HITESH PALIYA
OFFENSIVE SECURITY ENGINEER // DEVSECOPS
SCALING THREAT VALIDATION | CLOUD SECURITY | DEVSECOPS
Subject
HITESH PALIYA
Designation
SECURITY ENGINEER II
Clearance
ROOT
STATUS:
ACTIVE
Overview
OSCP+ certified Offensive Security Professional with 4.5+ years of operational history in identifying and mitigating complex security vulnerabilities. Specializing in end-to-end Penetration Testing, SecOps, Cloud Security, and Threat Modeling. I have executed over 150 penetration tests across web applications, mobile apps, APIs, and cloud assets.
Current Focus
Focusing on developing AI-powered tools and Security Automation frameworks. Architecting Cloud IOM verifiers and vulnerability reachability assessments using source code and public exploit databases to enhance defensive resilience.
Continuous Learning
- →Executing continuous skill enhancement via Bug Bounty Hunting (HackerOne, Bugcrowd) and Capture The Flag (CTF) events.
- →Active participant in Hack The Box and TryHackMe.
- →Null Community Ahmedabad Meetup Attendee.
Featured Engineering
OP-001
Cloud EASM Automation
Engineered a Python-based External Attack Surface Management (EASM) pipeline utilizing Playwright and CrowdStrike Falcon, successfully automating misconfiguration verification across AWS, Azure, and GCP scale.
- →Automated asset mapping
- →EASM execution
OP-002
Unified SecOps Framework
Architected an AI-driven SecOps wrapper. Consolidated multiple security protocols (Gitleaks, Grype, SonarQube, Semgrep, Checkov) into a single, high-performance continuous integration pipeline.
- →Unified security scanning pipeline
- →Infrastructure as Code validation
OP-003
GhostPin Research Platform
Developed an enterprise-grade mobile application security testing platform powered by Frida. Features 17 custom SSL pinning bypasses, deep link fuzzing, and runtime API monitoring across Android and iOS environments.
- →SSL Pinning Bypass
- →Runtime API Discovery
OP-004
Exploit Chain Generator
Architected an advanced heuristic engine correlating Software Composition Analysis (SCA) and Static Application Security (SAST) findings. Autonomously validates attack paths and generates custom Python Proof-of-Concept scripts.
- →SCA/SAST Correlation
- →Automated PoC Generation
OP-005
apkcheck: Android Static Audit
Engineered a comprehensive Android Bug Bounty Static Analysis Suite. Integrates decompilation (JADX) with 20+ parallel static analysis modules to detect cryptographic weaknesses and ICC vulnerabilities, outputting enterprise-ready SARIF reports.
- →Automated Static Analysis
- →SARIF/CI Integration
OP-006
AI Reachability Engine
Custom tool leveraging AI to perform vulnerability reachability assessments. Correlates direct source code analysis with public databases of known exploits (osv.dev).
- →Exploit path validation
- →False-positive reduction
OP-007
Distributed Reconnaissance
High-speed wrapper engineered for tools including Amass, Subfinder, Nuclei, and HTTPX. Built to significantly improve reconnaissance speed and coverage during active EASM engagements.
- →High-speed target enumeration
- →Parallelized reconnaissance
Certifications & Education
[CLEARANCE (CERTS)]
- >OSCP+
- >GCP Professional Cloud Architect
- >CCSE
- >Practical Ethical Hacking
[HALL OF FAME]
- >U.S. Dept of Defense
- >Nutanix
- >Sophos
- >Umbraco
- >Grofers (Blinkit)
[ACADEMICS]
- >B.E. in Information Technology
- >Silver Oak College (2017-2021)
- >CGPA: 9.82