APPLICATON SECURITY TESTER · SECURITY ENGINEER · PENTESTER

Bimal Kumar Sahoo

Executive Security Tester · MeitY, Govt of India
Web · API · Android · Bug Bounty Hunter

VAPT Engagements

Bug Findings

Certifications

Years Active

SCROLL TO EXPLORE

// THREAT MODEL · ACTIVE

OPERATOR: srb1mal

MODE: RED_TEAM

srb1mal@redteam:~

srb1mal@redteam ~% whoami --verbose

name: Bimal Kumar Sahoo alias: srb1mal

role: Executive Security Tester org: NeGD / MeitY, Govt of India

certs: eCPPT [178097776] · CNSP [8785864] · CAP [7166314]

srb1mal@redteam ~% cat mission.txt

"Securing Govt of India digital infrastructure. 40+ VAPT. Leave no trace."

srb1mal@redteam ~%

HACKER PROFILE

Penetration tester with 4+ years securing high-stakes digital infrastructure. Currently serving as Executive Security Tester at NeGD, safeguarding India's national digital ecosystem — DigiLocker, EPFO, POSHAN Tracker, and more.

Specialises in Web app security, REST/SOAP/GraphQL API exploitation, Android pentesting, and compliance auditing against ISO 27001 and Aadhaar AUA–KUA frameworks. Known for ruthless thoroughness and actionable reporting.

Active bug hunter on HackerOne (Amazon, Zomato). Level 4 on BugBountyHunter with 75+ confirmed findings.

📍

Location

Odisha, India

🔗

Handle

@srb1mal

🛡️

Focus

Web · API · Android · VAPT

🏆

Bug Bounty

Level 4 · 75+ findings

🎯

HTB

#1057390 · Somtheh4cker

⚙️

Status

● ACTIVELY HACKING

ENGAGEMENT HISTORY

Executive Security Tester● CURRENT

National e-Governance Division · MeitY, Govt of India

JAN 2024 – PRESENT · REMOTE

Led VAPT across 40+ critical Govt of India assets — DigiLocker, EPFO, ABC/NAD, Poshan Tracker, API Setu, Entity Locker, Meri Pehchaan.
Identified high-risk vulnerabilities using Burp Suite, MobSF, Frida, Postman, OWASP ZAP, Nmap, and SQLMap.
Supported ISO/IEC 27001 & Aadhaar AUA–KUA external audits — evidence collection, control validation, compliance gap analysis.
Authored comprehensive security assessment & audit reports for internal stakeholders and external auditors.

Penetration Tester L1

Qualysec Technologies Pvt. Ltd.

OCT 2022 – SEPT 2023 · BHUBANESWAR, INDIA

Completed 30+ pen-test projects on Web, API & Mobile apps for SaaS, FinTech, Healthcare, and E-Commerce clients.
Used Burp Suite, Metasploit, Nmap, and Nuclei to uncover vulnerabilities, open ports, and exploitable misconfigurations.
Delivered actionable pen-test reports with PoC exploits and remediation guidance.

Bug Bounty Hunter

HackerOne & BugBountyHunter · Independent

MAY 2022 – PRESENT · REMOTE

Valid vulnerabilities reported on HackerOne to Amazon, Zomato, and other programmes.
Level 4 on BugBountyHunter with 75+ findings; participated in annual Live Hacking Events.
Active on HackTheBox (#1057390) and TryHackMe (Somtheh4cker).

Penetration Testing Intern

Virtually Testing Foundation

OCT 2021 – DEC 2021

Trained in OWASP Top 10, professional report writing, Burp Suite operations, and vulnerability exploitation fundamentals.

CREDENTIALS & CLEARANCES

FLAGSHIP · 2026

⚔️

eCPPT

Certified Professional
Penetration Tester

Advanced hands-on certification — networks, web apps, active directory

INE SECURITY / eLEARNSECURITY

📅 March 26, 2026

hover to verify ↻

// CREDENTIAL RECORD

Professional-grade certification by INE Security validating expert-level offensive security skills across network pentesting, web exploitation, post-exploitation, and pivoting.

Certificate ID

178097776

Issuing Authority

INE Security / eLearnSecurity

Signed By

Tracy Wallace · Lindsey Rinehart

Date Awarded

March 26, 2026

VERIFIED · ine.com/certificate

🛡️

CNSP

Certified Network Security
Practitioner

Network security fundamentals & vulnerability assessment

THE SECOPS GROUP

📅 May 31, 2024

hover to verify ↻

// CREDENTIAL RECORD

Validates expertise in network security, reconnaissance, vulnerability scanning, and secure architecture assessment methodologies.

Certificate ID

8785864

Issuing Authority

The SecOps Group

Exam Version

1.01

Date Awarded

31 May 2024

VERIFIED · pentestingexams.com

🔐

CAP

Certified AppSec
Practitioner

Application security testing & OWASP methodologies

THE SECOPS GROUP

📅 March 5, 2023

hover to verify ↻

// CREDENTIAL RECORD

Certifies proficiency in web application security, OWASP Top 10, secure code review, and manual vulnerability identification techniques.

Certificate ID

7166314

Issuing Authority

The SecOps Group

Exam Version

1.01

Date Awarded

05 March 2023

VERIFIED · pentestingexams.com

SKILLS & ARSENAL

// Core Capabilities

Web Penetration Testing95%

API Security (REST / SOAP / GraphQL)90%

Android App Pentesting82%

Network Recon & OSINT80%

Security Report Writing95%

ISO 27001 / Audit Support78%

// Toolbelt

Burp SuiteOWASP ZAPMobSFPostman FridaDrozerObjectionAPKToolJADX-GUI NmapSQLMapNucleiFFUFNikto MetasploitJWT ToolKiterunnerNetSparkerWappalyzerLSposed

EDUCATION

BTech in Computer Science Engineering

Synergy Institute of Engineering & Technology

📅 CURRENTLY PURSUING · ODISHA, INDIA

Diploma in Computer Science Engineering

Baji Rout Institute of Engineering & Technology

📅 DEC 2020 – AUG 2023 · DHENKANAL, ODISHA

PROJECTS

FEATURED

🔍

ResumeLens

AI-powered resume analyser that parses uploaded CVs and scores them against job descriptions — highlights skill gaps, keyword mismatches, and ATS optimisation opportunities in real time.

HTMLCSSJavaScriptAI / NLPATS Analysis

MORE PROJECTS INCOMING

Currently under development. Check back soon or follow @srb1mal for updates.