Kondreddy Sivakumar

Application Security Engineer with 3+ years of experience in VAPT, web, and API security testing. Proven ability to identify critical vulnerabilities, improve detection coverage, and deliver actionable remediation strategies to enhance application security.

Application Security Engineer at FLYROTECH TECHNOLOGIES (2022-12 – Present)

Conducted end-to-end Vulnerability Assessment and Penetration Testing (VAPT) on web and mobile applications, identifying critical vulnerabilities and implementing security improvements.

• Conducted end-to-end VAPT on 10+ web and mobile applications, identifying 25+ vulnerabilities including critical and high-severity issues, significantly strengthening application security posture
• Identified and exploited OWASP Top 10 vulnerabilities (XSS, SQL Injection, CSRF, IDOR, SSRF), enabling remediation of high-risk attack vectors before production release
• Performed DAST using Burp Suite, OWASP ZAP, and Nessus, reducing false positives by ~30% through manual validation, improving accuracy of security findings
• Executed manual and automated security testing, improving vulnerability detection coverage by ~40% and ensuring comprehensive assessment of application attack surface
• Conducted REST API security testing, identifying 10+ API-specific vulnerabilities including authentication bypass and improper authorization, enhancing API security controls
• Identified and mitigated cloud misconfigurations across AWS, Azure, and Docker environments, reducing potential attack surface and improving overall cloud security posture
• Delivered detailed vulnerability reports with remediation guidance, helping development teams reduce average remediation time by ~25%
• Collaborated with cross-functional teams to integrate secure SDLC practices, improving early-stage vulnerability detection and reducing security issues in later stages
• Leveraged CVE analysis and CVSS scoring to assess vulnerability severity and business impact, producing structured reports that improved risk prioritization and accelerated remediation efforts

B.Tech in Electronics and Communication Engineering – Lovely Professional University (2022-06)

Diploma in Electronics and Communication Engineering – Rise Polytechnic college (2019-05)