About
Application Security Engineer with nearly 2 years of experience spanning AppSec, threat modelling, penetration testing, incident response, compliance, and security governance. Core member of a (3-member) lean global security team operating across the US, Singapore, Canada, Sweden and India, with direct engagement with senior leadership including CTO, VPs, and MD. Combines deep security expertise with real development experience, including contributing as a developer to take an AI product from proof-of-concept to production. Holds a Master's in Infocomm Security from NUS; certified CEH Masters and ISC2 SSCP.
Skills & Expertise (30)
Work Experience
Application Security Engineer
INVIDI Technologies Pvt. Ltd.
Sep 2024 - Present
Own end-to-end application security across a global product portfolio, including threat model reviews, and performing 15+ vendor security assessments to reduce third-party risk exposure. Lead internal penetration test engagements end-to-end, including scoping, coordinating with development teams, and managing third-party pentest vendors; oversaw large-scope assessments covering 2 web UIs and 22 APIs. Drive security standards across engineering by authoring and maintaining 14+ security blueprints, including developer-facing guidelines covering authentication, authorization, input validation, data security, zero trust principles and SDLC best practices. Spearhead developer security enablement as facilitator of the Security Center of Excellence, aligning security priorities with dev teams and contributing to Cloud, AI, and Architecture Centers of Excellence. Manage incident response and security investigations end-to-end, including serving as Incident Manager on a security incident owning scoping, containment, stakeholder communication, and response. Support compliance and audits, including SOC 2 Type II audits, CAIQ and internal access management reviews; led the creation and launch of the company's public-facing Trust Center (SafeBase), strengthening security transparency for existing and prospective customers. Build security tooling and hardened infrastructure, including shell and python-based automation tools for AppSec BAU tasks; developed CIS-benchmark-compliant (>95% OpenSCAP) hardened OS images for Ubuntu and RHEL (RHEL via OSBuild and Red Hat Cloud Console) for production customer sites. Design and deliver AI proof-of-concepts independently using open-source models and local experimentation presenting to the CTO and senior leadership; one has progressed to a full product, contributing as a developer on the AWS-based deployment including data collection, annotation, fine-tuning pre-trained models, and production rollout. Mentor the AppSec intern providing guidance across security fundamentals, tooling and day-to-day practices. Contribute to CISO-level governance and security communications, including internal security advisories, customer-facing documentation, and company-wide policy development and review.
Education
Master of Computing — Infocomm Security - National University of Singapore (NUS)
2022 - 2024 · Afghanistan
Higher Diploma in 3D Animation and Graphic Design - Image Creative Education Pvt. Ltd.
2019 - 2021 · Afghanistan
B.Tech in Computer Science and Engineering - SRM Institute of Science and Technology
2018 - 2022 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (30)
Click a skill to find developers with the same skill
