RANJEET SINGH CHAUHAN
Mississauga
Summary
Experienced Application and Network Security Engineer with over 9 years of hands-on expertise in penetration testing, secure code review, and vulnerability management across web, mobile, API, AI/ML, and network environments. Proven ability to design and execute testing plans, deliver impactful remediation guidance, and serve as a primary defense against external threats. Proficient in Python, JavaScript, and modern security tools and methodologies. Passionate about staying current with emerging threats, educating teams on security best practices, and safeguarding critical systems through both proactive and reactive strategies.
Overview
11
11
years of professional experience
1
1
Certification
Work History
Information Security Engineer (Contract)
WestJet
02.2025 - Current
- Managed and resolved 12 PCI compliance backlog tickets within a 40-day window by preparing detailed scope documents and performing penetration tests where required.
- Took ownership of PCI-related pentest activities, including planning, execution, and coordination across teams.
- Delegated tasks effectively to team members based on skillsets, ensuring efficient workload distribution and timely project completion.
- Developed and customized reporting templates to improve clarity and consistency in deliverables.
- Experienced in scoping penetration testing engagements and estimating effort based on target complexity, client requirements, and threat modeling inputs.
Bug Bounty Hunter | Ethical Hacker
HackerOne
06.2014 - Current
- Independently identified and reported critical vulnerabilities such as remote command execution, SSRF, and authentication bypass in major web platforms.
- Recognized in 100+ Hall of Fame acknowledgments for responsibly disclosing over 1,000 vulnerabilities.
Senior Security Consultant
Iron Spear Information Security Ltd
09.2023 - 12.2024
- Led comprehensive security assessments for web, mobile, REST, and GraphQL APIs, uncovering vulnerabilities like XSS, CSRF, and insecure direct object references.
- Conducted penetration testing on AI/ML integrations, identifying prompt injection vectors and recommending mitigations.
- Delivered tailored reports and executive summaries to clearly communicate risks and remediation strategies to technical teams and leadership.
- Stayed current with the latest vulnerabilities and attack techniques, updating testing methodologies accordingly.
Associate Cyber Testing
RSM Canada LLP
06.2022 - 08.2023
- Conducted independent security assessments of web, mobile, API, and internal network environments, applying industry-standard testing methodologies.
- Executed manual and automated penetration testing using tools like Burp Suite, OWASP ZAP, and advanced enumeration techniques, identifying authentication flaws, injection vulnerabilities, and insecure API configurations.
- Produced detailed reports with clear documentation of findings, CVSS scores, and recommended remediation steps.
Senior Penetration Tester
Whynot53 Technologies Private Limited
09.2019 - 12.2020
- Performed advanced penetration testing of web, mobile, and network environments, correlating findings with threat models to prioritize remediation.
- Conducted security assessments and social engineering tests, collaborating with clients on effective mitigation strategies.
Security Engineer
Unocoin Private Limited
11.2016 - 08.2019
- Led implementation of OWASP Top 10 mitigations in production codebases, significantly reducing security risks.
- Conducted secure code reviews to identify vulnerabilities in Python and JavaScript, working closely with developers to remediate issues before release.
- Managed vulnerability identification and remediation workflows, and built and maintained CI/CD pipelines with integrated security testing.
Security Analyst
GoodDrop
08.2015 - 10.2016
- Evaluated technology processes, configurations, and security controls, recommending improvements aligned with evolving threats.
- Conducted vulnerability assessments and documented findings for technical and management stakeholders.
Education
Master of Information Technology - Security
Ontario Tech University
Oshawa, Ontario, Canada06.2022
Bachelor of Science - Computer
Guru Nanak Dev Engineering College
Ludhiana, Punjab, India07-2015
Skills
- Web & API Security: XSS, SQL Injection, CSRF, IDOR, secure REST & GraphQL API testing
- AI/ML Security: Prompt injection, model abuse testing, adversarial input testing
- Secure Code Review: Python, JavaScript, Bash; familiarity with Ruby
- Automation: Developed and maintained tools for automated security testing
- Tools: Burp Suite, OWASP ZAP, Nikto, Wfuzz, SQLmap, Amass, EyeWitness, Postman, APIScanner, Tinfoil API Scanner, Nmap, Masscan, CrackMapExec, NetExec, Impacket, Responder, Mimikatz, BloodHound, SharpHound, Metasploit, rpcclient, smbclient, Rubeus, Kerbrute, Aquatone, MobSF, Frida, Objection
- Reporting: Clear documentation of vulnerabilities with CVSS scoring and actionable remediation steps
Accomplishments
- Ranked among the top 20 hackers globally on HackerOne in 2018
- Reported over 1,500 vulnerabilities across diverse platforms through responsible disclosure and bug bounty programs
- Attended multiple cybersecurity conferences, including Nullcon Goa (twice)
- Recognized as a top-performing student in the Master of Information Technology Security program (GPA: 4.15)
Certification
- Practical Network Penetration Tester (PNPT), July 2022
- Offensive Security Certified Professional (OSCP), August 2024
- Burp Suite Certified Practitioner (BSCP), July 2024
- Certified AI/ML Pentester (C-AI/MLPen), February 2025
- CREST Practitioner Security Analyst (CPSA), May 2025
- CREST Registered Penetration Tester (CRT), May 2025
Languages
English
Full Professional
Hindi
Native or Bilingual
Punjabi
Native or Bilingual
Timeline
Information Security Engineer (Contract)
WestJet
02.2025 - Current
Senior Security Consultant
Iron Spear Information Security Ltd
09.2023 - 12.2024
Associate Cyber Testing
RSM Canada LLP
06.2022 - 08.2023
Senior Penetration Tester
Whynot53 Technologies Private Limited
09.2019 - 12.2020
Security Engineer
Unocoin Private Limited
11.2016 - 08.2019
Security Analyst
GoodDrop
08.2015 - 10.2016
Bug Bounty Hunter | Ethical Hacker
HackerOne
06.2014 - Current
Master of Information Technology - Security
Ontario Tech University
Bachelor of Science - Computer
Guru Nanak Dev Engineering College
Similar Profiles
CHIDI AZUBUIKECHIDI AZUBUIKE
Senior Procurement Specialist at WestJetSenior Procurement Specialist at WestJet
Kayle NivenKayle Niven
CSA at WestjetCSA at Westjet
Jason Ter DengeJason Ter Denge
Cabin Crew Member at WestJetCabin Crew Member at WestJet
Kerriann Holder-LewisKerriann Holder-Lewis
Administrative Assistant at Caribank Co-operative Credit Union Limited (CCCUL)Administrative Assistant at Caribank Co-operative Credit Union Limited (CCCUL)
Poornima VinayPoornima Vinay
Advanced Sales Associate (Supervisor) at UNIQLOAdvanced Sales Associate (Supervisor) at UNIQLO