Summary
Overview
Work History
Education
Skills
Certification
Accomplishments
Work Availability
Work Preference
LANGUAGES
Websites
Timeline
Hi, I’m

Bilal Khan

Team Lead - Product Security Engineer
Mumbai,MH

Summary

Over 14 years in Cyber Security. Deep expertise in Web and Mobile applications, thick client, API, Vulnerability Assessment, Penetration Testing, DevSecOps, and Cloud Security. Proven track record in team leadership, mentorship, project initiatives, and conducting 1:1 sessions and security trainings. Experience spans Product-based organizations and Consulting firms.

Overview

15
years of professional experience
8
Certificates
4
Languages

Work History

ConnectWise LLP
Mumbai

Principal Product Security Engineer
10.2022 - Current

Job overview

  • Implemented a secure code practice platform by leveraging SecureCodingDojo and provided a training to development teams, resulting in a 30% reduction in security vulnerabilities
  • Led and conducted Internal Penetration testing and Threat Hunting to identify vulnerabilities in a web applications and API including network/ infrastructure
  • Reporting and conducting vulnerability triage with development teams on timely basis
  • Successfully led and mentored interns, Implemented PTES (Penetration Testing Execution Standard) methodology within the organization, and conducted 1:1 sessions
  • Shift-left initiative by creating Security Championship program and ensuring that development teams are building applications in secure manner, right from initial phase of designing
  • Worked with DevOps team to integrate security tools in Pipeline to detect vulnerabilities in source code
  • Updated technical documentation, product specifications and technical training materials
  • Integrated Snyk tool in GitLab and Jenkins Pipeline to perform SCA, SAST, Container and IaC Scans to identify vulnerabilities and notify to development team about Pipeline build
  • Conducted internal security awareness trainings, CTF and phishing campaigns to educate employees about security best practices and raise awareness about potential risk

Accenture
Mumbai

Technology Security Associate Manager
07.2021 - 10.2022

Job overview

  • Led projects and analyzed data to identify opportunities for improvement
  • Led one of the largest security assessment project where around more than 100+ applications were in scope for SAST, DAST, SCA and Penetration testing including DevSecOps
  • Managed a team of 4 members, active participants in quality result driven and reviewing the assessment outcome
  • Closely worked with development / Infrastructure team for remediation plan to fix the identified vulnerabilities in timely manner
  • Created a labs for vulnerable machines to host a Capture The Flag (CTF) event within the organization
  • Trained team to execute security testing projects

KPMG
Mumbai

Manager
01.2020 - 07.2021

Job overview

  • Delivered various projects and worked with clients across multiple geographies including Middle East, Canada and United States and has experience serving across a different domain such as Banking, Telecom, Retail and Pharmaceutical
  • Performed Security Testing on 100+ Web and 30+ Mobile (Android) based applications
  • Performed Vulnerability Assessment and Penetration Testing on 600+ IP's
  • Prepared comprehensive client reports detailing the outcome of all testing with appropriate recommendations and discussed with different stakeholders to make them understand
  • Assisted project team in understanding risk & threat level associated with reported vulnerabilities according to business criticality
  • Conducted Secure Configuration & Endpoint review to identify gaps, recommended technical solutions, process, and procedures to check and reinforce security best practices on the network
  • Developed Minimum Security Baseline/ MBSS for Network devices, Windows Servers, Linux Servers, Docker and Container
  • Conducted risk and business development work such as responding to RFP, making proposals and costing sheets
  • Implemented DevSecOps culture in the client environment and helping clients to implement Secure SDLC for application development and deployment

Cornerstone OnDemand
Mumbai

Application Security Engineer
06.2019 - 01.2020

Job overview

  • Performed Penetration Testing on Web, thick client and Mobile Applications rolled out before the quarterly release
  • Monitor, Maintain and enhance the Vulnerability Management Program for defects and vulnerabilities observed
  • Developed GSL (Governance Specification Language) rules and alerts for Dome9 to monitor the current security posture of the AWS environment
  • Performed project leadership tasks on selected security projects to improve and enhance security posture
  • Integrated an automated DAST Web app and API scanning by using Burp Suite, Selenium, Postman and Jenkins as well as Software Composition Analysis (SCA) tool i.e. Snyk to identify vulnerabilities in the open source or third-party libraries in the CI/CD Pipeline
  • Conducted social engineering attack's for number of clients across sectors that included creating and running a tailored and targeted phishing and vishing campaign for the client organization's employees to make them submit their sensitive corporate information such as email id, username, password, employee number
  • Validated and verified system security requirements definitions and analyzed system security designs

Continuum Managed Solutions Pvt. Ltd
Mumbai

Principal Quality Engineer
01.2011 - 05.2019

Job overview

  • Active involvement with various Development teams starting from design phase to product development
  • Managed a team of 5 members and tracked the progress of testing and release cycle
  • Involved in System testing and acceptance testing and analyzing business and end user requirements, preparation of test strategy and test plan, verifying and approving the test environment
  • Created Analysis reports on JIRA and Confluence, and manage the test cases and results in TestRail
  • Assessed software bugs and compiled findings along with suggested resolutions for development team members
  • Gathered data on integration issues and vulnerabilities and outlined improvement recommendations
  • Created accurate and successful test scripts to manage automated testing of certain products and applications
  • Wrote and optimized test cases to maximize success of manual software testing with consistent, thorough approaches
  • Closely worked with the developers to identified the cause of error and to find the possible solution for same
  • Worked with InfoSec team, to perform common vulnerability assessment for web application like broken authentication / authorization, XSS, SQL Injection etc

Education

University of Mumbai
India

Bachelor of Science from Information Technology
01.2010

University Overview

GPA: 71.48%

Maharashtra Board
India

Higher Secondary Certificate
01.2006

University Overview

GPA: 67.17%

Maharashtra Board
India

Secondary School Certificate
01.2004

University Overview

GPA: 67.73%

Skills

Application Security testing

undefined

Certification

Certified Red Team Expert (CRTE) (08/2023)

Accomplishments

Accomplishments
  • Employee of the Year - Employee of the Year for best performance in testing and managing the applications
  • Team Maestro Security Award - Awarded with Team Maestro for Security Incident handling
  • Spot Award - Spot award for fixing the clients server critical issue within a 24 hour
  • Team Award - Awarded with Team Award for best application implementation and integration
  • STAR Performer - Awarded with STAR Performer for the Quarter release
  • ENCORE - Rising Star Award - Awarded with Rising Star Award for the Quarter 1 – April 2020 – June 2020 in KPMG
Availability
See my work availability
Not Available
Available
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse

Work Preference

Work Type

Full Time

Location Preference

On-SiteRemoteHybrid

Salary Range

$45000/yr - $100000/yr

Important To Me

Flexible work hoursCareer advancementStock Options / Equity / Profit SharingPersonal development programs

LANGUAGES

English - Professional Working Proficiency
Hindi - Full Professional Proficiency
Marathi - Limited Working Proficiency
Urdu - Professional Working Proficiency

Timeline

Principal Product Security Engineer
ConnectWise LLP
10.2022 - Current
Technology Security Associate Manager
Accenture
07.2021 - 10.2022
Manager
KPMG
01.2020 - 07.2021
Application Security Engineer
Cornerstone OnDemand
06.2019 - 01.2020
Principal Quality Engineer
Continuum Managed Solutions Pvt. Ltd
01.2011 - 05.2019
University of Mumbai
Bachelor of Science from Information Technology
Maharashtra Board
Higher Secondary Certificate
Maharashtra Board
Secondary School Certificate
Bilal KhanTeam Lead - Product Security Engineer