

With over 4 years of professional experience, I specialize in penetration testing, vulnerability research, and helping development teams build secure software. I've conducted 300+ security assessments across web applications, mobile platforms, cloud infrastructure, and DevSecOps pipelines.

My work has resulted in discovering 1000+ vulnerabilities including critical issues like Full Account Takeovers, SSRF, Privilege Escalation, and SQL Injection across numerous enterprise applications. I've been recognized with 4 published CVEs and was awarded Bugcrowd MVP Q2 2020.

I'm passionate about developer security enablement, working closely with engineering teams to integrate security into the SDLC through threat modeling, secure code reviews, and implementing security tooling. I also create educational content, having authored the AWS Security Series that reached 1M+ impressions on Twitter.

Download Resume

Quick Facts

Experience
4+ Years
Assessments
100+
Vulnerabilities
1000+
CVEs Published
4
Hall of Fames
30+

Technical Skills

Application Security

Web, Mobile (Android/iOS), API, and Thick Client Penetration Testing. Threat Modeling and Secure Code Review following OWASP ASVS standards.

Cloud & Infrastructure

AWS Penetration Testing & Configuration Review, Terraform, CloudFormation, Docker/Kubernetes Security, and container assessments.

DevSecOps

SAST (Semgrep, SonarQube), DAST (OWASP ZAP, Burp Enterprise), SCA (Snyk, Dependency-Check), Secret Scanning (Trufflehog, GitLeaks), CI/CD Security.

Container & K8s Security

Container security assessments, Kubernetes penetration testing, RBAC configurations, network policies, and security hardening.

Infrastructure as Code

Security review of Terraform and CloudFormation templates. IaC scanning with Checkov and tfsec for misconfigurations.

Programming

Python and Bash scripting for security automation, tool development, and exploit creation.

Certifications

eCPPTv2

Certified Professional Penetration Tester

eWPTXv2

Web Application Penetration Tester eXtreme

AWS SAA

Solution Architect Associate

Achievements & Recognition

Bugcrowd MVP Q2 2020

Top Security Researcher Recognition

Strike Top Hackers

Quarterly Recognition (2x)

AWS Security Series

1M+ Impressions on Twitter

CVE-2022-24789

Published Vulnerability

CVE-2022-26589

Published Vulnerability

CVE-2022-26588

Published Vulnerability

CVE-2021-44321

Published Vulnerability

Infosec Writeups

Multiple Newsletter Features

Hall of Fame

MasterCard

Gusto

Bitdefender

HealthifyMe

SAP Concur

Hiver

Xfinity

Sophos

Testimonials

Devansh is one of the rare security engineers that I've worked with Deep technical knowledge, real world offensive experience, and someone who takes the work seriously. Would vouch for him without hesitation.

Luke Stephens (hakluke)
Founder, Haksec.io & HackerContent.com

I’ve had the opportunity to collaborate with Devansh on multiple pentesting projects for clients worldwide, and he consistently demonstrates strong commitment to his work. He actively challenges himself and focuses on continuous learning and improvement.One of our most successful engagements together resulted in identifying numerous high-impact vulnerabilities for the client. Devansh is not only an outstanding professional but also an exceptional collaborator who elevates the entire team. from him and ensures the successful delivery of every project he undertakes.

Yesenia Trejo
Lead Security Engineer, Strike

Professional Experience

Bugcrowd

Application Security Engineer (Triage)
October 2024 - January 2025
  • Carefully assessed incoming bug reports to verify accuracy, reproducibility, and alignment with program scope
  • Classified reported vulnerabilities by type (XSS, SQL injection, etc.) and determined priority based on severity, impact, and exploitability
  • Compiled validated vulnerabilities into comprehensive reports with technical analysis and remediation recommendations

HackerOne

Product Security Analyst → Pod Lead (Triage)
October 2022 - July 2024
  • Promoted to Pod Lead, managing team of 5 analysts and overseeing 200+ bug bounty programs including Reddit, eBay, Sony, and Bumble
  • Served as technical escalation point for complex vulnerabilities, providing final assessment on severity disputes and edge cases
  • Triaged vulnerability reports across web, mobile, cloud, and smart contract assets, assessing severity within each organization's threat model
  • Coordinated with Customer Success teams and clients as technical SPOC, ensuring smooth triage workflows and timely resolution

Strike

Security Consultant (Part-Time)
February 2022 - Present
  • Conducted 100+ security assessments across web, mobile (Android/iOS), cloud infrastructure, and DevSecOps pipeline reviews for enterprise clients
  • Discovered 1000+ vulnerabilities including Full Account Takeovers, IDOR, SSRF, Privilege Escalation, SQL Injection, XSS, and Information Disclosures
  • Performed comprehensive CI/CD pipeline security assessments reviewing GitHub Actions and GitLab CI workflows for secrets exposure, access control issues, and missing security gates
  • Assessed client SAST, DAST, and SCA implementations for coverage gaps, misconfigurations, and bypass opportunities
  • Reviewed Infrastructure as Code (Terraform, CloudFormation) for security misconfigurations including overly permissive IAM policies and public exposure risks
  • Conducted container security assessments and Kubernetes penetration testing identifying privileged containers, RBAC misconfigurations, and missing network policies

Payatu Security Consulting

Co-Lead Security Consultant (AppSec & Cloud)
June 2021 - September 2022
  • Led 100+ application security engagements across web, mobile (Android/iOS), API, and cloud infrastructure for enterprise clients
  • Performed security assessments for fintech clients focusing on payment flows, transaction security, and banking API authentication mechanisms
  • Provided recommendations on integrating security tooling (Semgrep, OWASP ZAP, Snyk, Trufflehog) into CI/CD workflows to shift security left
  • Collaborated with development teams post-assessment to provide remediation guidance, conduct code-level walkthroughs, and verify fixes
  • Conducted secure code review sessions against OWASP ASVS and performed threat modeling workshops with product and engineering teams
  • Established security champion relationships within client engineering teams, enabling earlier vulnerability identification in development cycle

Bugcrowd

Bug Hunter
February 2020 - Present
  • Acknowledged by 30+ companies including MasterCard, Hiver, Xfinity, SAP Concur, Bitdefender, HealthifyMe, and Gusto for reporting critical security issues
  • Awarded Bugcrowd MVP Q2 2020 for outstanding contributions to bug bounty programs

Publications & Content

AWS Security Series

Comprehensive Twitter thread series on AWS security vulnerabilities and best practices. Achieved 1M+ impressions and multiple features in Infosec Writeups newsletter.

Detectify Blog

Published technical articles on AWS security vulnerabilities and cloud security research.

ProjectDiscovery

Contributed content on Subfinder and security reconnaissance techniques.

Trickest

Technical write-ups on security automation and workflow optimization.

WPSec

Articles focused on WordPress security vulnerabilities and hardening techniques.

Spearbit

Advanced security research and smart contract security topics.

Education

B.Tech Computer Science

Amity University

2017 - 2021

CGPA: 7.22

Get in Touch

I'm always open to discussing security research, collaboration opportunities, consulting work, or just chatting about cybersecurity. Feel free to reach out!

devansh3008@gmail.com

+91 805 859 1718