βββββββ ββββββ ββββββ βββ βββ ββββββ βββ ββββββ ββββ βββ
ββββββββββββββ βββββββββββ βββ βββββββ ββββββββββββββββ βββ
ββββββββββββββ βββββββββββ βββββββ ββββββββββββββββββββββ βββ
ββββββββββββββ βββββββββββ βββββββ ββββββββββββββββββββββββββ
ββββββββββββββββββββββ βββββββββββ βββ ββββββ ββββββ ββββββ ββββββ
βββββββ ββββββββββββββ βββββββββββ βββ ββββββ ββββββ ββββββ βββββ
name: Bilal Ahmed Khan
title: Senior Application Security Engineer
location: Riyadh, Saudi Arabia πΈπ¦
experience: 15+ Years
specializations:
- Web Application Penetration Testing (OWASP Top 10)
- REST API & GraphQL Security Testing (OWASP API Top 10)
- Mobile Application Security Testing (Android β OWASP MASVS)
- Thick-Client Application Security Testing
- Product Security Engineering & Secure SDLC
- DevSecOps β SAST / DAST / SCA / Secret Scanning in CI/CD
- AI / LLM Security (OWASP Top 10 for LLMs)
- Threat Modeling, VDP Management & Security Champions Programs
industries:
- BFSI | Telecom | Retail | Government | SaaS
currently: Sr. Software QA Engineer (Security Testing) @ SITE / NCA (via Flint International)
[Jan-2026 - Current] βΆ Sr. Software QA Engineer (Security Testing)
Flint International β SITE / NCA | Riyadh, Saudi Arabia
βββ Securing business-critical apps for PIF-backed entities
βββ Defined AppSec KPIs for program maturity measurement
βββ Reduced ecosystem vulnerability count by 60% via GitLab Advanced Security
βββ SAST, SCA & secret scanning integrations within GitLab CI/CD
βββ Specialising in business logic vulns & injection-based attacks
[Oct-2022 - Dec-2025] βΆ Team Lead β Product Security Engineer
ConnectWise LLP | Mumbai, India
βββ Manual pentest of Web, API, Mobile & Thick-Client applications
βββ Reduced security vulnerabilities by 30% via SecureCodingDojo training
βββ Managed corporate Vulnerability Disclosure Program (VDP)
βββ Built company-wide Security Champions program (SDLC integration)
βββ Integrated Snyk (SCA, SAST, Container, IaC) into GitLab & Jenkins
βββ Assessed AI-integrated apps using OWASP Top 10 for LLMs
βββ π§ Built DNSReaper wrapper β R53 subdomain takeover detection β reduced dangling DNS by 50-60%
βββ π§ Built trufflehog secret scanning wrapper for SCM repos β validated hardcoded secrets β 60-70% reduction
βββ π§ Automated nightly API scanning via Burp Suite Pro + Postman for continuous OWASP API Top 10 coverage
[Jul-2021 - Oct-2022] βΆ Technology Security Associate Manager
Accenture | Mumbai, India
βββ Led 100+ application assessments (SAST, DAST, SCA, Web/API Pentest)
βββ Developed MBSS Baselines for Windows, Linux, Docker, Containers
βββ Managed team of 4 security engineers
βββ Built internal CTF lab for security upskilling
[Jan-2020 - Jul-2021] βΆ Manager β Application Security
KPMG | Mumbai, India
βββ Pentested 100+ Web Apps & 30+ Android Mobile Apps
βββ Conducted OWASP Top 10 / API Top 10 assessments for global clients
βββ VAPT on 600+ IPs across Banking, Telecom, Retail & Pharma
βββ Delivered engagements across Middle East, Canada & USA
[Jun-2019 - Jan-2020] βΆ Application Security Engineer
Cornerstone OnDemand | Mumbai, India
βββ Pentested Web, Thick-Client & Mobile apps before quarterly releases
βββ Integrated DAST into CI/CD: Burp Suite + Selenium + Jenkins
βββ Developed Dome9 GSL rules for continuous AWS cloud posture monitoring
[Jan-2011 - May-2019] βΆ Principal Quality Engineer
Continuum Managed Solutions | Mumbai, India
βββ QA β Security: Performed XSS, SQLi, Broken Auth assessments with InfoSec team
Hands-on testing against the OWASP Top 10 across 100+ enterprise web applications:
- Injection Attacks β SQLi, NoSQLi, Command Injection, SSTI
- Broken Access Control β IDOR, Privilege Escalation, Path Traversal
- Auth & Session Flaws β Broken Auth, JWT Attacks, Session Fixation
- Business Logic Vulnerabilities β Race Conditions, Workflow Bypass, Price Manipulation
- Client-Side Attacks β XSS (Stored/Reflected/DOM), CSRF, Clickjacking
- SSRF / XXE / Deserialization β Server-side request forgery, XML injection, Object deserialization
REST & GraphQL security testing aligned with the OWASP API Security Top 10:
- BOLA (IDOR) β Broken Object Level Authorization
