Behroz Alam

•Performed security reviews and code audits for external clients, including a finding that prevented the loss of a client's entire $7.3M TVL. •Reviewed and validated thousands of web application, smart contract, and blockchain vulnerability reports, assessing severity and exploitability against each client's threat model. •Led triage for audit competitions (Lido, Folks Finance, Plume Network, Shardeum), defining review standards, calibrating severity ratings, and managing high-volume submission workflows. •Provided security guidance and remediation recommendations to engineering teams, translating complex vulnerability findings into actionable fixes and bridging the gap between researchers and developers. •Mediated thousands of disputes between bounty programs and researchers; produced technical assessments both sides relied on to reach resolution. •Conducted internal penetration testing and architecture review of Immunefi's platform alongside the engineering team.

•Performed security assessments of enterprise web applications and APIs through controlled, time-boxed engagements on Synack's managed platform. •Reported 85 valid vulnerabilities ranging from Medium to Critical severity, including injection, authentication bypass, and access control flaws. •Combined source code review and black-box testing approaches depending on engagement scope and target stack. •Delivered vulnerability reports with remediation recommendations used by client engineering teams to prioritise and resolve findings.

•Reported 200+ valid vulnerabilities across HackerOne, Bugcrowd, and Immunefi, spanning Broken Access Control, Business Logic, XSS, RCE, SSRF, SSTI, and server misconfiguration classes. •Reported bugs to Meta, Google, Microsoft, PayPal, Yahoo and multiple other organisations. •Produced detailed proof-of-concept reports for each finding and coordinated with program teams to validate remediation.