About
Security Engineer with hands-on experience in vulnerability assessment, penetration testing, and implementing security best practices aligned with standards such as the OWASP Top 10. Skilled in using tools like Nessus, OWASP ZAP, Burp Suite, and Vera code to identify and address security issues in web applications, mobile apps, and APIs. Experienced in conducting risk analysis, basic threat modeling, and supporting remediation efforts to improve overall security posture. Committed to protecting digital assets and contributing to secure software development and operational environments.
Skills & Expertise (30)
Work Experience
Security Engineer
Techmahindra
Aug 2021 - Oct 2025
Skilled in using various tools for web application penetration testing such as Burp Suite, Wireshark, Nmap, and Nessus. Experience in identifying and analyzing application-level vulnerabilities, including Cross-Site Scripting (XSS), SQL Injection, authentication bypass, weak cryptographic implementations, and insecure session management. Experienced in executing OWASP Top 10 test cases effectively. Set up test labs for SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools for executing security tests. Performed in-depth evaluations of SAST tools—such as HCL AppScan Source and Checkmarkx—assessing their effectiveness in vulnerability detection, detection accuracy, coverage, and false positive reduction. Configured web applications for dynamic scanning using authentication methods such as Basic Authentication and Form-Based Authentication. Analyzed project requirement documents and functional specifications to determine security test needs. Defined the scope of security assessments based on thorough requirements analysis and risk evaluation. Performed application workflow-based, compliance-based, and penetration testing activities. Identified resources, timelines, risks, and dependencies involved in security testing projects. Prepared a security test strategy for applications and obtained approvals from key stakeholders. Created a security test plan that includes application security policies, vulnerabilities, and standards such as the OWASP Top 10 and common web vulnerabilities. Validated and differentiated true positives from false positives through manual verification and exploitation, ensuring accurate and actionable results. Conducted vulnerability assessments and penetration testing(VAPT). Performed threat modelling on on-premises and cloud applications using the STRIDE framework to identify potential security threats and design mitigation strategies. Managed Identity and Access Management (IAM) policies using least privilege principles. Secured cloud environments by configuring network security groups, firewalls, and private networks. Implemented encryption for data at rest and in transit using cloud-native services. Performed cloud security assessments and vulnerability management. Configured monitoring, logging, and alerting for threat detection and incident response. Integrated security controls into CI/CD pipelines to enable secure software delivery. Implemented SAST, DAST, and dependency scanning within automated pipelines. Performed Infrastructure as Code (IaC) security scanning (Terraform, Kubernetes configs). Automated vulnerability scanning and remediation processes. Secured container environments and implemented image scanning. Collaborated with development and DevOps teams to implement shift-left security practices. Developed security automation scripts to improve deployment security. Implemented secrets management and secure configuration practices.
Education
B.Tech(CSE) - KL University
2016 - 2020 · Afghanistan
Intermediate (MPC) - Sri Viswasanthi Jr. College
2014 - 2016 · Afghanistan
SSC - Indus E.M high school
2013 - 2014 · Afghanistan