AVAILABLE FOR ENGAGEMENTS  ·  #OPENTOWORK

BILAL
AHMED
KHAN

// |
View Experience Get In Touch in
0+
Years in IT
0+
Apps Pentested
0+
IPs Assessed
0
Certifications
01 / ABOUT
Bilal Ahmed Khan
🛡️

15+ YEARS
SECURING
THE ENTERPRISE

I'm a Senior Application Security Engineer with deep expertise spanning Web, API, Mobile (Android), and Thick-Client penetration testing. My engagements cover BFSI, Telecom, Retail, and Government sectors across Saudi Arabia, India, Canada, the Middle East, and the United States.

Currently at Flint International (SITE / NCA), I secure business-critical applications for major PIF-backed entities, define AppSec KPIs, and drive end-to-end vulnerability lifecycle management across GitLab CI/CD pipelines.

📍 Location
Riyadh, Saudi Arabia
🏢 Current
SITE / NCA via Flint
🌍 Sectors
BFSI · Telecom · Gov · SaaS
🗣️ Languages
EN · HI · UR · MR
🌐
Web & API Security — OWASP Top 10 & API Top 10
Comprehensive assessments covering SQLi, XSS, SSRF, IDOR, Broken Auth, Business Logic Flaws, BOLA, Mass Assignment, GraphQL attacks, and JWT exploitation across 100+ enterprise web apps and APIs.
📱
Mobile & Thick-Client Security — OWASP MASVS
Android APK reverse engineering, SSL pinning bypass, insecure data storage analysis, exported component abuse — 30+ mobile apps tested at KPMG alone. Expert in Frida, Objection, and MobSF.
⚙️
DevSecOps & Product Security
SAST, DAST, SCA, and secret scanning integrated into GitLab & Jenkins pipelines. Built VDP programs, Security Champions, and SecureCodingDojo training reducing vulnerabilities by 30–60%.
🤖
AI / LLM Security — OWASP Top 10 for LLMs
Hands-on assessments of AI-integrated applications. Identified and reported Prompt Injection, Insecure Output Handling, Sensitive Data Exposure, and Model Denial of Service vulnerabilities.
02 / SKILLS & TOOLS

THE ARSENAL

Full-spectrum coverage — Web · API · Mobile · Thick-Client · Cloud · AI/LLM

🌐
Web App Security
OWASP Top 10
SQLi XSS (Stored/Reflected/DOM) CSRF SSRF XXE IDOR Broken Auth Business Logic Flaws SSTI Deserialization
🔌
API Security
OWASP API Top 10
BOLA / IDOR Broken Function Auth Excessive Data Exposure Mass Assignment Rate Limit Bypass GraphQL Attacks JWT Attacks Postman
📱
Mobile Security
Android · OWASP MASVS
APK Reverse Engineering SSL Pinning Bypass Insecure Data Storage Exported Components Frida / Objection MobSF Dynamic Analysis
🤖
AI / LLM Security
OWASP LLM Top 10
Prompt Injection Insecure Output Handling Sensitive Data Exposure Model DoS AI App Assessments
⚙️
DevSecOps & Pipeline
SAST · DAST · SCA · Secrets
GitLab CI/CD Jenkins Snyk Veracode HCL AppScan Invicti TruffleHog OWASP ZAP Wiz Trivy
☁️
Cloud & Infrastructure
AWS · Azure · Containers
AWS Security (Dome9/GSL) Azure Red Team Container Security IaC Scanning Tenable MBSS Baselines
⚔️
Offensive Tools
Pentest Arsenal
Burp Suite Pro Metasploit Kali Linux nmap ffuf Social Engineering John the Ripper Hashcat Empire Bloodhound
🛡️
Frameworks & Programs
Governance · Culture
OWASP Top 10 OWASP API Top 10 OWASP MASVS OWASP LLM Top 10 PTES SSDLC NCA Compliance NIST CVSS Security Champions VDP Management Threat Modeling
$ top_skills --ranked --verbose
Web & API Penetration Testing97%
DevSecOps / SAST-DAST-SCA Integration90%
Security Program Leadership85%
Threat Modeling & Risk Assessment80%
Mobile Application Security (Android)80%
AI / LLM Security70%
Cloud Security (AWS / Azure)65%
03 / EXPERIENCE

