Hello, I'm

Kshitij Nigam

Strategic Security Leader

With over 14 years of experience (since 2012), I specialize in protecting global cloud ecosystems, architecting centralized Vulnerability Management Systems, and building high-throughput security automation. Currently focused on implementing AI security frameworks (Shannon, CAI, Strix) using local LLMs for autonomous vulnerability discovery.

Download CV Get in Touch
14+Years Experience
6Companies
1K+YouTube Subscribers

About Me

I am an Offensive Security Engineer and Technology Enthusiast based in Vienna, Austria. I've loved breaking things since I was 13 — hacking my RAM and reverse-engineering games to run on a low-end PC.

With over a decade of professional experience spanning software development, quality automation, and cybersecurity, I currently focus on leading offensive security initiatives, securing AI portfolios, and implementing AI-powered security frameworks using local LLMs.

Through the Nigamelastic YouTube channel and my Cybersecurity Hub, I share practical learnings, research, and technical walkthroughs to help others grow their cybersecurity skills.

Change is inevitable but being prepared for it is a choice!

ISO 27001 & SOC 2

Contributing to certifications for data centers, enterprise cloud, and on-premise products via comprehensive ISMS implementation

AI Security

Implementing AI frameworks (Shannon, CAI, Strix) with local LLMs

Vulnerability Management

Architecting global VMS using Snyk, Akto, DefectDojo & more

LLM Security Testing

Conducting LLM security testing using Garak, Pyrit & custom tools

Professional Experience

Lead Product Security Engineer

Tricentis GmbH | Vienna, Austria

February 2022 – Present

  • Contributing to ISO 27001 and SOC 2 Type 2 certifications for enterprise cloud products.
  • Architected global Vulnerability Management Systems (VMS) using DefectDojo, and later adopted Strobes Security integrated with Jira to secure multiple newly acquired product lines.
  • Orchestrated enterprise-wide secret detection and remediation via GitGuardian.
  • Integrated SCA/SAST (Snyk, Mend, Coverity) and DAST (Akto, Burp Suite) into release pipelines.
  • Implementing AI security frameworks (Shannon, CAI, Strix) with local LLMs for autonomous vulnerability discovery.
  • Conducting LLM security testing using Garak and Pyrit.
  • Enforced company-wide threat modelling using OWASP Threat Dragon and STRIDE.
  • Performing internal penetration tests on Tricentis Products.
  • Provide automated security tools and guidance to product teams and help them integrate in CI/CD pipelines.

Security Engineer

Hutchison Drei Austria GmbH | Vienna, Austria

March 2019 – February 2022

  • Contributed to ISMS creation and maintenance for ISO 27001 certification of the company.
  • Performed internal penetration tests on apps, websites, and networks of Hutchison Drei Austria and its subsidiaries.
  • Provided automated security tools and guidance to product teams for CI/CD integration.
  • Performed regular vulnerability scans for internal and external assets.
  • Monitored networks to identify security breaches and mitigate incidents using the Security Operation Center (SOC).

QA Automation Specialist

Shpock (finderly GmbH & Co.) | Vienna, Austria

October 2018 – February 2019

  • Created fully automated cross-platform environments using Selenium IO, Appium, and Puppeteer with NodeJS, with continuous integration using Jenkins.
  • Created and executed performance test plans using JMeter with Selenium plugin via Flood IO.
  • Created Proof of Concept for Cypress and Travis CI for front-end automation.

Software Development Engineer in Test

Tracelink India Pvt. Ltd. | Mumbai, India

July 2016 – October 2018

  • Created Automation Module using Scala over JAVA, TestNG, Web-Services, and Selenium, using Bitbucket as repository.
  • Automated Data Entry Process from physical PDFs using Pytesser (OCR).
  • Worked on effective testing of DynamoDB (AWS) and its interaction of APIs with Lift Framework.
  • Automated feeds processing on Habari servers and inter-conversion of maps into various formats.
  • Won Samurai Award for excellent performance in Automation Project (2017).

QA Engineering Senior Technical Associate

Avaya | Pune, India

February 2015 – June 2016

  • Drove improvements in unit testing coverage and developed test suites for enhancements.
  • Created cross-platform end-to-end automation framework for testing VOIP-based products.
  • Published "Automation Architecture for Testing Cloud Services" at Avaya Tech Symposium.
  • Won Club Stellar "Rising Star Award" for best performer (Q2 2015).

Validation Engineer

Sela Technology Pvt. Ltd. | Pune, India

November 2012 – February 2015

  • Created Test Specifications and Test Cases for Global Platform Messaging.
  • Created custom testing tools for updating non-regression tests using reverse XML parsing in JAVA.
  • Worked on Trusted Service Manager (R&D) — mobile payment & NFC services application lifecycle management.
  • Won Young Talent Award for best employee in testing team (2013).

Technical Arsenal

Security & Compliance

Vulnerability Management Penetration Testing ISO 27001 & SOC 2 Threat Modelling SIEM ISMS Risk Frameworks OSINT

AI & Agentic Systems

Agentic Pentesting Platforms Garak & Pyrit Local LLMs (Qwen 3 Quantized) Cursor & Claude Code LangChain RAG LitLLM OpenCode Promptfoo Antigravity Shannon CAI Strix

DevSecOps & AppSec

SAST/SCA (Coverity, Mend, Snyk, Veracode) DAST (Akto, Burp Suite) Chainguard GitGuardian

Offensive Tools

Burpsuite Pro/Enterprise OWASP ZAP OpenVAS & Nessus Rapid7 Nuclei NMAP Masscan FFUF Gobuster Nikto SQLMap Ghidra Radare2 GDB Frida MobSF Shodan Amass Maltego Aircrack-ng Hashcat JohnTheRipper Hydra NetCat JADX Apktool Genymotion

Cloud & Infrastructure

AWS, Azure, Google Cloud Kubernetes Cloudflare Darktrace Azure Foundry Aquasec Active Directory Elasticsearch Kibana Logstash

Automation & Dev

Python & JavaScript Node.js CI/CD (Azure DevOps) Selenium & Puppeteer JAVA .NET Cypress Appium Taiko JMeter Tosca / TTA Postman SOAP UI Unix Shell Scripting PowerShell OAuth 2.0

Vuln & Threat Management

PlexTrac DefectDojo Qualys Cloud Scanner OWASP Threat Dragon

Community & Open Source

DEF CON Group Vienna

Founder of DEF CON Group Vienna, building a local community of hackers, security researchers, and technology enthusiasts.

CTF Player

Active CTF (Capture The Flag) player solving cybersecurity challenges. Member of the twc1rcle CTF team. Read my CTF Writeups on GitHub.

YouTube Educator

Creator of the Nigamelastic YouTube channel (1K+ subscribers) sharing deep-dives on cybersecurity topics, tool walkthroughs, and AI hacking.

Cybersecurity Hub

Curate a comprehensive Cybersecurity Hub featuring deep-dive articles on AI, Web, Mobile Hacking, and Threat Modeling, alongside real-time industry news and actionable resources for security professionals.

Open Source & Bug Bounties

Author of XSSATTackerPuppeteer, an automated tool for high-efficiency XSS assessment. Active contributor to multiple open-source projects.

Let's Connect

I am always open to discussing new opportunities, challenges, and collaborations.