Bypassing Enterprise Security ControlsConducted vulnerability assessments and penetration testing on web and mobileapplications providing detailed reports and remediation guidance.Perform Black Box Penetration Testing to gain Foothold for Further AttacksPerform Red Team Activities to Test Enterprise Security ControlsConduct Phishing attacks to gain initial access in enterprise environment

Penetration Testing • Perform penetration testing of StrikeReady web application, API and cloud to identify security vulnerabilities.• Assess risk levels and offer remediation recommendations accompanied by detailed penetration testing reports.• Design and establish security policies, procedures, and standards for StrikeReady's infrastructure.• Communicate with internal and external stakeholders to provide input on security matters• Develop and maintain scripts for automated testing and assessment of security risks• Track, report, and remediate security issues identified during testingSecurity Operation • Deploy, manage, and fine-tune a distributed cloud-based security operations center (SOC).• Creating and presenting SOC reports on weekly, and monthly basis.• Identifying and extracting existing Cobalt Strike beacons through threat hunting.• Automatically blacklist IP addresses using Python, utilizing web scraping methods• Implementing email alert systems to ensure timely responses to critical alerts.DevSecOps • SAST / DAST / SCA / SBOM • Kubernetes Security Monitoring• Cost Reduction of 67,000 $ /Month• Container Vulnerability ManagementCloud Red Team • Red Team operations focused on initial access tactics • Mapping external and internal attack surfaces • Red Team Adversary Emulation With Caldera

Application Security & Penetration Testing • Performing OSINT and assessing external attack surfaces for clients.• Conducting black box and grey box penetration tests tailored to client requirements.• Conduct penetration testing for web applications, mobile apps, APIs, and thick clients.• Generating comprehensive security test reports and related documentation.• Implementing DevSecOps practices, conducting code reviews, and monitoring Kubernetes (K8) security maturity.ICS Security • Test MITRE for Industrial Control Systems• Implement NIST SP 800-82 and IEC 62443• Conducting industrial control system penetration testing• Deploying network security monitoring for OT, ICS, and SCADA systems.Vulnerbility Management • Develop a vulnerability management program.• Montthly VA MIS reports for team and higher management • Managing network vulnerabilities using Nessus ,Rapid7 InsightVM and Qualys • Identifying gaps in vulnerability management and enhancing the vulnerability assessment procedures.• Generate monthly vulnerability assessment MIS reports for both the team and senior management.Security Operation• Conducting automated red teaming using adversary emulation tools.• Deploying network security tools to monitor client resource security events.• Enhancing client security through purple teaming and integrating threat sharing tools.

• Documentation and Reporting• Web Application Penetration Testing• Mobile Application Penetration Testing• Open-Source Intelligence Gathering (OSINT)• Vulnerability Assessment using Automated Tools