Rafi Mahammad
Security Engineer
BENGALURU
Summary
Information Security professional with 5+ years of experience in designing and implementing comprehensive security strategies. Proven track record in identifying vulnerabilities and mitigating risks, ensuring seamless protection of critical assets.. A reliable and organized team player adept at managing multiple priorities with a proactive and positive approach. Eager to take on additional responsibilities to achieve team objectives and deliver impactful results.
Overview
6
6
years of professional experience
4035
4035
years of post-secondary education
3
3
Certifications
Work History
Senior Security Engineer
Standard Chartered Bank
01.2024 - Current
- Performed threat modeling and risk analysis to proactively identify security risks and implement mitigation strategies.
- Conducted regular compliance audits and implemented necessary changes to meet industry standards like CWE Top 25, Critical Security Controls, and Cloud Security Alliance guidelines.
- Designed and implemented automated CI/CD pipelines integrating SAST, SCA, DAST, and IaC security tools, improving vulnerability detection time.
- Conducted security audits and penetration tests to identify OWASP Top 10 vulnerabilities in web and mobile applications. Provided actionable recommendations and worked with development teams to implement fixes for Cross-Site Scripting (XSS), SQL Injection, CSRF, and other common vulnerabilities.
- Designed and implemented authentication & authorization protocols (OAuth, OpenID Connect, Kerberos) to strengthen system security.
- Reduced container image vulnerabilities by implementing automated image scanning and remediation workflows.
- Built custom scripts for security policy enforcement and drift detection in Terraform and CloudFormation templates reducing misconfigurations.
- Collaborated with development teams to remediate identified security risks through secure coding practices, architecture changes, and security controls.
Security Engineer II
Khoros India R&D Pvt Ltd
10.2021 - 12.2023
- Collaborated with cross-functional teams to integrate security into the software development life cycle (SDLC), ensuring security by design.
- Led threat modeling sessions to identify and mitigate risks in microservices architectures, aligning with OWASP and CIS standards.
- Conducted regular security assessments and vulnerability assessments, identifying and mitigating potential risks.
- Performed manual source code reviews and penetration testing on web, Android, and iOS applications, and cloud infrastructure.
- Integrated open-source and enterprise-grade security tools (Trivy, Checkov, SonarQube) into pipelines to ensure early detection of misconfigurations and vulnerabilities.
- Conducted security awareness training sessions for development teams, fostering a security-conscious culture.
- Collaborated with engineering teams and Implemented secure authentication and Authorization frameworks in applications using OAuth framework and implemented CSP and CORS into applications to strengthen application security measures.
- Managed penetration testing and vulnerability assessments, achieving compliance with ISO 27001 and SOC 2 standards.
Security Engineer
Tata Consultancy Services Ltd
05.2019 - 10.2021
- Conducted security testing on Web applications, APIs, Android & IOS applications.
- Identified vulnerabilities in applications and provided recommendations.
- Created Vulnerability Assessment report detailing exposures that were identified, rate the severity of the business impact, and remediation's to mitigate those vulnerabilities.
- Exploiting security flaws and vulnerabilities with attack simulations on multiple platforms.
- Performed application security design review involving data protection, Authentication, Authorization, infrastructure and network security.
- Knowledge of secure coding principles like SANS-25 and OWASP methodologies.
Education
Bachelor of Technology -
R.V.R & J.C College of Engineering
Higher secondary School -
NRI College of Arts And Sciences
Skills
Programming: Python, Java, Go
SAST- SonarQube, Checkmarx, Semgrep, Veracode
DAST- Burp Suite, OWASP ZAP
SCA- Snyk, Trivy, Dependency-Check
Container Security- Docker Security, Kubernetes Security
DevSecOps - GitHub Actions, GitLab CI/CD, Jenkins
Web Application Security & Penetration Testing
Authentication & Authorization Protocols (OAuth, OpenID Connect, Kerberos)
Cloud Security (AWS, Azure)
Certification
Certified Ethical Hacker (CEH)
Timeline
Senior Security Engineer
Standard Chartered Bank
01.2024 - Current
Security Engineer II
Khoros India R&D Pvt Ltd
10.2021 - 12.2023
Security Engineer
Tata Consultancy Services Ltd
05.2019 - 10.2021
Bachelor of Technology -
R.V.R & J.C College of Engineering
Higher secondary School -
NRI College of Arts And Sciences
Similar Profiles
VIJAY SAWLANIVIJAY SAWLANI
Senior Relationship Officer at Ztech Manpower Services-Standard Chartered Bank and Noor BankSenior Relationship Officer at Ztech Manpower Services-Standard Chartered Bank and Noor Bank
PRIYANKA DPRIYANKA D
Associate Manager at Standard Chartered BankAssociate Manager at Standard Chartered Bank
Sri Ranjith SSri Ranjith S
Splst, Development at Standard Chartered BankSplst, Development at Standard Chartered Bank
Eugene TeeEugene Tee
Business Sales and Service Manager at Standard Chartered BankBusiness Sales and Service Manager at Standard Chartered Bank
Hemendu JoshiHemendu Joshi
Lead Technology Manager – Creative Technology & Innovation Management at UnileverLead Technology Manager – Creative Technology & Innovation Management at Unilever