About
Security Engineer with around 2+ years of experience in Vulnerability Assessment and Penetration Testing (VAPT) across Web Applications, APIs, Mobile Applications, Network Security, and Static Application Security Testing (SAST). Skilled in using tools such as Burp Suite, Frida, JADX, Nessus, Nmap, and SAST solutions to identify and remediate security weaknesses. Possess strong knowledge of OWASP Top 10, API Security Top 10, and Secure SDLC practices. Experienced in preparing professional security reports, delivering client presentations, and providing remediation guidance to strengthen application and organizational security posture.
Skills & Expertise (33)
Work Experience
Security Engineer
HexaSecure
Present - Present
Conducted web application security testing based on OWASP Top 10 (2021). Identified vulnerabilities including SQL Injection, XSS, IDOR, and auth/session flaws. Performed manual testing using Burp Suite and OWASP ZAP. Tested authentication, RBAC, session management, and access controls. Delivered detailed vulnerability reports with PoC, impact, severity, and remediation.
API Security Testing Project
EndpointX
Present - Present
Performed REST API security testing based on OWASP API Security Top 10. Tested JWT authentication, RBAC, privilege escalation, and IDOR issues. Identified injection flaws, sensitive data exposure, and improper access controls. Validated HTTP methods and performed API parameter fuzzing. Used Burp Suite, Postman, and OWASP ZAP for testing and reporting with PoC and remediation.
Security Engineer
Web Crypt Technology
Jan 2024 - Present
Working at Web Crypt Technology as a Security Engineer since Jan 2024 to till.
Education
MCA Specialization: Cyber security & Ethical hacking - Pune University
- 2026 · Afghanistan
BSC (COMP SCI) - Pune University
- 2024 · Afghanistan
HSC - Pune Board
- 2021 · Afghanistan