Shazeem Mir

Security Engineer (Offensive | VAPT | Red Teamer)

Avatar placeholder
Lahore, Pakistan

Experience

Mar 2024 - Present
1 year 11 months
Lahore, Pakistan

Security Engineer (Offensive | VAPT | Red Teamer)

Ebryx LLC Pvt. Ltd

  • Executed offensive Red Team operations emulating real-world adversaries across Web, APIs, Mobile, Enterprise Networks, Active Directory, Cloud infrastructure, and AI/LLM-enabled applications.
  • Performed deep exploitation and post-exploitation activities, including lateral movement, privilege escalation, IAM abuse, authorization bypass, prompt injection, and data exfiltration.
  • Assessed application, API, and cloud attack surfaces for OWASP Top 10, OWASP API Top 10, cloud misconfigurations, and emerging AI security risks.
  • Delivered high-fidelity attack narratives and partnered with engineering, cloud, and DevSecOps teams to drive effective remediation and strengthen security posture.
Sep 2022 - Feb 2024
1 year 6 months
Lahore, Pakistan

Information Security Consultant

ISEH

  • Conducted in-depth penetration testing of Web and Mobile applications, identifying critical vulnerabilities and recommending mitigations.
  • Performed comprehensive Network and Data Center Security Assessments, uncovering configuration weaknesses and enforcing best practices for secure architecture design.
  • Applied practical experience in Infrastructure Management, ensuring stable, secure, and compliant environments aligned with organizational policies.
  • Delivered detailed and actionable Assessment Reports, effectively communicating technical findings to both technical teams and executive stakeholders.
Nov 2020 - Oct 2022
2 years
Lahore, Pakistan

Cyber-Security Trainer

PDC KICS University of Engineering and Technology

  • Delivered comprehensive training in Web Application and Network Penetration Testing, aligning course content with industry standards such as CEHv11 methodologies.
  • Trained and mentored international students (Europe, Asia, Middle East, Africa), ensuring measurable growth in technical proficiency.
  • Developed and executed practical lab exercises, replicating real-world attack and defense scenarios to enhance learner engagement and retention.
  • Continuously updated training material to reflect emerging threats, tools, and methodologies.

Summary

Cybersecurity professional with 3+ years of delivering measurable security outcomes through penetration testing and red teaming across Web, API, Network, Active Directory, Mobile, and Cloud environments, with additional experience assessing AI/LLM-enabled applications for security risks such as prompt injection, insecure API usage, data exposure, and access control weaknesses. Combines offensive security expertise, Application and Cloud Security knowledge, and OSCP-backed hands-on rigor to simulate real-world attacks, uncover high-impact risks, and drive practical, standards-aligned remediation aligned with OWASP, MITRE ATT&CK, and emerging AI security best practices.

Skills

  • Penetration Testing, Red Teaming, And Vulnerability Assessment (Vapt).
  • Web Application Security, Api Security, Mobile Security, And Cloud Security Testing.
  • Active Directory Security, Network Security, And Infrastructure Assessment.
  • Ai/llm Application Penetration Testing, Including Prompt Injection And Data Leakage.
  • Frameworks: Owasp Top 10, Owasp Api Top 10, Sans Cwe Top 25, Mitre Att&ck.
  • Manual And Automated Security Testing Methodologies.
  • Scripting And Automation Using Python And Bash.
  • Ci/cd Security Integration, Sast, Dast, And Software Composition Analysis (Sca).
  • Cloud Platforms: Aws, Azure, Gcp (Iam, Networking, Storage Security).
  • Vulnerability Management, Risk Assessment, And Security Reporting.
  • It Security.
  • Penetration Testing Of Web App / Mobile App / Api / Network / Active Directory / Cloud / Thin & Thick Client.
  • Vulnerability Assessment.
  • Sast.
  • Dast.
  • Owasp Top 10.
  • Reverse Engineering.
  • Cloud Security (Aws).
  • Container Security (Docker/kubernetes).
  • Ci/cd Security (Gitlab).
  • Secure Devops Practices.
  • Security Awareness Training.
  • Information Security.
  • Infrastructure Security.
  • Red Teaming.
  • Linux & Windows Administration.
  • Security Research.
  • Exploit Development & Modification.
  • Iso 27001.
  • Cloud Security.
  • Bash Shell Scripting.
  • Python.
  • Basics Of Php.
  • Html & Javascript.
  • Burpsuite Pro.
  • Zap.
  • Metasploit.
  • Hydra.
  • Wayback.
  • Shodan.
  • Censys.
  • Maltego.
  • Kerbrute.
  • Bloodhound.
  • Crackmapexec.
  • Responder.
  • Hashcat.
  • Mimikatz.
  • Rpcclient.
  • Winrm.
  • Frida.
  • Objection.
  • Adb.
  • Apktool.
  • Jadx.
  • Ghidra.
  • Owasp Amass.
  • Nvidia Garak.
  • Llm Guard.
  • Cis Benchmark.
  • Aws Cli.
  • Nessus Pro.
  • Acunetix.
  • Nikto.
  • Git.
  • Codeql.
  • Dependabot.
  • Vmware Esxi / Fusion.
  • Wireshark.
  • Postman.
  • Zap Headless Api.
  • Restler.

