Aug 2022 – Dec 2024 · 2 yrs 4 mos · Berlin, Germany · Remote

• Implementing SAST, SCA, IaC, PaC, and DAST as part of the CI/CD pipelines.
• Threat modeling and analyzing software designs, implementations, and infrastructure to identify security issues and design countermeasures.
• Managing penetration test programs on applications and services.
• Define a vulnerability disclosure program (VDP) to identify vulnerabilities in internet-facing services.
• Promoting the shift-left strategy and DevSecOps culture by starting the threat modeling section.

Sep 2021 – Jul 2022 · 10 mos · Berlin, Germany · Hybrid

• Implement SAST, SCA, IaC, PaC, and DAST as part of the CI/CD pipelines.
• Threat modeling and analyzing software designs, implementations, and infrastructure to identify security issues and design countermeasures.
• Manage penetration test programs on applications and services.
• Promote the shift-left strategy and DevSecOps culture by starting the threat modeling section.

Jul 2019 – Aug 2021 · 2 yrs 1 mo · Hamburg Area, Germany · Hybrid

• Perform periodic and on-demand vulnerability assessments and penetration tests.
• Design and evaluate cloud/hybrid infrastructure development leveraging Azure IaaS and PaaS.
• Threat modeling and analyzing software designs, implementations, and infrastructure to identify security issues and design countermeasures.
• Perform security testing and code review as part of the SDLC pipeline to improve software security. (promoting the shift-left strategy and DevSecOps culture).
• Implement SAST, SCA, and DAST as part of the CI/CD pipelines.

Mar 2016 – Dec 2018 · 2 yrs 9 mos · Iran

• ADP Digital is a solution provider for Major banks and major enterprises in Iran by providing Internet Mobile Banking, Short-text-message, and internet notification service, and Datacenter collocation services.
• My role was the responsibility to perform penetration test on their Web application and Mobile application to ensure the security of the app.

Nov 2015 – Apr 2019 · 3 yrs 5 mos · Iran · On-site

• Implement regular Vulnerability assessments and Penetration tests on IT services.
• Review service architecture and perform threat modeling documents for significant services.
• To define and enforce IT infrastructure security checklists for new and existing systems considering the MTN Irancell standards and requirements.
• Develop security tools to automate the IT security process.
• Collaborate with the Bule team to implement and manage SIEM and integrate this solution with IT services.
• Collaborate with ISO auditors to implement ISO27001.
• Collaborate with the DevOps team to find security issues and automate some test cases.

Mar 2008 – Oct 2015 · 7 yrs 7 mos · Iran

• Implement penetration test and provide a related report based on customer request.
• Drive vulnerability assessment program on the customer network.
• Develop and implement a security dashboard for our customers.
• Establish detection and prevention solutions to improve customer security.