A

Arif ‎

DevOps Manager

Bengaluru, Karnataka, India8 yrs 2 mos experience
Most Likely To Switch

Key Highlights

  • 8+ years in cybersecurity with a focus on application security.
  • Recognized for discovering vulnerabilities for major companies.
  • Expert in building secure SDLC practices in FinTech.
Stackforce AI infers this person is a cybersecurity expert specializing in application security within the FinTech industry.

Contact

LinkedIn

Skills

Core Skills

Application SecurityPenetration TestingOffensive SecurityDevsecopsTechnical WritingCybersecurityLeadership

Other Skills

secure code reviewtrainingethical hackingsecurity vulnerability modulessecurity programsecurity culturesecurity championssecurity vulnerabilitiesweb and network targetstechnical blogscybersecurity contenttechnical expertisecontent reviewinterviewingwriting about penetration testing tools

About

Accomplished Application Security Engineer and Penetration Tester with 8+ years of experience overall in cybersecurity specializing in building secure SDLC practices from the ground up in fast-paced FinTech environments. A strong believer in OpSec and Privacy. Proven expertise in offensive security, including penetration testing, vulnerability research, and secure code review across web, API (REST/GraphQL), and mobile platforms. Passionate about driving proactive security culture through developer education, process automation, and threat modeling. Recognized for discovering vulnerabilities in products by Google, Microsoft, Paytm, etc. Core Competencies Application Security: Secure SDLC, Threat Modeling (STRIDE), Secure Code Review, SAST/DAST/SCA Implementation, OWASP Top 10, OWASP ASVS, API Security (REST/GraphQL), Mobile Security (iOS/Android). Offensive Security: Penetration Testing (PtaaS), Vulnerability Assessment & Management, Bug Bounty Hunting, Network Security (Nmap, Masscan), CVE Research. DevSecOps & Automation: CI/CD Security Integration, Secrets Scanning (TruffleHog, Gitleaks), Infrastructure as Code (IaC) Security, Scripting (Python, Bash, NodeJS). Security Tools: Burp Suite (Pro/Enterprise), Semgrep, Snyk, SonarCloud, OWASP ZAP, Fiddler, Nessus. Cloud & Endpoint Security: AWS Security (WAF, IAM, GuardDuty, Cloudwatch), EDR Implementation & Testing.

Experience

8 yrs 2 mos
Total Experience
3 yrs 4 mos
Average Tenure
7 yrs 9 mos
Current Experience

Independent consultant

Security Consultant

Dec 2023Present · 2 yrs 5 mos · Remote

  • Offering security consultancy services such as secure code review, training and penetration testing to various organisations.
secure code reviewtrainingpenetration testingApplication SecurityPenetration Testing

Stealth startup

Security Engineer

Aug 2021Sep 2023 · 2 yrs 1 mo

  • Built a fully functional security program from scratch, tackling many business challenges. Understood the business challenges and came up with the right solution. Nurtured a culture of security among the team through regular presentations, and, awareness through training and, quizzes. Fostered a program of security champions handing off small security tasks to developers and testing their knowledge which helped scale security by enabling developers to solve security tasks and write secure code.
security programsecurity culturetrainingsecurity championsApplication SecurityDevSecOps

Cybrary

Technical Writer

Feb 2021Mar 2022 · 1 yr 1 mo · Remote

  • As part of the Cybrary Writer’s team, I wrote technical blogs on cybersecurity and, helped guide cybersecurity professionals to develop new skills through the content.
  • Wrote technical articles on cybersecurity such as:
  • https://www.cybrary.it/blog/so-you-want-to-be-an-ethical-hacker/
  • https://www.cybrary.it/blog/dependency-confusion-a-new-supply-chain-attack-technique/
  • and many more
  • As part of the work, I also ensured that they complied with SEO and keyword guidelines.
technical blogscybersecurity contentTechnical WritingCybersecurity

Synack red team

Red Teamer

Jun 2020Sep 2022 · 2 yrs 3 mos · Remote

  • Part of the vetted Synack Red Team.
  • Finding, assessing and reporting security vulnerabilities on hundreds of web and network targets belonging to the largest corporations in the world.
  • Finding and reporting vulnerabilities in Fortune 500 companies
security vulnerabilitiesweb and network targetsOffensive SecurityPenetration Testing

Detectify

Ethical Hacker

Aug 2018Present · 7 yrs 9 mos · Remote

  • In top 60 (all time) as of writing this. Part of the vetted Detectify Crowdsource ethical hacker team which is engaged in finding and submitting critical security vulnerability modules over their platform.
ethical hackingsecurity vulnerability modulesOffensive SecurityPenetration Testing

Secjuice

Leadership Team

Mar 2018Nov 2021 · 3 yrs 8 mos · Remote

  • Providing leadership and technical expertise to the team of cybersecurity writers
  • Ensure technical accuracy of content and review articles
  • Make sure we are able to deliver high-quality content on a regular basis (Sundays)
  • Coordinating with the leadership team for various tasks and programs
  • Taking important decisions
  • Authoring cybersecurity content
leadershiptechnical expertisecontent reviewLeadershipTechnical Writing

Latest hacking news

Technical Writer

Jan 2018Dec 2018 · 11 mos · Remote

  • Interviewed industry leaders and people engaged in different aspects of cybersecurity.
  • I wrote about penetration testing tools and exploits in web applications.
  • The articles were optimized for optimal engagement, SEO, and gained a lot of views for the publication
  • Dates might vary from actual as the work was spread out over a few months on an irregular basis
interviewingwriting about penetration testing toolsTechnical WritingCybersecurity

Education

University

BCA

Stackforce found 100+ more professionals with Application Security & Penetration Testing

Explore similar profiles based on matching skills and experience

Atul kishor Jaiswal

Atul kishor Jaiswal

Senior Security Engineer

at CRED

Bangalore, India9 yrs 1 mo exp
Cloud SecurityIncident Response & ForensicsRed Teaming & Adversary SimulationVulnerability AssessmentVulnerability Management
Yash Thakkar

Yash Thakkar

CTF Player

at Hack The Box

Mumbai, India2 yrs exp
Ethical HackingPenetration Testing
Jiacheng(Gavin) Zhong

Jiacheng(Gavin) Zhong

Privacy Engineer - Red Team

at TikTok

United States2 yrs 8 mos exp
Security ResearchWeb SecurityPwnReverse EngineeringNetwork Security
Edrian Miranda Muñoz

Edrian Miranda Muñoz

Principal cybersecurity analyst

at Syniverse

Santo Domingo District, Costa Rica5 yrs 4 mos exp
Cloud SecurityWeb Application SecurityRed TeamingAzure Active DirectoryIdentity and Access Management
Mike Dame

Mike Dame

Hacker of Time & Space

at The Multiverse

North Palm Beach, United States8 yrs 4 mos exp
Client RelationsMulti-Cloud Penetration TestingOffensive Security ServicesPenetration TestingRed Teaming
Edbert S.

Edbert S.

Cyber Security Consultant (VAPT)

at Confidential.

Marikina, Philippines6 yrs exp
Vulnerability Assessment and Penetration Testing (VAPT)
Jason Ampoloquio, OSCE³

Jason Ampoloquio, OSCE³

Professional Instructor

at De La Salle University

Manila, Philippines12 yrs 8 mos exp
Active Directory
rk narayan

rk narayan

Cybersecurity Blogger

at freelance

Bengaluru, India1 yr 7 mos exp
Malware AnalysisSecurity Information and Event Management (SIEM)Vulnerability Management