CURRICULUM-VITAE
MOHAMMAD REHAN
Mobile - 0091 7060031133
E-mail: ren_mohd@yahoo.com
rehan.mohd@gmail.com
Summary:
I have total 16+ years’ experience:
• 4+ years in Cyber Security, Secure Architecture, End Point Security, Data Protection, Infrastructure penetration testing, Web Application Security, Threat Modeling, Secure Design and Security Code Review domains.
• 12 years in the area of web application development, training & consultancy.
Experience: (16+ Years)
• Working as a Threat and Control Assessment Analyst in Skillmine Technologies, (Hyderabad, India), from May 2022 till date.
• Worked as a Cyber Security Consultant in AarnaTec, (Dubai, UAE), from July 2020 to April 2021.
• Worked as a Penetration Tester and Security Engineer in Spectrami, (Dubai, UAE), from April 2017 to May 2020.
• Worked as a Lead Software Engineer in Edifecs Technologies, (Chandigarh, India) from July 2013 to Dec 2015.
• Worked as a Sr. Application Programmer in ITC, DubaiWorld (Dubai, UAE) from April 2007 to Feb 2011.
• Worked as a Senior Programmer in Ministry of Defence (Muscat, Oman) from May 2005 to April 2007.
• Worked as a Senior Programmer in Oriental Oryx LLC (Muscat, Oman) from 1st May 2003 to May 2005.
• Worked as a Programmer in NetAccess Technologies (Delhi, India) from Jan 2001 to April. 2003
Certification :
1. CCA-131 : Cloudera Certified Administrator
2. Automation Anywhere Certified Advance RPA Professional
3. Automation Anywhere Certified Master RPA Professional
Skills
Tools : NMAP, Nessus, BurpSuite, Metasploit Framework, WireShark, SQLMap, Splunk, IriusRisk
Methodologies / Frameworks : Thread Modeling, MITRE ATT&CK, Cyber Kill Chain,Test Driving Development, AGILE Scrum
Operating Systems : Windows, Linux, Kali Linux
Languages & technologies : Java , J2EE, HTML, JSON, XML, JavaScript, AJAX, Soap, RestFul WebServices, Python, Shell Scripting
Web Servers : JBoss EAP, JavaWebServer, Apache, Oracle 9iAS/10g, NodeJs
RDBMS : MS SrQL 2008, MySQL, Oracle9i/10g, Windows Active Directory
Others : CI/CD, DevOps, Docker and Kubernetes, Openshift, Jenkins
Concepts Known
OWASP TOP-10, SOC-Operation automation and management, EDR, SIEM, DLP, IAM, PAM, IDS/ IPS, TCP/IP, LAN / VLAN / WAN, DNS, DHCP, Source Code Review, LDAP, Software Engineering, OOA/OOD, Operating Systems, Networking, Data Structures and Algorithms, Relational Database Management System, Big Data, Block chain, RPA (Robotic Process Automation)
Personal Skills
• Knowledge/understanding of the business.
• Ability to communicate and interact effectively with the business users/customers.
• Ability to look at things from the user's perspective as opposed to only technology perspective.
• Ability to persuade/convince business with alternative solutions.
• Ability to communicate effectively with fellow developers, immediate and senior management.
• Ability to work in a team as well as independently.
• Problem solving/analytical skills.
• Organizational skills.
• Ability to cope with difficult situations like stress due to work load, deadlines etc and manage or deal with difficult people.
• Being a good listener with the right attitude.
Skillmine Technologies (Hyderabad, India) 2022 – till date
Tools : Irius Risk, Comet, ServiceNow
Role : Threat and Control Assessment Analyst
Description : Security Assurance is an ongoing activity designed to perform risk based security assessment and testing to ensure security controls built into new applications and amendments to existing applications are in compliance with security standards and risk appetite. Also periodically reassess and retest existing applications to ensure security controls are effective for the changing threat landscape. Where issues are identified these are recorded and tracked to resolution. The objective of the control is to test applications are infrastructure to identify the presence of vulnerabilities in the environment that could be exploited.
- Threat modeling for all existing components in scope using IriusRisk from existing security design documents.