- Broken Function Level Authorization β Horizontal & Vertical privilege abuse
- Excessive Data Exposure β Over-fetching, verbose error responses
- Mass Assignment & Rate Limiting β Parameter pollution, brute-force exposure
- Injection via API β SQLi, command injection through API endpoints
Android application testing aligned with OWASP MASVS:
- APK reverse engineering & static analysis
- SSL pinning bypass, certificate validation flaws
- Insecure data storage β SharedPreferences, SQLite, logs
- Exported component abuse (Activities, BroadcastReceivers)
- Runtime manipulation with Frida & Objection
Security assessments of AI-integrated applications using the OWASP Top 10 for LLMs:
- Prompt Injection β direct & indirect context manipulation
- Insecure Output Handling β downstream processing of untrusted LLM outputs
- Sensitive Data Exposure β PII & confidential data leakage via LLM interfaces
- Model Denial of Service β resource exhaustion through adversarial prompts
π§ Security Automation & Tools Built
# Tool: DNSReaper (wrapper) | Target: AWS Route 53 records
# Impact: Reduced dangling DNS / subdomain takeover risk by 50β60%Built a custom Python wrapper around DNSReaper to automate subdomain takeover vulnerability detection across AWS Route 53 records at scale. The wrapper filtered and validated results, eliminating false positives, and generated structured reports for the CloudOps team. Identified and tracked all dangling DNS records pointing to deprovisioned AWS resources β partnered with CloudOps to remediate, achieving a 50β60% reduction in exposed subdomain takeover vectors.
Stack: Python Β· DNSReaper Β· AWS Route 53 API Β· Boto3 Β· Jira integration
# Tool: TruffleHog / custom wrapper | Target: GitLab / GitHub SCM repos
# Impact: Reduced hardcoded secrets exposure by 60β70%Engineered a secret scanning wrapper for Source Code Management (SCM) repositories that fetched, validated, and verified hardcoded secrets within codebases β filtering out entropy false positives to surface only confirmed, exploitable credentials. Automated stakeholder notifications with contextual severity, affected file paths, and remediation guidance. Drove a 60β70% reduction in hardcoded secrets exposure across the codebase.
Stack: Python Β· TruffleHog Β· GitLab API Β· Slack/Email Webhooks Β· Custom Entropy Validator
// Tool: Burp Suite Pro API + Postman Collections
// Trigger: Nightly CI/CD scheduled scan
// Impact: Continuous OWASP API Top 10 coverage across all API endpointsDesigned and implemented an automated nightly API security scanning pipeline integrating Burp Suite Pro (via its REST API) with Postman collections to continuously scan API endpoints for OWASP API Top 10 vulnerabilities. The automation ran on a scheduled CI/CD trigger, generated structured scan reports, and flagged regressions for developer triage β ensuring no new API vulnerabilities slipped past release gates.
Stack: Burp Suite Pro API Β· Postman Β· Newman Β· Jenkins Β· Python Β· Jira
| Certification | Issuer | Year |
|---|---|---|
| π΄ Certified Red Team Expert (CRTE) | Altered Security | 2023 |
| π΅ Certified Azure Red Team Professional (CARTP) | Altered Security | 2021 |
| βοΈ Microsoft Certified: Azure Fundamentals (AZ-900) | Microsoft | 2021 |
| π‘οΈ Certified Application Security Engineer β .NET (CASE) | EC-Council | 2019 |
| π CREST Practitioner Security Analyst (CPSA) | CREST | 2019 |
| π― EC-Council Certified Security Analyst (ECSA) | EC-Council | 2019 |
| π Certified Threat Intelligence Analyst (CTIA) | EC-Council | 2018 |
| βοΈ Certified Ethical Hacker (CEH) | EC-Council | 2017 |
| β ISTQB Foundation Level | ISTQB | 2014 |
π Employee of the Year β Best performance in application testing & management
π₯ Team Maestro Security Award β Security incident handling excellence
β‘ Spot Award β Resolved critical client issue within 24 hours
β STAR Performer Award β Quarterly release performance recognition
π ENCORE Rising Star Award β Q1 AprilβJune 2020, KPMG
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β "Security is not a product, but a process." β
β β Bruce Schneier β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Let's connect and make the web more secure, one assessment at a time.