Skip to content
View rishuranjanofficial's full-sized avatar
💭
Problem Solving skills
💭
Problem Solving skills

Block or report rishuranjanofficial

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Rishu Ranjan

Senior Application Security Engineer · OSCP · CREST CPSA · CRT

Typing SVG

LinkedIn Twitter Email GitHub


About Me

OSCP-certified Application Security Engineer with 10 years of experience securing fintech, SaaS, and cloud platforms at scale. I lead Application Security, Secure Code Review, API Security Testing, AWS Cloud Security, and Vulnerability Management programs - currently at PAR Technology.

  • 🔭 Currently implementing SAST/SCA practices (Snyk) and leading SAST, DAST, and network VAPT across multi-tenant cloud environments
  • 🧠 Evaluating Meta's Llama Guard for enterprise content moderation and AI safety initiatives
  • 🤖 Engineering custom AI agents (Glean, Copilot) to automate high-velocity security document review and multi-year trend analysis
  • ☁️ Auditing Amazon ECR container images for vulnerabilities and zero-trust compliance; running PCI DSS v4.0 assessments
  • 🌱 Core Contributor to the OWASP Web Security Testing Guide (WSTG) since 2020
  • 🐛 Independent bug bounty researcher on HackerOne and Bugcrowd
  • 🏆 Security acknowledgements from Apple, Microsoft, SAP, LG Electronics, and Google
  • 📜 CVE Author - CVE-2018-12234, 12650, 12651, 12652, 12653
  • 💬 Ask me about: Application Security, Secure Code Review, AWS Security, AI/LLM Security, Vulnerability Management

Experience

2025 – Present   Senior Application Security Engineer          PAR Technology
2023 – 2025      Security Lead (Fintech)                       Paytm
2021 – 2023      Senior Security Engineer                      Paytm
2016 – 2021      Senior Security Analyst                       Lucideus Technologies

PAR Technology - Implementing SAST/SCA (Snyk), leading SAST/DAST/network VAPT across multi-tenant cloud environments, evaluating Llama Guard for AI safety, engineering AI agents for security document review, auditing Amazon ECR images, running PCI DSS v4.0 assessments, and embedding guardrails across CI/CD pipelines.

Paytm (Security Lead, Fintech) - Led Vulnerability Management (Qualys) for a high-traffic fintech platform, directing risk analysis, prioritization, and remediation across banking infrastructure; managed a team of 6 security engineers; ran CWPP cloud posture reviews and RBI-mandated CA/CR hardening.

Paytm (Senior Security Engineer) - Ran SAST, DAST, and network VAPT; led Qualys-based vulnerability management and RBI compliance audits; built Python/Bash automation for triage and asset discovery, cutting manual effort by 40%.

Lucideus Technologies - Led Red Team assessments and source code reviews for Fortune 500 clients, delivering VAPT for 100+ applications across web, API, and mobile.


Technical Skills

Burp Suite Snyk Checkmarx SonarQube OWASP ZAP SQLMap

Qualys Nmap Nessus Metasploit AWS Security Hub

Apktool JADX CFF Explorer Echo Mirage VCG

Python Bash

Focus areas: Application Security & Secure Code Review · AI Security & Agent Engineering · Cloud Security (AWS) · SAST & SCA · API Security Testing · Vulnerability Management


Certifications & Research

🎓 Certifications OSCP · CREST CPSA · CREST CRT
🧩 OWASP Core Contributor, Web Security Testing Guide (WSTG) - 2020–Present
🏅 Acknowledged by Apple · Microsoft · SAP · LG Electronics · Google (2018–2023)
📄 CVEs CVE-2018-12234, 12650, 12651, 12652, 12653
🎓 Education M.Sc. Informatics, University of Delhi (2014–2016) · B.Sc(H) Electronics, University of Delhi - ARSD College (2011–2014)

GitHub Stats

GitHub Stats GitHub Streak Top Languages

📫 Reach me: rishuranjanofficial@gmail.com  |  📍 New Delhi, India

Pinned Loading

  1. JWTweak JWTweak Public

    Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

    Python 103 19

  2. CSP-update-checker CSP-update-checker Public

    Check for presence of CSP policy on domain(s). Check for change in CSP policy from last time captured by this script.

    Python 3

  3. Delsubdir Delsubdir Public

    Customize the Directories/Folders by deleting the Sub Directories/Folders or even files based on the condition

    Python 2

  4. OWASP/wstg OWASP/wstg Public

    The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

    9.6k 1.6k

  5. OWASP/www-community OWASP/www-community Public

    OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

    HTML 1.4k 837