Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Rafi Mahammad

Security Engineer
BENGALURU

Summary

Information Security professional with 5+ years of experience in designing and implementing comprehensive security strategies. Proven track record in identifying vulnerabilities and mitigating risks, ensuring seamless protection of critical assets.. A reliable and organized team player adept at managing multiple priorities with a proactive and positive approach. Eager to take on additional responsibilities to achieve team objectives and deliver impactful results.

Overview

6
6
years of professional experience
4035
4035
years of post-secondary education
3
3
Certifications

Work History

Senior Security Engineer

Standard Chartered Bank
01.2024 - Current
  • Performed threat modeling and risk analysis to proactively identify security risks and implement mitigation strategies.
  • Conducted regular compliance audits and implemented necessary changes to meet industry standards like CWE Top 25, Critical Security Controls, and Cloud Security Alliance guidelines.
  • Designed and implemented automated CI/CD pipelines integrating SAST, SCA, DAST, and IaC security tools, improving vulnerability detection time.
  • Conducted security audits and penetration tests to identify OWASP Top 10 vulnerabilities in web and mobile applications. Provided actionable recommendations and worked with development teams to implement fixes for Cross-Site Scripting (XSS), SQL Injection, CSRF, and other common vulnerabilities.
  • Designed and implemented authentication & authorization protocols (OAuth, OpenID Connect, Kerberos) to strengthen system security.
  • Reduced container image vulnerabilities by implementing automated image scanning and remediation workflows.
  • Built custom scripts for security policy enforcement and drift detection in Terraform and CloudFormation templates reducing misconfigurations.
  • Collaborated with development teams to remediate identified security risks through secure coding practices, architecture changes, and security controls.

Security Engineer II

Khoros India R&D Pvt Ltd
10.2021 - 12.2023
  • Collaborated with cross-functional teams to integrate security into the software development life cycle (SDLC), ensuring security by design.
  • Led threat modeling sessions to identify and mitigate risks in microservices architectures, aligning with OWASP and CIS standards.
  • Conducted regular security assessments and vulnerability assessments, identifying and mitigating potential risks.
  • Performed manual source code reviews and penetration testing on web, Android, and iOS applications, and cloud infrastructure.
  • Integrated open-source and enterprise-grade security tools (Trivy, Checkov, SonarQube) into pipelines to ensure early detection of misconfigurations and vulnerabilities.
  • Conducted security awareness training sessions for development teams, fostering a security-conscious culture.
  • Collaborated with engineering teams and Implemented secure authentication and Authorization frameworks in applications using OAuth framework and implemented CSP and CORS into applications to strengthen application security measures.
  • Managed penetration testing and vulnerability assessments, achieving compliance with ISO 27001 and SOC 2 standards.

Security Engineer

Tata Consultancy Services Ltd
05.2019 - 10.2021
  • Conducted security testing on Web applications, APIs, Android & IOS applications.
  • Identified vulnerabilities in applications and provided recommendations.
  • Created Vulnerability Assessment report detailing exposures that were identified, rate the severity of the business impact, and remediation's to mitigate those vulnerabilities.
  • Exploiting security flaws and vulnerabilities with attack simulations on multiple platforms.
  • Performed application security design review involving data protection, Authentication, Authorization, infrastructure and network security.
  • Knowledge of secure coding principles like SANS-25 and OWASP methodologies.

Education

Bachelor of Technology -

R.V.R & J.C College of Engineering

Higher secondary School -

NRI College of Arts And Sciences

Skills

Programming: Python, Java, Go

SAST- SonarQube, Checkmarx, Semgrep, Veracode

DAST- Burp Suite, OWASP ZAP

SCA- Snyk, Trivy, Dependency-Check

Container Security- Docker Security, Kubernetes Security

DevSecOps - GitHub Actions, GitLab CI/CD, Jenkins

Web Application Security & Penetration Testing

Authentication & Authorization Protocols (OAuth, OpenID Connect, Kerberos)

Cloud Security (AWS, Azure)

Infrastructure as Code (IaC): Terraform, CloudFormationCI/CD Pipelines: Jenkins, GitHub Actions, GitLab, Azure DevOpsSecurity Tools: Veracode, Checkmarx, Sonarqube, OWASP ZAP, Rapid7, Burpsuite, Nmap, Nessus, QualysCloud Security: AWS, Azure, IAM, VPC Security, EncryptionContainer Security: Docker, Kubernetes, Aqua, TwistlockSecrets Management: HashiCorp Vault, AWS Secrets Manager, Azure Key VaultCompliance & Governance: ISO 27001, SOC 2, PCI DSS, NIST, GDPRConfiguration Management : Ansible, ChefSecure Development: OWASP Top 10, Git Secrets, TruffleHog

Certification

Certified Ethical Hacker (CEH)

Timeline

Senior Security Engineer

Standard Chartered Bank
01.2024 - Current

Security Engineer II

Khoros India R&D Pvt Ltd
10.2021 - 12.2023

Security Engineer

Tata Consultancy Services Ltd
05.2019 - 10.2021

Bachelor of Technology -

R.V.R & J.C College of Engineering

Higher secondary School -

NRI College of Arts And Sciences
Rafi MahammadSecurity Engineer