About
Cybersecurity Analyst with hands-on expertise in Vulnerability Assessment and Penetration Testing (VAPT), Application Security, and Network Security. Proficient in identifying, validating, and mitigating complex security flaws aligned with the OWASP Top 10 and SANS standards. Experienced in integrating Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) into DevSecOps pipelines. Skilled in executing proactive Threat Modeling to identify architectural risks and leveraging tools like Burp Suite, Nmap, and OWASP ZAP for in-depth vulnerability management. Strong understanding of API Security, Cloud Security, and tracking third-party components via Software Bill of Materials (SBOM) for comprehensive risk reduction. Adept at distinguishing false positives from critical threats to provide development teams with accurate, actionable remediation intelligence. Demonstrated capability in continuous security monitoring and log analysis, bridging the gap between Security Operations (SOC) practices and proactive vulnerability management. Collaborated closely with cross-functional development and QA teams to provide hands-on remediation support, accelerating patch cycles and fostering a security-first culture.
Skills & Expertise (30)
Work Experience
Front Office Executive / HR Administrator
Danube Properties
Aug 2025 - Mar 2026
Junior Cybersecurity Analyst
Axisweb soft Technology PVT LTD
Oct 2024 - Aug 2025
Executed comprehensive Vulnerability Assessments and Penetration Testing (VAPT) across web applications, APIs, and network infrastructure to uncover critical security gaps. Identified and exploited complex application-level vulnerabilities, including SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Broken Access Control. Integrated and managed automated security testing tools (DAST, SAST, SCA) including Snyk, Checkmarx, and Veracode within DevSecOps pipelines to ensure early threat detection. Conducted API Security testing and Cloud Security posture reviews, mitigating risks related to broken authentication and misconfigurations before production deployment. Executed manual API security testing using Postman and Burp Suite, specifically targeting OWASP API Security Top 10 flaws such as Broken Object Level Authorization (BOLA). Leveraged Qualys and Nessus for continuous Vulnerability Management, generating high-fidelity reports and scoring risks utilizing the CVSS framework. Performed Threat Modeling during the design phases to identify potential attack vectors and utilized SBOMs to track and secure third-party open-source dependencies. Manually validated scanner outputs using Burp Suite and OWASP ZAP, successfully eliminating false positives to streamline remediation workflows for development teams. Managed the vulnerability lifecycle utilizing JIRA to track remediation progress, conduct rigorous re-testing, and verify the successful implementation of security patches. Participated in Agile sprint planning and daily scrums to present security findings directly to developers, minimizing the exposure window of critical defects.
Customer Support Executive (Centene Department)
Alorica
Dec 2023 - Sep 2024
Education
B.Sc. (Hons.) in Agriculture - PDM University
- 2023 ยท Afghanistan
Higher Secondary (XII) - Narayana Junior College
- 2018 ยท Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Visa Status
Need Sponsorship
Relocation
Open to Relocation
Skills (30)
Click a skill to find developers with the same skill