Mohd Haji

DevOps Engineer

Hyderabad, Telangana, India11 yrs 3 mos experience
AI EnabledAI ML Practitioner

Key Highlights

  • Ranked #1 Facebook Whitehat Researcher for two consecutive years.
  • Contributed to CVE-2018-16466 for Nextcloud Server.
  • 6 consecutive years in Facebook Hall of Fame.
Stackforce AI infers this person is a Cybersecurity Specialist with a focus on Offensive Security and Vulnerability Research.

Contact

LinkedIn

Skills

Core Skills

Offensive SecurityCloud SecurityAi SecurityApplication SecurityProduct SecurityVulnerability Research

Other Skills

AD PentestAIAI AgentsAI DevelopmentAPI securityAWS SecurityActive Directory PentestAmazon AIAmazon BedrockAmazon Web Services (AWS)Attack Surface AnalysisAutomationBaseline Security TestingBug BountyBug Hunting

About

I’m a passionate and honest cybersecurity professional who believes that everything happens for a reason—and often, for the better. With a strong growth mindset, I thrive in roles that challenge me and allow room to grow—if a position matches even 70% of my skillset, I see it as the perfect opportunity to learn and contribute. What I Do: I specialize in offensive security, with hands-on experience across: -> Web, Mobile & API Pentesting -> LLM & Agentic AI Security(Red teaming LLMs & Implemented various MCP Servers ) -> Cloud Security (AWS, Azure) -> Network & Infrastructure Security -> Payment Gateway Security -> CI/CD & DevSecOps, SAST & DAST -> Secure Code Review -> Red Teaming Exercises -> Vulnerability Research & Exploitation (Consulting & Bug bounties) Global Experience: Worked in Riyadh, Saudi Arabia for 1.5+ years as an InfoSec Specialist. Executed pentesting engagements for private and government clients. Collaborated on team training, CTFs, and internal tooling. I have 9+ years of experience in penetration testing /bug hunting , with 5+ years of experience as Application Security/Product Security Engineer/Offensive Security Engineer in (Copart/Vmware/Fanatics). Recognitions & Achievements: -> Facebook Hall of Fame – 6 consecutive years (2014–2019) -> Ranked #1 Facebook Whitehat Researcher from Hyderabad (2015, 2016) -> PayPal Top 10 Security Researcher (Q4 2015, Q3 2016) -> Listed in 150+ companies’ Hall of Fame for responsible disclosures (public & private programs) & got rewards as well. -> CVE Contributor: CVE-2018-16466 – Nextcloud Server -> Bug hunting on Platforms: Bugcrowd, HackerOne & Private programs including Apple, Microsoft, Facebook, PayPal, and more

Experience

Fanatics

Offensive Security Engineer - 3

Apr 2024Present · 1 yr 11 mos · Hyderabad, Telangana, India · Hybrid

  • > Pentesting Fanatics Cloud Enviroment (Azure & AWS).
  • > Pentesting internal AI chatbots and applications.
  • > Handling Fanatics bug bounty program on Synack.
  • > Participated in Fanhack Event (Creating AI based solution to detect PII using Amazon AI technologies such as Amazon Comprehend).
  • > DRI On call rotation for any security incident.
  • > Learned about Akamai WAF configuration.
  • > Working with relevant stakeholders on closing down external ports to public assets.
  • > Using AI agents for day to day activities.
  • > Completed two trainings on (Advance Cloud Hacking and DEVSECOPS) delivered by Notsosecure (Blackhat Trainers).
  • > Completed Offsec's PEN 200 training and obtained OSCP+ certification.
  • > Implemented MCP Servers for different cybersecurity use cases
  • > Evaluated Tld's of fanatics via zone file for sub domain takeovers.
  • > Created and lead many security related SEV incidents collaborating with SRE/SRO teams.
PentestingCloud SecurityBug BountyAI SecurityIncident ResponseOffensive Security

