Umar Farook

DevOps Engineer

Bengaluru, Karnataka, India9 yrs 6 mos experience
AI ML PractitionerAI Enabled

Key Highlights

  • Expert in application security and vulnerability research.
  • Led security initiatives for major streaming platforms.
  • Developed open-source tools for reverse engineering.
Stackforce AI infers this person is a Security Engineer specializing in application security and vulnerability research for streaming platforms.

Contact

LinkedIn

Skills

Core Skills

Product SecurityApplication SecurityContent SecurityReverse EngineeringVulnerability ResearchVulnerability AssessmentSecurity Automation

Other Skills

API Security TestingAPI TestingAnomaly DetectionApplication Security AssessmentBinary InstrumentationBurp SuiteCDN SecurityCalculusContinuous Integration and Continuous Delivery (CI/CD)Data PrivacyData ScienceDecision Tree LearningDockerDynamic AnalysisGNU Debugger

About

An experienced Offensive Security Engineer with expertise in application security, vulnerability research, exploit development, and security automation. He specializes in penetration testing, manual source code review, cloud security, reverse engineering, static/dynamic analysis, fuzzing, and developing tools for automating reverse engineering. Having worked across platforms like enterprise file sharing, API gateways, collaboration tools, and OTT platforms and scaled security programs with secure-by-design principles. Passion & Hobby: As an OSCE-certified Security Researcher, spend a lot of time in reverse-engineering proprietary software like DRM and antivirus systems to uncover vulnerabilities and secrets. I have built open-source tools to automate reverse engineering using techniques such as binary instrumentation, static and dynamic analysis, taint analysis, and symbolic execution.

Experience

9 yrs 6 mos
Total Experience
2 yrs 7 mos
Average Tenure
1 yr 7 mos
Current Experience

Jiohotstar

2 roles

Staff Security Engineer

Promoted

Nov 2025Present · 7 mos

  • Lead Product and Content Security initiatives to reduce piracy and security risk across large-scale streaming platforms.
  • Define and enforce Secure SDLC practices, lead architecture and design reviews, and govern security sign-off for critical features.
  • Serve as the security SME for high-risk, business-critical deliverables in collaboration with CISO, CTO, and architecture leadership.
  • Scale org-wide security programs through OKR planning, on-call improvements, and security process maturity.
  • Strengthen playback security and content protection across multi-CDN
Product SecurityContent SecuritySecure SDLCSecurity Process MaturityApplication Security

Senior Security Engineer

Nov 2024Present · 1 yr 7 mos

  • 1. Leading Content Security and Product Security domain at Disney+ Hotstar to reduce the risk of content leak and piracy.
  • 2. Enhancing in-house playback security solutions (PS3, Risk Engine, Anomaly Engine, Device Fingerprinting, DRM Proxy & DRM License Server, Forensic Watermarking, Client Security NDK .. etc) by collaborating with the Security Engineering Team to mitigate content leak and piracy abuse risk across Multi CDN
  • 3. Spearheaded strategies to scale security programs across the organization and subsidiaries
Content SecurityProduct SecurityPlayback SecurityAnomaly Detection

Disney+ hotstar

2 roles

Senior Security Engineer

Jul 2022Nov 2024 · 2 yrs 4 mos

  • 1. Leading Content Security and Product Security domain at Disney+ Hotstar to reduce the risk of content leak and piracy.
  • 2. Enhancing in-house playback security solutions (PS3, Risk Engine, Anomaly Engine, Device Fingerprinting, DRM Proxy & DRM License Server, Forensic Watermarking, Client Security NDK .. etc) by collaborating with the Security Engineering Team to mitigate content leak and piracy abuse risk across Multi CDN
  • 3. Spearheaded strategies to scale security programs across the organization and subsidiaries
Content SecurityApplication SecurityStreaming SecurityCDN Security

Security Engineer II

Oct 2021Jul 2022 · 9 mos

  • 1. Led Content Security and Product Security Initiative at Disney+ Hotstar to reduce content leaks and piracy abuse risk.
  • 2. Implemented strategies to enhance CDN security and mitigate risks effectively across all CDN
CDN SecurityApplication SecurityContent Security

