SHAKEEL AHMAD
Lahore
Summary
I am an application security engineer with 2+ years of experience securing banking and fintech systems. Specializing in advanced penetration testing, risk assessment, and robust security strategies, I excel in protecting high-risk assets like B2B platforms, APIs, mobile/web apps, and third-party integrations. With expertise in endpoint security, RASP, SIEM, and compliance-driven threat mitigation, I deliver proactive solutions to safeguard critical systems against evolving cyber threats.
Overview
2
2
years of professional experience
1
1
Certification
Work History
Application Security Engineer
Digit Plus
05.2023 - Current
- Security and Compliance Testing: Guided and executed security and compliance assessments for B2B platforms, ensuring adherence to industry standards and mitigating vulnerabilities.
- Mobile Application Testing: Performed advanced testing on mobile apps using tools like Frida, Xposed, HTTP Toolkit, and others to identify and address security weaknesses.
- Cybersecurity Product Evaluation: Evaluated cybersecurity tools, including endpoint security, mail security, SIEM, and RASP solutions, and negotiated product procurement for optimized security.
- Incident Response: Actively participated in incident response processes, identifying vulnerabilities, analyzing threats, and implementing remediation strategies.
- API and Web Security Testing: Conducted penetration testing on APIs and web applications to detect and mitigate critical vulnerabilities, enhancing overall system resilience.
- Third-Party Integration Security: Assessed and ensured the security of third-party integrations and APIs to safeguard data and operations.
- Documentation and Reporting: Generated comprehensive security assessment reports, highlighting findings, actionable recommendations, and compliance status.
- Cross-Functional Collaboration: Worked with DevOps, cloud engineers, compliance, and business teams to implement secure solutions.
- Process Improvement: Contributed to enhancing security testing methodologies and automating workflows to improve efficiency and accuracy.
Application Security Engineer (also worked concurrently)
Trillium Information Security Systems
09.2023 - 11.2024
- Security Assessment and Reporting: Led comprehensive security assessments across banking applications and infrastructure. Delivered detailed security reports highlighting vulnerabilities, risk ratings, and actionable remediation strategies aligned with industry standards.
- Threat Detection and Incident Collaboration: Worked closely with the SOC team and developers during incident investigations. Contributed to threat detection workflows and coordinated mitigation plans to contain and resolve issues effectively.
- Mobile Application Penetration Testing: Conducted in-depth penetration testing on mobile applications using advanced tools such as Frida, Xposed, JADX, and manual reverse engineering, uncovering OWASP Top 10 and business logic vulnerabilities.
- Infrastructure and Application Security Evaluation: Assessed the security posture of internal applications and associated infrastructure. Reviewed configurations, performed vulnerability scans, and tested the resilience of deployed solutions.
- ATM, POS & Banking Devices Testing: Executed penetration testing and security audits on financial devices including ATMs, POS systems, and agent banking tables. Ensured physical and software-level security compliance with banking regulations.
- Vulnerability Remediation and Risk Management: Identified critical security gaps and collaborated with stakeholders to prioritize and implement mitigation efforts. Participated in risk evaluation meetings to advise on security decisions.
- Compliance Support and Governance: Supported internal compliance initiatives by ensuring assessment activities aligned with regulatory frameworks. Facilitated cross-team alignment for achieving compliance objectives.
- Continuous Improvement: Suggested improvements in security testing methodologies and contributed to internal knowledge sharing to build security awareness within the engineering and operations teams.
Education
Bachelor of Science - Computer Science
University of Lahore
Lahore, Pakistan06.2025
Skills
- Penetration Testing: Proficient in web, mobile (iOS/Android), API, cloud, and third-party penetration testing, identifying OWASP Top 10, business logic, and infrastructure vulnerabilities using advanced tools (Frida, Xposed, JADX, Burp Suite, HTTP Toolkit) and manual techniques
- Incident Response & Threat Mitigation: Experienced in incident analysis, vulnerability triage, and real-time threat mitigation, working closely with SOC and engineering teams to investigate, contain, and remediate attacks effectively
- Risk Assessment & Compliance: Skilled in conducting risk assessments and ensuring compliance with SBP, and industry standard regulations, delivering detailed security reports with actionable remediation strategies
- Cybersecurity Product Evaluation: Expertise in evaluating and optimizing endpoint security tools, SIEM systems, RASP, and mail security solutions
- Product & Tool Expertise: Expertise Hands-on with cybersecurity products including SIEM, RASP, endpoint security, mail security, and banking devices (ATM, POS, agent banking systems), along with vulnerability scanning and secure code review frameworks
- Technical Expertise: Knowledgeable in vulnerability scanning tools, security frameworks, and secure code review processes
- Team Collaboration: Strong collaborator with cross-functional teams (DevOps, Cloud, Compliance, Development), continuously adapting to emerging technologies and contributing to process improvements in cybersecurity practices
- Quick Learning: Adapted swiftly to new technologies, tools, and methodologies in the ever-evolving cybersecurity landscape
Certification
- API Security Architect – API Academy 06/2025
- Certified AppSec Practitioner (CAP) – THE SecOps Group 06/2025
- Letter of Appreciation – Bazaar Technologies 03/2023
- Letter of Appreciation – Finja 07/2023
- Certificate of Appreciation – PayPro 06/2025
- Certificate of Appreciation – NayaPay 06/2025
Timeline
Application Security Engineer (also worked concurrently)
Trillium Information Security Systems
09.2023 - 11.2024
Application Security Engineer
Digit Plus
05.2023 - Current
Bachelor of Science - Computer Science
University of Lahore
Similar Profiles
Vrisha Jay DagiaVrisha Jay Dagia
Sr. Australian Accountant at Digit PlusSr. Australian Accountant at Digit Plus
Zak KochharZak Kochhar
Digital marketing intern at Go Digit General InsuranceDigital marketing intern at Go Digit General Insurance
Shruti KambleShruti Kamble
Technical Program Manager (Management Trainee) at Digit InsuranceTechnical Program Manager (Management Trainee) at Digit Insurance
Mahrukh BilalMahrukh Bilal
Project Manager at Zylo SolutionsProject Manager at Zylo Solutions
Ahmad NayyerAhmad Nayyer
Freelance Video Editor at DOT CREATEFreelance Video Editor at DOT CREATE