Vmware

Product Security Engineer - MTS

Feb 2022Dec 2023 · 1 yr 10 mos · Hyderabad, Telangana, India

  • Security Development Lifecycle Engineering (SDL).
  • > Contributed in various baseline security testing for vmware products (Workspace One Access both On Premise and Cloud versions , Horizon, Hcx (On premise & Saas) , VRLI as part of software development lifecycle , both blackbox and whitebox (code review) approach.
  • > Cross collaboration with development teams and security team for execution of Attack surface analysis and baseline security testing tasks.
  • > Participated with the security team in the readout meeting of baseline security testing for answering the questions of stakeholders.
  • > Performed the Guru duties (Acting as a point of contact for any security related stuff coming to Product Security team ) in Vmware's Vsecr team which consists of 90+ engineers.
  • > As a guru responded to tickets in SDLC and created the tasks for Attack surface analysis of the products Based on the threat levels.
  • > Worked on personal development goals and achieved OSWA & CAPen certifications.
Security Development LifecycleBaseline Security TestingAttack Surface AnalysisCross CollaborationApplication SecurityProduct Security

Copart

Senior Application security engineer

Jan 2020Jan 2022 · 2 yrs · Hyderabad Area, India

  • Appsec

Center of excellence in information assurance

Information Security Specialist

Sep 2017Apr 2019 · 1 yr 7 mos · Al-Riyadh Governorate, Saudi Arabia

Bugcrowd inc

Security Researcher

Aug 2014Feb 2022 · 7 yrs 6 mos

  • Independent Security Researcher and Bug hunter on Bugcrowd .
  • Hunted Many private invitation programs with P1 or P2 submissions due to which Bugcrowd invited me to attend Defcon and Blackhat USA in 2015 , 2016 & 2017.
  • Top 100 on bugcrowd.
  • https://bugcrowd.com/mohdhaji87
Bug HuntingSecurity ResearchPrivate ProgramsVulnerability Research

Education

Chaitanya Bharathi Institute Of Technology

Bachelor's degree — Computer Science

Jan 2013Jan 2017

MS Junior College

Intermediate — MPC

Jan 2011Jan 2013

Newton High School

Secondary School Certificate

Jan 2010Jan 2011

Stackforce found 100+ more professionals with Offensive Security & Cloud Security

Explore similar profiles based on matching skills and experience

Jiacheng(Gavin) Zhong

Jiacheng(Gavin) Zhong

Privacy Engineer - Red Team

at TikTok

United States2 yrs 6 mos exp
Security ResearchWeb SecurityPwnReverse EngineeringNetwork Security
Cody K.

Cody K.

Senior Consultant | Cybersecurity & Technology

at Meliora

Hong Kong, Hong Kong2 yrs 5 mos exp
Technical RecruitingCybersecurity
Mike Dame

Mike Dame

Hacker of Time & Space

at The Multiverse

North Palm Beach, United States8 yrs 2 mos exp
Client RelationsMulti-Cloud Penetration TestingOffensive Security ServicesPenetration TestingRed Teaming
Yaman Arora

Yaman Arora

Staff Application Security Engineer

at Sumo Logic

Faridabad, India9 yrs 7 mos exp
Application Security
Viharika Deverapally

Viharika Deverapally

Lead Application Security Analyst

at ADP

Atlanta, United States6 yrs 6 mos exp
Application SecurityPenetration TestingRed TeamingVulnerability Assessment
Pratham Mittal

Pratham Mittal

Application Security Engineer - 2 (Asia/Pacific)

at Amazon

Sangrur, India3 yrs 7 mos exp
Application SecurityCloud SecurityPenetration TestingThreat Modelling
Edbert S.

Edbert S.

Cyber Security Consultant (VAPT)

at Confidential.

Marikina, Philippines5 yrs 10 mos exp
Vulnerability Assessment and Penetration Testing (VAPT)
Sujit Suryawanshi

Sujit Suryawanshi

Information Security Engineer 3

at PayPal

Pune, India8 yrs 3 mos exp
Application SecurityPenetration TestingThreat ModelingVulnerability Assessments