Vinit
Mepani

Security Engineer · Full-Stack Developer

I find cloud attack paths before attackers do — and build the production systems they target. Creator of an AWS IAM privilege-escalation analyzer that maps multi-hop attack chains to MITRE ATT&CK. MS in Computer Science, Rutgers University.

See the IAM Attack Graph Analyzer Resume
Open to Security & SWE Roles MS CS · Rutgers '26 Google Cybersecurity Certified 5 Production Apps Shipped 50K+ Users Served
Vinit Mepani

About Me

Hello, I'm Vinit

I'm a security engineer who came up through full-stack development — which means I attack systems the way I build them: end to end. My core work is offensive cloud security tooling, including an AWS IAM privilege-escalation engine that models policies as a state-transition graph and classifies multi-hop attack paths against MITRE ATT&CK.

That tooling instinct is backed by 3+ years shipping production software: a Moodle LMS processing 12,000+ grade records monthly at Rutgers, a housing platform for the Rutgers community, and mobile apps serving 30,000+ monthly users. I know where vulnerabilities hide because I've written the kind of code that hides them.

0+
Years Experience
0+
Users Served
0
Production Apps Shipped
Name
Vinit Mepani
Location
New Brunswick, NJ, USA
Education
MS CS, Rutgers — May 2026
Phone
+1 732 964 5662
Email
vinitmepani2712@gmail.com
Focus
Cloud Security · IAM · Full-Stack
Download Resume Let's Talk

Skills

Crafted
Expertise

Security tooling first, full-stack depth behind it. Every skill below is backed by shipped project work or a verifiable certification — not just familiarity.

Security 6 areas
AWS IAM & Policy Analysis MITRE ATT&CK Mapping Privilege-Escalation Detection Threat Modeling Network Security Security Automation (Python)
Languages 5 technologies
Python JavaScript Java PHP Dart
Frontend & Mobile 5 technologies
Flutter React HTML5 CSS3 Figma
Backend & APIs 5 technologies
Node.js Flask Firebase PHP / Moodle Express
Databases & Cloud 5 technologies
MySQL PostgreSQL AWS GCP Firestore
Tools & DevOps 5 tools
Git GitHub Linux VS Code

Experience

Working
History

June 2025 — Present

Web Application Developer

School of Social Work, Rutgers University

  • Engineered custom Moodle plugins in PHP/MySQL/JavaScript processing 12,000+ grade records monthly for 2,000+ users — accelerated report generation from 45s to 9s.
  • Built an automated multi-day attendance system with email notifications and silent unenrollment logic, eliminating 85% of manual tracking.
  • Tuned 15+ database queries and refactored UI components, cutting page load times 20% and server CPU usage 40%.

Sep 2025 — Dec 2025

Teaching Assistant — CS512: Data Structures & Algorithms

Rutgers University, Department of Computer Science

  • Evaluated algorithmic correctness and time/space complexity for 120+ graduate students across 12 weekly problem sets and 3 exams, maintaining a 48-hour grading turnaround.
  • Held weekly office hours covering BFS/DFS, dynamic programming, and graph theory — the same algorithms that power my IAM attack-path engine.

May 2025 — Aug 2025

Software Engineering Intern

Rutgers University, Dept. of Computer Science (Prof. James Abello)

  • Designed a RESTful API with Flask, PostgreSQL, and AWS EC2 serving 200+ students; built a Python pipeline (pandas, PyArrow) auto-generating 150+ Jupyter notebooks from workflow diagrams — saving 40 hours per semester.
  • Refactored C++ and Express.js backend modules with unit tests and error handling, cutting API errors 18%.

Jan 2024 — Aug 2024

Mobile Application Developer

OceanmTech

  • Architected 15+ reusable Flutter components (Dart, MVVM) for iOS/Android apps serving 30,000+ monthly users, accelerating feature delivery 40%; deployed JWT authentication with secure token refresh.
  • Established a CI/CD pipeline with GitHub Actions (unit, widget, and integration tests) — cut QA time from 3 days to 8 hours and reduced production crashes 22%.

Mar 2023 — Dec 2023

Mobile Application Developer

Fibtion

  • Migrated a 10,000+ line codebase from Provider to BLoC state management, improving maintainability and cutting bugs 25%; integrated REST APIs with error handling across 10+ screens.
  • Optimized Flutter widget performance, increasing average user session time 20%; delivered zero critical defects across the final 2 production releases.

Projects

Selected Work

Security tooling, full-stack platforms, and production mobile applications — each project is a proof point, not a tutorial clone.

GitHub

Featured Project

IAM Attack Graph Analyzer — privilege escalation attack graph visualization IAM Attack Graph Analyzer — attack graph view
Security Engineering April 2026 · Rutgers

IAM Attack
Graph Analyzer

The challenge: multi-hop AWS IAM privilege escalation — chains like AssumeRole → PassRole → admin — is invisible to static linters and manual policy review. My solution: model policies as a formal state-transition system and run dominance-pruned BFS to surface every reachable attack path.

Key Results

Analyzes 500+ IAM policies in <2 seconds and detects 15+ escalation path types — role-assumption chains, permission pivots, cross-account trust abuse — mapped to MITRE ATT&CK TA0004

Surfaced 89 critical findings across test environments, each with a CVSS-style priority score and a ranked remediation roadmap in generated PDF reports

Interactive Flask dashboard — NetworkX attack graph with escalation edges highlighted, built for security teams to triage, not just visualize

Python Flask AWS IAM NetworkX MITRE ATT&CK
Live Demo Source available on request

More Projects

UniNest housing platform — main landing page
Full-Stack · Firebase Auth Sep 2025

UniNest — Housing Platform

Housing and roommate-matching platform connecting 500+ Rutgers students. Student-only identity verification via Firebase Auth, real-time listings and messaging, and a compatibility matching algorithm — 2.1s load time, 92/100 Lighthouse performance.