We45

3 roles

Principal Security Analyst

Promoted

May 2021Oct 2021 · 5 mos

  • 1. Led VAPT Assessments for various client working with their Engineering and Product Team as part of the SDLC Process. Incorporate security tools as part of the CI/CD Pipeline with E2E automation, working with the DevOps Team
  • 2. Build new security course, labs, and R&D on Zero-Day Exploits for AppSecEngineer platform
VAPT AssessmentsSecurity Tools IntegrationZero-Day ExploitsVulnerability AssessmentSecurity Automation

Senior Security Analyst

Apr 2018May 2021 · 3 yrs 1 mo

  • Role and Responsibilities
  • Threat Modeling (STRIDE)
  • Application Security Assessment (Web, MicroService, ThickClient)
  • Secure Code Review (PHP, JavaScript, Python, Java, NodeJs, C, C++, C#)
  • Logic Flaw Analysis
  • SAST (Fortify, Open Source Tools) and DAST (Burp Pro, ZAP, AppSpider, NetSpark, Open Source Tools + Custom Python Script)
  • Integrating security tools into CI/CD Pipeline (SDLC)
  • Building custom script to perform regression test
  • Building security library for Robot Framework
  • Automate security tools in CI/CD and collect artifacts for triaging
  • Windows Reverse Engineering (PE File: .exe, .dll, .sys)
  • Malware Analysis (IDA Pro, Ghidra, x64dbg, Immunity Debugger, Ollydbg, LibVMI, Drakvuf, DnsChef, Wireshark, TcpDump)
  • Memory Forensic (Rekall, Volatility)
  • Malware Sandbox (Cuckoo, Any.run, Drakvuf - Custom build on Xen Hypervisor)
  • Virtualization (VirtualBox, VMware, Xen Hypervisor, QEMU, KVM)
  • Participating in-house CTF event (Offensive and Defensive)
  • Research:
  • Automated Malware Sandbox on Xen Hypervisor using Drakvuf  to generate artifacts - https://www.youtube.com/watch?v=FAJb1X2hX2s
  • Drakvuf Console - Log Analysis Toolkit in electron js to extract IOC from the drakvuf log - https://www.youtube.com/watch?v=njZ_FKywiHk
  • Research on  Hypervisor Level Debugger
  • Bug Bounty on Anti Virus Products
  • Zero day research on RPC Protocol and Chrome IPC (Browser Exploitation)
Threat ModelingApplication Security AssessmentSecure Code ReviewApplication SecurityVulnerability Assessment

Associate Security Analyst

Sep 2017Mar 2018 · 6 mos

  • Led VAPT Assessments for various client working with their Engineering and Product Team as part of the SDLC Process. Incorporate security tools as part of the CI/CD Pipeline with E2E automation working with DevOps Team
VAPT AssessmentsSecurity Tools IntegrationTest AutomationVulnerability AssessmentSecurity Automation

Fools of security

Security Researcher

May 2017Present · 9 yrs 1 mo · India

  • 1. As a Security Researcher with OSCE Certification, I spent a lot of time on reverse engineering proprietary software like DRM, Antivirus... etc to uncover vulnerabilities, secrets, and obfuscation techniques.
  • 2.Built open-source tools to automate reverse engineering using the following technique
  • Binary Instrumentation
  • Static & Dynamic Analysis
  • Taint Analysis
  • Symbolic Execution
Reverse EngineeringBinary InstrumentationStatic AnalysisDynamic AnalysisVulnerability Research

