Application Security Engineer

Penetration Testing — Hands-on pentesting across web, API, networks, Docker, and Kubernetes to find and fix critical vulnerabilities. Automation & Tooling — Built custom Python and Bash scripts to automate vulnerability detection and streamline CI/CD security assessments. Threat Modeling — Performed STRIDE-based threat modeling and risk analysis during application design and architecture reviews. SIEM & Alerting — Monitored and triaged daily security alerts via Wazuh SIEM ensuring rapid incident validation and response. Secure SDLC — Integrated SAST, SCA, and DAST into CI/CD pipelines to catch security issues before they hit production. VAPT Reporting — Led full VAPT cycles with detailed risk-classified reports, remediation guidance, and vulnerability tracking. Incident Response — Served as primary incident response contact — identifying, validating, and coordinating remediation across the org. Security Awareness — Ran phishing campaigns, security simulations, and training sessions to strengthen the human layer of defence. Security Architecture — Designed and reviewed cybersecurity architectures aligning security controls with organisational risk tolerance. Threat Intelligence — Created internal threat intelligence reports analysing attack trends and indicators of compromise. ISMS Audits — Supported internal and external ISMS audits, maintaining records and reporting performance metrics to management. Red Teaming — Led red team exercises including social engineering and physical security testing to evaluate organisational resilience. ISO 27001 — Drove ISO/IEC 27001 implementation covering risk assessment, Annex A control mapping, and audit remediation.

Conduct web, API, and Android penetration tests to identify and remediate vulnerabilities. • Provide security consulting to global clients, ensuring compliance with best practices. • Perform SCA, SAST, DAST, and cloud security assessments for data protection. • Develop secure coding guidelines and train teams on integrating security into SDLC. • Addressed over 300+ vulnerabilities, contributing to improved product security. • Collaborated with cross-functional teams to enhance cybersecurity awareness. • Performed cloud security assessments to ensure the safety and security of client data in the cloud. • Executed comprehensive network security assessments to uncover critical weaknesses. • Created detailed vulnerability reports with actionable remediation plans. • Conducted workshops on secure development practices, boosting team security capabilities.