BATTLE-TESTED
ACROSS INDUSTRIES

Sr. Software QA Engineer (Security Testing)
Flint International · → SITE / NCA · Riyadh, Saudi Arabia
Jan 2026 — Present ACTIVE
  • Securing business-critical applications for major PIF-backed entities in Saudi Arabia
  • Defined & implemented AppSec KPIs measuring testing effectiveness, coverage, and program maturity
  • Rigorous manual & automated security testing — specializing in business logic vulnerabilities and injection-based attacks
  • Orchestrated SAST, SCA & secret scanning within GitLab CI/CD pipelines for continuous security coverage
  • Reduced ecosystem vulnerability count by 60% via GitLab Advanced Security triage and validation
  • Administered DAST scans across environments; deep-dive analysis to systematically eliminate false positives
SASTSCAGitLab CI/CDBusiness LogicDASTNCA ComplianceJira
Principal Product Security Engineer
ConnectWise LLP · Mumbai, India
Oct 2022 — Dec 2025
  • Led product security team — manual pentest of Web, API, Mobile & Thick-Client applications (OWASP Top 10 / API Top 10)
  • Implemented SecureCodingDojo platform; developer training resulted in 30% reduction in reported security vulnerabilities
  • Managed corporate Vulnerability Disclosure Program (VDP) — triaging and prioritizing external researcher reports
  • Built company-wide Security Champions program embedding security into SDLC from the design phase
  • Integrated Snyk into GitLab & Jenkins for SCA, SAST, Container, and IaC scanning with automated developer notifications
  • Assessed AI-integrated apps using OWASP Top 10 for LLMs — identified Prompt Injection, Insecure Output Handling & Sensitive Data Exposure
  • Conducted internal CTF events, phishing simulations & security awareness training across the organization
  • 🔧 Built DNSReaper wrapper for AWS Route 53 — automated subdomain takeover detection across R53 records, reduced dangling DNS exposure by 50–60%
  • 🔧 Built Trufflehog secret scanning wrapper for SCM repositories — fetched, validated & verified hardcoded secrets, automated stakeholder notifications, achieved 60–70% reduction in exposure
  • 🔧 Built nightly API scan automation via Burp Suite Pro + Postman — continuous OWASP API Top 10 coverage across all API endpoints
Web PentestAPI Top 10LLM SecurityVDPSnykSecurity ChampionsPTESCTF
Technology Security Associate Manager
Accenture · Mumbai, India
Jul 2021 — Oct 2022
  • Led one of the largest security assessment programs — 100+ applications across SAST, DAST, SCA, and Penetration Testing with full DevSecOps integration
  • Managed team of 4 security engineers ensuring quality-driven outcomes and timely remediation
  • Developed MBSS Baselines for Network Devices, Windows, Linux, Docker, and Containers
  • Established Secure SDLC practices and embedded DevSecOps culture in client environments
  • Created vulnerable-machine lab for internal CTF events; led RFP responses and security proposal costing
DevSecOpsSAST/DAST/SCAMBSS BaselinesTeam LeadSSDLCCTF Lab
Manager – Application Security
KPMG · Mumbai, India
Jan 2020 — Jul 2021
🏆 ENCORE Rising Star Award — Q1 April–June 2020
  • Delivered engagements across Middle East, Canada & USA — Banking, Telecom, Retail & Pharma clients
  • Penetration tested 100+ web applications and 30+ Android mobile apps (OWASP Top 10 / OWASP MASVS)
  • Conducted VAPT on 600+ IPs across diverse client environments
  • Developed MBSS Baselines for Network devices, Windows, Linux, Docker & Containers
  • Delivered comprehensive client reports with CVSS risk ratings to executive stakeholders
Web PentestAndroid · MASVSOWASP API Top 10VAPT 600+ IPsCVSSMulti-geo Delivery
Application Security Engineer
Cornerstone OnDemand · Mumbai, India
Jun 2019 — Jan 2020
  • Penetration tested Web, Thick-Client & Mobile applications prior to quarterly releases
  • Integrated automated DAST scanning via Burp Suite + Selenium + Postman + Jenkins into CI/CD pipeline
  • Implemented Snyk for SCA; developed Dome9 GSL rules for continuous AWS cloud security posture monitoring
  • Designed and executed phishing & vishing campaigns for multiple industry clients
CI/CD DASTThick-ClientAWS · Dome9SnykSocial Engineering
Principal Quality Engineer
Continuum Managed Solutions Pvt. Ltd. · Mumbai, India
Jan 2011 — May 2019
  • 8 years QA engineering; collaborated with InfoSec team for web app vulnerability assessments (XSS, SQLi, Broken Auth)
  • Managed QA team of 5; led test strategy, test plans, and environment validation across multiple product lines
  • Managed test cases in TestRail; analysis reporting in Jira/Confluence; delivered automated test scripts
QA EngineeringXSS · SQLiTestRailJiraCI/CDAutomation
04 / AUTOMATION & TOOLS BUILT

