Profile of Pratik Shetty

Pratik Shetty

cyber

Researcher

, York, United Kingdom

Download Resume

About

Cybersecurity Analyst with over 4 years' experience specialising in red teaming, application security, and mobile app testing. Proven track record in identifying critical vulnerabilities and improving security postures for manufacturing and financial clients using tools like Burp Suite and Metasploit. Certified in MCRTA, CRTO, CRTP, eCPPTv2, and CEH, with recognised bug bounty achievements and CVE publications demonstrating a commitment to proactive security research. Currently pursuing an MSc in Cyber Security at the University of York (UK) and residing in the UK on a Student Visa, with eligibility to work Internships and Full-time upon course completion.

Experience

  • -

    Consultant @ Ernst & Young

    Mumbai, India - On-site

    Summary:

    • Led comprehensive security assessments for manufacturing clients, specializing in web/mobile application security, internal red teaming, and network vulnerability assessments.

    Responsibilities:

    • Led over 15+ security assessments for manufacturing clients, covering web/mobile apps, internal red teaming, and Wi-Fi testing, improving overall security posture.
    • Prepared precise vulnerability reports and Proof-of-Concepts (POCs) for over 40 projects, helping clients fix security issues and secure their systems.
    • Conducted targeted training for client teams on Burp Suite and red teaming, increasing internal security knowledge by 30% for 50+ participants.
    • Performed network vulnerability assessments on 15+ client environments, identifying critical risks and guiding patching efforts to strengthen defenses.
    • Regularly audited firewall, switch, EDR, and Zscaler settings for 5+ enterprise clients, ensuring 100% compliance with security policies and standards.
    • Collaborated with 5+ IT teams to integrate firewall solutions into the overall network architecture.
    • Burp Suite
    • Metasploit
    • Red Teaming
    • Wi-Fi Security
    • Network Security
    • Vulnerability Assessment
    • EDR
    • Zscaler
    • Firewall
  • -

    Associate Consultant @ Aujas Cybersecurity

    Mumbai, India - On-site

    Summary:

    • Performed extensive web application and API penetration testing for major financial clients, with focus on vulnerability identification and remediation guidance.

    Responsibilities:

    • Performed 50+ web applications and API penetration tests for a major financial client, identifying critical vulnerabilities in key systems.
    • Created detailed Proof-of-Concepts (POCs) and vulnerability reports for 10+ projects, helping clients understand and fix security weaknesses.
    • Led Wi-Fi security assessments, uncovering network weaknesses and providing actionable recommendations to strengthen wireless defenses quickly.
    • Worked closely with clients to discuss and resolve identified vulnerabilities, speeding up the fix process by an average of 15-20%.
    • Web Application Security
    • API Security
    • Penetration Testing
    • Vulnerability Assessment
    • Wi-Fi Security
    • Financial Services
    • POC Development
    • Client Relations

Skills

  • Advanced Windows
  • Advanced Linux
  • Advanced Kali Linux
  • Advanced Parrot OS
  • Intermediate Windows Server
  • Advanced Python
  • Intermediate Solidity
  • Beginner Rust
  • Advanced Web Application Security
  • Advanced Mobile Application Security
  • Advanced API Security
  • Intermediate Active Directory
  • Advanced Wi-Fi Security
  • Advanced Firewall
  • Advanced Network Devices
  • Advanced EDR
  • Advanced Burp Suite
  • Advanced Nessus
  • Advanced Postman
  • Advanced MobSF
  • Advanced Frida
  • Advanced Objection
  • Advanced SQLMap
  • Advanced Metasploit
  • Advanced Wireshark
  • Advanced Zscaler
  • Advanced OWASP
  • Advanced NIST
  • Advanced MITRE

Education

Certificates

Bug Bounty

Honorable Mentions

  • Google

    Honorable mention for security research

Hall of Fame

  • Microsoft

    3 times Hall of Fame recognition

  • University of York

    Hall of Fame (January 2026)

  • Oracle

    Hall of Fame (October 2022)

HackerOne

  • Adobe

    Vulnerability disclosure

  • Cosmos

    Security research contribution

  • CrowdStrike

    Vulnerability disclosure

  • Sony

    Security research contribution

Appreciation Letters

  • AWS Security

    Security research appreciation

  • Salesforce

    Vulnerability disclosure appreciation

  • Apache

    Security research contribution

  • NVIDIA

    Security research appreciation

  • Palo Alto

    Security research contribution

  • TV3 Group

    Vulnerability disclosure appreciation

  • FileCoin

    Security research contribution

  • Red Hat

    Security research appreciation

Other Platforms

  • Intigriti - Here Technologies

    Vulnerability disclosure

  • Bugcrowd - NASA

    Security research contribution

  • Immunefi - Moonbeam

    Smart contract security research

  • Immunefi - Nodle

    Blockchain security research

Published CVE

Eclipse Foundation

  • CVE-2022-36022

    Security vulnerability in Eclipse project

Open Source Projects

  • CVE-2022-3492, 3493, 3502, 42235, 42236, 42237, 42238, 42991, 42992, 42993

    Multiple security vulnerabilities discovered in open source projects

  • CVE-2023-3987, 3986

    Security vulnerabilities in open source projects

Speaker

  • Cybersecurity Trends and Future Roadmap

    Cybersecurity 2024: Mapping the Road Ahead
    Pune, India
    Presented insights on emerging cybersecurity threats and industry trends

  • Smart Contract Auditing

    Smart Contract Security Conference
    Pune, India
    Technical presentation on smart contract security assessment methodologies