About
Results-driven Cybersecurity professional with 1.5+ years of hands-on experience in Security Analysis, Vulnerability Assessment & Penetration Testing (VAPT), and Incident Response. Proven expertise in web application and API security testing across 350+ clients using industry-standard tools and OWASP Top 10 methodology. Adept at cloud security monitoring, WAF management, and threat mitigation across enterprise environments. Holds CEH V12 certification with a strong foundation in security frameworks, risk management, and client-facing reporting.
Skills & Expertise (28)
Work Experience
Associate Security Operations Specialist
IDX (Investis Digital)
Apr 2026 - Present
Lead web application and API penetration testing engagements across 350+ clients, identifying critical and high-severity vulnerabilities aligned with OWASP Top 10 standards. Configure and manage AWS WAF and Cloudflare WAF policies to detect and block malicious traffic, reducing attack surface for enterprise clients. Leverage AWS GuardDuty and AWS Inspector for continuous cloud infrastructure threat detection and compliance monitoring. Monitor and triage security alerts via the SIEM platform, performing investigation and escalation of potential threats in real-time. Deliver comprehensive vulnerability assessment reports with prioritised remediation strategies, communicating findings clearly to technical and non-technical stakeholders. Conduct firewall rule analysis and network perimeter security reviews to identify misconfigurations and unauthorised access points.
Security Analyst
IDX (Investis Digital)
Jan 2025 - Mar 2026
Performed VAPT on web applications and APIs using Burp Suite and Nessus, identifying vulnerabilities such as SQL Injection, XSS, IDOR, and Broken Authentication. Conducted network scanning and vulnerability analysis using Nmap and Nessus, assessing the security posture of client systems and infrastructure. Investigated and responded to security incidents, conducting root cause analysis and recommending corrective and preventive actions. Monitored security events through SIEM dashboards, triaging alerts and escalating incidents based on severity and business impact. Supported risk assessment and threat modelling activities in alignment with industry security frameworks and controls. Utilised Symantec and BitSight for endpoint protection monitoring and third-party security risk scoring.
Education
B. Tech in Computer Science and Engineering - Navrachna University
- · Afghanistan
Certifications
Certified Ethical Hacker (CEH) V12
EC-Council · 2024
Google Cybersecurity Professional Certificate
Google · 2023
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (28)
Click a skill to find developers with the same skill
