Available for opportunities

Mithun Sreeram G

$ whoami → Application Security Engineer @ Zoho

Breaking things before bad actors do. Specializing in DAST, SAST, secure code review, and CI/CD security integration. 150+ security bugs raised. 1000+ code violations remediated.

Get in Touch ↗ View Work →
100+
Bug Bounties Triaged
150+
Security Bugs Raised
1K+
Code Violations Fixed
50+
Critical Bugs Found
Scroll to explore
Work Experience

Where I've
Broken Things

Member Technical Staff
Application Security Engineer — Zoho Corporation
JUN 2023 → PRESENT
  • Managed and triaged 100+ bug bounty submissions, directly collaborating with developers to resolve reported issues
  • Raised 150+ security bugs through proactive assessments, threat modeling, and source code reviews
  • Identified and remediated 1000+ code violations, aligning fixes with secure coding practices and industry standards
  • Led internal pen testing team, uncovering 50+ critical and high-severity bugs across production systems
  • Enabled developers through walkthroughs and training sessions on identified issues and remediation strategies
  • Owned and maintained the Security Stage in CI/CD pipeline to scan each build for vulnerabilities
Project Trainee (Developer)
Zoho Corporation
JUL 2022 → JUN 2023
  • Developed a complete standalone cab booking application using Java and MySQL with core booking, fare calculation, and user management functionalities
  • Incorporated security checks to improve input validation and data handling within the application
  • Assisted in debugging and resolving issues, contributing to overall software stability
  • Participated in feature planning and provided design suggestions that influenced upcoming features
Security Projects

Built to
Break Things

AI-Powered CLI Tool · Bug Bounty
Mewtwo — Bug Bounty Toolkit
Personal AI-assisted bug bounty sidekick covering the full workflow — recon to report. Bridges a purple team mindset with BB methodology: thinks like an attacker to surface attack vectors, documents like a defender for clean professional reports. Powered by Claude AI for attack surface mapping, vuln triage, finding enrichment, and executive summaries.
Python Claude AI SQLite Jinja2 Recon CVSS
Security Tool · SAST
Mew — Static Code Analysis Bot
Automated security scanner that analyzes application source code to detect potential vulnerabilities. Parses and tracks sinks and sources across the codebase to identify patterns similar to previously reported CVEs. MySQL integration for historical vulnerability reference and correlation.
Java MySQL SAST Source Analysis
Browser Extension · XSS
DOM XSS Checker Extension
Browser extension that dynamically inspects web pages for unescaped or unencoded DOM-based XSS payloads. Triggers real-time alerts when malicious payloads are detected in the rendered DOM using smart traversal and pattern recognition techniques.
JavaScript DOM API XSS Detection
Just For Fun

Built Because
Why Not

Pokémon · VGC · Claude AI
PokeCodex — Competitive Pokédex & Team Builder
Competitive-grade Pokédex and VGC Team Builder for champion-level players. Browse all 9 generations with deep stat dives, type matchup breakdowns, and build tournament-ready teams with real-time analysis. Features speed tier charts, team weakness matrix, role warnings, and one-click Pokémon Showdown export.
React 19 TypeScript Vite PokeAPI Zustand Tailwind v4
Desktop App · Finance
Stock Trading System
Desktop-based stock trading application with integrated Oracle database. Designed full database schema and handled all backend logic for transaction processing. Led a 5-member team through the complete development lifecycle.
Java Swing Oracle DB
Embedded Systems · Green Tech
Electric Solar Vehicle — Automation
Automated an electric solar vehicle to enhance energy efficiency and reduce manual input. Led a 3-member team developing real-time control logic with integrated sensor modules and microcontroller programming.
Arduino Embedded C Sensors
Robotics · Intercollege
Human-Following Robot
Robot capable of following human movement using distance sensing and path tracking. Collaborated with a 6-member team and presented at an Intercollege Event showcasing practical robotic mobility solutions.
Arduino Embedded C Sensors
Technical Arsenal

Skills &
Tooling

Security Disciplines
Vulnerability Assessment DAST SAST Threat Modeling Secure Code Review Bug Bounty Triage Penetration Testing
DevSecOps
CI/CD Security Integration Pipeline Scanning Secure Coding Practices AppSec Training Developer Enablement
Programming Languages
Java JavaScript Python C C++ Embedded C
Burp Suite
OWASP ZAP
Wireshark
Postman
Metasploit
Nmap
Nessus
Let's Connect

Open to
New Challenges

Whether it's a security audit, collaboration, or just a conversation about AppSec — my inbox is always open.

$ echo "Let's build something secure"
Email
[email protected]
in
LinkedIn
mithun-sreeram-g