About
Detail-oriented cybersecurity analyst with 3+ years of hands-on experience in vulnerability assessment and penetration testing. Skilled in identifying, analyzing, and remediating security risks. Strong expertise in Qualys, Rapid7, and Tenable tools. Currently expanding into Microsoft Azure cloud security and seeking a role to help strengthen organizational security.
Skills & Expertise (18)
Work Experience
VAPT Analyst
Cloud4C
Jan 2022 - Present
Managed end-to-end vulnerability assessment lifecycle including asset onboarding, scheduling, and reporting. Performed VA across Windows, Linux/Unix, and MacOS using Qualys VMDR and Rapid7 InsightVM. Conducted Zero-Day specific scans and CIS benchmark compliance assessments. Analyzed scan data, prioritized vulnerabilities based on SLAs and criticality, and validated findings. Created custom dashboards and reports using QQL, Excel, and Power BI. Collaborated with platform owners for remediation, patch validation, and troubleshooting. Administered Qualys: RBAC, scan profiles, templates, credential setups, and support escalations. Designed dynamic tagging rules for automated asset classification. Automated CIS compliance scans and managed vulnerability exceptions and compensating controls. Worked with SAP and Banking teams to identify and remediate high-risk vulnerabilities. Ensured compliance during PCI DSS, NCA, and PCOE audits. Deployed Tenable agents to 600+ systems, improving scan coverage. Installed and configured Tenable Managers and Scanners. Supported VMware to SUSE KVM migration with minimal downtime. Performed network penetration testing using Nmap, Wireshark, and Metasploit. Conducted DAST/SAST assessments using Burp Suite and OWASP ZAP. Identified SQLi, XSS, CSRF, and other web vulnerabilities. Designed and implemented Python-based automation to monitor the health and availability of Tenable managers and scanners, improving platform reliability and response time. Automated user lifecycle management (CRUD operations) on Tenable managers using REST APIs, reducing manual administrative effort. Built end-to-end automation for: Scan group creation and management, Agent status validation and compliance checks, Asset grouping and tagging to support accurate vulnerability reporting, CIS benchmark scan report generation for larger number of hosts at once. Developed API-driven workflows to generate presentation-ready data and enable quick lookup of scan and asset information. Implemented Ansible-based automation for large-scale Tenable agent deployment across environments. Performed OS-level troubleshooting for agent installation, connectivity, and service issues across Linux and Windows systems. Created error handling, logging, and retry mechanisms in automation scripts to ensure reliability. Optimized scripts to handle large-scale environments with multiple managers and scanners. Integrated automation with cron / schedulers for periodic health checks and reporting. Helped in asset normalization and tagging strategy for improved visibility and reporting. Worked closely with network and system teams to troubleshoot agent connectivity issues (ports, SSL, certificates, proxies). Analyzed agent and scanner logs to identify root cause of failures and performance bottlenecks. Ensured agents were up to date with plugin feeds and software versions. Documented automation workflows and runbooks for operational handover. Collaborated with infra and vendor teams to meet compliance and audit requirements.
Education
B.Tech in Civil Engineering - JNTU University
2018 - 2022 · Afghanistan
MPC – Maths, Physics, Chemistry - Sri Chaitanya Junior College
2016 - 2018 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Citizen
Relocation
Depends on Offer
Skills (18)
Click a skill to find developers with the same skill
