About
Security Engineer with 3.7+ years of experience in Vulnerability Assessment and Penetration Testing (VAPT) across web, mobile, API, network, and cloud environments. Proven ability to identify and remediate critical vulnerabilities including SQL Injection, IDOR, XSS, and authentication flaws across multiple enterprise applications. Skilled in manual and automated security testing, secure SDLC practices, and risk-based vulnerability management. Strong expertise in OWASP Top 10, application security testing, and stakeholder communication in fast-paced environments.
Skills & Expertise (33)
Work Experience
Security Engineer – VAPT
DXC Technologies
Sep 2022 - Present
Conducted VAPT on 25+ web applications and APIs, identifying 150+ vulnerabilities including critical issues such as SQL Injection, IDOR, XSS, and Broken Authentication. Performed manual penetration testing using Burp Suite, validating vulnerabilities through request manipulation, session tampering, and business logic testing. Identified and exploited access control issues, improving authorization mechanisms and reducing risk exposure. Tested authentication workflows, session management, and token handling (JWT, Bearer tokens) for security flaws. Validated vulnerabilities through proof-of-concept (PoC) and provided actionable remediation recommendations to development teams. Performed security assessments on Android applications using MobSF, Frida, and JADX, identifying issues such as insecure data storage, hardcoded secrets, and weak encryption practices. Bypassed SSL pinning and root detection mechanisms to perform advanced runtime analysis. Intercepted and modified mobile traffic to identify insecure API communication and sensitive data exposure. Assessed local storage mechanisms (SharedPreferences, SQLite, logs) for data leakage risks. Conducted internal and external network penetration testing, identifying vulnerabilities related to misconfigurations, weak services, and insecure protocols. Performed reconnaissance and enumeration using Nmap, Masscan, Netdiscover, identifying exposed services and attack surfaces. Executed vulnerability scans using Nessus, followed by manual validation to eliminate false positives. Performed Man-in-the-Middle (MITM) attacks to analyze traffic and identify credential exposure risks. Assisted in cloud security assessments for applications hosted on AWS, identifying misconfigurations across IAM, S3, EC2, and VPC components. Reviewed IAM roles and policies to detect excessive privileges and enforce least privilege principles. Identified publicly exposed S3 buckets, weak security group rules, and improper network configurations. Evaluated logging and monitoring using CloudTrail and CloudWatch to improve audit visibility. Managed end-to-end vulnerability lifecycle including identification, reporting, remediation tracking, and retesting. Delivered detailed VAPT reports with risk ratings, PoC, impact analysis, and mitigation strategies. Collaborated with development and DevOps teams to ensure timely remediation of critical vulnerabilities. Built dashboards and reports for stakeholders, improving visibility into organizational security posture. Integrated security practices into Secure SDLC (SSDLC), enabling early detection of vulnerabilities. Participated in threat modeling (STRIDE) to identify risks during design phase and reduce attack surface.
Education
Bachelor of Engineering (Computer Science)
- · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (33)
Click a skill to find developers with the same skill
