Najam Ul Saqib

I am currently working as a Security Engineer at Contour Software, as part of the Perseus Group where I am responsible for handling the red team operations and conducting vulnerability assessment and penetration testing (VAPT) for three business units, Charter Software, Ideal, C-Systems.In this role, I am responsible for identifying and mitigating security risks in the organization’s applications, and ensuring the security of their Azure infrastructure by applying my cloud security skills.

• Reviews current corporate policies and helps redefine policies and procedures
• Manages security monitoring and threat detection systems for cloud environments i.e. Azure
• Supports cloud compliance/certification activities and participates in security audits/reviews.
• Provides consulting and influences other teams to mature cloud security.
• Serves as a security expert and provides technical leadership to other staff members.
• Conducts security reviews of web applications, services, integrations, and APIs
• Pinpoints methods and attack surfaces attackers use to exploit weaknesses and logic flaws
• Conducts Cloud & Network infrastructure reviews, Systems infrastructure, Application configurations, and Software Code reviews.
• Reviews maintain and enhance current scanning and testing tools
• Verifies security vulnerabilities identified by automated tools
• Performs manual testing to supplement results of automated scanning and testing tools
• Documents identified security vulnerabilities and related matters in a clear, concise, and timely manner
• Meet with the operations and application teams to review and explain identified security vulnerabilities and possible remediation
• Resolves issues and provides statuses that may impact testing
• Applies fixes and remediation for detected vulnerabilities to maintain a high-security standard
• Organizes/facilitates retest of infrastructure, system, and application updates or deployed remediation logic to verify resolution of security vulnerabilities
• Maintains confidentiality of authentication credentials, sensitive application information, and test results before, during, and after completing testing and/or retesting
• Investigates potential security breaches and other cybersecurity incidents
• Works with R&D, Cloud, Support, and QA Teams to perform tests and uncover potential network/systems/application vulnerabilities

I had the opportunity to work as an Application Security Engineer at Systems Ltd, where I was responsible for ensuring the security of the organization’s web applications. My primary expertise was in performing static application security testing (SAST), vulnerability assessment and penetration testing (VAPT) and also performed red teaming. During my tenure, I was responsible for identifying and mitigating security risks in the organization’s systems and networks by mimicking the actions of a malicious attacker.

• Reviews current corporate policies and helps redefine policies and procedures
• Manages security monitoring and threat detection systems for cloud environments
• Supports cloud compliance/certification activities and participates in security audits/reviews.
• Provides consulting and influences other teams to mature cloud/DevOps security.
• Serves as a security expert and provides technical leadership to other staff members.
• Conducts security reviews of web applications, services, integrations, and APIs
• Pinpoints methods and attack surfaces attackers use to exploit weaknesses and logic flaws
• Conducts Cloud & Network infrastructure reviews, Systems infrastructure, Application configurations, and Software Code reviews.
• Reviews maintain and enhance current scanning and testing tools
• Verifies security vulnerabilities identified by automated tools
• Performs manual testing to supplement results of automated scanning and testing tools
• Documents identified security vulnerabilities and related matters in a clear, concise, and timely manner
• Meet with the operations and application teams to review and explain identified security vulnerabilities and possible remediation
• Resolves issues and provides statuses that may impact testing
• Applies fixes and remediation for detected vulnerabilities to maintain a high-security standard
• Organizes/facilitates retest of infrastructure, system, and application updates or deployed remediation logic to verify resolution of security vulnerabilities
• Maintains confidentiality of authentication credentials, sensitive application information, and test results before, during, and after completing testing and/or retesting
• Investigates potential security breaches and other cybersecurity incidents
• Works with R&D, Cloud, Support, and QA Teams to perform tests and uncover potential network/systems/application vulnerabilities

I had the opportunity to work as a Software Engineer at Tkxel, where I was responsible for the development of web applications using the MERN stack (MongoDB, Express.js, React.js, Node.js). During my tenure, I was involved in the entire software development life cycle and had the opportunity to work on projects from requirements gathering to deployment.

• Worked on developing web applications using MERN stack (MongoDB, Express.js, React.js, Node.js)
• Worked on various AWS services such as EC2, S3, SES, etc
• Involved in the entire software development life cycle, including requirements gathering, design, development, testing, and deployment.
• Built reusable, testable, and efficient code.
• Participated in code reviews and pair programming sessions to improve the overall quality of the codebase
• Collaborated with cross-functional teams and stakeholders to deliver high-quality, scalable and performance optimized web applications
• Worked closely with the team to ensure on-time delivery of projects, and handled the technical aspects of the project
• Assisted in implementing new features, fixing bugs and providing technical support to the team
• Contributed to the development of best practices and guidelines for software development within the team.
• Staying up to date with the latest technologies and programming concepts to improve the performance of the applications