About
Security-focused professional with hands-on experience conducting vulnerability assessments and penetration testing on live government web portals (UP, Assam, and Goa state governments). Brings a unique attacker-and-developer perspective — a full-stack development background enables root-cause identification of vulnerabilities at the code level, not just the surface. Proficient in VAPT, web application penetration testing, OWASP Top 10 mitigation, and GIGW compliance for government systems. Currently expanding skills in API Security and Android Security fundamentals. Eager to contribute to enterprise-grade security operations and structured penetration testing workflows.
Skills & Expertise (46)
Work Experience
Cybersecurity Analyst — Internal Security Audit
Innovador Infotech Pvt. Ltd.
Jul 2025 - Present
Conducted end-to-end vulnerability assessments and security reviews on live government portals for UP, Assam, and Goa state governments — identifying OWASP Top 10 issues including SQL injection, broken access control, and security misconfigurations. Performed reconnaissance, enumeration, and vulnerability discovery using Nmap, Nuclei, Nikto, Gobuster, and WhatWeb across multiple government portal environments. Conducted API security testing using Burp Suite — intercepting and manipulating HTTP requests to identify IDOR, improper authentication, and data exposure issues in RESTful endpoints before production releases. Tested authentication and authorization mechanisms — identifying weaknesses in session management, privilege escalation paths, and access control implementations. Enforced GIGW (Guidelines for Indian Government Websites) and OWASP compliance standards across all government portal deliverables per NIC mandates. Reviewed and assisted in hardening multi-layer RBAC systems for government officials — establishing principle of least privilege and eliminating unauthorized access vectors. Collaborated with development teams on remediation — providing secure coding recommendations and conducting post-fix validation. Automated reconnaissance and vulnerability scanning workflows using Bash and Python scripts, reducing manual recon time by over 40%.
Freelance Full-Stack Developer
Self-Employed
Jan 2024 - Present
Delivered 5+ MERN stack web applications with security-by-design — OTP-based authentication, encrypted data storage, rate limiting, and secure API design as standard practice. Performed pre-deployment security assessments — identifying and remediating vulnerabilities in authentication flows, session handling, and third-party integrations.
Education
B.Tech in Information Technology - Babu Banarasi Das Institute of Technology & Management (BBDITM)
2021 - 2025 · Afghanistan
Intermediate (PCM + Computer Science) - City Montessori School
2018 - 2021 · Afghanistan
Certifications
AWS Fundamentals
SkillUP · 2025
Self-Learning: OWASP Top 10, Web Application Penetration Testing, Linux Security, Network Security, VAPT Methodologies
· 2024–2025
MERN Stack Development
ShapeMySkills · 2024
Complete Web Development Bootcamp
Udemy · 2024
Interested in this developer?
Profile Score Breakdown
Profile Overview
Skills (46)
Click a skill to find developers with the same skill
