Available for security roles

HarikrishnanVJ

Penetration TesterPurple Team OperatorDigital Forensics AnalystVulnerability Researcher

I break systems to prove how they hold — mapping attack surface, validating exploitability, and engineering the defenses that close the gap.

Top 0%
Global rank · TryHackMe
0
Industry certifications
0
CTF podium finishes
0+
Security domains
01The Operator

An adversary's instinct. A defender's discipline.

Harikrishnan VJ
Subject Identified
// OPERATOR_PROFILE
Harikrishnan VJ
CLEARANCE · PURPLE● ACTIVE
operator@phantom — ~/aboutlive

Adversarial Mindset

Every system is a hypothesis waiting to be tested. I assume breach and work backward to the weakest link.

Evidence Over Assumption

Findings are proven with reproducible exploitation, captured artifacts, and verifiable impact — never speculation.

Defense by Design

Offense without remediation is just noise. Each finding ships with a concrete, prioritized path to resolution.

Nmap//Metasploit//Wireshark//Autopsy//FTK Imager//Burp Suite//MITRE ATT&CK//OWASP Top 10//Python//Bash//Linux//SearchSploit//OSINT//Cryptography//Threat Modeling//Docker//Nmap//Metasploit//Wireshark//Autopsy//FTK Imager//Burp Suite//MITRE ATT&CK//OWASP Top 10//Python//Bash//Linux//SearchSploit//OSINT//Cryptography//Threat Modeling//Docker//
02Experience

In the field, right now.

Where the methodology meets a live environment — applying offensive testing against real production infrastructure.

VAPT Intern

Current

Bima Sugam India Federation

Internship

PERIODApr 2026 — Present · 3 mos
MODEOn-site
LOCATIONMumbai, Maharashtra, India

Hands-on vulnerability assessment and penetration testing across the digital insurance infrastructure of India's national insurance-platform federation.

  • Run end-to-end VAPT engagements against web applications and network services, mapping attack surface and validating real exploitability.
  • Test against the OWASP Top 10 and document findings with reproducible proof-of-concept and risk-rated severity.
  • Translate findings into clear, prioritized remediation guidance for engineering teams — closing the loop from offense to defense.
VAPTWeb App SecurityNetwork SecurityOWASPReporting
03Capabilities

Full-spectrum security expertise

Six core domains spanning offense, defense, and the infrastructure in between — each backed by hands-on practice and industry certification.

01

Vulnerability Assessment & Penetration Testing

End-to-end VAPT — from automated discovery to manual exploitation and risk-rated reporting.

Recon & EnumerationExploitationRisk RatingRemediation
02

Network Security

Mapping topology, hunting exposed services, and validating segmentation under real attack conditions.

NmapTraffic AnalysisService HardeningSegmentation
03

Digital Forensics

Disk, memory, and network forensics with rigorous evidence preservation and chain of custody.

AutopsyFTK ImagerArtifact AnalysisMemory Forensics
04

Threat Detection & Modeling

Purple-team detection engineering mapped to MITRE ATT&CK, closing the loop between attack and alert.

MITRE ATT&CKDetection Eng.Threat ModelingRisk Management
05

Application & Web Security

OWASP-driven testing of web surfaces — source review, injection, and logic-flaw hunting.

OWASP Top 10Source ReviewInjectionLogic Flaws
06

Systems & Infrastructure

Linux administration and automation that bakes security into the operational baseline.

Linux (RHCSA)AutomationHardeningBash / Python
Surface Sweep

continuous attack-surface monitoring

Assessment Pipeline
live
01reconenumerating attack surface
02scanfingerprinting exposed services
03vulncorrelating CVE intelligence
04exploitvalidating exploitability
05forensicspreserving evidence · chain of custody
06detectmapping findings to MITRE ATT&CK
07reportdrafting risk-rated remediation
01reconenumerating attack surface
02scanfingerprinting exposed services
03vulncorrelating CVE intelligence
04exploitvalidating exploitability
05forensicspreserving evidence · chain of custody
06detectmapping findings to MITRE ATT&CK
07reportdrafting risk-rated remediation
Operator Status
UTC--:--:--
Top 1%
Global rank · TryHackMe
13
Industry certifications
5
CTF podium finishes
10+
Security domains
systems nominal · ready for engagement
04Field Work

Engagements, decoded.

Tooling and CTF work presented the way real assessments are reported — challenge, methodology, findings, and measurable impact.

Challenge

Manual recon is slow and inconsistent. Analysts need a portable, repeatable way to map a target and instantly surface known exploits for discovered services.

Methodology

Built a Dockerized pipeline orchestrating Nmap service/version detection, then piping enumerated services into SearchSploit to correlate live exploit availability — fully scripted in Bash for one-command deployment.

Findings

Reduced the discovery-to-exploit-intel loop from a multi-tool manual workflow to a single reproducible container run, with consistent output across any host environment.

Impact

A drop-in recon asset that standardizes the earliest, most error-prone phase of an engagement and accelerates triage.

DockerNmapSearchSploitBash
05Proficiency

Where the depth is.

A self-assessed map across the three pillars I operate in — offense, defense, and the systems beneath both.

Offensive Security

Penetration Testing90
Vulnerability Management88
Metasploit Framework82
OSINT Techniques85
OWASP Top 1086

Defense & Forensics

Threat Detection84
Digital Forensics87
Threat Modeling80
MITRE Framework83
Risk Management80

Systems & Code

Linux Administration88
Python82
Bash Scripting86
Wireshark85
Cryptography76
06Trajectory

A deliberate climb.

From foundational network-security certs to a stacked year of offensive specialization — every step compounding toward depth.

2025

Penetration Testing Specialization

CompTIA Career Pathway

Stacked six advanced security certifications in a single year — PenTest+, CySA+, Security+, and the Network Security / Vulnerability Assessment professional tracks.

2024 – 2025

Forensics & Infrastructure Depth

Quick Heal · Red Hat

Certified Digital Forensic Investigator alongside Red Hat RHCSA-track administration — pairing investigation skill with the systems knowledge to defend them.

2022 – Present

B.Tech, Computer Science & Engineering

Lovely Professional University

Building the formal CS foundation while competing in CTFs and climbing to the top 1% on TryHackMe.

2020

Security Foundations

Fortinet NSE · CNSE

Earliest steps into the discipline — network security engineering foundations that set the trajectory.

07Validation

Credentials & recognition

Thirteen industry certifications and a competitive record that proves the skills in the open.

Certifications

— 13 earned

Competitive Record

Top 1%

Global Ranking

TryHackMe · Sustained hands-on dominance

125th

Pentathon CTF

National CTF · Multi-discipline challenge

4th

Chakravyuh CTF

Competitive CTF · Podium finish

16th

TechnOcean CTF

Competitive CTF · Top-tier placement

Qualified

AIESEC Hackathon

Hackathon · Selection round cleared

Top 1%

Global standing on TryHackMe

Available for security roles & engagements

Let's find the
gaps before they do.

Open to penetration testing roles, security engineering positions, and collaborative research. If you need someone who thinks like an attacker and ships like a defender — let's talk.

Email

harikrishnan9602@gmail.com

Phone

+91 79948 20277

LinkedIn

harikrishnan-v-j

GitHub

Hari9602