Brisk infosec solutions llp

2 roles

Security Engineer

Oct 2016Aug 2017 · 10 mos

  • Led the VAPT Assessment Project for various clients and carried out various security assessments (Web, Network, Mobile, WAF,.etc) along with regression test automation for all findings as part of VAPT report
  • Role and Responsibilities
  • Web Application Penetration Testing, API Testing & Network penetration Testing
  • Automated/Manual Security Testing
  • Web Developement
  • CMS code reviewing and CMS security hardening
  • Server Hardening
  • Open Source Firewall implementation
  • Implement Honey bot
  • Developing Security Testing Tools in Python
  • Implementing open source WAF with custom build Web UI
  • Writing WAF rules for new vulnerability
  • Log monitoring and Analysis using ELK
  • Research on Exploit Development in Linux and Windows
  • Web Application Penetration Testing Standards:
  • OWASP, SANS 25
  • Network Penetration Testing Standards:
  • OSSTMM, PTES
  • Web Application Penetration Testing Tools:
  • Burp Suite, ZAP Proxy, Acunetix, Netsparker, Vega
  • Network Penetration Testing Tools
  • Nmap, Netcat, Metasploit Framework, Nikto, Nessus, OpenVAS, Nexpose, Qualys, Core Impact and other available tools in Kali Linux package.
  • Network Security Tool Developed in Python:
  • ANSE Scanner (Oct - Nov 2016)
  • (https://github.com/briskinfosec/ANSE-SCANNER)
  • Research Project: Integrate Mod Security WAF with ELK (Web UI) for Log Monitoring an Analysis
VAPT AssessmentsSecurity Tools IntegrationTest AutomationVulnerability AssessmentSecurity Automation

WAPT Internship

Sep 2016Oct 2016 · 1 mo

  • I am currently doing WAPT course in brisk infosec Chennai and also I am doing internship in brisk infosec along with my wapt course.
Web Application Penetration TestingAPI TestingNetwork Penetration TestingVulnerability AssessmentApplication Security

Security innovation

Trainee Security Analyst

Jul 2016Aug 2016 · 1 mo · Pune/Pimpri-Chinchwad Area

  • As a trainee security analyst, I worked on web app penetration testing projects

Education

Mepco Schlenk Engineering College

Bachelor’s Degree — Mechanical Engineering

Aug 2012May 2016

Stackforce found 100+ more professionals with Product Security & Application Security

Explore similar profiles based on matching skills and experience

Nikhil Betke

Nikhil Betke

Full Stack Developer

at UBS

Pune, India5 yrs 10 mos exp
Back-End Web DevelopmentDatabase DevelopmentMicroservicesJava DevelopmentFront-End Web Development
Shajakhan Kamalmydeen

Shajakhan Kamalmydeen

Sr Staff IT Architect

at Thermo Fisher Scientific

Bengaluru, India17 yrs 6 mos exp
Technical Solution DesignEnterprise Solution DesignNetwork DesignData Center Infrastructure
Karthikeyan M

Karthikeyan M

Engineering Technical Lead

at Cisco Systems (India) Pvt. Ltd.

Bengaluru, India20 yrs 3 mos exp
Cloud-Native ArchitectureSite Reliability EngineeringTechnical EngineeringCloud EngineeringTechnical Support
Prashanthkumar M

Prashanthkumar M

Expert Engineer

at Eviden

Bengaluru, India9 yrs 3 mos exp
Vulnerability ManagementVulnerability Assessment
PAPAN SAHA

PAPAN SAHA

Security Delivery Consultant

at Accenture

Bengaluru, India10 yrs 7 mos exp
Network SecurityFirewall ManagementInfrastructure Management
Sridhar Perumal

Sridhar Perumal

Senior Information Technology Specialist

at Great Learning

Bengaluru, India3 yrs 8 mos exp
Vulnerability AssessmentEndpoint SecurityTechnical SupportAsset ManagementNetwork Troubleshooting
Ramyasri Murugesan

Ramyasri Murugesan

Teaching Assistant – AI, Data & Systems

at University of North Texas

Denton, United States6 yrs 11 mos exp
Retrieval-Augmented Generation (RAG)Software DevelopmentApplication DevelopmentBackend Development
Sameer Pasha

Sameer Pasha

Principal Engineer

at Microsoft

Bengaluru, India23 yrs 11 mos exp
Linux SecuritySoftware ArchitectureNetwork EngineeringSecuritySoftware Development