Meerjada Altamas
Cyber Security Researcher
โค๏ธ๐ Fueling my Love for Cybersecurity
๐ Guiding Coding Enthusiasts towards Secure Digital Frontiers
๐ฑ +91 7860660772 | ๐ฌ WhatsApp | LinkedIn
๐ Education
| Course | Institute |
|---|---|
| PG-Diploma in Cyber Security | CDAC, Pune |
| B.Tech in Computer Science | IET, Faizabad |
| 12th Grade | Janta Inter College |
| 10th Grade | St. John's High School |
๐ผ Professional Experience
๐ Cyber Security Researcher โ Indusface
June 2022 โ Present | Bangalore
- Perform penetration testing on IT systems, including web applications, mobile Applications, Network and API infrastructure. Define test procedures, execute tests, create test reports, and follow up on reported weaknesses.
- Perform security assessments and exploit weaknesses using both manual and automated testing methodologies.
- Provide support to other information security functions, such as vulnerability management and incident management.
- Conduct SAST, DAST, IAST, and SCA testing for the application, perform secure code reviews secure SDLC.
- Perform vulnerability assessments on thin and thick client-based applications and conduct security configuration reviews.
- Develop logic for detecting web application scanners, write web application rules, and analyze emerging threats.
- Vulnerability assessment and review audit policy compliance with standards such as OWASP, SANS 25, CIS, ISO 27001, PCI-DSS, GDPR, etc.
- Collaborate with internal teams to enhance security controls and mitigate identified risks. Stay up to date with the latest security threats, vulnerabilities, and attack techniques. Document and report findings, including detailed vulnerability assessments and recommendations, to clients and stakeholders
๐ก๏ธ Cyber Security Consultant โ Aujas Cybersecurity
October 2021 โ June 2022 | Delhi
- Perform vulnerability assessment and penetration testing for the application, infrastructure, network, and database.
- Involves daily assessment of identified vulnerabilities and prioritization through infrastructure scans on both on-premises and cloud systems using automation scanning tools such as Nessus Tenable and QualysGuard.
- Identify security gaps in infrastructure and application security and address these vulnerabilities to application owners and stakeholders with proper mitigation processes.
- Perform vulnerability management duties to enhance security across the organization, prioritize the severity of vulnerabilities, and follow the mitigation process
- Conduct security policy compliance as per security standard
๐งช Security Engineer โ CDAC R&D Mumbai
January 2019 โ October 2021
- Conduct internal and external vulnerability assessment and penetration testing on applications, networks, and infrastructure for application security testing and infrastructure security testing.
- Penetration Testing according to standard methodologies, black box and white box testing, using both automated and manual techniques. Follow compliance policies and conduct configuration reviews as per security standards.
- Identify security gaps in the infrastructure and applications, prepare a comprehensive report, and present these vulnerabilities to clients along with a mitigation plan.
- Vulnerability management duties to enhance security across the organization, prioritize the severity of vulnerabilities and follow the mitigation process after assigning vulnerabilities to different stakeholders.
- Follow the secure SDLC methodology to implement SAST and DAST testing for the application, conduct secure code reviews, identify gaps, communicate them to developers, and explain the mitigation step.
๐ ๏ธ Technical Skills
Cyber Security:
VAPT, Application Security Testing, API, Thick Client, Red Teaming Assessment, Cloud Security, IAM, OWASP, SANS Top 25, Firewall, IDS/IPS, PKI, Nagios, VPN and Proxy, WAF/WAS, Plugin Developer/Signature Developer, Endpoint Security, Automation, CTF Player.
Security Tools:
Burp Suite, Metasploit, Tenable Nessus, QualysGuard, NMAP, WAF, Nikto, Wireshark, Wfuzz, Gobuster, Sqlmap, FTK Imager, Regshot, Ghidra, Shodan, Netcat, John the Ripper, Snort, OSINT, IDA, ProcMon, HxD, PRTG, Drozer, SonarQube, AppScan, Fortify, Snyk, Tenable.io, Trivy.
Networking:
OSI Layer and TCP layer, VPN, Routing and Switching protocols, Wireshark/Tcpdump.
Linux:
User and Group Management, DHCP Server, DNS Server, Web Server, FTP, SSH, Samba, NFS, Load Balancer, Proxy Server, Nginx, Rsyslog, DansGuardian, Cacti, Zabbix.
Windows Servers:
Active Directory, Group Policies, DNS Server, DHCP Server, WDS, RDS, WSUS, IIS, LDAP.
DevSecOps:
GitOps, GitLab, Puppet, Squid, Ansible, ELK, Jenkins, SonarQube, Fortify, Snyk, Trivy, CI/CD Pipeline, SAST, DAST, IAS, SCA, Docker, Container, Kubernetes, and Microservices.
Programming:
Python, JavaScript, Node.js, HTML, Shell Scripting.
Cloud:
AWS and Azure, IAM, Security configuration and review policies.
๐งช Academic Projects
Security Monitoring & Attack Detection Using DMZ
- Multi-layer network protection with firewalls and DMZ
- Implemented attack detection and security monitoring
Analysis & Demonstration of DNS Attacks
- Demonstrated DNS vulnerabilities using Kali Linux
- Proposed countermeasures and defense mechanisms
๐ Certificates
- PG-DITISS โ CDAC
- CNSS โ ICSI Certified Network Security Specialist
- Fortinet NSE 1 & 2 โ Certified Associate
- CEH v11 โ Certified Ethical Hacker
- Certified AppSec Practitioner (CAP)
- API Penetration Testing โ APIsec University