██████╗ ██╗██╗ █████╗ ██╗ ██╗ ██╗██╗ ██╗ █████╗ ███╗ ██╗
██╔══██╗██║██║ ██╔══██╗██║ ██║ ██╔╝██║ ██║██╔══██╗████╗ ██║
██████╔╝██║██║ ███████║██║ █████╔╝ ███████║███████║██╔██╗ ██║
██╔══██╗██║██║ ██╔══██║██║ ██╔═██╗ ██╔══██║██╔══██║██║╚██╗██║
██████╔╝██║███████╗██║ ██║███████╗ ██║ ██╗██║ ██║██║ ██║██║ ╚████║
╚═════╝ ╚═╝╚══════╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝
name: Bilal Ahmed Khan
title: Senior Application Security Engineer
location: Riyadh, Saudi Arabia 🇸🇦
experience: 15+ Years
specializations:
- Web Application Penetration Testing (OWASP Top 10)
- REST API & GraphQL Security Testing (OWASP API Top 10)
- Mobile Application Security Testing (Android — OWASP MASVS)
- Thick-Client Application Security Testing
- Product Security Engineering & Secure SDLC
- DevSecOps — SAST / DAST / SCA / Secret Scanning in CI/CD
- AI / LLM Security (OWASP Top 10 for LLMs)
- Threat Modeling, VDP Management & Security Champions Programs
industries:
- BFSI | Telecom | Retail | Government | SaaS
currently: Sr. Software QA Engineer (Security Testing) @ SITE / NCA (via Flint International)
-000000?style=for-the-badge&logo=owasp&logoColor=white){kind=icon}
[Jan-2026 - Current] ▶ Sr. Software QA Engineer (Security Testing)
Flint International → SITE / NCA | Riyadh, Saudi Arabia
├── Securing business-critical apps for PIF-backed entities
├── Defined AppSec KPIs for program maturity measurement
├── Reduced ecosystem vulnerability count by 60% via GitLab Advanced Security
├── SAST, SCA & secret scanning integrations within GitLab CI/CD
└── Specialising in business logic vulns & injection-based attacks
[Oct-2022 - Dec-2025] ▶ Team Lead – Product Security Engineer
ConnectWise LLP | Mumbai, India
├── Manual pentest of Web, API, Mobile & Thick-Client applications
├── Reduced security vulnerabilities by 30% via SecureCodingDojo training
├── Managed corporate Vulnerability Disclosure Program (VDP)
├── Built company-wide Security Champions program (SDLC integration)
├── Integrated Snyk (SCA, SAST, Container, IaC) into GitLab & Jenkins
├── Assessed AI-integrated apps using OWASP Top 10 for LLMs
├── 🔧 Built DNSReaper wrapper → R53 subdomain takeover detection → reduced dangling DNS by 50-60%
├── 🔧 Built trufflehog secret scanning wrapper for SCM repos → validated hardcoded secrets → 60-70% reduction
└── 🔧 Automated nightly API scanning via Burp Suite Pro + Postman for continuous OWASP API Top 10 coverage
[Jul-2021 - Oct-2022] ▶ Technology Security Associate Manager
Accenture | Mumbai, India
├── Led 100+ application assessments (SAST, DAST, SCA, Web/API Pentest)
├── Developed MBSS Baselines for Windows, Linux, Docker, Containers
├── Managed team of 4 security engineers
└── Built internal CTF lab for security upskilling
[Jan-2020 - Jul-2021] ▶ Manager – Application Security
KPMG | Mumbai, India
├── Pentested 100+ Web Apps & 30+ Android Mobile Apps
├── Conducted OWASP Top 10 / API Top 10 assessments for global clients
├── VAPT on 600+ IPs across Banking, Telecom, Retail & Pharma
└── Delivered engagements across Middle East, Canada & USA
[Jun-2019 - Jan-2020] ▶ Application Security Engineer
Cornerstone OnDemand | Mumbai, India
├── Pentested Web, Thick-Client & Mobile apps before quarterly releases
├── Integrated DAST into CI/CD: Burp Suite + Selenium + Jenkins
└── Developed Dome9 GSL rules for continuous AWS cloud posture monitoring
[Jan-2011 - May-2019] ▶ Principal Quality Engineer
Continuum Managed Solutions | Mumbai, India
└── QA → Security: Performed XSS, SQLi, Broken Auth assessments with InfoSec team
Hands-on testing against the OWASP Top 10 across 100+ enterprise web applications:
- Injection Attacks — SQLi, NoSQLi, Command Injection, SSTI
- Broken Access Control — IDOR, Privilege Escalation, Path Traversal
- Auth & Session Flaws — Broken Auth, JWT Attacks, Session Fixation
- Business Logic Vulnerabilities — Race Conditions, Workflow Bypass, Price Manipulation
- Client-Side Attacks — XSS (Stored/Reflected/DOM), CSRF, Clickjacking
- SSRF / XXE / Deserialization — Server-side request forgery, XML injection, Object deserialization
REST & GraphQL security testing aligned with the OWASP API Security Top 10:
- BOLA (IDOR) — Broken Object Level Authorization
