Available for security engagements

Amit Kumar Gupta
Breaks things, ethically.

 

Offensive-security professional delivering red team engagements, web/API penetration tests, and adversary emulation for Fortune 500 enterprises. MITRE ATT&CK-aligned, Active Directory expert, automation builder.

10+
Hall of Fame Orgs
4
Pro Certifications
100%
Red Team Objectives Met
armourbuff@redteam: ~
armourbuff@redteam:~$ cat ./profile.txt
HANDLE....: armourbuff
ROLE......: Red Team Operator · Pentester
CERTS.....: OSCP+ · CRTA · CNSP · CAP
FOCUS.....: Adversary Emulation · AD · AppSec
EMPLOYER..: Deloitte
CREDO.....: Break it before the adversary does.
armourbuff@redteam:~$  

// Trusted on engagements delivered via Deloitte

01 — whoami

About Me

I'm a Cybersecurity Engineer, Penetration Tester and Red Team Operator currently at Deloitte, where I run end-to-end offensive-security engagements for Fortune 500 clients across banking, healthcare, manufacturing and SaaS.

My work spans web & API penetration testing, internal network and Active Directory exploitation, and full-scope adversary emulation aligned to MITRE ATT&CK. I exploit the OWASP Top 10 in the wild — IDOR, SSRF, XXE, insecure deserialization, JWT attacks and business-logic flaws — and deliver CVSS-scored, remediation-ready findings.

I build my own tooling in Python, Bash and PowerShell to automate recon, post-exploitation and reporting, and I've recently been integrating LLM-assisted analysis into triage pipelines. Off the clock, I'm a bug-bounty hunter recognised in 10+ Halls of Fame — including the University of Cambridge and Drexel University.

~$ ./facts.sh

NameAmit Kumar Gupta
Handlearmourbuff
LocationNew Delhi, India
RoleRed Team Operator
CompanyDeloitte
EducationB.Tech · Cyber Security
CertsOSCP+ · CRTA · CNSP · CAP
Halls of Fame10+ orgs
Status● Available
02 — ls -la ./certs/

Certifications

Industry-recognised offensive-security credentials, hands-on and exam-proctored.

OSCP+
Offensive Security Certified Professional+
OffSec
🔗 Verify credential ↗
CRTA
Certified Red Team Analyst
CyberWarFare Labs
🔗 Verify credential ↗
CNSP
Certified Network Security Practitioner
The SecOps Group
🔗 Verify credential ↗
CAP
Certified AppSec Practitioner
The SecOps Group
🔗 Verify credential ↗
EH
Ethical Hacking From Scratch
zSecurity · Udemy
🔗 Verify credential ↗
03 — cat ./experience.log

Experience

Penetration Tester / Security Analyst — Deloitte
Oct 2025 – Present
  • End-to-end pentests across web apps, REST & GraphQL APIs, internal networks and Active Directory for Fortune 500 clients in banking, trading and SaaS.
  • Led full-scope red team engagements simulating APT TTPs aligned to MITRE ATT&CK — initial access & lateral-movement objectives met in 100% of scoped ops.
  • Exploited OWASP Top 10 (IDOR, SSRF, XXE, insecure deserialization, JWT attacks, business-logic flaws) with CVSS-scored, remediation-ready findings.
  • Built custom Python/Bash automation for AD enumeration, Kerberoasting and BloodHound ingestion — cutting manual assessment time by ~35%.
  • Integrated LLM-assisted tooling into triage pipelines — +40% faster analysis of large attack surfaces with fewer false positives.
Independent Security Researcher — Bug Bounty
Ongoing
  • Responsible disclosure across 10+ global programs — Hall of Fame at University of Cambridge, Drexel University and more.
  • AI/LLM security research: prompt injection, jailbreak testing and adversarial ML against enterprise LLM deployments.
  • Active CTF competitor on HackTheBox & TryHackMe — binary exploitation, web and Active Directory.
04 — cat ./education.log

Education

B.Tech, Computer Science Engineering
Specialization: Cyber Security & Forensics
Sharda University · 2020 – 2024
Higher Secondary (Class XII), Science
CBSE
Vivekananda Kendriya Vidyalaya · 2020

// languages: English (Professional) · Hindi (Native)

05 — ./arsenal.sh

Arsenal & Skills

// core competencies

Red Team & Adversary Emulation95%
Web & API Penetration Testing93%
Active Directory Exploitation90%
Python / Bash Automation88%
AI / LLM Security82%

// tooling & frameworks

Burp SuiteMetasploitNmap NucleiBloodHoundSharpHound CrackMapExecImpacketMimikatz evil-winrmCobalt StrikeLigolo-ng SQLmapFfufAmassWireshark NessusPowerView

// frameworks

MITRE ATT&CKCyber Kill ChainPTES OWASP ASVSNIST CSFISO 27001CVSS v3.1
06 — try it yourself

Interactive Terminal

A little easter egg — this one's live. Type a command and hit enter.

guest@amitgupta.dev: ~
guest@amitgupta.dev:~$

try: help whoami certs skills contact sudo clear

07 — cat ./resume.pdf

Résumé

📄 Curriculum Vitae

Full résumé — certifications, engagement summary, tooling and bug-bounty record — packaged as a clean PDF.

08 — let's connect

Break things, ethically.

Open to red team engagements, penetration testing work and security collaboration. Let's talk.

amitgupta5310@gmail.com · New Delhi, India