Nov 2023 – Oct 2024 · 11 mos · Abu Dhabi Emirate, United Arab Emirates · On-site

• Performed internal and external security assessments for applications and networks, managing vulnerability remediation.
• Led high-value cybersecurity projects including red teaming, attack surface management, and security monitoring.
• Utilized Cymulate BAS platform for threat detection, attack surface management, and conducted risk assessments.
• Developed and implemented cybersecurity strategies to build and enhance enterprise security posture.
• Administered CrowdStrike EDR for security monitoring and managed Botnet/DoS protection using ThreatX.
• Leveraged SIEM, Active Directory audit, User Behavior Analysis, and compliance tools to ensure strong threat detection and adherence to regulatory requirements.
• Protected critical customer-facing applications by identifying key assets and securing customer data against potential threats

Jun 2022 – Nov 2023 · 1 yr 5 mos · Muscat, Masqaţ, Oman · On-site

• Executed comprehensive VAPT for web, mobile, API applications, and wireless networks across multiple industries, also conducted focused security assessments for banking applications.
• Performed ransomware simulation exercises and red teaming engagements to test and improve client incident response and monitoring capabilities
• Applied social engineering techniques such as phishing and vishing to evaluate physical and human security.
• Carried out configuration reviews of network and security devices to ensure secure setups.
• Used advanced methodologies combining automated tools and manual testing for penetration and vulnerability assessments.
• Identified critical vulnerabilities in a top financial institution and received recognition for this achievement, provided expert security consulting to help clients strengthen controls and follow best practices.

Jul 2021 – Feb 2022 · 7 mos · Mumbai, Maharashtra, India · On-site

• Performed external reconnaissance through passive Shadow IT discovery, gathering entity information via OSINT and deep/dark web data.
• Conducted internal and external Red Team assessments, identifying paths to compromise domain controllers and other critical assets.
• Executed comprehensive VAPT, including Active Directory, network, and internet-facing application assessments.
• Developed testing scripts, procedures, and provided expert security consultation to clients.
• Discovered physical security breaches for multiple publicly listed company.
• Presented executive-level reports to C-level stakeholders detailing critical findings and remediation recommendations.
• Led annual cybersecurity audits for well-known companies to ensure compliance and strengthen security posture.

May 2019 – Jun 2021 · 2 yrs 1 mo · Mumbai, Maharashtra, India · On-site

• Proactively identified internet vulnerabilities and misconfigurations to raise cybersecurity awareness among small and medium size businesses.
• Delivered cybersecurity training and specialized penetration testing workshops for colleges, companies, and enthusiasts.
• Created engaging Capture The Flag (CTF) challenges with detailed walkthroughs.
• Streamlined processes through efficient administrative support.
• Strengthened security by applying core vulnerability assessment expertise.