the only way out, is through.
the only way out, is through.
tech + skills
-
frontend: React • Angular • Vue.js • JavaScript • TypeScript
-
backend: Java • Python • C/C++/C# • Node.js • Ruby • Go• Ruby on Rails • .NET • Express.js • Flask • Django • Spring Boot • RESTful + GraphQL APIs • Docker • Kubernetes • gRPC
-
databases: PostgreSQL • MySQL • MS SQL Server Oracle • MongoDB • Cassandra • Redis • Elasticsearch
-
devops + infra: AWS • Azure • Jenkins • GitLab CI • GitHub Actions • Docker • Kubernetes • OpenShift • Ansible • Terraform • Puppet • Chef
-
AI/ML + data: TensorFlow • PyTorch • Pandas • NumPy • Matplotlib • Tableau • Deep Learning (RNN/CNN) • ETL
-
insights: Prometheus • Grafana • Datadog • ELK • Splunk • Git • Jira • Confluence
-
penetration testing: Metasploit • Burp Suite • nmap • Nessus • ZAP
-
network security: ASA/Palo Alto • Snort/Suricata• VPN • NAC • SSL/TLS • TCP/IP/UDP • SSH
-
application security: Snyk • Semgrep • Socket • Burp Suite • OWASP Top 10 • CIS Controls • NIST SP 800-53
-
IAM + cryptography: Okta • Auth0 •AD •AWS IAM • OAuth2.0 • OIDC • SAML • AES • RSA • ECC • SHA-256 • MD5 • OpenSSL
-
reverse engineering: IDA Pro • Ghidra • Immunity Debugger • Decompilation • GDB • WinDBG • gdbExtract
experience
software security engineer + researcher @ Trustwave SpiderLabs
-
investigated attacks and vulnerabilities for key clients in telecommunications, energy, and national security.
-
provided Core Engineering with actionable research data to develop deep protection against threats based on business needs and GRC requirements.
-
designed test-beds for observing backend and container orchestration architecture, following SSDLC and AppSec best practices (RRAs, tech + architecture design reviews, STRIDE threat modeling [of the app and post-deployment], and code reviews).
-
developed a vulnerability management engine for continuous identification + discovery, triaging, reporting, remediation, and tracking, (in C#, .NET, Python), with 600+ Python check scripts and 96 framework scripts.
-
created an automation tool to support the vulnerability management program, in Ruby, using Ruby on Rails for RESTful APIs, OAuth 2.0 + JWTs for AuthZ, and OpenID Connect for AuthC, with data stored in Amazon RDS (PostgreSQL) and later MongoDB, deployed on ECS.
-
built an aggregator tool to parse security advisories and support new platforms with threat intelligence and develop new automation patterns and algorithms to provide critical patch updates to clients.
-
integrated tooling into CI/CD pipeline (Jenkins,ECS), optimizing workflow by 65%, calculating severities, enforcing SLAs, and tracking vulnerabilities. Defined specific KPIs and reported progress to the C-suite using metrics collected via the above programs.
-
researched modern TTPs, including reverse engineering of malware collected via honeypot recon, to bolster Trustwave’s product offerings and its own security posture.
lead database developer @ Veryon
-
authored, validated, and maintained high-quality, guided troubleshooting solutions for a reasoning engine based on several maintenance manuals for a variety of equipment and systems.
-
developed entire libraries and databases for dataset ingestion, automated RFIs via Powershell scripts, and created Tableau data visualizations of usage analytics for both internal and client-side purposes.
education
bachelor of engineering @ Western U
majored in electrical and computer engineering, with a specialization in information communication and transmission.
languages
- english: native
- hindi: native
- urdu: native
- arabic: intermediate
- french: intermediate
- mandarin: rudimentary
interests
- homelab
- philosophy
- reading
- photography
- dancing
- basketball