Ammar Bin Vahab

Offensive security specialist with 5+ years across VAPT, red team operations, and security leadership. Built and scaled Wattlecorp's technical delivery department from the ground up — growing it into a 9-person team serving 700+ enterprise clients across 4,500+ assets. Combines deep hands-on technical ability with a track record in process architecture, pre-sales engineering, and team development.

Currently focused on AI-driven security tooling and autonomous penetration testing systems through HackChive, alongside active bug bounty research on HackerOne and Intigriti.

Independent Security Researcher & Tool Developer - Self / HackChive

(2026-03)

Pursuing OSCP certification while running an active bug bounty operation and building HackChive — a security tooling and research brand.

• Conducting full-scope bug bounty engagements on HackerOne and Intigriti with a significant findings pipeline in active triage
• Architecting and developing an autonomous penetration testing agent under the HackChive brand — an AI-driven system that handles reconnaissance, vulnerability identification, and attack chain synthesis with minimal human input
• Built PhantomBrowser Engine — a headless browser instrumentation layer designed for automated web attack surface mapping and interaction-based vulnerability discovery
• Developed Winxploit — a Windows local privilege escalation framework covering modern attack primitives including token manipulation, service misconfigurations, and Active Directory abuse paths
• Built W3bHound — a web attack graph tool that models application logic flows to surface chained vulnerability paths rather than isolated findings
• Engineered agentic automation workflows using Claude Code for rapid tooling iteration, recon pipeline orchestration, and vulnerability triage acceleration

Delivery Head & Technical Lead - Wattlecorp Cybersecurity Labs LLP

(2023-12 - 2026-02)

Led the full technical delivery operation — covering VAPT, red team engagements, R&D, compliance, and pre-sales — across a 9-person team serving enterprise clients globally.

• Owned end-to-end delivery accountability for 700+ client accounts and security assessments across 4,500+ digital assets — web, mobile, API, network, cloud, and wireless
• Drove a 40% improvement in project delivery efficiency through workflow restructuring, templated delivery SOPs, and systematic quality controls
• Built the technical pre-sales function from scratch — including RFP/RFQ review processes, effort estimation tooling, and scope documentation standards that aligned sales and engineering
• Designed and deployed an AI-powered effort estimation application to eliminate guesswork in project scoping — integrating asset complexity, attack surface type, and historical engagement data to generate accurate time and resource projections
• Expanded Wattlecorp's service lines into SOC, incident response, and digital forensics; identified and initiated vendor partnership discussions for MSSP capabilities
• Developed 3-year strategic roadmaps for department growth; collaborated with executive leadership on monthly planning cycles spanning sales, finance, and technical operations
• Mentored and developed junior analysts and mid-level specialists, building structured knowledge transfer into the team's operating rhythm

VAPT Team Lead - Wattlecorp Cybersecurity Labs LLP

(2022-12 - 2023-12)

Led the penetration testing team through a period of significant client growth, establishing methodological consistency and analyst capability across the board.

• Directed security assessments across 1,500+ digital assets maintaining methodology, quality, and client communication standards throughout
• Reduced vulnerability detection and remediation cycle time significantly through process improvements and tooling standardisation
• Managed full assessment lifecycles from scoping and threat modelling through exploitation, reporting, and remediation validation
• Served as technical escalation point for complex findings and client-facing risk discussions

Penetration Tester - Wattlecorp Cybersecurity Labs LLP

(2022-06 - 2022-12)

• Executed VAPT engagements across 150+ assets spanning web applications, mobile (iOS/Android), APIs, and network infrastructure
• Developed custom automation scripts to streamline testing workflows and expand coverage during time-boxed engagements
• Produced detailed technical reports with exploitability-ranked findings and clear remediation guidance for client engineering teams

L1 SOC Analyst — Breach Prevention & Threat Analysis - Ciber Digita Consultant LLP

(2021-09 - 2022-05)

• Monitored security events across client environments using SIEM platforms, performing threat hunting and malware analysis on identified indicators of compromise
• Conducted internal network penetration tests to surface exploitable vulnerabilities proactively
• Produced client security briefings and contributed to R&D initiatives aimed at improving detection fidelity

VAPT Intern - Wattlecorp Cybersecurity Labs LLP

(2020-11 - 2021-09)

• Assisted senior analysts in web and mobile application penetration testing, building foundational methodology and tooling knowledge under close mentorship

Bachelor of Commerce - Co-operation - University of Kerala (2015 - 2019)

Higher Secondary Education - Commerce - Kerala Govt. Educational Board (2013 - 2015)