- Regular meetings with Project Manager to understand scope of work, data flow diagram and existing controls in place.
- Analyzing existing threats related to each components.
- Discuss the countermeasures with Project teams and it remediation.
- Peer review and generating report for all existing threats.
- Close out meeting with stake holders.
AarnaTec (Dubai, UAE) 2020 – 2021
Tools : Kali Linux, Metasploit, NMap, BurpSuite, WireShark, Custom Sripts
Role : Cyber Security Consultant
Description :
- Vulnerability Assessment and Penetration Testing of Web Applications and network vulnerabilities including those listed in OWASP Top 10 and SANS Top 25
- Conduct external/internal/wireless network assessments, web, APIs and mobile application testing, source code reviews, network security architecture reviews.
- Manage Project, Delivery and Consultants for penetration testing projects across GCC.
- Handled vendor POCs from technical perspective pertaining to tools for SOC integration.
- Coordinating with SOC team for timely resolution of issues.
- Train QA Team to identify and acknowledge security issues in their projects.
- Secure design reviews, risk assessment and threat mitigation
- Interface with clients to address concerns, issues or escalations; track and drive to closure any issues that impact the service and its value to clients
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences
- Undertake social engineering engagements and physical security assessments and/or secure code review
- Providing consultative guidance on remediation's and paths for effectively addressing identified vulnerabilities
- Developing scripts, tools, or methodologies to facilitate customized testing
- Actively participate in methodology development of threat validation and assurance services
Spectrami (Dubai, UAE) 2017-2020
Tools : Kali Linux, Metasploit, Tenable Nessus, NMap, BurpSuite, Custom Sripts
Role : Penetration Tester and Security Engineer
Description :
- Vulnerability Assessment and Penetration Testing of Web Applications and network vulnerabilities including those listed in OWASP Top 10 and SANS Top 25
- Conduct external/internal/wireless network assessments, web and mobile application testing, source code reviews, network security architecture reviews.
- Manage Project, Delivery and Consultants for penetration testing projects across GCC.
- Handled vendor POCs from technical perspective pertaining to tools for SOC integration.
- Worked closely with customer to identify technical requirements and providing pen test RFP responses.
- Train QA Team to identify and acknowledge security issues in their projects.
- Secure design reviews, risk assessment and threat mitigation
- Provide technical pre-sales support, alongside sales, to develop scopes of work and project requirements. This will include writing customer facing proposals and attending meetings with new and existing customers
- Provide customers with relevant and timely advice relating to identified findings and recommendations
Edifecs Technologies, (Chandigarh India) 2013-2015
Environment : Win 8, JAVA 7, Java RESTful Api, Ajax, MSSQL 2008, Tomcat 6/7, Intellij, JUnit, Log4j, Maven, ActiveMQ, Intellij, Jenkin, Tortoise Subversion, Specbuilder, XEngine, HIPAA 2010, EDI, X12N standard.
Role : Lead Software Engineer
Description :
- Works independently and contribute in each phase of the Software Development lifecycle, including requirements analysis, design, implementation, and support of software products, systems, and projects.
- Under the supervision of the project manager, leads and provide technical supervision for the development team, to ensure the high quality of deliverables and project success.
- Translates business and non-functional requirements into technical requirements.
- Develops, verifies requirements and analysis documents and ensures their quality and accurate coverage of the project scope.
- Provides detailed estimates of software modules and components.
- Explores different technical topics and tools to assess the feasibility of the given requirements.
- Offers suggestions for improvement/simplification of the systems and/or add business value.
- Analyzes the impact of any new given requirements on the implemented solutions.
- Analyzes and provides insight into the complexity of business requirements, user interface design and creates solutions
- Develops, reviews and validates design and design documents (Architecture, database, and detailed design) to ensure their compliance with the project requirements.
- Provides accurate and thorough documentation of software components and developed tasks.
- Develop, document, and test software to ensure that the software meets the needs of end-users and achieves business goals.
- Gather requirements and specifications from multiple partners and create an architecture to deliver the vision.
- Design and architect scalable/performant systems.
- Hands-on coding in the development of scalable applications
- Designing, coding, and debugging software.
- Supervising and overseeing the technical aspects of projects.
