Hello!

I'm Piyush Kumawat

A Product Security Engineer

Currently, I work at Harness

Portrait of Piyush Kumawat
4+
Years of Experience
250+
Security Projects Completed
1000+
Security Issues Reported
4
Certifications

Know Me More

I'm Piyush Kumawat, a Product Security Engineer

Product Security Engineer with a background in penetration testing. I have tested over 250+ applications across web, mobile, and API surfaces. Experienced in threat modeling, DevSecOps tooling, and cloud security reviews across Azure, AWS, GCP, and Alibaba Cloud.

I am passionate about ensuring the security of products and dedicated to staying up-to-date with the latest industry trends and techniques.

My Skills

Web Application Penetration Testing 99%
Web Services and API Security Testing 99%
Network Penetration Testing 99%
Source Code Review 99%
Android & iOS Penetration Testing 95%
Cloud Security Configuration Reviews 98%
DevSecOps 95%
Threat Modelling 95%

Tools I Use

Burp Suite
Jenkins
Metasploit
HCL AppScan
Nessus

Experience

May 2024 - Present Staff Product Security Engineer Harness
  • Perform threat modelling, SAST, DAST, and SCA across Harness products to secure the software development lifecycle.
  • Lead vulnerability management - triage, prioritise, and drive remediation with cross-functional engineering teams.
  • Run and mature the Harness bug bounty programme, validating reports and reducing real-world risk.
  • Build and improve DevSecOps guardrails and security frameworks to strengthen overall security posture.
  • Conduct manual and automated security assessments across web, API, and cloud mapped to OWASP Top 10, MITRE ATT&CK, and business logic risks.
  • Define and enforce security requirements, policies, and guardrails across CI/CD pipelines.
  • Work closely with developers to remediate findings and embed secure-by-design practices early in the lifecycle.
  • Mentor engineers and security team members to raise the security bar across the organisation.
Jan 2022 - May 2024 Product Security Engineer OLA
  • Performed threat modelling, DAST, and SAST on web applications across OLA business groups (Mobility, Electric, Money, Avail Finance, and more).
  • Ran web application security assessments for OWASP Top 10, MITRE ATT&CK, and business logic vulnerabilities.
  • Managed the OLA bug bounty process and triaged researcher submissions.
  • Performed white-box tests and removed false positives from automated scans.
  • Worked with developers to remediate findings and mapped risks by business criticality.
  • Raised detailed Jira tickets with reproduction steps, remediation guidance, and evidence.
  • Conducted retests to verify closure of security risks across web, API, and mobile assessments.
  • Supported GDPR and PCI-DSS audit dependencies on application security.
Jun 2019 - Jan 2022 Security Services Associate Consultant Synopsys
  • Performed DAST and web application security assessments for OWASP Top 10, MITRE ATT&CK, and business logic issues.
  • Ran scans with Burp Suite, Nessus, AppScan, Metasploit, SqlMap, Nmap, OpenVAS, Dirb, Nikto, and related tooling.
  • Performed black-box and grey-box security tests and removed false positives.
  • Provided executive reports with technical summaries and remediation recommendations.
  • Configured DevSecOps tooling such as Checkmarx, WhiteSource, and Burp in CI/CD environments.
  • Performed cloud configuration reviews on AWS, Azure, GCP, and Alibaba Cloud.
  • Sent daily vulnerability updates and supported parallel revalidation during active tests.
Jan 2019 - May 2019 Cyber Security Intern Synopsys Inc.
  • Learned penetration testing fundamentals, application stacks, and OWASP Top 10 in web environments.
  • Automated open-source and commercial SAST, SCA, and DAST tools in Jenkins pipelines for efficient security scanning.
Mar 2017 - Apr 2017 System / Network Admin Intern Shah Technical Consultants Pvt. Ltd.
  • Managed network and server infrastructure for the organisation.
  • Provided proactive solutions for technically challenging operational problems.

Let's Connect

Open to security consulting, training, and collaboration.