About
Application Security Engineer with 2+ years of experience in web, mobile, and cloud security. Skilled in vulnerability assessment, penetration testing, and identifying OWASP Top 10 issues such as XSS, SQL Injection, and IDOR. Experienced in analyzing application workflows, API security, and collaborating with development teams to remediate vulnerabilities. Familiar with secure SDLC practices and threat modelling concepts like STRIDE.
Skills & Expertise (24)
Work Experience
Cybersecurity Analyst, Consultant
Tata Consultancy Services, TCS
Jan 2023 - Present
Identified and validated 100+ vulnerabilities across web, mobile, and cloud applications, including OWASP Top 10 issues (XSS, SQL Injection, IDOR, Broken Authentication/Authorization). Performed penetration testing across Web, Android, Network, and Cloud platforms using Burp Suite, Nmap, and Metasploit. Analyzed application workflows, APIs, and attack surfaces to identify risks in authentication and authorization mechanisms. Conducted threat modelling exercises and secure code review in Java and Python to proactively identify attack surfaces and security risks. Performed cloud security assessments on AWS environments using Scout Suite, identifying misconfigurations across IAM, S3, and EC2. Conducted security audits ensuring compliance with PCI DSS standards, reducing organizational risk exposure. Collaborated with development teams to remediate critical vulnerabilities and created detailed reports with proof-of-concepts and actionable remediation guidance for stakeholders.
Education
Bachelor of Computer Application - Chatrapati Sahu Ji Maharaj University
2020 - 2023 · Afghanistan
Intermediate, 10+2 - A.P.P.D. Inter College
2019 - 2020 · Afghanistan
High School, 10 - Shivaji Inter College, Kanpur
2017 - 2018 · Afghanistan
Certifications
No certifications added yet
Interested in this developer?
Profile Score Breakdown
Profile Overview
Availability Details
Relocation
Depends on Offer
Skills (24)
Click a skill to find developers with the same skill
