8+ years breaking into systems so attackers can't. Specialising in penetration testing, application security, and red team operations for enterprise environments.
Comprehensive offensive security services tailored to identify and address vulnerabilities before adversaries exploit them.
Deep-dive assessments of web applications and APIs to uncover injection flaws, authentication bypasses, business logic vulnerabilities, and more — aligned with OWASP standards.
Internal and external network penetration testing to identify misconfigurations, privilege escalation paths, and exposed services across your infrastructure.
Security assessments of iOS and Android applications including static and dynamic analysis, API communication review, and data storage inspection.
Configuration reviews and penetration testing across AWS, Azure, and GCP environments to identify IAM misconfigurations, exposed storage, and privilege escalation vectors.
Simulated adversary operations to test your detection and response capabilities end-to-end, with collaborative purple team exercises to close gaps in real-time.
Static and dynamic code analysis using tools like Snyk, Checkmarx, and SonarQube — triaging findings and guiding developers toward secure fixes at the source.
I'm Jay Patel — an offensive security specialist with over 8 years of experience and 200+ penetration tests completed. I perform penetration tests, triage vulnerabilities, contribute to Attack Surface Management, and participate in red and purple team exercises.
My career spans enterprise consulting, government agencies, and the private bug bounty ecosystem. I've worked with Australian blue-chip companies and federal/state government, and I continue to sharpen my skills through platforms like Cobalt, Synack, and HackerOne.
I hold a Master's in Applied Information Technology from Victoria University with a specialisation in Information Security. I'm driven by a passion for understanding how systems break and helping organisations build resilience against real-world threats.
A track record of delivering offensive security services across enterprise, government, and startup environments.
Leading penetration tests across web apps, APIs, and infrastructure. Participating in red/purple team exercises, triaging bug bounty and scanner findings, and supporting P1/P2 incident response through tech bridges. Conducting code analysis with Snyk and Checkmarx and coordinating remediation efforts.
Performed penetration testing for Australian blue-chip companies and federal/state government agencies. Developed security test plans and consulted with developers on remediation strategies while managing concurrent assessments.
Conducted penetration testing for government agencies and enterprise clients. Collaborated with developers and product owners to integrate security into the development lifecycle and reviewed technical designs for security considerations.
Performed threat and vulnerability assessments on web applications and infrastructure. Managed the bug bounty program, maintained WAF configurations, and monitored security events.
The technologies and frameworks I use to identify, exploit, and help remediate security vulnerabilities.
Active contributions to the security community through bug bounty platforms, research, and published work.
100+ engagements on Cobalt's PtaaS platform spanning cloud, APIs, mobile, internal/external networks, and PCI-scoped systems. Lead full assessment cycles with client-facing communication.
Advanced vulnerability research and exploitation in Synack's curated Red Team environment, delivering real-world exploitation intelligence to top-tier enterprise clients.
Part of HackerOne's pentest team performing security assessments for private programs across major global organisations. All work conducted off-hours with personal tooling.
Have a security assessment need or want to discuss an engagement? Reach out through any of the channels below.