QA Engineer — Manual Testing · AI Testing · Web & Mobile · Security
4.7 years finding the bugs others miss — across SaaS products, AI-powered applications, and government platforms serving 100M+ users. I care about quality at the source, not just at the gate.
📍 Pune, India | 📧 mrunalsp09@gmail.com | 🔗 LinkedIn | 🌐 Portfolio
- Manual Testing — Functional, regression, smoke, sanity, exploratory, negative, integration, E2E, compatibility, cross-browser, mobile (Android & iOS), localization, UAT
- AI Application Testing — Prompt adherence, hallucination detection, output accuracy, consistency testing, adversarial prompts, prompt injection, fallback/degradation behavior, business logic impact
- Payment Testing — Stripe & PayPal integration, transaction flows, success/failure scenarios, refund/subscription validation, webhook verification
- Security Testing — OWASP Top 10, SQLi, XSS, IDOR, API security, authentication testing (NIC/DigiLocker)
- API Testing — REST API validation via Postman, request/response testing, authentication, integration contracts
| Company | Role | Period |
|---|---|---|
| Brainstorm Force | QA Engineer | Nov 2022 – Mar 2026 |
| NIC / DigiLocker (Govt. of India) | QA & Security Testing Engineer | Oct 2021 – Nov 2022 |
| Ninad Webtech | Web Developer & QA Intern | Feb 2021 – Jun 2021 |
Key numbers:
- 2000+ manual test cases designed across 10 SaaS & WordPress products
- 500+ test cases for SureForms alone — sole QA owner across 1.5 years
- 15+ critical vulnerabilities identified at NIC (protecting 100M+ DigiLocker users)
- Zero critical bugs in production — SureForms 2025 launch
- 95%+ production stability maintained across quarterly releases
- 25–30% reduction in defect escape rate through shift-left testing
Most QA engineers test around AI features. I test the AI itself.
At Brainstorm Force, I performed dedicated AI output validation on SureForms, Starter Templates, SureWriter, ZipWP, and SureTriggers:
- Prompt adherence — does the AI do what the user asked?
- Hallucination detection — did it generate fields, content, or outputs that weren't requested?
- Field mapping accuracy — caught payment form failures where AI misassigned pricing values, causing calculation errors despite correct formulas
- Consistency testing — same prompt, multiple runs — do results stay stable?
- Adversarial prompting — incomplete, ambiguous, conflicting prompts — how does the AI degrade?
- Prompt injection testing — verified unexpected, malicious, and edge-case prompts did not break workflows, expose data, or generate unsafe content on the Starter Templates AI site generation feature
- Multi-builder compatibility — validated AI-generated site output across Core WordPress, Elementor, Beaver Builder, and Brizy
- Fallback behavior — what happens when the AI can't fulfill the request?
| Project | Type | Test Cases | Defects | Focus |
|---|---|---|---|---|
| SureForms Plugin QA Suite | Manual + AI Testing | 500+ | WIP | AI form generation, E2E, smoke, sanity, negative, payment flows |
| AI Application QA Suite | Manual · Exploratory | 32 | 11 | Prompt/response validation, hallucination risk, session state, file upload |
| WooCommerce E-Commerce QA | Manual · RTM · Mobile | 35 | 12 | Cart, checkout, coupons, mobile UX, compatibility |
| Web App Security Testing | OWASP · Postman | — | — | SQLi, XSS, IDOR, broken auth, PoC documentation |
Artifacts across projects: Test plans · Test cases · Bug reports · RTMs · Exploratory charters · Test summary reports · Defect lifecycle tracking
| Category | Details |
|---|---|
| Manual Testing | Functional · Regression · Smoke · Sanity · Exploratory · Negative · Integration · E2E · UAT · Compatibility · Localization · BVA · EQP |
| Mobile & Web | Android · iOS · Real device testing · Cloud-based devices · Cross-browser (Chrome · Firefox · Safari · Edge) |
| AI & Emerging QA | Prompt validation · Hallucination detection · Consistency testing · Adversarial prompting · Prompt injection testing · Fallback testing · Business logic impact assessment |
| API & Payments | Postman · REST API · Stripe · PayPal · Webhook validation · Authentication testing |
| Security | OWASP Top 10 · Burp Suite · SQLi · XSS · IDOR · API security |
| Bug Tracking | Jira · OpenForge · Defect lifecycle · RCA · Severity/priority triage |
| Test Management | TestRail · Zephyr Scale · RTM · Test planning · QA sign-off |
| Agile & Process | Scrum · Sprint planning · Shift-left testing · Release readiness · SDLC/STLC |
| Tools | Browser DevTools · Git · GitHub · Figma · WordPress · Claude · GitHub Copilot · Playwright (exposure) |
- 🎓 Master of Computer Applications (MCA) — Pimpri Chinchwad College of Engineering, Pune (2020–2022)
- 🎓 B.Sc Computer Science — Moolji Jaitha College, Jalgaon (2017–2020)
- 📜 ISTQB Foundation Level (CTFL) — In Progress
- 📜 Ethical Hacking — Introduction · EC-Council / Coursera (2022)
- 📜 UX Design Foundations · Google / Coursera (2023)
Thanks for stopping by. I find the bugs. The weird ones. The ones hiding in the edge cases.
