About
Cybersecurity professional with dual postgraduate degrees — M.S. in Cybersecurity (UNC Charlotte) and M.Tech in AI (University of Hyderabad) — and hands-on experience spanning SOC operations, threat intelligence, penetration testing, and cloud security. Former AI Security Researcher at IDRBT (RBI-established institute) with deep BFSI threat landscape expertise. Operates across both blue and red team disciplines; proficient in SIEM/SOAR-based detection engineering, MITRE ATT&CK-mapped threat analysis, malware analysis, and API security testing. Actively seeking full-time roles in Hyderabad.
Skills & Expertise (50)
Work Experience
Independent Researcher — BFSI Threat Intelligence
Self-Employed
Nov 2025 - Feb 2026
Researched APT campaigns targeting Indian BFSI institutions; tracked threat actor tooling, infrastructure patterns, and attack timelines via OSINT. Performed structured IOC enrichment using VirusTotal, Shodan, and OTX AlienVault — pivoting on hashes, IPs, and domains to build attribution profiles. Mapped TTPs to MITRE ATT&CK and authored strategic/operational threat intelligence reports covering zero-day exposure and supply chain risks in the Indian financial sector. Studied ThreatConnect and MISP as TIP platforms for IOC lifecycle management and collaborative threat sharing.
Threat Intelligence Analyst — Security Analyst (Contract)
Innovative Intelligent Solutions, LLC
Nov 2024 - Sep 2025
Monitored global threat landscape for banking sector risks using Recorded Future and ThreatConnect for intelligence ingestion and analysis. Conducted deep-dive APT analysis on financial institution targeting; mapped TTPs to MITRE ATT&CK to drive proactive defense improvements. Automated IOC enrichment and validation using VirusTotal API, Shodan, and Cisco Umbrella to reduce L1 SOC alert fatigue. Collaborated with Detection Engineering to translate CTI findings into Sigma and YARA rules deployed across enterprise SIEM environments. Authored high-fidelity Strategic and Operational Intelligence reports for stakeholders covering zero-day mitigation and supply chain risks.
Teaching Assistant & Technical Support Staff
University of North Carolina at Charlotte
May 2023 - Dec 2023
Served as TA for ITIS 6200: Principles of Information Security and Privacy; supported 60+ graduate students with coursework and practical lab assignments. Supported Active Directory user provisioning, group management, access troubleshooting, and endpoint compliance and patch management. Investigated security breaches through log reviews and packet analysis using Wireshark, aligned to NIST 800-53 standards.
Independent Security Researcher — SOC & Detection Engineering
Self-Employed
Jan 2024 - Aug 2024
Designed and deployed a home SOC using Splunk and Wazuh for log ingestion, real-time alerting, and endpoint telemetry across virtualized Windows and Linux hosts. Developed custom SPL detection queries for suspicious authentication, lateral movement, and privilege escalation with tuned alert thresholds. Simulated adversarial TTPs using Metasploit and Nmap; validated detection coverage mapped to MITRE ATT&CK (Initial Access → Exfiltration). Built structured incident response playbooks and detection runbooks documenting logic and alert tuning rationale for each simulated scenario.
AI Security Researcher (Apprenticeship)
Institute for Development and Research in Banking Technology (IDRBT)
Jan 2022 - Apr 2022
Engineered ML-based anomaly detection models using Scikit-learn and Pandas to identify financial fraud and authentication abuse patterns in banking systems. Simulated Adversarial ML attacks (evasion and perturbation) to stress-test robustness of banking security models; presented findings to senior research leadership.
Independent Researcher — Malware Analysis & API Security
Self-Employed
Feb 2026 - Present
Built an isolated malware analysis lab using REMnux and FlareVM for static and dynamic analysis; examined PE headers, strings, imports, and behavioral artifacts. Conducted static analysis with PEStudio and FLOSS to extract IOCs, detect packing, and assess pre-execution malware capability. Performed API security assessments using Burp Suite aligned to the OWASP API Top 10, identifying BOLA, excessive data exposure, and improper authentication vulnerabilities. Validated API security methodology through CASA-APIsec certification.
Education
M.S. in Cybersecurity - University of North Carolina at Charlotte
2022 - 2023 · Afghanistan
M.Tech in Artificial Intelligence - University of Hyderabad
2020 - 2022 · Afghanistan
B.E. in Computer Science & Engineering - Vasavi College of Engineering
2016 - 2020 · Afghanistan
Certifications
CompTIA Security+ ce
· 2024
eJPTv2 (Junior Penetration Tester)
· 2024
AWS Certified Cloud Practitioner
· 2023
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (50)
Click a skill to find developers with the same skill
