Senior Penetration Tester & Security Engineer

ShopSecure - Vulnerability assessment and penetration testing for a European e-commerce platform serving millions of users.

Engaged as part of a 6-member red team to design and execute a full-scale application security program aligned with ISO 27001 and ISO 27034 standards.

Integrated security best practices across the SDLC, including threat modeling, secure code review, penetration testing, and continuous monitoring.

Scoped multiple domains within the client’s IT infrastructure and identified critical vulnerabilities across web, mobile, API, and cloud assets.

Delivered comprehensive security reports detailing severity levels, business impact, and prioritized remediation recommendations.

Collaborated with development teams to implement fixes, resulting in a 60% reduction in externally reported issues year-over-year.

InfraLock - Red team activity and security assessment for an online real estate marketplace based in Pakistan with 5m+ users.

Conducted internal network penetration testing and lateral movement assessment as part of a 5-member red team.

Gained initial access via exposed services, bypassed AV, escalated privileges, and compromised the Domain Controller using Mimikatz.

Delivered remediation guidance and supported patching efforts to strengthen internal defenses and reduce risk exposure.

Technologies used: Python & Bash Scripting, Metasploit Framework, Nmap, Burp Suite Professional, Wireshark, SQLMap, John the Ripper, Hydra, Aircrack-ng, Nessus, Nexpose, Acunetix, Shodan, Censys, OWASP Amass, Dirsearch, Httprobe, Postman, Cobalt Strike.

Conducted vulnerability assessments and penetration testing for platforms such as Synack, Bugcrowd, HackerOne, Intigriti, and YesWeHack.

Analyzed Android/iOS and web applications to uncover critical vulnerabilities, including hardcoded secret keys, zero click account takeovers, and logical flaws.

Scoped and evaluated infrastructure, web apps, APIs, and cloud services, resolving over 100 high-severity vulnerabilities.

Delivered detailed security reports and remediation strategies to clients, reducing security incidents by 35% within six months.

Discovered and reported highly critical vulnerabilities to renowned security teams, contributing to the mitigation of significant threats and safeguarding millions of users globally.

Technologies used: Python, Metasploit, Nessus, Burp Suite, MobSF, AWS, Wireshark, Objection, Frida, APKTool, Ghidra, Azure Security Center, Amazon Inspector, Postman.