tech + skills

  • frontend: React • Angular • Vue.js • JavaScript • TypeScript

  • backend: Java • Python • C/C++/C# • Node.js • Ruby • Go• Ruby on Rails • .NET • Express.js • Flask • Django • Spring Boot • RESTful + GraphQL APIs • Docker • Kubernetes • gRPC

  • databases: PostgreSQL • MySQL • MS SQL Server Oracle • MongoDB • Cassandra • Redis • Elasticsearch

  • devops + infra: AWS • Azure • Jenkins • GitLab CI • GitHub Actions • Docker • Kubernetes • OpenShift • Ansible • Terraform • Puppet • Chef

  • AI/ML + data: TensorFlow • PyTorch • Pandas • NumPy • Matplotlib • Tableau • Deep Learning (RNN/CNN) • ETL

  • insights: Prometheus • Grafana • Datadog • ELK • Splunk • Git • Jira • Confluence

  • penetration testing: Metasploit • Burp Suite • nmap • Nessus • ZAP

  • network security: ASA/Palo Alto • Snort/Suricata• VPN • NAC • SSL/TLS • TCP/IP/UDP • SSH

  • application security: Snyk • Semgrep • Socket • Burp Suite • OWASP Top 10 • CIS Controls • NIST SP 800-53

  • IAM + cryptography: Okta • Auth0 •AD •AWS IAM • OAuth2.0 • OIDC • SAML • AES • RSA • ECC • SHA-256 • MD5 • OpenSSL

  • reverse engineering: IDA Pro • Ghidra • Immunity Debugger • Decompilation • GDB • WinDBG • gdbExtract

experience

software security engineer + researcher @ Trustwave SpiderLabs

  • investigated attacks and vulnerabilities for key clients in telecommunications, energy, and national security.

  • provided Core Engineering with actionable research data to develop deep protection against threats based on business needs and GRC requirements.

  • designed test-beds for observing backend and container orchestration architecture, following SSDLC and AppSec best practices (RRAs, tech + architecture design reviews, STRIDE threat modeling [of the app and post-deployment], and code reviews).

  • developed a vulnerability management engine for continuous identification + discovery, triaging, reporting, remediation, and tracking, (in C#, .NET, Python), with 600+ Python check scripts and 96 framework scripts.

  • created an automation tool to support the vulnerability management program, in Ruby, using Ruby on Rails for RESTful APIs, OAuth 2.0 + JWTs for AuthZ, and OpenID Connect for AuthC, with data stored in Amazon RDS (PostgreSQL) and later MongoDB, deployed on ECS.

  • built an aggregator tool to parse security advisories and support new platforms with threat intelligence and develop new automation patterns and algorithms to provide critical patch updates to clients.

  • integrated tooling into CI/CD pipeline (Jenkins,ECS), optimizing workflow by 65%, calculating severities, enforcing SLAs, and tracking vulnerabilities. Defined specific KPIs and reported progress to the C-suite using metrics collected via the above programs.

  • researched modern TTPs, including reverse engineering of malware collected via honeypot recon, to bolster Trustwave’s product offerings and its own security posture.

lead database developer @ Veryon

  • authored, validated, and maintained high-quality, guided troubleshooting solutions for a reasoning engine based on several maintenance manuals for a variety of equipment and systems.

  • developed entire libraries and databases for dataset ingestion, automated RFIs via Powershell scripts, and created Tableau data visualizations of usage analytics for both internal and client-side purposes.

education

bachelor of engineering @ Western U

majored in electrical and computer engineering, with a specialization in information communication and transmission.

languages

  • english: native
  • hindi: native
  • urdu: native
  • arabic: intermediate
  • french: intermediate
  • mandarin: rudimentary

interests

  • homelab
  • philosophy
  • reading
  • photography
  • dancing
  • basketball