Nov 2024 – Present · 1 yr 5 mos · Abu Dhabi Emirate, United Arab Emirates · On-site

• Drive secure architecture design at KATIM, focusing on threat modelling and penetration testing.
• Actively building AI-Powered automation and integration of security tools.
• Collaborated cross-functionally to embed security into development lifecycles and enforce policies.
• Continuously optimising security processes and methodologies to enhance efficiency and resilience.

Mar 2022 – Present · 4 yrs 1 mo

• Yogosha is a crowdsourced cybersecurity platform enabling a win-win collaboration with the most talented hackers to detect and fix vulnerabilities on your most critical systems. Choose your security strategy amongst Bug Bounty, crowdsourced Pentest or CVD, and interact with your selected hackers.

Mar 2022 – Present · 4 yrs 1 mo

• Yogosha is a crowdsourced cybersecurity platform enabling a win-win collaboration with the most talented hackers to detect and fix vulnerabilities on your most critical systems. Choose your security strategy amongst Bug Bounty, crowdsourced Pentest or CVD, and interact with your selected hackers.

Mar 2022 – Feb 2024 · 1 yr 11 mos · United Arab Emirates · Remote

• The primary responsibilities of this role encompass delivering expert information security consulting services to the company's clients, with a particular emphasis on providing application security and penetration testing services. Additionally, there may be other related duties assigned as deemed appropriate.

Aug 2021 – Mar 2022 · 7 mos

• Plan and arrange regular vulnerability assessments and penetration tests for the applications and services within the Emirates Group. Effectively handle all identified security weaknesses throughout their entire life cycle. Share essential knowledge and insights regarding vulnerabilities discovered during assessments with the software engineering teams. Develop tools and scripts to enhance the consistency of the vulnerability discovery process.

Jul 2019 – Aug 2021 · 2 yrs 1 mo

Jun 2019 – Present · 6 yrs 10 mos

• Perform manual penetration testing of web applications, APIs, internal and external networks, iOS and Android mobile applications.
• Work as a member of the pentest team, collaborating and engaging directly with the client.
• Document the results of assessments, audits, tests, and verification activities in detail.
• Perform manual validation of vulnerabilities.
• Perform mobile and web app pen-testing for OWASP top 10 vulnerabilities.

Jun 2018 – Jun 2019 · 1 yr

• Conducted vulnerability assessments and penetration tests for client applications, including comprehensive report generation and follow-up discussions with clients.
• Provided mentorship and guidance to junior engineers and interns, enhancing their skills and professional development.

Oct 2017 – Jun 2018 · 8 mos · Noida Area, India

• Executed security assessments and penetration tests within the Waterfall SDLC framework and recommended corrective actions for discovered vulnerabilities.
• Delivered security awareness training to developers, enhancing their understanding and implementation of best security practices.
• Mentored associates, providing guidance and support to foster their professional growth and development in security roles.

Jul 2017 – Oct 2017 · 3 mos · Ahmedabad, Gujarat, India

• Executed web and mobile application penetration testing and created vulnerability reports as a core security team member.

Jan 2017 – Jul 2017 · 6 mos · Ahmedabad, Gujarat, India

May 2015 – Present · 10 yrs 11 mos

• The Synack Red Team (SRT) gives the most talented security researchers across the globe a platform to do what they love and get paid for it. As a private network of highly-curated and vetted security researchers, the SRT is challenged every day to deliver exploitation intelligence for some of the biggest brands in the world.

Jan 2015 – Present · 11 yrs 3 mos

• Utilise advanced penetration testing techniques and tools to identify and exploit vulnerabilities in mobile and web applications, focusing on common security issues within the scope def ined by diverse bug bounty programs.
• Expertly documented and reported vulnerabilities through detailed technical reports and proof-of-concept (POC) demonstrations, ensuring clear, constructive communication with organizations to facilitate the timely resolution of identified issues.
• https://hackerone.com/armaanpathan