Shahzeb Raza

Cybersecurity enthusiast with a strong passion for ethical hacking, social psychology and network security. Past work experience includes not only high-security environment, but also low security network open to public. Extensive knowledge in the areas of OWASP Top 10, system security, vulnerability scanning, penetration testing, risk assessment and cyber security analysis. Hard-working, diligent, team-oriented, and a very quick learner. Able to adjust and adapt to the fly with little resistance. Good communication skills in relaying the technical to the non-technical. Overall, seeking to develop a strong career in technology using my knowledge to provide for, maintain and protect public and enterprise services.

Cyber Security Engineer

TNC Group

Dubai, United Arab Emirates

09/2022 to 12/2022

Responsibilities:-

• White and black box testing for Web Applications, API, Mobile applications (IOS & Android), and REST.
• Scope Security Assessments, Perform Peer-review, write comprehensive security assessment reports for developers, and Propose mitigation to upper management.
• Working with secure coding methodology, best practices, and their implementations within the engineering team.
• Following ATT&CK, CIS, and NIST security framework.
• Reconnaissance, Initial access, Privilege escalation, Defense Evasion, Credential Access, Lateral Movement, Data Exfiltration, Maintaining Access/ Persistence, Reporting.
• Experience with SAST and DAST.
• Keep an eye out for and respond to phishing emails and pharming activity.
• Design new security systems or upgrade existing ones.
• Engaged business and technology stakeholders to gather goals and requirements
• Provided key guidance on increased areas of concern in order to quickly remedy and strengthen deficient policy and procedures implemented at the organization.
• Monitor for attacks, intrusions, and unusual, unauthorized, or illegal activity
• Scope Security Assessments, Perform Peer-review, write comprehensive security assessment reports for developers, and Propose mitigation to upper management

Cyber Security Engineer (Penetration Tester)

M.Anns & Co.

Rawalpindi, Pakistan

04/2020 to 04/2022

Responsibilities: -

• Conducted application penetration testing of 20+ business and E-commerce applications Acquainted with various approaches to Grey & Black box security testing Proficient in understanding application-level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, authentication flaws, etc.
• Conducted Active Directory Penetration Testing using tools (Responder, Hashcat, ntlmrelyx, psexec, ldapdomaindump, BloodHound, Mimikatz etc.)
• Performed as an Information Security Analyst and involved in OWASP Top 10 Vulnerability Assessment of various internet-facing point of sale web applications and Web services.
• Conducted penetration tests on systems and applications using automated and manual techniques with tools such as  Metasploit, Burpsuite, NMAP, FUFF, Acunetix  and many other open-source tools as needed.
• Performed onsite and remote security consulting including application testing, social engineering, wireless assessment and Security scan, analysis, policies, and audit.
• Performed vulnerability scanning using Nessus Security Center and maintained clear documentation for every report that is generated.
• Designed a methodology and a procedure for active system & web-app security assessments on the company's infrastructure, to be performed proactively, scheduled, and rapidly on request.
• Provided fixes & filtering false findings for the vulnerabilities reported in the scan reports.

Intern

06/2019 to 12/2020

Security Experts Pvt Limited Blue Area Islamabad, Pakistan

Responsibilities: -

• Performed vulnerability assessments including physical, social engineering, application, and network exploitation.
• Evaluated and leverages automated tools that perform security assessment.
• Configured and management of Sangfor IAM, Fortinet firewall, Snort.
• Performed Automation scanning and analysis on the applications on a monthly basis.
• Updated documentation as necessary.
• Interacting with clients with Addressing Issues.

Volunteer at PISA

August 2019 to Present

Participated in Cyber Olympics (CTF) in July 2019 helped my team members to crack the critical windows passwords and find some vulnerabilities like Eternal Blue/SMB-v1, FTP, etc.

OIC Cyber drill (Malware analysis) in Sep 2019. Looking forward to participating in Cyber drills in the future as well.

Intern

Institute of Cybersecurity

Rawalpindi, Pakistan

August 2018 to April 2019

In this Institute, I have got familiar with cybersecurity and got a basic understanding of Offensive and Defensive sites and I have earned a Certificate of CHCE-v2.

Bachelor's Degree in Coumputer Science