Anshuman Ambale Nagendra

Cybersecurity Engineer | Penetration Tester | AI Security Engineer

Cybersecurity professional with an MS in Cybersecurity from Northeastern University. Specialized in red team operations, AI/LLM security, penetration testing, and cloud security with proven expertise in identifying vulnerabilities, crafting custom exploits, and implementing robust defense mechanisms.

📧 ambalenagendra.a@northeastern.edu 📍 Boston, MA
LinkedIn Profile GitHub

About Me

Cybersecurity professional specializing in the intersection of Offensive Security, Cloud Engineering, and AI Safety. With a Master's in Cybersecurity from Northeastern University (3.91 GPA), I bridge the gap between finding vulnerabilities and engineering robust defenses.

My experience includes leading red team operations and securing LLM infrastructure at Doble Engineering, where I uncovered critical gaps in RAG pipelines, introduced the MITRE Atlas framework for GenAI defense standards, and automated patch remediation to slash cycle times by 80%. Previously, I spent two years at TCS engineering secure GCP environments via Terraform and implementing regulatory compliance for financial sectors.

I am passionate about building automated security tools in Python and securing next-gen AI architectures against prompt injection and adversarial attacks. My toolkit spans Metasploit, Burp Suite, and custom payload development for bypassing WAFs, alongside experience with SIEM integration, vulnerability management, and Zero Trust architecture.

Professional Experience

Doble Engineering Company
Cybersecurity Co-op
January 2025 - August 2025
  • Engineered custom payloads to bypass WAFs, exposing 30+ vulnerabilities and 20 critical logic flaws missed by scanners across 15 web applications. Led red team operations using Burp Suite and Metasploit to validate defenses and guide development teams.
  • Introduced MITRE Atlas framework to establish the firm's first GenAI defense standards and uncover 5 critical vulnerabilities. Crafted custom jailbreak payloads and prompt injection attacks against enterprise RAG pipelines to demonstrate data leakage risks.
  • Accelerated patch remediation from 5 days to 1 by architecting a Python platform using Firecrawl API, Pandas, and Flask with checkpoint recovery. Integrated LangChain-based summarization with CVSS scoring into SIEM dashboards, reducing manual triage by 60%.
  • Secured critical Industrial Control Systems (ICS) by driving rigorous patch analysis on 2,200+ endpoints, ensuring NERC CIP compliance.
  • Partnered with Data Center teams to integrate Zero Trust principles around AI infrastructure and scripted hardening mechanisms for meta prompts.
Tata Consultancy Services
Assistant System Engineer & Google Cloud Engineer
August 2021 - June 2023
  • Engineered secure GCP infrastructure for Equifax's FICO project via Terraform, boosting efficiency by 15% and cutting cloud spend by 10%. Enforced VPC Service Controls and optimized IAM roles to ensure least-privilege access.
  • Secured the Anti Money Laundering program by enforcing strict RBAC and network policies across GCP Kubernetes cluster. Engineered Python detection modules to identify financial crimes, adjudicating 45 fraud cases daily.
  • Improved fraud detection by building SQL behavioral models to classify malicious entities across nationwide financial transaction data.
SimpleSec
Cybersecurity Intern
July 2020 - August 2020
  • Hardened enterprise defenses by configuring Active Directory baselines and auditing firewall rules.
  • Supported threat detection by analyzing network logs in Wireshark and Splunk, executing vulnerability scans with Nmap, SonarQube, and Burp Suite to identify critical misconfigurations.

Technical Skills

Languages & Scripting

Python Go C/C++ Bash PowerShell SQL Java JavaScript PHP

Offensive Security & Red Teaming

Metasploit Burp Suite Pro Cobalt Strike Nmap SQLmap Nuclei BloodHound Mimikatz Impacket Hashcat Hydra ZAP WAF Bypass

AI & LLM Security

Prompt Injection Jailbreaking RAG Exploitation MITRE Atlas OWASP LLM Top 10 NIST AI RMF AI Red Teaming LangChain Vector Databases Guardrails

Cloud & DevSecOps

AWS GCP Azure Terraform Docker Kubernetes GitLab CI/CD GitHub Actions IAM VPC Security

Application Security

SAST DAST SCA SonarQube Snyk Semgrep OWASP Top 10 MITRE ATT&CK Trivy

Security Operations & DFIR

Splunk Elastic SIEM Microsoft Sentinel CrowdStrike EDR/XDR Threat Hunting Autopsy Volatility Wireshark Sigma Rules

Vulnerability Management

Tenable/Nessus Qualys Rapid7 OpenVAS Patch Management CVSS Scoring CVE Analysis

Network & Infrastructure

Firewalls Palo Alto IDS/IPS Zero Trust Active Directory Kerberos PKI VPN OS Hardening

Compliance & Frameworks

NIST CSF ISO 27001 SOC 2 PCI-DSS NERC CIP HIPAA GDPR CIS Benchmarks

Projects & Research

Enterprise SIEM Security Assessment

Northeastern University | September 2025 - December 2025

Conducted security assessment of Priam AI's multi-agent SIEM, identifying 10 vulnerabilities (4 Critical, CVSS 9.1) including BOLA and SSRF. Exfiltrated vectorstore rules and exposed Azure infrastructure by bypassing rate limits. Blinded detection to Mimikatz and Cobalt Strike by engineering 5 prompt injection vectors to extract prompts and poison Sigma rules.

Adversarial AI Defense System

Independent Research | May 2025 - August 2025

Engineered a production-grade adversarial defense framework using FastAPI to neutralize OWASP Top 10 threats, implementing real-time input sanitization, jailbreak detection, and statistical anomaly analysis to secure model inference against evasion attacks.

EDITH - VAPT Framework

Sai Vidya Institute of Technology | January 2021 - May 2021

Developed a comprehensive Python-based VAPT framework that automates penetration testing, reducing weekly security assessment routines from 10 hours to 4 hours (60% reduction) by integrating multithreaded scanning modules and kernel-level modules for enhanced risk coverage.

Secure Group File Sharing Cryptosystem

Northeastern University | January 2024 - February 2024

Developed a bash program implementing secure file sharing using OpenSSL, ECC, and ECDH. Incorporated Digital Envelope, Digital Signature, and Hashing algorithms for confidential and authenticated message transfer.

Linux Administration Automation

Northeastern University | November 2023 - December 2023

Developed a Python script to automate Linux security administration, producing security-relevant system insights, streamlined user management, efficient file handling, robust security updates, and resource monitoring.

Education

Master of Science in Cybersecurity
Northeastern University

Khoury College of Computer Sciences
GPA: 3.91 | Graduated: December 2025

Coursework: Decision Making for Critical Infrastructures, Cyberspace Technology and Applications, Foundations of Information Assurance, Information System Forensics, Network Security Practices, Software Security Practices, Software Vulnerabilities and Security
Bachelor of Engineering
Sai Vidya Institute of Technology

Computer Science and Engineering
CGPA: 8.23 | Graduated: July 2021

Coursework: Computer Networks, Python, C, C++, Cryptography, Cyber Law, Information Theory & Automata Theory, Data Structures

Certifications & Accomplishments

Professional Certifications

CompTIA Security+ Google Associate Cloud Engineer MTA: Programming Using Python

Awards & Publications

  • 🏆 Best Outgoing Student of CSE Department 2021
  • 🏆 Best Outgoing Student of 2021 (College-wide)
  • 📚 Published research paper in IJARIIT on "Menu-Based Penetration Testing and Vulnerability Assessment" detailing how the EDITH framework automates security assessments through multithreaded scanning and custom kernel-level modules