- Broken Function Level Authorization — Horizontal & Vertical privilege abuse
- Excessive Data Exposure — Over-fetching, verbose error responses
- Mass Assignment & Rate Limiting — Parameter pollution, brute-force exposure
- Injection via API — SQLi, command injection through API endpoints
Android application testing aligned with OWASP MASVS:
- APK reverse engineering & static analysis
- SSL pinning bypass, certificate validation flaws
- Insecure data storage — SharedPreferences, SQLite, logs
- Exported component abuse (Activities, BroadcastReceivers)
- Runtime manipulation with Frida & Objection
Security assessments of AI-integrated applications using the OWASP Top 10 for LLMs:
- Prompt Injection — direct & indirect context manipulation
- Insecure Output Handling — downstream processing of untrusted LLM outputs
- Sensitive Data Exposure — PII & confidential data leakage via LLM interfaces
- Model Denial of Service — resource exhaustion through adversarial prompts
🔧 Security Automation & Tools Built
# Tool: DNSReaper (wrapper) | Target: AWS Route 53 records
# Impact: Reduced dangling DNS / subdomain takeover risk by 50–60%Built a custom Python wrapper around DNSReaper to automate subdomain takeover vulnerability detection across AWS Route 53 records at scale. The wrapper filtered and validated results, eliminating false positives, and generated structured reports for the CloudOps team. Identified and tracked all dangling DNS records pointing to deprovisioned AWS resources — partnered with CloudOps to remediate, achieving a 50–60% reduction in exposed subdomain takeover vectors.
Stack: Python · DNSReaper · AWS Route 53 API · Boto3 · Jira integration
# Tool: TruffleHog / custom wrapper | Target: GitLab / GitHub SCM repos
# Impact: Reduced hardcoded secrets exposure by 60–70%Engineered a secret scanning wrapper for Source Code Management (SCM) repositories that fetched, validated, and verified hardcoded secrets within codebases — filtering out entropy false positives to surface only confirmed, exploitable credentials. Automated stakeholder notifications with contextual severity, affected file paths, and remediation guidance. Drove a 60–70% reduction in hardcoded secrets exposure across the codebase.
Stack: Python · TruffleHog · GitLab API · Slack/Email Webhooks · Custom Entropy Validator
// Tool: Burp Suite Pro API + Postman Collections
// Trigger: Nightly CI/CD scheduled scan
// Impact: Continuous OWASP API Top 10 coverage across all API endpointsDesigned and implemented an automated nightly API security scanning pipeline integrating Burp Suite Pro (via its REST API) with Postman collections to continuously scan API endpoints for OWASP API Top 10 vulnerabilities. The automation ran on a scheduled CI/CD trigger, generated structured scan reports, and flagged regressions for developer triage — ensuring no new API vulnerabilities slipped past release gates.
Stack: Burp Suite Pro API · Postman · Newman · Jenkins · Python · Jira
| Certification | Issuer | Year |
|---|---|---|
| 🔴 Certified Red Team Expert (CRTE) | Altered Security | 2023 |
| 🔵 Certified Azure Red Team Professional (CARTP) | Altered Security | 2021 |
| ☁️ Microsoft Certified: Azure Fundamentals (AZ-900) | Microsoft | 2021 |
| 🛡️ Certified Application Security Engineer – .NET (CASE) | EC-Council | 2019 |
| 🏅 CREST Practitioner Security Analyst (CPSA) | CREST | 2019 |
| 🎯 EC-Council Certified Security Analyst (ECSA) | EC-Council | 2019 |
| 🔍 Certified Threat Intelligence Analyst (CTIA) | EC-Council | 2018 |
| ⚔️ Certified Ethical Hacker (CEH) | EC-Council | 2017 |
| ✅ ISTQB Foundation Level | ISTQB | 2014 |
🏆 Employee of the Year → Best performance in application testing & management
🥇 Team Maestro Security Award → Security incident handling excellence
⚡ Spot Award → Resolved critical client issue within 24 hours
⭐ STAR Performer Award → Quarterly release performance recognition
🌟 ENCORE Rising Star Award → Q1 April–June 2020, KPMG
┌─────────────────────────────────────────────────────────────┐
│ "Security is not a product, but a process." │
│ — Bruce Schneier │
└─────────────────────────────────────────────────────────────┘
Let's connect and make the web more secure, one assessment at a time.