Sagnik Haldar

$ whoami → Product Security Engineer & SaaS Security Specialist

Product Security Engineer specialized in SaaS and web application security, offensive testing, and OWASP Top 10 vulnerability assessment. Experienced in Secure SDLC, integrating SAST, SCA, and DAST tools into CI/CD with automated security workflows.

View Projects Download Resume Get In Touch

Available for opportunities

terminal

$ cat about.txt

Name: Sagnik Haldar

Role: Product Security Engineer

Location: India

Status: Available for hire

$ ls skills/

SaaS Security/ Penetration Testing/

DevSecOps/ Security Automation/

$ echo "Let's secure the digital world!"

Let's secure the digital world!

Technical Arsenal

SaaS Security

SaaS penetration testingAPI security testingAttack surface mappingOWASP Top 10

Security Testing Tools

CheckmarxSemgrepSonarQubeBurp SuiteOWASP ZAPJFrogSnyk

Offensive Security

Manual penetration testingWeb application security testingAPI security testingVulnerability assessmentAttack surface mappingSecurity automation

DevSecOps & CI/CD

JenkinsGitGuardianSAST integrationSCA integrationDAST integrationSecure SDLCShift Left security

Programming & Scripting

PythonBashGoSecurity automationCustom toolingExploit development

Certifications

EWPTX (INE)Certified AppSec PractitionerWeb Application Penetration Testing

Professional Journey

Product Security Engineer - I

HighRadius

January 2025 - July 2025

Led end-to-end penetration testing of SaaS applications and APIs, developed security automation scripts, and integrated security tools into CI/CD pipelines.

Led end-to-end penetration testing of SaaS applications and APIs, uncovering 10+ critical vulnerabilities leading to a 25% reduction in the overall attack surface
Developed robust security automation scripts in Python and Bash, enhancing SAST and SCA tools effectiveness, resulting in 60% boost in scan accuracy and 50% reduction in false positives
Integrated GitGuardian into CI/CD pipelines to detect hardcoded secrets, improving secret detection coverage across all repositories by 90%
Collaborated cross-functionally with product and DevOps teams to enforce security best practices in architecture design and code

Associate Product Security Engineer - I

HighRadius

July 2024 - December 2024

Performed targeted manual penetration testing on SaaS platforms, enforced secure coding standards, and optimized vulnerability scanning workflows.

Performed targeted manual penetration testing on SaaS platforms and APIs, uncovering critical misconfigurations aligned with OWASP Top 10
Enforced secure coding standards across 30+ web application modules, achieving 30% reduction in high and medium-risk vulnerabilities over six months
Optimized vulnerability scanning automation workflows, cutting manual intervention and reducing monthly operational costs by 25%
Integrated SAST and SCA tools seamlessly into SDLC, improving detection accuracy by 85% and reducing security debt

Product Security Intern

HighRadius

October 2023 - June 2024

Led vulnerability assessments, enhanced SAST accuracy, and built centralized secure coding knowledge base.

Led scheduled vulnerability assessments (weekly and monthly), identifying critical weaknesses across infrastructure and application layers
Enhanced Checkmarx SAST accuracy by 50% by writing custom queries, significantly reducing false positives in secure code scans
Built a centralized secure coding knowledge base with 100+ best practices adopted by 7+ engineering teams
Collaborated cross-functionally to triage security vulnerabilities, accelerating remediation by 40% and reducing repeat issues by 30%

Featured Projects

PyIntruder CLI

Python • CLI • Web Fuzzing • API Testing • Multi-threading • Security Testing • OWASP • Penetration Testing

Live

A powerful command-line web fuzzing tool developed in Python for automating web application and API security testing. Features high-speed request processing with multi-threading optimization, delivering 2x faster performance than traditional fuzzing tools. Includes comprehensive wordlist support, custom payload injection, and detailed vulnerability reporting.

Source Code

Let's Connect

Ready to collaborate on your next project? Let's discuss how we can build something amazing together.

GitHub