Md Aquib Hussain
Gurugram
Summary
Information Security professional with 8+ years of experience in Application & Perimeter Security, Risk Assessment, and VAPT. EC-Council Certified Ethical Hacker with a proactive, detail-oriented approach and strong problem-solving skills. Experienced in collaborating across teams, taking ownership of tasks, and driving security initiatives independently. Strong communicator with a continuous learning mindset, focused on improving systems through secure practices. Seeking a challenging role to apply expertise and grow alongside the organization.
Overview
9
9
years of professional experience
1
1
Certification
Work History
Lead Security Analyst
Makemytrip
01.2024 - Current
- Leading Application & Perimeter Security
- Recommend secure development approaches for new application functionalities to prevent major security loopholes
- Perform POC of new WAF/BOT management module and implement on MMYT perimeter (MMT along with its group companies)
- Closely working with Akamai Professional Services to get deep dive into all Akamai WAF and CDN modules
- Review and fine-tune the rules and policies on WAF for better coverage of bot mitigation
- Analyze the complete traffic and understand the pattern to identify crawling/scraping for effective BOT mitigation
- Implemented URL protection policies to prevent any service degradations due to DDOS attacks
- Implemented Content Protector (CPR) and mitigated more than 60% of scraping traffic on our major funnels (LOBs)
- Integrating our application with 3rd party vendors securely so as there are no loopholes for any security attack
- Manage SSL certificates for all our Go-MMT domains
- Launched and manage MMT private Bug bounty and vulnerability disclosure program (VDP) on YesWeHack
- Complete governance on new functionalities to be made live post security sign-off
- Manage VAPTs and Red Team assessments with our 3rd party security vendors
- Manage CSPM (Orca) to identify any vulnerability in our cloud infrastructure
Assistant Manager
MakeMyTrip
07.2022 - 12.2023
- Led quarterly VAPT for Go-MMT applications and ensured pre-production assessments of all new features
- Provided mitigation guidance and secure coding practices to developers
- Managed Private Bug Bounty program and coordinated with vendors for App & Perimeter Security
- Configured secure FQDNs on Akamai WAF with custom rules, rate limits, and security policies
- Mitigated bot attacks by analyzing patterns and tuning bot categories post FP analysis
- Monitored traffic behavior and configured alerts to detect early signs of malicious activity
Sr. Executive - Information Security
MakeMyTrip
09.2020 - 06.2022
- Led AppSec initiatives, performing VAPT on web, microservices, and mobile apps
- Ensured integration of security standards across the SDLC
- Collaborated with vendors for API assessments and conducted architecture reviews
- Implemented CommID encryption at DB and log levels to secure sensitive data
- Managed infrastructure scans using Nessus and validated findings via Metasploit
- Configured WAF (Akamai) delivery and security rules
- Automated routine security tasks with custom scripts
- Created secure coding guidelines for C# development teams
- Managed end-to-end Bug Bounty program from validation to payout
Sr. Cyber Security Specialist (Lead
WeSecureApp
01.2020 - 09.2020
- Manage activity that is related for AppSec and help develop security standard in organisation
- Research, identify and test vulnerabilities in the areas of the information system and networks security
- Secure code review assessment using manual approach for Python & GoLang language
- Worked with Open source tools like SonarQube, Bandit, GoSec, etc and prepare reports for the testing performed
- Providing awareness and solutions to the developers for the reported vulnerabilities
- Integrating security automation tools in CI/CD pipeline.
- Automating testing approaches by creating scripts using bash/python.
Sr. Cyber Security Specialist
WeSecureApp
07.2019 - 12.2019
- Vulnerability Assessments and Penetration testing on web applications, web micro services, and mobile applications
- Source code review assessment using manual approach
- Worked with Open source tools like SonarQube, Bandit, Progpilot, etc
- Preparing reports for the testing performed.
- Providing solutions to the developers for the reported vulnerabilities.
Cyber Security Analyst
Network Intelligence India
07.2017 - 06.2019
- Deployed onsite at Edelweiss Financial Services Ltd for security assessments
- Conducted VAPT on systems, web apps, services, and network devices
- Performed SAST using Checkmarx (C#) and delivered detailed reports
- Guided developers on vulnerabilities, impact, and exact code fixes
- Supported dev teams via calls/VNC for remediation
- Created a comprehensive C# vulnerability solution document for secure coding awareness
Trainee
Institute of Information Security
10.2016 - 01.2017
- Attended Training on Information Security
- Got training on the basics of Information Security concepts
- Learned the basics of CIA and its importance
- Basic concepts of Ethical hacking and penetrating network
- Knowledge of OWASP Top
- Done hands-on on live projects for testing Web Applications
- Learned implementation of Secure Coding practices during development phase
- Cleared certification exam (CISC, CPH and CPFA) after completing the training modules.
Education
B.Tech - ME
Lovely Professional University
2012
Metropolitan School
2008
St. Joseph's Inter College
2006
Skills
- Strong expertise in Web Application Firewall (WAF) management – creating and optimizing delivery and security configurations using Akamai and Imperva
- Skilled in custom WAF policy tuning, rule creation, rate limiting, and virtual patching for real-time threat prevention
- Hands-on experience in Bot mitigation – analyzing traffic patterns, identifying malicious automation, and implementing IP/User-Agent-based blocks, rate controls, and bot category enforcement
- In-depth understanding of OWASP Top 10 vulnerabilities
- Extensive experience in Vulnerability Assessment and Penetration Testing (VAPT) for Web/Mobile applications, Web Services, and Networks
- Proficient in Secure Code Review using tools such as CheckMarx and Fortify, along with manual review methodologies
- Experienced in Application Architecture Review to detect and resolve design-level vulnerabilities
- Proficient with leading security tools: Akamai, Cloudflare, AWS WAF, Burp Suite, HP Fortify, CheckMarx, Orca
- Strong analytical skills with a problem-solving mindset; team player with adaptability to evolving technologies
- Highly disciplined, organized, and self-driven
Certification
- Certified Ethical Hacker From EC-Council: ECC41227847502
- Certified Information Security Consultant From Institute of Information Security, Delhi
- Certified Professional Hacker From Institute of Information Security, Delhi
- Certified Professional Forensic Analyst From Institute of Information Security, Delhi
Interests
Cooking & Reading
Languages
Hindi
Proficient
C2
English
Bilingual or Proficient (C2)
Additional Information
- DECLARATION I hereby declare that all the above-mentioned information given by me is true and correct to the best of my knowledge and belief.
Timeline
Lead Security Analyst
Makemytrip
01.2024 - Current
Assistant Manager
MakeMyTrip
07.2022 - 12.2023
Sr. Executive - Information Security
MakeMyTrip
09.2020 - 06.2022
Sr. Cyber Security Specialist (Lead
WeSecureApp
01.2020 - 09.2020
Sr. Cyber Security Specialist
WeSecureApp
07.2019 - 12.2019
Cyber Security Analyst
Network Intelligence India
07.2017 - 06.2019
Trainee
Institute of Information Security
10.2016 - 01.2017
Metropolitan School
St. Joseph's Inter College
B.Tech - ME
Lovely Professional University
Similar Profiles
Saurav KumarSaurav Kumar
Senior Security Analyst at MakemytripSenior Security Analyst at Makemytrip
Monika SrivastavaMonika Srivastava
Vice President Marketing & Category- MakeMyTrip at MakeMyTripVice President Marketing & Category- MakeMyTrip at MakeMyTrip
Divya SuriDivya Suri
Senior SDET at MakeMyTripSenior SDET at MakeMyTrip