ReactFirebaseFirestoreFirebase Auth
Live Demo
Auction Master
Full-Stack · AWS RDS April 2025

Auction Master

Production-grade auction platform built on Node.js + MySQL with ACID-compliant concurrent bid transactions on AWS RDS. Firebase handles auth and image storage. Full seller dashboard, admin panel, and change-request workflow included.

Node.jsMySQLAWS RDSFirebase
Private Repo
Jarvis voice assistant
AI · Local LLM · Python July 2025

Jarvis — Voice Assistant

Fully offline voice assistant with custom wake-word detection (Picovoice Porcupine) and a local GPT4All LLM for NLP — no API quota, no cloud dependency, no data leaving the machine. Automates 20+ OS tasks via Win32 APIs at sub-500ms response.

PythonPicovoiceGPT4AllWin32 API
View Code
Khushi Creation e-commerce app
E-Commerce · Client Project Dec 2024

Khushi Creation

Paid client Flutter app delivering a complete e-commerce flow: onboarding, product catalogue with categories, cart with real-time Firebase sync, wishlist, and secure user profile. Optimized for smooth 60fps rendering on mid-range Android devices.

FlutterDartFirebaseFirestore
Private Repo
Food Delivery App
Food Tech · Client Project April 2024

Food Delivery App

Paid client Flutter app with a complete food ordering flow: onboarding, restaurant and menu browsing, cart with live price calculation, wallet top-up, and an integrated admin portal for menu management and order tracking — all on Firebase.

FlutterDartFirebaseAdmin Portal
Private Repo

Certifications

Achievement Highlights

Google Cybersecurity Professional Certificate, plus verified credentials in AI and UX from Google and Microsoft — every one independently verifiable.

Google Cybersecurity Professional Certificate Verify on Credly ↗

Google Cybersecurity Certificate

Google July 2024
Automate Cybersecurity Tasks with Python certificate Verify ↗

Automate Cybersecurity Tasks with Python

Google July 2024
Sound the Alarm: Detection and Response certificate Verify ↗

Sound the Alarm: Detection & Response

Google June 2024
Assets, Threats and Vulnerabilities certificate Verify ↗

Assets, Threats & Vulnerabilities

Google May 2024
Connect and Protect Networks certificate Verify ↗

Networks & Network Security

Google April 2024
Play It Safe: Manage Security Risks certificate Verify ↗

Play It Safe: Manage Security Risks

Google April 2024
Tools of the Trade: Linux and SQL certificate Verify ↗

Tools of the Trade: Linux & SQL

Google May 2024
Foundations of Cybersecurity certificate Verify ↗

Foundations of Cybersecurity

Google March 2024
Put It to Work: Prepare for Cybersecurity Jobs certificate Verify ↗

Prepare for Cybersecurity Jobs

Google July 2024
Google AI Essentials certificate

Google AI Essentials

Google 2024
Azure AI Fundamentals certificate

Azure AI Fundamentals

Microsoft June 2024
Microsoft AI Skills Challenge certificate

Microsoft AI Skills Challenge

Microsoft Jan 2024
Google UX Design Professional Certificate Verify ↗

Google UX Design

Google Dec 2024
Design a User Experience for Social Good certificate Verify ↗

UX Design for Social Good

Google Dec 2024
Build Dynamic User Interfaces for Websites certificate Verify ↗

Build Dynamic UIs for Websites

Google Dec 2024
Create High-Fidelity Designs in Figma certificate Verify ↗

High-Fidelity Designs in Figma

Google Dec 2024
Conduct UX Research certificate Verify ↗

UX Research & Testing

Google Nov 2024
Build Wireframes and Low-Fidelity Prototypes certificate Verify ↗

Wireframes & Low-Fidelity Prototypes

Google Oct 2024
Start the UX Design Process certificate Verify ↗

Start the UX Design Process

Google Aug 2024
Foundations of User Experience Design certificate Verify ↗

Foundations of UX Design

Google Aug 2024

Currently Building

What I'm Working On

Active work, ongoing research, and open opportunities.

Active

IAM Analyzer v2

Extending the escalation engine with passive CloudTrail correlation — detecting privilege escalation events in live AWS environments, not just static policy exports. Adding cross-account trust boundary analysis.

Python AWS CloudTrail MITRE ATT&CK
Research

Cloud Security Patterns

Graduate-level research into AWS attack surface mapping — how trust boundaries expand across GovCloud and commercial accounts through cross-account role chaining, resource-based policies, and service control policies.

AWS Security IAM SCPs
Open to Roles

Security & Full-Stack Roles

Actively interviewing for Security Engineer and Full-Stack Engineer positions. Available for on-site, hybrid, or remote roles in the US. Response guaranteed within 24 hours.

Get in Touch

Contact

Let's Build

Actively seeking Security Engineer and Full-Stack Engineer roles — on-site, hybrid, or remote in the US. Recruiters and hiring managers: I reply within 24 hours, resume and references ready.

Location

New Brunswick, NJ, USA

Email Me Directly

Find me on