About

About

Introduction

Myself Neh Patel, an Application Security Engineer with strong expertise in Application Security (Offensive), Product Security, Penetration Testing, Vulnerability Assessment, Source Code Review, SAST, and DAST.

Actively working at Bureau Veritas Cybersecurity (formerly Security Innovation) as an Application Security Engineer and a member of the Synack Red Team (SRT), my responsibilities include Web, API, Mobile, and Network Penetration Testing, Red Teaming, Attack Surface Management, and Security Automation.

I possess deep knowledge of Application Security processes, Secure SDLC, Secure Coding Principles, Cloud Security (AWS, Azure, GCP), and Security Best Practices. My work also extends to Security Architecture, Professional Penetration Testing Reporting, and responsible disclosure of vulnerabilities.

Skills

  • Vulnerability Assessment and Penetration Testing (VAPT)
  • Web Application/Mobile Penetration Testing
  • Red Teaming
  • API Penetration Testing
  • Docker
  • Network Penetration Testing and Security
  • Frameworks: MITRE, NESSUS, Metasploit
  • Operating System: Linux, OSI, TCP IP

Professional Experience

  • Bureau Veritas Cybersecurity (formerly Security Innovation)
    • Currently working in the Application Security team, performing penetration testing of web applications, mobile apps, networks and APIs.
    • Conducting manual vulnerability assessments aligned with OWASP, MASVS, and NIST standards.
    • Collaborating with development and DevOps teams to remediate findings and support secure SDLC practices.
    • Preparing detailed technical reports and helping stakeholders understand security risks and mitigation strategies.
  • Deloitte (Attack Surface Management and VAPT Engineer - Intern)
    • Gained practical experience in vulnerability assessment and penetration testing across large-scale enterprise environments.
    • Contributed to attack surface discovery, threat analysis, and documentation of findings as part of the offensive security team.
    • Strengthened technical and communication skills through regular collaboration with senior security engineers.
  • Securr Tech (Internal Audit/Vulnerability Manager & Automation Engineer)
    • Managed internal security audits, identified system vulnerabilities, and tracked remediation progress across multiple projects.
    • Led automation efforts to streamline vulnerability management and reporting processes.

Achievements

  1. Recognized in the leaderboard of Microsoft’s Most Valuable Security Researcher of the Year.
  2. Ranked 22 globally in Microsoft’s Top Security Researcher leaderboard for the third quarter.
  3. Hall of Fame in Google, Apple, and Microsoft for reporting quality bugs.
  4. Top 30 Bug Hunters on the Bugbounter platform.
  5. Acknowledged by Lenovo Security Team.
  6. Champion with the highest points at the Null Ahmedabad Penetration Testing/Bug Bounty competition.

Professional Certificates

  • eJPTv2 - eLearnSecurity Junior Penetration Tester (February 2024)
  • ICCA - INE Certified Cloud Associate (February 2024) - Specialized in Cloud Security and Vulnerabilities for AWS, Azure, and GCP.
  • IBM Cybersecurity Analyst Professional Certificate (September 2022) - Equivalent to CEH and eJPT, covering Network Security, Database Vulnerabilities, Cyber Threat Intelligence, Penetration Testing, Incident Response, and Forensics.

Open Source Contributions

SCRIPTKIDDI3

Introducing SCRIPTKIDDI3, a powerful recon and initial vulnerability detection tool crafted specifically for Bug Bounty Hunters. This tool, built using a variety of open-source technologies and a shell script, empowers users to swiftly execute scans on target domains and identify potential vulnerabilities.

Key Features:

  • Reconnaissance: Gathers crucial information like subdomains and running services using nuclei.
  • Vulnerability Scanning: Utilizes collected data to scan for known vulnerabilities and potential attack vectors, highlighting high-risk issues.
  • Misconfiguration Detection: Identifies misconfigurations and insecure default settings using nuclei templates, ensuring proper system configurations.

Why SCRIPTKIDDI3:

  • Efficiency: Conduct thorough and efficient recon and vulnerability assessments.
  • User-Friendly: Streamlined processes for quick and effective scans.

Let’s Find Bugs with SCRIPTKIDDI3!

Explore SCRIPTKIDDI3 on GitHub.