SECURITY AUTOMATION

Custom tooling built to scale security operations and eliminate manual toil

🌐
DNSReaper Wrapper — Subdomain Takeover Detection (AWS R53)
ConnectWise LLP · 2022–2025
📈 50–60% reduction in dangling DNS records
⚠️ PROBLEM
AWS Route 53 records pointed to deprovisioned resources — creating subdomain takeover vulnerabilities exploitable to hijack company subdomains.
🔧 SOLUTION
Built a Python wrapper around DNSReaper to scan all R53 records at scale, validate results, eliminate false positives, and generate structured reports with remediation guidance for CloudOps.
✅ OUTCOME
Identified all dangling DNS records across the R53 estate. Partnered with CloudOps to remediate, achieving a 50–60% reduction in subdomain takeover exposure.
DNSReaperAWS Route 53PythonBoto3Subdomain TakeoverCloudOps
🔑
Secret Detection Wrapper — SCM Repository Scanning
ConnectWise LLP · 2022–2025
📈 60–70% reduction in hardcoded secrets exposure
⚠️ PROBLEM
Hardcoded secrets (API keys, tokens, passwords) embedded in SCM repositories created critical exposure risk across the GitLab estate.
🔧 SOLUTION
Built a wrapper that fetched SCM repos, ran detection, validated & verified each finding to eliminate false positives, and automated stakeholder notifications with severity, file paths & remediation steps.
✅ OUTCOME
Achieved a 60–70% reduction in hardcoded secrets exposure. Stakeholders received actionable, prioritised reports with zero noise.
TruffleHogSecret ScanningGitLab APIPythonSlack WebhooksSCM Security
🔌
Nightly API Security Scan — Burp Suite Pro + Postman Automation
ConnectWise LLP · 2022–2025
📈 Continuous OWASP API Top 10 coverage
⚠️ PROBLEM
Manual API security testing only happened at release gates — new endpoints were frequently added without security review, leaving vulnerabilities undetected for weeks.
🔧 SOLUTION
Designed a nightly pipeline integrating Burp Suite Pro REST API with Postman collections. Updated collections imported nightly, Burp's active scanner ran across all endpoints, regressions auto-ticketed in Jira.
✅ OUTCOME
Shifted API testing from periodic to continuous. New API vulnerabilities caught within 24 hours of introduction, preventing them from reaching production.
Burp Suite ProPostmanNewmanOWASP API Top 10JenkinsPythonJira APINightly CI/CD
05 / CERTIFICATIONS & AWARDS

CREDENTIALS & RECOGNITION

🛡️
2023
CRTE
Certified Red Team Expert
Altered Security
Advanced AD attacks, lateral movement & persistence in enterprise environments.
☁️
2021
CARTP
Certified Azure Red Team Professional
Altered Security
Azure attack paths, service principal abuse, and tenant escalation techniques.
🔷
2021
AZ-900
Microsoft Certified: Azure Fundamentals
Microsoft
Cloud fundamentals, Azure service architecture and core security concepts.
🛡️
2019
CASE .NET
Certified Application Security Engineer
EC-Council
Secure coding, threat modeling, and security testing for .NET applications.
🏅
2019
CPSA
CREST Practitioner Security Analyst
CREST
UK CREST accredited practitioner-level security analysis and penetration testing.
🎯
2019
ECSA
EC-Council Certified Security Analyst
EC-Council
Advanced penetration testing concepts, methodologies and reporting.
🔍
2018
CTIA
Certified Threat Intelligence Analyst
EC-Council
Threat intelligence lifecycle, IOC analysis, and strategic threat reporting.
⚔️
2017
CEH
Certified Ethical Hacker
EC-Council
Ethical hacking techniques, tools and methodologies across all attack phases.
2014
ISTQB
ISTQB Foundation Level
ISTQB
International software testing qualifications board — testing fundamentals.
$ cat awards.txt
🏆
Employee of the Year
Best performance in application testing & management
🥇
Team Maestro Security Award
Security incident handling excellence
Spot Award
Resolved critical client server issue within 24 hours
STAR Performer Award
Quarterly release performance recognition
🌟
ENCORE Rising Star Award
Q1 April–June 2020, KPMG
06 / CONTACT

LET'S BUILD
SOMETHING
SECURE

Looking for a seasoned Application Security Engineer to strengthen your posture? Whether it's a Web or API pentest, Mobile assessment, DevSecOps integration, or building an AppSec program from the ground up — I'd love to connect.

$ ping bilal --subject "Let's work together"
📍 Location:  Riyadh, Saudi Arabia
✅ Availability:  Open to engagements and #OpenToWork
⚡ Response:  Within 24 hours
✉️
EMAIL
khan.bilal88@gmail.com
in
LINKEDIN
linkedin.com/in/bilalkhan88
GITHUB
github.com/bilalk88
PORTFOLIO
bilalkhan.info
📞
PHONE
+91 9920 931641