Skills & Expertise (30)
Work Experience
Senior Security Analyst
Volvo (Payroll - Techdefence Labs)
Sep 2024 - Oct 2025
Responsible for enhancing the security posture of applications within a fast-paced Volvo Group. Contributed to building secure applications and fostered a culture of security best practices across multiple teams. Performed comprehensive security assessments of applications within the Volvo Group. Evaluated security requirements, designed test scenarios, and executed both manual and automated security tests to identify vulnerabilities. Utilized Snyk to conduct static code analysis, effectively uncovering security flaws in the application source code. Delivered detailed vulnerability reports, outlining identified risks, proposing remediation strategies, and collaborating with development teams to implement solutions. Audited external penetration testing reports, ensuring the thoroughness of testing efforts and the effective remediation of identified vulnerabilities. Developed and delivered security training programs for QA and development teams, enhancing security awareness and promoting secure coding practices. Provide mentorship and guidance to junior members of the cybersecurity team. Performing Threat Modeling on cloud Architecture diagrams with STRIDE & PASTA Methodology. Performed Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) to identify and mitigate potential security vulnerabilities. Conducted comprehensive cybersecurity configuration audits across cloud, network, and endpoint environments, ensuring compliance with CIS benchmarks, NIST standards, and organizational policies. Identified and remediated misconfigurations in firewalls, servers, and cloud services (AWS/Azure), reducing exposure to critical vulnerabilities and improving overall security posture. Developed audit reports and remediation plans with detailed risk analysis, collaborating with cross-functional teams to implement secure configurations and achieve compliance with ISO 27001 and PCI-DSS.
Senior SecOps
Zoop
Oct 2025 - Present
Performed comprehensive VAPT on web applications, APIs, and cloud infrastructure, identifying critical vulnerabilities and collaborating with engineering teams to remediate security gaps, significantly improving overall security posture. Designed and implemented security controls in Google Cloud Platform (GCP), including IAM hardening, network security configurations, audit logging, and continuous monitoring to protect cloud assets from unauthorized access and threats. Led and supported compliance initiatives aligned with industry standards such as ISO 27001, SOC 2, and regulatory requirements by implementing security controls, conducting risk assessments, and maintaining security documentation and audit readiness. Led and managed end-to-end security operations at Zoop, including SOC monitoring, and cloud security, ensuring proactive threat identification and mitigation across production environments.
Software Engineer (Security Practice)
ValueLabs
Oct 2022 - Jan 2024
Responsible for ensuring the security of products and applications within a fast-paced technology company. Played a key role in integrating security practices into the development lifecycle and maintaining compliance with industry standards. Evaluated and implemented security controls throughout the Software Development Life Cycle (SDLC), encompassing secure design, code review, and application security testing. Performed security assessments of banking applications, covering both UK and US markets, to ensure compliance with industry regulations and security standards. Conducted security assessments of change requests and ad-hoc fixes, ensuring alignment with security best practices and regulatory requirements. Researched, evaluated, and recommended new security tools (SAST, DAST) to enhance existing security processes and capabilities. Collaborated with technical and business stakeholders to align security priorities with business objectives, mitigating financial and reputational risks. Performed root cause analysis of security incidents, identified vulnerabilities, and recommended corrective actions to prevent future occurrences. Conducted routine penetration testing across diverse technology stacks, employing automated penetration testing tools to assess both internal and external environments. Perfomed Threat Modeling on different architecture Diagrams of Azure & AWS with STRIDE Methodology.
Security Monitoring Analyst
Ocwen Financial Solutions
Oct 2021 - Oct 2022
Utilized ticketing tools like ServiceNow to manage and respond to security incidents promptly. Conducted 24/7 monitoring and analysis of alerts using Manage Engine, coordinating closely with the incident response team for swift remediation. Generated and validated incident tickets, providing essential support to senior team members in daily operations. Investigated and escalated incidents to appropriate L2 or L3 team members, ensuring adherence to SOC playbooks and escalation protocols for effective incident resolution and communication.
Security Engineer
The Analytics Career
Jan 2024 - Jul 2024
Performed Security design reviews and Threat Modeling. Conducted Security Code review, Penetration testing and collaborate with developers to implement fixes. Conducted IT Audit based on ISO 27001. Conducted VAPT using Python scripts. Leading & Managing a team of 5 Security Engineers.
Education
Bachelors of Engineering in Computer Science - Chitkara Institute of Engineering and Technology
2018 - 2022 · Afghanistan
Non-Medical (CBSE) - New Era Public School, Rewari
2017 - 2018 · Afghanistan
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Relocation
Open to Relocation
