About
Junior Security Engineer with over 1 year of hands-on experience in application security, API pentesting, WAF engineering, and automation. Skilled in uncovering critical vulnerabilities, improving remediation cycles, and building internal tools that optimize manual VAPT processes.
Skills & Expertise (27)
Work Experience
CyberSecurity Trainee
Formidium
Sep 2024 - Nov 2024
Performed initial VAPT using AppCheck automated scanning, triaged findings, and manually validated high-risk issues using Burp Suite and browser-based testing. Created developer-friendly vulnerability documentation with impact details, PoC steps, and remediation guidance.
Volunteer
Seasides Conference
Feb 2025 - Present
Junior Security Engineer
Formidium
Dec 2024 - Present
Led manual VAPT across applications, network, and infrastructure to map risk exposure, uncovering and prioritizing 25 critical vulnerabilities, and reducing high-risk exposure by 40%. Authored detailed vulnerability reports (with reproducible steps, risk ratings, and remediation), improving developer understanding and cutting remediation time by 35%. Onboarded Appknox as the mobile security platform. Integrated automated scans into release workflow. Configured assessment policies and triage process, boosting detection accuracy by 30%. Deployed and operationalized Cloudflare WAF by migrating traffic from AWS WAF Route 53, configuring managed rulesets, enabling bot protection, and exporting logs to AWS S3—reducing false positives by 50% and improving overall threat visibility. Developed an internal recon automation script integrating Subfinder, FFUF, Nuclei, and httpx to speed up target enumeration and vulnerability discovery. Enhanced testing tool chains and playbooks, automating key parts and optimizing processes to boost testing coverage by 60% and reduce manual effort by 50%.
Education
Bachelor's of Business Administration - RIBS - Bengaluru City University
2020 - 2023 · Afghanistan
