Cybersecurity Analyst · IISc Bangalore

Kiran
Kumar K

VAPT Specialist · SOC Analyst · Security Engineer · Bug Bounty Hunter

Protecting institutions and organizations through hands-on penetration testing, endpoint security, threat detection, and responsible vulnerability disclosure — with credits from NASA and Stanford University.

⚔️ View Services 📂 My Projects →
500+
Devices Secured
563
CCTV Vulns Found
200+
Policies Enforced
4
Bug Bounty Credits
👨‍💻
Kiran Kumar K
JUNIOR SECURITY ANALYST @ IISc · DIGITS
💼 LinkedIn 🐙 GitHub 🐛 Bugcrowd 📄 Portfolio CV

Results-oriented Cybersecurity Analyst with hands-on expertise in VAPT, SOC Operations, Digital Forensics, IoT Security, and enterprise endpoint management at the Indian Institute of Science (IISc) — one of India's most prestigious research institutions.

Proven track record of discovering critical vulnerabilities, managing 500+ device onboarding to Microsoft Intune, implementing 200+ security policies, and driving zero-trust security initiatives across campus infrastructure.

Active bug bounty hunter with responsible disclosures to NASA, Stanford University, and multiple government portals — demonstrating real-world impact beyond institutional boundaries.

🏛️ IISc · DIGITS ✅ NASA Credited ✅ Stanford Credited 📍 Bengaluru, Karnataka
What I Do

Cybersecurity Services

Enterprise-grade security expertise across offensive and defensive security disciplines, tailored for modern infrastructure.

⚔️
VAPT & Penetration Testing

Comprehensive vulnerability assessment and penetration testing of web apps, APIs, and infrastructure using industry-standard methodologies and OWASP Top 10 coverage.

Burp Suite Pro Metasploit Nmap SQLMap OWASP ZAP
🔍
SOC & Threat Detection

24/7 threat monitoring, alert triage, EDR operations, threat hunting, and forensic investigation of live cyberattacks — identifying attack vectors and delivering hardening roadmaps.

Microsoft Sentinel Defender MDE Wazuh SIEM Splunk
💻
Endpoint Security & MDM

Enterprise endpoint management via Microsoft Intune, compliance policy enforcement, LAPS password rotation, ASR rules, and zero-trust access control across 500+ devices.

Microsoft Intune Entra ID LAPS CrowdStrike
☁️
Cloud & Server Hardening

Linux server hardening, SELinux policy enforcement, cloud security posture management via Microsoft Defender for Cloud (MDAPT), and Azure security configuration.

Defender for Cloud SELinux Linux Hardening Azure AD
🔬
Vulnerability Management

Continuous vulnerability scanning, CVSS-prioritized remediation reporting, OpenVAS assessments, and validated fix procedures delivered with step-by-step guidance.

Qualys Rapid7 InsightVM Nessus Pro OpenVAS
🤖
IR Automation & Forensics

Python-powered incident response automation, IOC/IOA parsing, honeypot log analysis, digital forensics, VM forensics, and NCCC compliance-aligned auditing workflows.

Python Log Analysis VM Forensics NCCC
Key Impact

Notable Achievements

🎯
563
CCTV Cameras — Critical Exposure
Discovered 563 CCTV cameras across 4 NVR systems at IISc exposed with default credentials. Delivered full PoC report with exploitation chain — all subsequently secured by campus teams.
40%
Incident Response Time Reduction
Automated NCCC report parsing (IOCs, IOAs, honeypot logs) using Python — cutting mean response time by 40% and enabling faster threat containment at institutional scale.
🛡️
100%
Vulnerability Remediation Compliance
Executed VAPT on 50+ IISc websites and APIs; collaborated with dev teams to validate all fixes — achieving 100% remediation compliance across every assessed application.
📋
200+
Security Policies Deployed
Implemented 200+ security policies across Intune and Microsoft Entra ID — enforcing institutional compliance standards at scale across 500+ managed devices.
Responsible Disclosure

Bug Bounty Credits

Responsible disclosure of critical vulnerabilities to world-class organizations — demonstrating real-world offensive security impact.

🚀
NASA
Bulk Directory Listing
CRITICAL
🎓
Stanford
AWS S3 Misconfiguration
HIGH
🏛️
HRYLABOUR.GOV
Reflected XSS
MEDIUM
🌿
PATANJALI
High-Severity XSS
HIGH
Open Source Tools

Security Projects

Practical security resources and tools built for the community — available at kirankumark.in/[project]

🔐
Security Hardening Guides
VAPT REMEDIATION · 6 GUIDES

Comprehensive security hardening guides for WordPress, Node.js, React, Flutter, Linux Server, and API Security — covering OWASP Top 10, CIS Benchmarks, and VAPT remediation procedures with step-by-step fix guidance.

