Might be available
(Updated 2023-12-13)Seasoned InfoSec Professional
Dhaka, Bangladesh
Native English, Bengali
- Expert SSDLC implementer
- 10+ ISO 27001 Certification Implementation
- 200+ Pentest Project Completed
Skills (43)
PCI
RISK ASSESSMENT
Cyber Security
MENTOR
WEB APPLICATION TESTING
VULNERABILITY ASSESSMENT
SECURITY POLICIES
TEST CASES
QA
SECURITY ENGINEERING
FUNCTIONAL TESTING
SIEM
Vulnerability Detection
BLACK BOX TESTING
Chief Security Officer
INFOSEC
TEST PLANS
TECHNICAL REQUIREMENTS
SOC
CDN
FIREWALL
PAYMENT CARD INDUSTRY
REGRESSION TESTING
DIGITAL MEDIA
CODING
Content Distributed Network
MALWARE
Vendor Products
BI-LINGUAL
AUDIT
Incident Management
REMEDIATION
INTERNAL AUDITS
INSTRUCTOR
AUTOMATED TEST SCRIPTS
REVERSE ENGINEERING
TESTING PROGRAMS
CISSP
VALUE ANALYSIS
AWS CERTIFIED
BILINGUAL
MAINTENANCE
OPERATIONS
Summary
Seasoned security professional with 14+ years of demonstrated
experience both building and breaking applications, networks and clouds seeking a challenging engagement. Core technical
competencies include application security architecture, web
application and thick client penetration testing, reverse engineering,
network penetration testing, and threat modeling, DevSecOps,
SSDLC Implemtor, SAST, DAST, IAST, OSINT with a keen eye for business value and growth.
Expert In
1. Application Penetration Testing with the recommendation for remediation against OWASP Top 10, SANS 24 etc.
2. Complete security assessment of Application with the recommendation for remediation with HIPAA, ISO 27001, DISA
STIG, OWASP ASVS, PCI DSS WASC Threat Classification
3. Cloud (AWS) infrastructure complete vulnerability assessment,
security & penetration testing with the recommendation for remediation HIPAA, PCI DSS
4. Static and Dynamic code analysis (SAST & DAST) with the recommendation for remediation as a part of SSDLC
5. Reconnaissance - Open Source Intelligence (OSINT) using
Datasploit, Spiderfoot, foca pro, Buscador, Maltego, Recon-ng,
Shodan, theHarvester etc.
6. API Security
7. Malware, Phishing, Breach, data leakage detection
8. Firewall audit and configure
9. Security and penetration testing trainer
10. Android and iOS application vulnerability detection and security
testing
11. Hands-on S-SDLC Implementation
12. DevSecOps
13. Integration of security in CI/CD automation
Certification Achieved -
1. CEH v10 - Certified Ethical Hacker v10
2. ECSA v9 - EC- Council Certified Security Analyst v9
3. CEI v2 - Certified EC-Council Instructor v2
4. Certified Application Security Engineer - Java
5. Licensed Penetration Tester (Master)
6. Alien Vault Certified Security Engineer (Training done waiting to sit
for the Exam)
7. CISSP - Certified Information Systems Security Professional (ISC2 Training done waiting to sit for the Exam)
8. ISO 27001 Lead Implementor.
9. Microsoft Certified: Azure Security Engineer Associate (AZ - 500)
10. AWS Certified Security - Specialty
11. Professional Cloud Security Engineer (GCP)
12. Certified Information Security Manager® (CISM)
Professional Experience
2021-07 - Present
2019-01 - Present
2018-09 - Present
6. API Security 7. Malware, Phishing, Breach, data leakage detection 8. Firewall audit and configure 9. Security and penetration testing trainer 10. Android and iOS application vulnerability detection and security testing
2021-07 - 2021-09
2020-11 - 2021-05
2019-02 - 2020-08
6. API Security Testing 7. Malware, Phishing, Breach, data leakage detection 8. Firewall audit and configure 9. Security Awareness training for developers 10. Android and iOS application vulnerability detection and security testing 11. Hands-on S-SDLC Implementation 12. DevSecOps 13. Integration of security in CI/CD automation
2015-01 - 2019-01
* Run vulnerability/penetration tests/gap assessments.
* Review and audit application/database logs and respond to alerts.
* Manage and coordinate with the Chief Security Officer incident response and mitigation plans to address cause(s).
* Secure software design - translating security requirements into application design elements * Secure software implementation/coding-work with QA to implement unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation * Software acceptance - security implication in the software acceptance phase * Software Deployment, Operations, Maintenance and Disposal-security issues around steady state operations and management of software * In conjunction with the Chief Security Officer, serve as Augmedix's security point person on Infrastructure and Application Development security issues.
* Identify and implement missing key security program elements that may include security policies, procedures, guidelines, procedures, controls, trainings, metrics and technologies.
* Perform internal audits * Work with external audit entities to ensure compliance.
* Review responses to client security questionnaires and RFPs.
* Advise IT leadership concerning technology architecture, and configuration of IT infrastructure and applications to improve security.
* Research business and technical requirements and evaluate vendor products and services.
* Perform related duties as requested or assigned.
2013-04 - 2015-01
* Prepare the Test Bed.
* Conduct all type of testing which includes Black Box testing, GUI testing, Regression testing, Functional and non-Functional testing, Integration testing, Localization testing, Security testing, Smoke testing.
* Boundary Value Analysis of the CDN management tool using Positive and Negative testing.
* Monitoring the server log report using the Linux terminal.
* Execute test cases.
* Update the test result document.
* Log the defects using defect tracking tool and report bug findings.
* Verify defects.
* Discuss doubts and queries with the development team or client.
* Monitoring bug status on JIRA.
* Prepare several checklists such as Version Update, Usability Checklist.
* Web Application Testing Checklist.
2010-09 - 2013-03
* Design test plans, scenarios, scripts, or procedures.
* Test system modifications to prepare for implementation.
* Visit beta testing sites to evaluate software performance.
* Update automated test scripts to ensure currency.
* Develop or specify standards, methods, or procedures to determine product quality or release readiness. Understand the project requirements.
* Prepare the Test Bed.
* Conduct all type of testing which includes Black Box testing, GUI testing, Regression testing, Functional and non-Functional testing, Integration testing, Localization testing, Security testing, Smoke testing.
* Attending the conference call with the foreign client as well as mail correspondence.
* Identify bugs & report them in the Bug Tracking System - (TFS)
2009-05 - 2010-08
* Perform or direct website updates.
* Write, design, or edit web page content, or direct others producing content.
* Confer with management or development teams to prioritize needs, resolve conflicts, develop content criteria, or choose solutions.
* Analyze user needs to determine technical requirements.
* Write supporting code for web applications or web sites.
2007-04 - 2009-04
* Design, build or maintain websites, using authoring or scripting languages, content creation tools, management tools, and digital media.
* Perform or direct website updates.
* Write, design, or edit web page content, or direct others producing content.
* Confer with management or development teams to prioritize needs, resolve conflicts, develop content criteria, or choose solutions
Academic Background
2004-01 - 2007-01