Summary
Overview
Work History
Education
Skills
Certification
Accomplishments
Timeline
Hi, I’m

BILAL KHAN

Principal Product Security Engineer
Mumbai,Maharashtra
BILAL KHAN

Summary

Over 12 years of experience in Cyber Security Domain with in-depth knowledge of Web and Mobile applications, thick client, API, Vulnerability Assessment and Penetration Testing, DevSecOps and Cloud Security. Experienced includes working with Product based organization as well as Consulting firm.

Overview

13
years of professional experience
7
years of post-secondary education
7
Certifications
4
Languages

Work History

ConnectWise LLP, Mumbai
Mumbai, Maharashtra

Principal Application Security Engineer
Oct.2022 - Current (2 years & 1 month)

Job overview

  • Performed Internal Penetration testing and Threat Hunting to identify vulnerabilities in applications,
  • Reporting and conducting vulnerability triage with development teams on timely basis,
  • Shift-left initiative by creating Security Championship program and ensuring that development teams are building applications in secure manner, right from initial phase of designing,
  • Worked with DevOps team to integrate security tools in Pipeline to detect vulnerabilities in source code,
  • Updated technical documentation, product specifications and technical training materials,
  • Developed security metrics and technical analysis to give insight into performance and trends.

Accenture
Mumbai, Maharashtra

Technology Security Associate Manager
Jul.2021 - Oct.2022 (1 year & 3 months)

Job overview

  • Led projects and analyzed data to identify opportunities for improvement,
  • Led one of the largest security assessment project where around more than 100+ applications were in scope for SAST, DAST, SCA and Penetration testing including DevSecOps,
  • Managed a team of 4 members, active participants in quality result driven and reviewing the assessment outcome,
  • Closely worked with development / Infrastructure team for remediation plan to fix the identified vulnerabilities in timely manner,
  • Created a labs for vulnerable machines to host a Capture The Flag (CTF) event within the organization,
  • Trained team to execute security testing projects,
  • Worked flexible hours across night, weekend and holiday shifts.

KPMG India
Mumbai, Maharashtra

Manager
Jan.2020 - Jul.2021 (1 year & 6 months)

Job overview

  • Delivered various projects and worked with clients across multiple geographies including Middle East, Canada and United States and has experience serving across a different domain such as Banking, Telecom, Retail and Pharmaceutical,
  • Performed Security Testing on 100+ Web and 30+ Mobile (Android) based applications,
  • Performed Vulnerability Assessment and Penetration Testing on 600+ IP's,
  • Prepared comprehensive client reports detailing the outcome of all testing with appropriate recommendations and discussed with different stakeholders to make them understand,
  • Assisted project team in understanding risk & threat level associated with reported vulnerabilities according to business criticality,
  • Conducted Secure Configuration & Endpoint review to identify gaps, recommended technical solutions, process, and procedures to check and reinforce security best practices on the network,
  • Developed Minimum Security Baseline/ MBSS for Network devices, Windows Servers, Linux Servers, Docker and Container,
  • Conducted risk and business development work such as responding to RFP, making proposals and costing sheets,
  • Implemented DevSecOps culture in the client environment and helping clients to implement Secure SDLC for application development and deployment.

Cornerstone OnDemand
Mumbai, Maharashtra

Security Engineer
Jun.2019 - Jan.2020 (7 months)

Job overview

  • Performed Penetration Testing on Web, thick client and Mobile Applications rolled out before the quarterly release,
  • Monitor, Maintain and enhance the Vulnerability Management Program for defects and vulnerabilities observed,
  • Developed GSL (Governance Specification Language) rules and alerts for Dome9 to monitor the current security posture of the AWS environment,
  • Performed project leadership tasks on selected security projects to improve and enhance security posture,
  • Integrated an automated DAST Web app and API scanning by using Burp Suite, Selenium, Postman and Jenkins as well as Software
    Composition Analysis (SCA) tool i.e. Snyk to identify vulnerabilities in the open source or third-party libraries in the CI/CD Pipeline,
  • Conducted social engineering attack’s for number of clients across sectors that included creating and running a tailored and targeted
    phishing and vishing campaign for the client organization’s employees to make them submit their sensitive corporate information such as email id, username, password, employee number,
  • Validated and verified system security requirements definitions and analyzed system security designs.

