About
No bio added yet
Skills & Expertise (20)
Work Experience
Vulnerability Management Analyst
Goldman Sachs
Jun 2025 - Present
Led risk assessment and prioritization of third-party software vulnerabilities via MDVM, driving risk-based remediation and establishing a remediation lifecycle program. Continuous monitoring of third-party vulnerabilities and tracked remediation status to ensure timely risk mitigation. Owner of Censys, and Jira dashboard management. SNOW VR integration and implementation with Qualys, Prisma and MDVM. Conducting POC on CrowdStrike FEM for EDR. Owner of Zero-day vuln response program, Vendor Advisory Program, Potential Vulnerability Program. Automated Vendor Advisory Process using ServiceNow. In-process of automating zero day/critical vulnerability detection process. Stakeholder engagements with Business Units to present VR metrices, assist with remediation efforts, and ensure alignment with organizational security controls and risk management standards. Responsible for Vulnerability Response Operations daily to assist teams with the remediation efforts for vulnerabilities reported by Qualys and Prisma. Involved in various internal programs to track globally reported CVE’s and its impact. Ensuring efficiency and coverage of security tools; Involved in production deployment efforts for the security tools.
Solution Delivery Associate
Deloitte USI
Jun 2024 - Jun 2025
Conducted comprehensive security assessments, including Infrastructure, Database, and CIS Hardening Scans, as well as SAST, DAST, and API Scans, across multiple projects. Performed penetration testing on web applications and collaborated with TechOps and Database teams to remediate identified vulnerabilities. Supported developers in understanding and addressing vulnerabilities identified by SAST/DAST and API scans, providing guidance on implementing essential fixes to enhance web application security. Deployed Tenable SC for conducting infrastructure scans. Deployed ADP Tool to conduct DB Scans. Investigated various tools to achieve Automated SAST scans. Successfully implemented fully automated SAST scans using Fortify SSC to improve efficiency and reduce the timelines by 60%. Implemented Prisma for container scans.
Advisory Analyst
Deloitte USI
Jun 2022 - May 2024
Conducted Infrastructure, Database, and CIS Hardening Scans across multiple projects. Led the SAST, DAST, API Scans and Penetration Testing for multiple projects, helping developers understand and remediate security flaws. Engaged in threat modeling and application security architecture reviews, strengthening security posture in a project. Collaborated with the TechOps team to remediate infrastructure findings. Assisted the Database Team in resolving vulnerabilities detected during database scans. Presented security findings to stakeholders and clients.
Security Analyst - Internship
Deloitte USI
Jan 2022 - Apr 2022
Utilized security tools such as Burp Suite Pro on bWAPP and DVWA to gain practical, hands-on experience in identifying and mitigating web application vulnerabilities.
Education
Bachelor of Technology in Computer Science Engineering - Chandigarh Group of Colleges, Landran
2018 - 2022 · Afghanistan
Certifications
Certified Ethical Hacker
EC-Council · 2023
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (20)
Click a skill to find developers with the same skill
Similar Profiles
Siddh Patel
Vulnerability Assessment and Penetration Testing (VAPT) professional
Manohar Vijai
Vulnerability Management Specialist
Tamilselvan S
Ethical Hacker / Penetration Tester (Pen Tester) / Offensive Security Specialist / Vulnerability Assessment & Penetration Tester (VAPT Engineer)
Ali Anas
Vulnerability Assessor / Penetration Tester