Karan Bhatt

Security Engineer

Bengaluru, Karnataka, India3 yrs 7 mos experience
Highly Stable

Key Highlights

  • Expert in securing applications during development lifecycle.
  • Led initiatives to enhance security posture at Groww.
  • Managed public Bug Bounty program effectively.
Stackforce AI infers this person is a Cyber Security Specialist with a focus on Fintech application security.

Contact

LinkedIn

Skills

Core Skills

Application SecurityCloud SecurityVulnerability ManagementPenetration Testing

Other Skills

API SecurityApplication Security AssessmentsCybersecurityManagementMobile SecurityNetwork SecurityProject ManagementPublic SpeakingSecuritySecurity AssessmentSecurity TrainingStrategic PlanningThreat ModelingVulnerability AssessmentWeb Application Security Assessment

About

Holds an M.Tech in Cyber Security from Rashtriya Raksha University and a Bachelor of Engineering in Information Technology. Currently serving as a Product Security Engineer II at Groww, contributing to robust application security during the Secure Software Development Life Cycle. Specializes in cloud security, API security, penetration testing, and threat modeling to ensure resilient systems. At Groww, collaborates with teams to identify and mitigate high-impact vulnerabilities, enhancing security for critical applications like Stocks, MF, F&O and US-stocks. Takes pride in fostering a culture of security, driving R&D initiatives, and managing Groww's public Bug Bounty program. Motivated to build secure digital ecosystems while bringing technical expertise and a proactive approach to organizational security challenges.

Experience

Ajaib

Engineer- Security [Consultant]

Jul 2025Present · 8 mos · India · Remote

Groww

3 roles

Product Security Engineer II

Jul 2024Jul 2025 · 1 yr

Cloud SecurityAPI SecurityPenetration TestingThreat ModelingApplication Security

Product Security Engineer

Promoted

Aug 2022Aug 2024 · 2 yrs

  • > Responsible for securing the Application during the Secure Software Development Life Cycle.
  • > Skilled in performing PRD reviews, Threat Modelling, Architecture Review, Infrastructure Review , Cloud Security and Penetration Testing for forthcoming features/products within the organisation.
  • > Undertaken the security testing for Stocks and Us-stocks applications and features.
  • > Managed and implemented new policies for Groww’s public Bug Bounty program and handled it as a primary SPOC for 6 months.
  • > Driving different R&D program across entity to enhance the security posture of Groww.
  • > Discovered various High and Critical vulnerabilities on Groww’s external and internal endpoints and services reducing monetary loss.
  • > Performed Firewall rule review between the entity to do smooth operation in secure way.
  • > Responsible for giving security sign-off of various Internal/External facing API and feature integration.
  • > Performed security testing of various third party service and application integration.
  • > Discovered various bugs during SAST and DAST for Groww’s iOS and Android App.
  • > Performed the review of the Organisation policies, bucket level access and object level access rules in GCP as part of identifying Cloud Misconfigurations.
  • > Performed the review and implemented the bucket rules and review the user of Firebase with aim to secure it.
  • > Handling the Vulnerability Management program of the entity where we get Web, Mobile, Cloud Security Issues fixed in collaboration with respective stake-holding teams.
  • > Conducting regular developer training workshops on mobile and web security best practices.
  • > Responsible for having a regular cadence with the senior management to give them insight about the security posture of their products.
Cloud SecurityPenetration TestingThreat ModelingVulnerability ManagementSecurity TrainingApplication Security

Cyber Security Analyst

Feb 2022Aug 2022 · 6 mos

  • > Responsible for conducting White-Box Pentesting of Groww’s Website.
  • > Responsible for conducting security assessment of third party tools.
  • > Responsible giving security sign-off of various integration (Mostly newly integrated APIs).
  • > Responsible for taking regular followups on various security tickets
White-Box Penetration TestingSecurity AssessmentAPI SecurityPenetration Testing

Techdefence

Cyber Security Analyst

Oct 2020Jan 2021 · 3 mos · Ahmedabad, Gujarat, India · On-site

  • > Responsible for conducting Pentesting of Clients Website.
  • > Responsible for handling the client website and network security of Clients.
Penetration TestingNetwork Security

Education

Rashtriya Raksha University, India

M.Tech — Cyber Security

Nov 2020Sep 2022

SAL COLLEGE OF ENGINEERING (113)

BE - Bachelor of Engineering — Information Technology

Jan 2016Jan 2020

Stackforce found 100+ more professionals with Application Security & Cloud Security

Explore similar profiles based on matching skills and experience

Surya Narayana

Surya Narayana

Senior Penetration Tester

at AirAsia

Sepang, Malaysia12 yrs 11 mos exp
CybersecurityEthical HackingMalware AnalysisPenetration Testing
Gauri G.

Gauri G.

Programmer Analyst

at Cognizant

India3 yrs 6 mos exp
Application SecurityPenetration Testing
Pradeep Bhat

Pradeep Bhat

Senior Engineering Manager - Security

at Groww

Bengaluru, India11 yrs 6 mos exp
Cyber DefenseData SecurityPenetration TestingSecure SDLCSecurity Management
Nisha kumari

Nisha kumari

Associate

at Morgan Stanley

Bengaluru, India7 yrs 9 mos exp
RR

Radhakrishnan Ravichandran

Sr. Cyber Security Analyst – Enterprise Vulnerability Management

at Landmark Group

Bengaluru, India8 yrs 6 mos exp
Application SecurityInformation SecurityPenetration TestingProject ManagementVulnerability Assessment
CR

Chris C. Russo

Co-Founder

at codefend.com

Miami, United States13 yrs 3 mos exp
CybersecurityPenetration TestingWeb Application Security
Sanoj Mahesan

Sanoj Mahesan

Information Security (Nasdaq Inc.)

at Market leading global FinTech in EMEA, Americas

Mumbai, India15 yrs 3 mos exp
CybersecurityInformation Security ManagementPenetration TestingRisk and Compliance
Shristi Joshi (OSCP, CEH)

Shristi Joshi (OSCP, CEH)

Manager- Cloud Infrastructure Security

at Informatica

Bengaluru, India11 yrs 9 mos exp