• Part of TikTok SSDLC

• Secure code reviews and pentests of TikTok features

• Secure code reviews and pentests of internal products/tools

• Vulnerability Detection Automation

• HackerOne Bug Bounty triage

• Threat Modeling

• Transitioned the BlackDuck scanning process from a static, ad hoc list to a dynamic, automated framework utilizing GitHub Actions, facilitating continuous scans throughout the day for elevated code security.

• Led the creation of an intuitive, React-based dashboard, offering real-time insights into scanned repositories, their statuses, and forthcoming scans, promoting a streamlined and proactive code security management approach.

• Effectively oversee and prioritize vulnerability reports on Bugcrowd, ensuring swift resolution of critical issues.

• Enhanced product security through meticulous reviews of Threat Models and Design Architecture, along with analysis of findings from SAST and DAST tools, optimizing the secure development life cycle.

• Coordinated third-party penetration tests, achieving a 20% decrease in identified vulnerabilities and a 30% acceleration in resolution time, contributing to bolstered system security and compliance.

• Performing web application penetration testing in accordance with OWASP Top 10.

• Proficient in penetration testing tools such as Burp Suite, Kali Linux, SQLmap, Hydra, nmap and more.

• Conduct OSINT reconnaissance utilizing tools such as Maltego, Shodan, Amass, and Recon-NG.

• Writing detailed and well-organized penetration test reports of findings to clients.

• Designed RESTful APIs, implemented OAuth2 authentication, and employed MongoDB for data storage, ensuring both security and scalability.

• Maintained comprehensive technical documentation and fostered a collaborative development environment.

• Integrated third-party services and APIs for functionalities like payment processing, geolocation, and social media sharing, enhancing the platform’s capabilities.

I worked on the USF project with a team of 7 people. The USF project was awarded to Huawei Ltd. by Communications and Information Technology Commission (CITC) of Saudi Arabia. The aim of the project was to improve cellular coverage in the country by planting new cell sites in the region. We mainly covered the rural areas of the country.

My role consisted of the following:

• Compiling data received by field engineers and presenting it in a graphical form

• Recommending new cell tower placements to improve coverage in area

Our team successfully managed to complete over 200 site recommendations throughout the project.