• Executed comprehensive penetration tests on 20+ web and Android applications, adhering to OWASP MASVS and MITRE ATT&CK frameworks.
• Conducted secure code reviews for Java, Python, and C++ codebases, identifying and remediating 100+ security flaws.
• Led red team engagements focusing on lateral movement and privilege escalation, resulting in the hardening of internal network defenses.
• Integrated automated security scans (SAST/DAST) into GitLab CI/CD pipelines, reducing vulnerability escape rate by 40%.
• Collaborated with development teams to implement Secure SDLC practices, ensuring security is baked in from design to deployment.

• Assisted in the triage and remediation of security incidents using Splunk and Endpoint Central.
• Developed Python scripts to automate log analysis, reducing manual triage time by 30%.
• Participated in vulnerability assessments, contributing to the discovery of critical IDOR and AuthZ bypass issues.

• Conducted vulnerability assessments on 50+ web/mobile apps, identifying critical flaws including SQLi and XSS.
• Created 10+ custom CTF challenges to train internal teams on exploit development and secure coding.
• Automated recon workflows using Python and Bash, streamlining the initial phase of assessments.

An offline, VM-contained platform for static analysis of suspicious files (PE, PDF, Office). Integrates YARA, capa, FLOSS, and oletools with a FastAPI backend to detect malicious patterns and extract IOCs without execution.

A reconnaissance tool featuring a GUI to enumerate subdomains using wordlist-based brute-forcing. Optimized for speed with multi-threading to map attack surfaces efficiently.

A multi-threaded network scanner built to identify open ports and services. Used for initial internal network reconnaissance to identify potential entry points.

A bulk URL analysis tool to check status codes and reachability. Automates the validation of large asset lists during external infrastructure assessments.