Shoriful Islam

DevOps Engineer

Bangladesh5 yrs 6 mos experience

Key Highlights

  • Expert in advanced penetration testing techniques.
  • Proven track record in threat intelligence and risk mitigation.
  • Author of a bestselling book on web application security.
Stackforce AI infers this person is a Cybersecurity Specialist with expertise in penetration testing and threat intelligence.

Contact

LinkedIn

Skills

Core Skills

Penetration TestingThreat IntelligenceSecurity TrainingVulnerability ManagementApplication Security

Other Skills

Offensive Security StrategyRed Team TrainingThreat EmulationAdversary Tactics SimulationsAutomationTrainingSkill AssessmentThreat AssessmentsVulnerability ScansEducational Material CreationProof-of-Concept ExploitsSource Code AnalysisInformation SecurityCode ReviewLaw Enforcement Intelligence

About

I am a dedicated cybersecurity professional specializing in penetration testing, vulnerability assessments, and ethical hacking to strengthen security defenses for organizations. With hands-on experience in both external and internal penetration testing, I excel at identifying critical vulnerabilities, exploiting security weaknesses, and providing actionable remediation strategies. My expertise spans across web, mobile, and cloud security, leveraging tools like Burp Suite, Metasploit, Nmap, and Nessus to conduct in-depth security audits. I have a strong track record of bypassing security mechanisms, including Multi-Factor Authentication (MFA), performing privilege escalation, and testing against OWASP Top-10 vulnerabilities. I am proficient in Python, Bash, C, and PowerShell, using them to automate security processes, develop custom penetration testing tools, and analyze threats efficiently. My work aligns with MITRE ATT&CK Framework to enhance threat modeling, security research, and risk mitigation strategies. Beyond technical testing, I collaborate closely with development and security teams to prioritize vulnerabilities, implement security protocols, and provide strategic security consultation. My passion lies in educating teams, strengthening security policies, and proactively identifying emerging threats to protect businesses in an ever-evolving digital landscape. 🚀 Key Expertise: ✔️ Advanced Penetration Testing (External & Internal) ✔️ Cloud Security (AWS & GCP) ✔️ Web & Mobile Application Security ✔️ Threat Intelligence & Risk Mitigation ✔️ Security Research & Exploitation ✔️ Strategic Security Consultation ✔️ Technical Training & Knowledge Sharing

Experience

5 yrs 6 mos
Total Experience
1 yr 6 mos
Average Tenure
11 mos
Current Experience

Brain station 23

Senior Cybersecurity Engineer

May 2025 – Present · 11 mos · Dhaka, Bangladesh · On-site

Penetration Testing

Sell bee

Platform Security Engineer (R&D)

Apr 2021 – Oct 2023 · 2 yrs 6 mos · Dhaka, Bangladesh · On-site

  • Develop and execute regular skill gap analyses to assess the team’s offensive security expertise, leveraging findings to shape hiring decisions and professional growth initiatives. Lead red team training programs and mentoring efforts to enhance adversarial simulation skills and foster career development aligned with organizational goals. Design and implement a comprehensive offensive security strategy, including threat emulation, adversary tactics simulations, and breach-and-attack assessments, focusing on increasing automation to improve efficiency and effectiveness.
  • Key Contributions:
  • â—Ź ​Boosted red team efficiency and precision by implementing automated attack simulation tools.
  • â—Ź ​Strengthened team capabilities through tailored training initiatives and strategic skill gap assessments.
  • â—Ź ​Refined offensive security operations by developing a cohesive adversary emulation strategy that integrated diverse attack phases.
Offensive Security StrategyRed Team TrainingThreat EmulationAdversary Tactics SimulationsAutomationPenetration Testing+1

Information warfare center

Information Security Researcher

Jan 2020 – Mar 2021 · 1 yr 2 mos · Colorado, United States · Remote

  • Conducted comprehensive threat assessments by identifying and documenting emerging cyber threats, such as malware, phishing schemes, and APTs. Created and disseminated educational materials to enhance stakeholder awareness of cybersecurity protocols and preventive measures. Executed meticulous vulnerability scans across software systems, employing both static and dynamic testing methods to identify security weaknesses. Designed and demonstrated proof-of-concept exploits to bolster system defenses.
  • Key Contributions:
  • â—Ź ​Advanced integration of modern security practices into cybersecurity research through partnerships with leading industry experts.
  • â—Ź ​Strengthened application security by conducting in-depth analyses using static and dynamic analysis techniques aimed at identifying and rectifying critical vulnerabilities.
  • â—Ź ​Contributed to the cybersecurity community by publishing research findings and analyses aimed at fostering a collective understanding of application security challenges.
  • â—Ź ​Authored the bestselling book "Web Application Hacking, Carnage & Pwnage," significantly influencing the field of web security and serving as a critical educational resource.
Threat AssessmentsVulnerability ScansEducational Material CreationProof-of-Concept ExploitsThreat IntelligenceVulnerability Management

Ssl wireless

Application Security Tester

Jan 2019 – Dec 2019 · 11 mos · On-site

  • Identified potential vulnerabilities in the SSLCommerz Core application by analyzing source code meticulously. Executed comprehensive penetration testing manually and via automated tools to identify security flaws. Partnered with software development teams to classify and rectify vulnerabilities, bolstering application security. Instituted and maintained robust vulnerability management practices to ensure swift identification and resolution of security issues.
  • Key Contributions:
  • â—Ź ​Administered security protocols by managing ongoing surveillance, detection, and response strategies for security breaches.
  • â—Ź ​Reduced overall risk exposure by guiding development teams in the integration of advanced security measures and best practices.
  • â—Ź ​Improved application security by collaborating with development teams to streamline the remediation process for identified vulnerabilities.
  • â—Ź ​Enhanced the security integrity of the SSLCom
Vulnerability ManagementPenetration TestingSource Code AnalysisApplication Security

Education

Alliance Française de Dhaka

A1 — French

Apr 2022 – Apr 2023

North South University

Bachelor of Science - BS — Computer Science And Engineering

Jan 2019 – Feb 2020

Stackforce found 100+ more professionals with Penetration Testing & Threat Intelligence

Explore similar profiles based on matching skills and experience

Gauri G.

Gauri G.

Programmer Analyst

at Cognizant

India3 yrs 6 mos exp
Application SecurityPenetration Testing
Haru S

Haru S

Business Development Lead

at Infotrust (AU)

Melbourne, Australia1 yr 9 mos exp
Cloud SecurityCybersecurity SalesBusiness Development
Omar Ibrahim

Omar Ibrahim

Semi Senior Penetration Tester

at ProResources Technology

Damascus, Syria2 yrs 2 mos exp
Penetration TestingCyber Security Analyst
Karthik reddy Morapelly

Karthik reddy Morapelly

Cyber Security Analyst

at Pinnacle

Hyderabad, India0 mo exp
Micheal Joshuva

Micheal Joshuva

Founder

at AI-SEC COMMUNITY

Devakottai, India10 yrs 8 mos exp
Penetration TestingAI/ML SecurityDevSecOpsSecurity AnalysisWeb Application Penetration Testing
Gopalakrishna P.

Gopalakrishna P.

Associate Consultant

at HCLTech

Bengaluru, India8 yrs 3 mos exp
Application SecurityPenetration TestingVulnerability Management
Ramesh A Shetty

Ramesh A Shetty

Senior Security Delivery Manager - Application Security

at Accenture

Bengaluru, India20 yrs 5 mos exp
Angela 🌌 B.

Angela 🌌 B.

Senior Offensive Security Engineer

at TCM Security

Austin, United States17 yrs 7 mos exp