JSHawk
Context-aware JavaScript security scanner — hunts exposed credentials, API keys, endpoints, and sensitive data in JS files. Widely used for offensive assessments and bug bounty.
Security Operator III · Interactive Brokers · Remote
6+ years breaking systems · 3 CVEs · 200+ organizations secured.
01 / About
I've always been fascinated by the intricate dance between technology and security. My journey began with curiosity about how systems work — that curiosity became a passion for uncovering hidden vulnerabilities within complex environments.
As Security Operator III at Interactive Brokers, I lead red team engagements, build AI/LLM-powered security tooling, and deliver internal training. My background with Rajasthan Police Cyber Cell grounds me in both technology and human behavior. Off-screen: Royal Enfields through Himalayan passes, ridgelines at dawn, snowboards in Gulmarg.
02 / Credentials
Click any badge to view the credential.
CVE Disclosures
03 / Experience
Interactive Brokers · Remote
Penetration Tester → Sr. Penetration Tester (Jan 2025) → Security Operator III (Jan 2026)
HackerOne & Bugcrowd · Freelance
Rajasthan Police · Rajsamand, India
Cyber Octet Pvt. Ltd. · Ahmedabad
APISec University · Remote
Promoting API security awareness through events, workshops, and educational content.
Security BSides Ahmedabad
Conference logistics, speaker coordination, and attendee experience.
04 / Capabilities
Arsenal
05 / Projects
Context-aware JavaScript security scanner — hunts exposed credentials, API keys, endpoints, and sensitive data in JS files. Widely used for offensive assessments and bug bounty.
LLM-driven tool auto-generating pentest reports, risk matrices, and executive summaries. Cut reporting overhead by ~60%.
Aggregates CVE data, MITRE ATT&CK TTPs, and dark web signals into prioritized actionable intelligence for proactive attack surface management.
YAML-based detection templates contributed to ProjectDiscovery's Nuclei scanner, used by thousands of security researchers globally.
06 / Recognition
50+ recognized disclosures across Bugcrowd, HackerOne, and direct security programs.
07 / Content
Security education in Hindi & English — red team techniques, CVE breakdowns, community discussions. 5.27k+ subscribers · 51k+ views · 60+ episodes.

The Shocking Truth About India's Cybersecurity Crisis

The Truth About India's Ethical Hacking Culture

How to Get a Job in Cyber Security (Without a Degree)

How Hackers Are Taking Over Your Car
Latest from Medium — vulnerability breakdowns, bug bounty methodology, security research.
08 / Testimonials
"Deep investigations, clear steps to reproduce, intelligent responses to questions/criticisms, patient and kind attitude. Excellent."
"Mahendra is an absolute rockstar when it comes to hacking. Whether it's red teaming, web app testing, mobile app, or anything in between. He's sharp, creative, and always ready to tackle tough problems."
"Mahendra proved he is a real external asset to us by finding a few vulnerabilities in our system. He sent examples and a detailed, thoughtful, descriptions. All that I'm looking for in a white hat hacker."
"You reported some issues regarding our website that are vulnerabilities. You reported this in a responsible manner. Your findings and knowledge are a great help to us. I'm happy to refer you to anyone interested in your professional manner."
"Well written report"
Testimonials anonymized per client confidentiality. Full references available on request.
Beyond the Terminal
Security by profession. Mountains by obsession.
09 / Contact
Reach out for red team engagements, AI security consulting, bug bounty collaboration, content partnerships, or speaking opportunities.
Rajsamand, Rajasthan, India · Valid B1/B2 US Visa available for onsite engagements.
mahendrapurbia19@gmail.com