WordPress Node.js React Linux API Security
🌐 View Repository →
🌍
CyberShield Domain Awareness
OSINT · DNS · THREAT INTEL

Domain security awareness and analysis tool providing DNS reconnaissance, subdomain enumeration, threat intelligence correlation, and certificate transparency monitoring for proactive attack surface management.

OSINT DNS Recon Threat Intel Attack Surface
🌐 View Repository →
🏢
Zero-Trust Endpoint Security
MICROSOFT INTUNE · MDE · ZERO TRUST

Architected and deployed Zero-Trust endpoint security framework across 500+ devices at IISc — enforced compliance policies, automated LAPS password rotation, and full Microsoft Defender for Endpoint integration.

Microsoft Intune Zero Trust LAPS
📋 Read Case Study →
☁️
Cloud Server Security Hardening
MDAPT · SELinux · MSSQL

Deployed Microsoft Defender for Cloud across all Linux servers, enforced SELinux mandatory access control policies, disabled xp_cmdshell on MSSQL — achieving comprehensive cloud security posture hardening.

Defender for Cloud SELinux MSSQL
📋 Read Case Study →
Career

Work Experience

Junior Security Analyst
Indian Institute of Science (IISc – DIGITS), Bangalore
Jul 2025 – Present
  • Onboarded 500+ devices to Microsoft Intune with enforced compliance policies, LAPS rotation, and MDE integration — reducing institutional attack surface.
  • Implemented MDAPT across all Linux servers; enforced SELinux policies; disabled xp_cmdshell on MSSQL — preventing command execution vulnerabilities.
  • Executed comprehensive VAPT on 50+ IISc websites and APIs (SQLi, XSS, IDOR, auth bypass) — achieved 100% remediation compliance.
  • Discovered 563 CCTV cameras across 4 NVR systems with default credentials; delivered full PoC and remediation — all systems subsequently secured.
  • Managed 50+ Defender alerts and 35+ Azure agentless alerts daily; led forensic investigations of multiple live cyberattacks.
  • Automated incident response workflows via Python — reducing response time by 40% in alignment with NCCC directives.
  • Deployed Wazuh SIEM with agent-based centralized log monitoring; evaluated PacketFence NAC for campus-wide rollout.
Information Security Intern
Indian Institute of Science (IISc), Bangalore
Mar 2025 – Jun 2025
  • Performed VAPT on 5+ IISc web applications and 1 API using OpenVAS and Burp Suite — identified OWASP Top 10 vulnerabilities and API security flaws.
  • Delivered comprehensive PoC reports with CVSS-prioritized remediation procedures; analyzed Apache/Nginx logs for anomaly detection.
Independent Bug Bounty Researcher
Self-Employed
Mar 2023 – Dec 2024
  • Responsibly disclosed critical vulnerabilities to NASA (Bulk Directory Listing), Stanford University (AWS S3 Misconfiguration), Hrylabour.gov.in (Reflected XSS), and Patanjaliayurved.net (High-severity XSS).
Technical Arsenal

Skills & Tools

💻 Endpoint & MDM
Microsoft IntuneEntra ID LAPSASR Rules Windows DefenderCrowdStrike SentinelOne
⚔️ Penetration Testing
Burp Suite ProMetasploit NmapSQLMap OWASP ZAPKali Linux API Pen Testing
🔭 SOC & SIEM
Microsoft SentinelDefender MDE Wazuh SIEMRapid7 InsightIDR SplunkELK Stack
🔬 Vuln Management
QualysRapid7 InsightVM Nessus ProOpenVAS Asimily
☁️ Cloud & Network
Azure ADDefender for Cloud Zero Trust / ZTNAPacketFence NAC WiresharkAWS Security
🧪 AppSec
Fortify SCACheckmarx SAST / DASTOWASP Top 10 API Security
🖥️ Server Security
Linux HardeningSELinux MDAPTSecure OS Config MSSQL Security
🤖 Scripting & Forensics
PythonBash SQLLog Analysis IOC/IOA Investigation VM Forensics
Education & Credentials

Certifications

🛡️
Ethical Hacking Essentials
EC-Council
🔒
CompTIA Security+ (Plus)
Infosys SpringBoard
🔌
Postman API Fundamentals
Postman · Student Expert
🎓
B.E. Computer Science
Alva's Institute of Engineering & Technology · 7.28 CGPA
Get In Touch

Let's Work Together

Available for VAPT engagements, security consulting, bug bounty collaboration, and enterprise security projects.

📧 18kirankumar.k03@gmail.com 📱 +91 83109 37381 💼 linkedin.com/in/kiran-kumar-k3 🐙 github.com/KIRAN-KUMAR-K3