QA Engineer β Manual Testing Β· AI Testing Β· Web & Mobile Β· Security
4.7 years finding the bugs others miss β across SaaS products, AI-powered applications, and government platforms serving 100M+ users. I care about quality at the source, not just at the gate.
π Pune, India Β |Β π§ mrunalsp09@gmail.com Β |Β π LinkedIn Β |Β π Portfolio
- Manual Testing β Functional, regression, smoke, sanity, exploratory, negative, integration, E2E, compatibility, cross-browser, mobile (Android & iOS), localization, UAT
- AI Application Testing β Prompt adherence, hallucination detection, output accuracy, consistency testing, adversarial prompts, prompt injection, fallback/degradation behavior, business logic impact
- Payment Testing β Stripe & PayPal integration, transaction flows, success/failure scenarios, refund/subscription validation, webhook verification
- Security Testing β OWASP Top 10, SQLi, XSS, IDOR, API security, authentication testing (NIC/DigiLocker)
- API Testing β REST API validation via Postman, request/response testing, authentication, integration contracts
| Company | Role | Period |
|---|---|---|
| Brainstorm Force | QA Engineer | Nov 2022 β Mar 2026 |
| NIC / DigiLocker (Govt. of India) | QA & Security Testing Engineer | Oct 2021 β Nov 2022 |
| Ninad Webtech | Web Developer & QA Intern | Feb 2021 β Jun 2021 |
Key numbers:
- 2000+ manual test cases designed across 10 SaaS & WordPress products
- 500+ test cases for SureForms alone β sole QA owner across 1.5 years
- 15+ critical vulnerabilities identified at NIC (protecting 100M+ DigiLocker users)
- Zero critical bugs in production β SureForms 2025 launch
- 95%+ production stability maintained across quarterly releases
- 25β30% reduction in defect escape rate through shift-left testing
Most QA engineers test around AI features. I test the AI itself.
At Brainstorm Force, I performed dedicated AI output validation on SureForms, Starter Templates, SureWriter, ZipWP, and SureTriggers:
- Prompt adherence β does the AI do what the user asked?
- Hallucination detection β did it generate fields, content, or outputs that weren't requested?
- Field mapping accuracy β caught payment form failures where AI misassigned pricing values, causing calculation errors despite correct formulas
- Consistency testing β same prompt, multiple runs β do results stay stable?
- Adversarial prompting β incomplete, ambiguous, conflicting prompts β how does the AI degrade?
- Prompt injection testing β verified unexpected, malicious, and edge-case prompts did not break workflows, expose data, or generate unsafe content on the Starter Templates AI site generation feature
- Multi-builder compatibility β validated AI-generated site output across Core WordPress, Elementor, Beaver Builder, and Brizy
- Fallback behavior β what happens when the AI can't fulfill the request?
| Project | Type | Test Cases | Defects | Focus |
|---|---|---|---|---|
| SureForms Plugin QA Suite | Manual + AI Testing | 500+ | WIP | AI form generation, E2E, smoke, sanity, negative, payment flows |
| AI Application QA Suite | Manual Β· Exploratory | 32 | 11 | Prompt/response validation, hallucination risk, session state, file upload |
| WooCommerce E-Commerce QA | Manual Β· RTM Β· Mobile | 35 | 12 | Cart, checkout, coupons, mobile UX, compatibility |
| Web App Security Testing | OWASP Β· Postman | β | β | SQLi, XSS, IDOR, broken auth, PoC documentation |
Artifacts across projects: Test plans Β· Test cases Β· Bug reports Β· RTMs Β· Exploratory charters Β· Test summary reports Β· Defect lifecycle tracking
| Category | Details |
|---|---|
| Manual Testing | Functional Β· Regression Β· Smoke Β· Sanity Β· Exploratory Β· Negative Β· Integration Β· E2E Β· UAT Β· Compatibility Β· Localization Β· BVA Β· EQP |
| Mobile & Web | Android Β· iOS Β· Real device testing Β· Cloud-based devices Β· Cross-browser (Chrome Β· Firefox Β· Safari Β· Edge) |
| AI & Emerging QA | Prompt validation Β· Hallucination detection Β· Consistency testing Β· Adversarial prompting Β· Prompt injection testing Β· Fallback testing Β· Business logic impact assessment |
| API & Payments | Postman Β· REST API Β· Stripe Β· PayPal Β· Webhook validation Β· Authentication testing |
| Security | OWASP Top 10 Β· Burp Suite Β· SQLi Β· XSS Β· IDOR Β· API security |
| Bug Tracking | Jira Β· OpenForge Β· Defect lifecycle Β· RCA Β· Severity/priority triage |
| Test Management | TestRail Β· Zephyr Scale Β· RTM Β· Test planning Β· QA sign-off |
| Agile & Process | Scrum Β· Sprint planning Β· Shift-left testing Β· Release readiness Β· SDLC/STLC |
| Tools | Browser DevTools Β· Git Β· GitHub Β· Figma Β· WordPress Β· Claude Β· GitHub Copilot Β· Playwright (exposure) |
- π Master of Computer Applications (MCA) β Pimpri Chinchwad College of Engineering, Pune (2020β2022)
- π B.Sc Computer Science β Moolji Jaitha College, Jalgaon (2017β2020)
- π ISTQB Foundation Level (CTFL) β In Progress
- π Ethical Hacking β Introduction Β· EC-Council / Coursera (2022)
- π UX Design Foundations Β· Google / Coursera (2023)
Thanks for stopping by. I find the bugs. The weird ones. The ones hiding in the edge cases.