Tanvir Ahmed

Web Application Penetration Tester

Arena Web Security • Período integral

Aug 2023 - Present • 2 yrs 10 mos

Conduct comprehensive manual and automated penetration tests on modern web applications to identify security weaknesses and potential attack vectors. Expertise in detecting and exploiting critical vulnerabilities including SQL Injection (SQLi), Cross-Site Scripting (XSS), Local File Inclusion (LFI), Remote Code Execution (RCE), authentication and authorization flaws, and configuration weaknesses. Perform in-depth vulnerability validation to confirm exploitability and assess business impact. Deliver detailed, client-ready security reports featuring proof-of-concept demonstrations, risk analysis, and actionable remediation recommendations. Developed and integrated Python-based automation tools to optimize reconnaissance, scanning, and vulnerability discovery processes, enhancing overall testing efficiency and accuracy. Collaborate with development and security teams to support secure coding practices and vulnerability mitigation. Key Skills: Web Application Penetration Testing, OWASP Top 10, SQL Injection (SQLi), Cross-Site Scripting (XSS), Local File Inclusion (LFI), Remote Code Execution (RCE), Authentication & Authorization Testing, Burp Suite, OWASP ZAP, Python Scripting & Automation, Reconnaissance & Footprinting, Vulnerability Validation, Security Reporting, Risk Analysis, Remediation Guidance, Secure Coding Collaboration, Network Protocol Analysis

Cybersecurity Analyst | SOC Specialist

Global Market Place • Período integral

Dec 2021 - Aug 2023 • 1 yr 8 mos

Expert in Security Operations Center (SOC) activities, continuously monitoring and analyzing security alerts to detect and respond to threats. Skilled in using SIEM tools like Google Chronicle, Splunk, and ELK to investigate suspicious activity, correlate logs, and escalate incidents. Conduct detailed phishing investigations and email threat analysis using SPF, DKIM, and DMARC to prevent domain abuse and fraud. Apply Zero Trust principles to enforce strict access controls and identity verification. Leverage the MITRE ATT&CK framework to map attacker tactics and support threat hunting and detection engineering. Dedicated to improving organizational security posture through rapid incident response and continuous monitoring. Skills: SOC Monitoring, Incident Detection & Response, SIEM (Google Chronicle, Splunk, ELK), Phishing Investigation, Email Security (SPF, DKIM, DMARC), Zero Trust Security, Threat Hunting, MITRE ATT&CK, Log Analysis, Domain Abuse Prevention

Full Stack Developer

M/s. M A MUSA • Período integral

Dec 2020 - Dec 2021 • 1 yr

Delivered secure, high-performance WordPress websites for business clients, with a strong focus on security, stability, and scalability. Hardened WordPress environments by implementing secure authentication, encryption, activity logging, and access controls. Developed and customized WordPress themes and plugins using PHP, JavaScript, and MySQL to meet business and security requirements. Optimized development workflows, reducing delivery time by 30% while maintaining high quality standards. Introduced modern tools to improve accuracy and site reliability by 15%. Worked closely with cross-functional teams to deliver secure, conversion-ready WordPress solutions, increasing overall project success rates by 10%. Skills: WordPress Security Hardening, Malware Protection, Theme & Plugin Customization, PHP, JavaScript, MySQL, Secure Authentication, Encryption, Logging & Monitoring, Performance Optimization, Website Speed & Stability, Debugging, Project Management