About
Security Engineer with 3+ years of hands-on experience in product and application security, vulnerability management, and incident response across web, API, and Linux-based environments. Strong background in secure SDLC, penetration testing, security incident investigation, and risk-based security controls. Experienced in collaborating with engineering teams to identify design-level risks early, improve security posture, and support secure production releases. Actively working at the intersection of AppSec, DevSecOps, and Security Operations.
Skills & Expertise (22)
Work Experience
Product Security Consultant
Independent Product Security Consultant
Jan 2024 - Present
Led application and product security assessments across web and API-based systems, identifying vulnerabilities and supporting secure remediation. Performed manual penetration testing on production-like environments, validating OWASP Top 10 risks and API security weaknesses. Defined and reviewed security requirements during design and feature planning, enabling early identification of architectural and logic-level risks. Supported security incident investigations, including log analysis, root cause identification, and implementation of preventive security controls. Conducted Linux environment and configuration reviews, identifying misconfigurations and access-control gaps. Collaborated closely with engineering and operations teams to ensure secure implementation of fixes and validation before release. Assisted with security audits and third-party security reviews, ensuring adherence to internal security standards and risk acceptance processes.
Associate Quality Analyst (Security-Focused)
Brained Technologies
Dec 2022 - Nov 2023
Supported secure product releases by working closely with engineering teams in an enterprise environment. Conducted API security testing and validation, improving early detection of security-impacting defects by ~20%. Executed performance and stress testing using JMeter on Linux systems, uncovering system weaknesses under load and improving stability by ~15%. Assisted in post-release security incident investigations, performing root cause analysis and recommending corrective and preventive actions. Reviewed functional and technical requirements to identify security risks, misuse scenarios, and data exposure issues. Documented vulnerabilities, security risks, and remediation actions to support audits and continuous improvement initiatives.
Education
Master of Computer Applications (MCA) - University of Mumbai
2022 - 2024 · Afghanistan
Bachelor of Computer Application (BCA) - SNDT University
2019 - 2022 · Afghanistan