- Investigating software-related complaints and making necessary adjustments to ensure optimal software performance.
- Communicate with the management and be part of all Cross Functional, Stakeholders and Status meetings.
Dubai World / DPWorld (Dubai) 2007-2011
Environment : Win 2007, Linux, JAVA, JSP, JSTL, tiles, JavaScript, Servlets, Struts, Spring, Hibernate, Oracle 10g, Oracle 10g ,IAS, Jasper Reports, JUnit, Log4j, Maven, CruiseControl, Jdeveloper, Tortoise Subversion
Role : Sr. Application Developer
Description :
- Reviewing all development code before moving to production to verify consistency and conformance with departmental guidelines, policies and practices as well as industry standard guidelines.
- Application coding as set in the approved requirement specifications document by the customer.
- Sets up and supports all software testing.
- Provide assistance to other Programmer Analysts as and when required.
- Perform as a project lead whenever required.
- Provide documentation of the code and prepare training and test plans and documents for the applications.
- Adhere to best practices in software development and provide the same assistance to other programmers.
- Prepare and follow up all the required documents as per the PMO for assigned projects.
- Designing enterprise level applications without supervision.
- Translate flow charts, problem statements, and specifications into programming languages.
- Manages the release control process by supporting the systems administration team and Database administrator to move the application/module from testing to production environment after UAT.
- Act as mentor for other programmers in the department.
MINISTRY OF DEFENCE, (Muscat, Oman) 2005-2007
---------------------------------------------
Environment : Win 2000/2003, Java, HTML, MySql, JSP, JSTL, JSP, JSTL, Struts, JavaScript, Spring, Hibernate, Oracle 9i, Oracle 10g ias. Jasper Reports, JUnit, Log4j, Ant, Eclipse 3.2, Tortoise Subversion
Role : Sr. Application Developer
Description :
1. Discuss and review client requirements
2. Gathering Client requirements and creating business requirement document
3. Creating Database design and schema.
4. Getting work assignments from team lead.
5. Developing web pages for assigned modules
6. Front end and server side program coding.
7. Sets up and supports all software testing
8. Bug Fixing, maintenance and production support
Oriental Oryx LLC (Muscat, Oman) 2003-2005
---------------------------------------------
Environment : Win 2000/2003, Java, HTML, MySql, JSP, JSTL, JSP, JSTL, Struts, JavaScript, Spring, Hibernate, Oracle 9i, Oracle 10g ias. Jasper Reports, JUnit, Log4j, Ant, Eclipse 3.2, Tortoise Subversion
Role : Sr. Application Developer
Description :
1. Discuss and review client requirements
2. Gathering Client requirements and creating business requirement document
3. Creating Database design and schema.
4. Getting work assignments from team lead.
5. Developing web pages for assigned modules
6. Front end and server side program coding.
7. Doing Unit and Functional Testing
8. Bug Fixing.
NetAccess Technologies (Delhi , India) 2001-2003
---------------------------------------------
Environment : Win 2000/2003, Java, Applet, Swing, HTML, MySql, Servlet, JSP, JSTL
Role : Java Developer
Description :
1. Discuss and review client requirements
2. Getting work assignments from team lead.
3. Developing web pages for assigned modules
4. Front end and server side program coding.
5. Doing Unit and Functional Testing
6. Bug Fixing.
Qualification Professional Educational
1. P.G.D.C.A (Post Graduate Diploma in Computer Application) in 2000 from Jamia Millia Islamia University, New Delhi, INDIA with 73.8% (First Division) aggregate.
2. B.Com in 1996 from Delhi University, New Delhi, INDIA with 52% aggregate (Second Division).
3. 10+2 from ISC Board with 52% (Second Division).
4. 10th from ICSE Board with 57% (Second Division)
Personal detail
Father's Name : Mr. Mohd Mustaqeem
Date of birth : 04/08/1973
Gender : Male
Marital Status : Married
Nationality : Indian
State : Uttar Pradesh
Passport No. : Valid till 08/2028
Driving License (Dubai) : Yes
Permanent Address : M.A.Road , Baradari,
Moradabad
U.P , INDIA PIN 244001
(MOHAMMAD REHAN)