Continuum Managed Solutions Pvt. Ltd
Mumbai, Maharashtra

Principal Quality Engineer
Jan.2011 - May.2019 (8 years & 4 months)

Job overview

  • Active involvement with various Development teams starting from design phase to product development,
  • Managed a team of 5 members and tracked the progress of testing and release cycle,
  • Involved in System testing and acceptance testing and analyzing business and end user requirements, preparation of test strategy and test plan, verifying and approving the test environment,
  • Created Analysis reports on JIRA and Confluence, and manage the test cases and results in TestRail,
  • Assessed software bugs and compiled findings along with suggested resolutions for development team members,
  • Gathered data on integration issues and vulnerabilities and outlined improvement recommendations,
  • Created accurate and successful test scripts to manage automated testing of certain products and features,
  • Wrote and optimized test cases to maximize success of manual software testing with consistent, thorough approaches,
  • Closely worked with the developers to identified the cause of error and to find the possible solution for same,
  • Worked with InfoSec team, to perform common vulnerability assessment for web application like broken authentication / authorization, XSS, SQL Injection etc,
  • Involved in Monthly / Quarterly release process to deploy the builds in production environment via Jenkins,
  • Performed test execution using continuous integration tool Jenkins.

Education

University of Mumbai
Mumbai

Bachelor of Science from Information Technology
Mar.2007 - Mar.2010 (3 years)

University Overview

Lala Lajpat Rai College of Commerce And Economics
Mumbai

Higher Secondary Certificate (H.S.C) from Information Technology
Jun.2005 - Mar.2006 (9 months)

University Overview

MH Saboo Siddik Polytechnic
Mumbai

Secondary School Certificate (S.S.C) from Science Education
Jun.2001 - Jun.2004 (3 years)

University Overview

Skills

Vulnerability Assessment & Penetration Testing

undefined

Certification

Certified Az Red Team Professional (CARTP)

Accomplishments

Accomplishments

    Employee of the Year

  • Employee of the Year for best performance in testing and managing the applications

    • Team Maestro Security Award

  • Awarded with Team Maestro for Security incident handling

    • Spot Award

  • Spot award for fixing the clients server critical issue within a 24 hour

    • Team Award

  • Awarded with Team award for best application implementation and integration

    • STAR Performer

  • Awarded with STAR Performer for the Quarter release

    • ENCORE - Rising Star Award

  • Awarded with Rising Start award for the Quarter 1 – April 2020 – June 2020 in KPMG

Timeline

Principal Application Security Engineer
ConnectWise LLP, Mumbai
Oct.2022 - Current (2 years & 1 month)
Technology Security Associate Manager
Accenture
Jul.2021 - Oct.2022 (1 year & 3 months)
Manager
KPMG India
Jan.2020 - Jul.2021 (1 year & 6 months)
Security Engineer
Cornerstone OnDemand
Jun.2019 - Jan.2020 (7 months)
Principal Quality Engineer
Continuum Managed Solutions Pvt. Ltd
Jan.2011 - May.2019 (8 years & 4 months)
University of Mumbai
Bachelor of Science from Information Technology
Mar.2007 - Mar.2010 (3 years)
Lala Lajpat Rai College of Commerce And Economics
Higher Secondary Certificate (H.S.C) from Information Technology
Jun.2005 - Mar.2006 (9 months)
MH Saboo Siddik Polytechnic
Secondary School Certificate (S.S.C) from Science Education
Jun.2001 - Jun.2004 (3 years)

Certified Az Red Team Professional (CARTP)

CREST Practitioner Security Analyst (CPSA)

EC-Council Certified Security Analyst (ECSA)

EC-Council Certified Ethical Hacker (CEH)

EC-Council Certified Threat Intelligence Analyst (CTIA)

Certified Application Security Engineer (CASE .NET)

Microsoft Certified: Azure Fundamentals (AZ-900)

Similar Profiles

  • Sanu Koushik

    Sanu KoushikSanu Koushik

    Principal Software Engineer at Connectwise LLPPrincipal Software Engineer at Connectwise LLP

    View Profile
  • Neha Parichha

    Neha ParichhaNeha Parichha

    Product Support Specialist at Connectwise LLPProduct Support Specialist at Connectwise LLP

    View Profile
  • BRIJESH ARORA

    BRIJESH ARORABRIJESH ARORA

    BUSINESS HEAD at SPARK VIDEOTECH LLP MUMBAI INDIABUSINESS HEAD at SPARK VIDEOTECH LLP MUMBAI INDIA

    View Profile
BILAL KHANPrincipal Product Security Engineer