Penetration Testing Specialist and Secure Backend Developer

Performed hands-on penetration tests on web apps, APIs, mobile (Android) and network environments; identified and validated real-world security issues like injection flaws, access control problems and privilege escalation paths.

Carried out security tests and reverse engineering on Android apps; analyzed app logic, insecure storage and authentication flows.

Applied offensive security techniques throughout the attack lifecycle on Linux and Windows, including reconnaissance, exploitation, post-exploitation and lateral movement.

Achieved 105th place in the TryHackMe global ranking, demonstrating strong practical experience in offensive security, red teaming concepts and defense awareness.

Worked with industry-standard security tools and methodologies to simulate realistic attack scenarios and delivered actionable findings aligned with OWASP standards.

Developed secure, production-ready REST APIs using Python (FastAPI) and Java (Spring Boot) with JWT/OAuth2 based authentication and role-based access control.

Implemented application security controls in line with OWASP principles, including input validation, authorization, secure data handling and audit logging.

Designed and integrated Keycloak for centralized identity and access management; applied encrypted data storage (field-level encryption) where needed.

Containerized applications using Docker have CI/CD pipelines to support secure build and deployment workflows.

Key projects include a secure note management API and backend services focused on authentication, authorization and API security best practices.