Languages

English
Advanced

Education

Oct 2014 - Jun 2018

Lahore Leads University

Bachelor of Science, Software Engineering · BS Software Engineering · Lahore, Pakistan

Certifications & licenses

CYBERWARFARE LABS Multi-Cloud Red Team Analyst (mCRTA)

CYBERWARFARE LABS

EC-Council Certified Ethical Hacker (CEH)

EC-Council

INE eLearnSecurity Certified Professional Penetration Tester v2 (eCPPTv2)

INE eLearnSecurity

OFFSEC Offensive Security Certified Professional (OSCP)

OFFSEC

TheSecOps Certified AppSec Practitioner (CAP)

TheSecOps

Need a freelancer? Find your match in seconds.
Try FRATCH GPT
More actions

Similar Freelancers

Discover other experts with similar qualifications and experience

Ayesha Aziz
Ayesha Aziz

Senior Penetration Tester & Security Engineer

View Profile
Stefan Radushev
Stefan Radushev

ISO27001 Certification

View Profile
Seyed farhad Miri
Seyed farhad Miri

Senior Product Security Engineer

View Profile
Mohit Dabas
Mohit Dabas

Senior Security Technologist

View Profile
Niels Aerts
Niels Aerts

Azure Architect

View Profile
Syed ghazanfar Abbas
Syed ghazanfar Abbas

Information Security Consultant

View Profile
Muhammad Daniyal
Muhammad Daniyal

Senior Penetration Tester

View Profile
Rick Grassmann
Rick Grassmann

Interim IT Security Analyst

View Profile
Ahmad Moaaz
Ahmad Moaaz

Senior Security Consultant

View Profile
Sokol Çavdarbasha
Sokol Çavdarbasha

Cybersecurity Engineer

View Profile
Alexander Nagy
Alexander Nagy

Security Expert

View Profile
Erlijn Van genuchten
Erlijn Van genuchten

Science communicator and change manager

View Profile
Mallikharjun Swamy
Mallikharjun Swamy

Bug Bounty Hunter | Cybersecurity Researcher | Pentester

View Profile
Pierre Gronau
Pierre Gronau

Ansible Automation, Windows Third Level Support

View Profile
Maryam Mouzarani
Maryam Mouzarani

AI Red Team Engineer

View Profile
Ali Yazdani
Ali Yazdani

Principal Product Security Engineer

View Profile
Udayan Sarkar
Udayan Sarkar

Head – IT Infrastructure & Cyber Security

View Profile
Kazim Rizvi
Kazim Rizvi

Principal Security Architect - Contract Hands on

View Profile
Hossam Abdelaziz
Hossam Abdelaziz

Freelance Cybersecurity Specialist

View Profile
Valeri Milke
Valeri Milke

Associate Partner - Information Security Consulting

View Profile
Sascha Leitner
Sascha Leitner

CEO

View Profile
Rashida Alexander
Rashida Alexander

Security Research Engineer

View Profile
Markus Willems
Markus Willems

KRITIS Consultant

View Profile
Henryk Orantek
Henryk Orantek

Security Consultant

View Profile
Patrick Beck
Patrick Beck

AML Officer

View Profile
Obad Zafar
Obad Zafar

Cybersecurity Trainer

View Profile
Erald Kerciku
Erald Kerciku

AWS Cloud Solutions Architect

View Profile
Alexander Sänn
Alexander Sänn

Owner and Managing Director

View Profile
Christian Decker
Christian Decker

Managing Director and Senior Consultant

View Profile
Petr Pospíšil
Petr Pospíšil

Vetted Expert

View Profile