Available for engagements

AI/ML PENTEST // VA/PT // RED TEAM // CLOUD SECURITY

SUNILTRIPATHY

— Security Researcher

I help organisations stay one breach ahead — building offensive simulations, hardening cloud estates and running 24/7 SOC operations that actually catch real threats.

LinkedIn ↗
// SCROLL TO EXPLORE📍 Bangalore, India
01DOSSIER
Sunil Tripathy
● REC // LIVE

ID // 1024-SUNIL-T // CLEARANCE: RED

I build systems
attackers hate.

Over years of hands-on work across penetration testing, incident response and cloud security, I've shipped findings that moved security postures from compliant-on-paper to genuinely resilient. My approach is part adversary, part architect: break it loud, fix it quietly, document everything.

I work across pentest, SOC and cloud — bridging offensive findings with defensive engineering, and documenting work that survives team turnover.

10+
Years in Security
120+
Pentests Delivered
09
Critical CVEs Found
2.4K
SOC Incidents Triaged
02CAPABILITIES & CERTS

Stack I bring
to every engagement.

Offensive Security

  • VA/PT (Web, API, Network, Infra)
  • Secure Code Review (Java, .NET, Node.js)
  • AI/ML & LLM Pentesting
  • Active Directory Attacks
  • Red Team Engagements
  • C2 Frameworks (Cobalt Strike, Sliver, Mythic, Havoc)
  • Social Engineering

Defensive / SOC

  • SIEM (Splunk, Sentinel, ELK)
  • Threat Hunting
  • Incident Response
  • Forensics & Log Analysis
  • Detection Engineering

Cloud Security

  • AWS / Azure / GCP Hardening
  • IAM & Zero-Trust
  • Container & K8s Security
  • CSPM / CNAPP
  • DevSecOps Pipelines

AI/ML Security

  • LLM Prompt Injection & Jailbreaks
  • Model Extraction & Inversion
  • Training Data Poisoning
  • RAG / Agent Abuse Testing
  • MLOps Pipeline Hardening
  • OWASP LLM Top 10

Tooling

  • Burp Suite
  • Cobalt Strike / Sliver / Mythic
  • BloodHound
  • Metasploit
  • Wireshark
  • Nmap
  • Splunk
  • Python
  • Bash
CERTIFICATIONS
OSCP
Offensive Security Certified Professional
CRTO
Certified Red Team Operator
CAISR
Certified AI Security Researcher — 8kSec
CEH
Certified Ethical Hacker
AWS-SCS
AWS Certified Security – Specialty
CompTIA Sec+
Security+ ce
03OPERATIONAL HISTORY

Where I've worked
in the trenches.

2024 — Present

Lead Security Engineer

@ Resillion
  • //Lead AI/ML penetration testing engagements — LLM prompt-injection, model extraction, training-data poisoning, RAG abuse and MLOps pipeline attacks.
  • //Run red-team simulations with custom C2 infrastructure (Cobalt Strike, Sliver, Mythic) against critical banking & enterprise infrastructure.
  • //Built detection rules cutting MTTR by 42% across the SOC and designed cloud guardrails for a 4-account AWS landing zone.
2021 — 2024

Senior Penetration Tester

@ Accenture
  • //Delivered 80+ pentests across fintech, healthcare and SaaS clients.
  • //Reported 17 critical vulnerabilities, including 2 CVEs.
  • //Authored client-facing playbooks for remediation triage.
2016 — 2020

VA/PT Engineer & Secure Code Reviewer

@ Tata Consultancy Services (TCS)
  • //Led secure code reviews across Java, .NET and Node.js codebases — flagging injection, auth and crypto flaws before production.
  • //Delivered vulnerability assessments and penetration tests across enterprise web, network and infrastructure assets.
  • //Partnered with SOC teams on incident triage and detection tuning, building SOC-aware remediation playbooks.
04SELECTED CASE FILES

Things I've broken
and then fixed.

CASE / 01

LLM Red Team — Enterprise GenAI Platform

Adversarial assessment of a production LLM platform. Bypassed guardrails via indirect prompt injection through RAG sources, achieved data exfil from connected tools, and reported model-extraction risk.

LLMPrompt InjectionRAGOWASP LLM
CASE / 02

Red Team Engagement — Indian BFSI

Full-scope adversary simulation against a Tier-1 bank: phishing, OT pivot, domain escalation. Closed with C-suite tabletop debrief.

Cobalt StrikeC2ADPhishing
CASE / 03

AWS Cloud Security Audit

Reviewed 6 production AWS accounts. Found IAM privilege creep, exposed S3 sinks and crypto-mining via stale Lambda. Hardened landing zone.

AWSIAMCSPMTerraform
CASE / 04

Kubernetes Threat Detection

Authored Falco + Splunk detections for container escape, sidecar tampering and crypto-jacking. Now part of org-wide baseline.

K8sFalcoSplunkPython
05ESTABLISH SECURE CHANNEL

Let's talk
securely.

For engagements, advisory work, talks or just to trade war stories — send a message. Most replies within 48h.

linkedin.com/in/suniltripathycontact.suniltripathy@gmail.com
Bangalore, India
// TRANSMISSION FORM
© 2026 SUNIL TRIPATHY. All rights reserved.