Meerjada Altamas

• Secure cloud and on-prem environments across AWS, Azure, and GCP through hardening, architecture reviews, continuous monitoring, and policy enforcement
• Perform vulnerability assessments, penetration testing support, threat modelling (STRIDE, MITRE), and attack-path analysis for applications and cloud workloads
• Strong in DevSecOps, integrating SAST/DAST, automation, CI/CD pipeline security, and secure coding practices within S-SDLC
• Review code, test APIs and cloud resources, check databases and servers, and ensure alignment with CIS, NIST, PCI, and ISO standards
• Use GenAI for security automation, threat analysis, report drafting, log summarization, and accelerating vulnerability triage, documentation, and research work
• Handle vulnerability assessments, support pen-testing activities, and use threat-modelling frameworks like STRIDE and MITRE to understand real attack paths
• Prepare clear reports and remediation steps and work closely with development, infra, audit, and compliance teams to close gaps

• Perform penetration testing on IT systems, including web applications, mobile applications, thick client apps, network, APIs and infrastructure. Define test procedures, execute tests, generate detailed reports, and track remediation efforts
• Followed industry-standard VAPT methodologies such as PTES, OSSTMM, OWASP, and NIST to ensure thorough black-box and grey-box assessments, simulating real-world attack scenarios and improving system security
• Conducted security assessments and exploited vulnerabilities using both manual techniques and automated VAPT tools, identifying weaknesses and enhancing security measures
• Supported broader information security functions, such as vulnerability management and incident response, contributing to a more robust security framework
• Performed SAST, DAST, IAST, and SCA for applications and carried out secure code reviews as part of secure SDLC processes, ensuring code integrity and security
• Handle DevSecOps responsibilities, integrating security into CI/CD pipelines, managing vulnerabilities, and working with DevOps teams to respond to incidents
• Developed detection logic for web application scanners, created custom rules, and monitored emerging threats, improving threat detection capabilities
• Built and maintained threat models for diverse software projects, enhancing the understanding of potential risks and improving security strategies
• Conducted vulnerability assessments and ensured audit policy compliance with standards like SANS 25, CIS, ISO 27001, PCI-DSS, GDPR, etc., maintaining regulatory compliance and security standards
• Collaborated closely with internal teams and stakeholders to strengthen security posture, stayed updated with the latest attack vectors, and communicated findings with actionable recommendations, fostering a proactive security environment

• Perform vulnerability assessment and penetration testing for the application, infrastructure, network, and database
• Assessed identified vulnerabilities daily and prioritized them through infrastructure scans on both on-premises and cloud systems using automation scanning tools such as Nessus Tenable and QualysGuard, improving security posture
• Identified security gaps in infrastructure and application security and addressed these vulnerabilities to application owners and stakeholders with proper mitigation processes, reducing potential security risks
• Performed vulnerability management duties to enhance security across the organization, prioritized the severity of vulnerabilities, and followed the mitigation process after assigning vulnerabilities to different stakeholders, ensuring timely resolution
• Conducted security policy compliance as per security standards such as CIS, PCI DSS, ISO, GDPR, OWASP, SANS for both on-premises and cloud infrastructure, ensuring adherence to industry regulations

• Conduct internal and external vulnerability assessment and penetration testing on applications, networks, and infrastructure for application security testing, thick client testing, and infrastructure security testing
• Conducted penetration testing according to standard methodologies, including black box and white box testing, using both automated and manual techniques, which ensured compliance with security standards
• Identified security gaps in the infrastructure and applications, prepared comprehensive reports, and presented vulnerabilities to clients along with mitigation plans, enhancing client trust and monitoring attack surface management
• Manage IT incident response and actively monitor threat intelligence. Review and act on threat advisories to ensure necessary security measures are in place
• Managed vulnerability duties to enhance security across the organization, prioritized the severity of vulnerabilities, and followed the mitigation process after assigning vulnerabilities to different stakeholders, leading to improved security management
• Followed the secure SDLC methodology to implement SAST and DAST testing for applications, conducted secure code reviews, identified gaps, communicated them to developers, and explained mitigation steps, resulting in improved application security

• Perform malware traffic analysis from PCAP files using tools like tcpdump and Wireshark
• Inspect packet headers, payloads, protocols and extracted files in PCAPs to identify malicious traffic, indicators of compromise (IoCs), and suspicious behaviors
• Triage network captures to separate legitimate traffic from suspicious flows and prioritize investigations
• Develop and write detection rules and signatures for network IDS/IPS systems (for example, Suricata), testing them against PCAPs and live traffic
• Validate and tune detection rules to reduce false positives (FP) and false negatives — iterate on rule logic and thresholds
• Perform network traffic analysis to classify events as true positives (TP) or false positives (FP) and document rationale
• Maintain and update detection/signature libraries, and track rule performance and coverage over time
• Continuously research new malware network behaviors, protocols, and evasion techniques to improve detection efficacy

• Provide IT security support by monitoring systems, managing protection tools, and assisting employees with security issues
• Monitor systems and alerts to detect and report any suspicious activity or potential security threats
• Assist employees with security-related issues such as password resets, phishing email verification, and access troubleshooting
• Manage and maintain security tools including antivirus software, firewalls, and VPNs to ensure they function effectively
• Perform basic vulnerability assessments and promptly report findings to senior security analysts or administrators
• Ensure all systems, devices, and applications remain updated, patched, and compliant with organizational security policies
• Support the implementation of security best practices and awareness initiatives across the organization
• Document incidents, resolutions, and changes to maintain accurate security records

🔍 Enterprise Security Assessment Framework

Duration: 2022-2023 | Impact: 60% reduction in security incidents

• Developed comprehensive security assessment framework for enterprise applications
• Implemented automated vulnerability scanning and reporting system
• Created custom security testing methodologies for cloud-native applications

🛡️ DevSecOps Pipeline Implementation

Duration: 2021-2022 | Impact: 50% faster security integration

• Integrated security testing into CI/CD pipelines for 20+ development teams
• Implemented automated SAST and DAST scanning in development workflow
• Reduced security vulnerabilities in production by 70%

🔐 Security Monitoring & Attack Detection Using DMZ

Academic Project: Multi-layer network protection with real-time threat detection

• Designed and implemented DMZ architecture with multiple security layers
• Developed custom intrusion detection and prevention systems
• Created comprehensive security monitoring dashboard