-
2023 - Present
Research Assistant
Concordia University
Montreal, Canada
I have developed a comprehensive set of research skills and acquired substantial practical experience in the realm of web and Android applications' security. My efforts have been focused on identifying security vulnerabilities within Single Sign-On (SSO) and OAuth implementations, and conducting a large-scale measurement study utilizing a vast dataset of applications.
-
2022 - 2023
Product Development Security Team Lead
blu Bank
Tehran, Iran
Led a team of DevSecOps engineers, providing mentorship, guidance, and performance management. Defined and implemented DevSecOps best practices, processes, and standards across the organization. Automated security scans through development pipelines. Collaborated closely with development, operations, and security teams to integrate security measures into the software development lifecycle. Drove the adoption of Infrastructure as Code (IaC) principles to ensure consistent and secure deployment of infrastructure components.
2020 - 2022
Product Development Security Team Lead
-
2020 - 2022
Penetration Test and Red Team Lead
Omid Financial Group
Tehran, Iran
Performed penetration tests and vulnerability assessments on company assets, including applications, servers, and networks. Helped educate and train people against fraud and social engineering techniques. Trained developers on secure coding practices and SSDLC. Defined security policies for different processes in different teams across the company, like the HR onboarding process. Configured firewalls and security mechanisms for mail servers.
-
2019 - 2020
Senior Penetration Testing Specialist
Alibaba Travels Co.
Tehran, Iran
Performed penetration tests, vulnerability assessments, and security analysis on company assets, including but not limited to applications, infrastructure, network, and cloud accounts. Contributed to implementing DevSecOps by bringing SAST and DAST into development pipelines. Created a practical DAST scanner by integrating an open-source ZAP scanner and Archery framework. Automated vulnerability assessment on company infrastructure by scripting in python. Performed security awareness campaigns and simulated phishing attacks with multiple scenarios to educate company staff. Got hands-on experience with phishing frameworks like GoPhish and KingPhisher. Practiced red teaming with open-source frameworks like Caldera and Infection Monkey.
2019 - 2020
Senior Penetration Testing Specialist
-
2016 - 2019
Penetration Testing Specialist
Ertebatat Group
Tehran, Iran
Conducted gray box/black box penetration tests against web applications and web services based on OWASP methodology. Conducted penetration tests against android applications based on OWASP methodology.Generated and presented reports on security vulnerabilities to customers.
about me
I am an experienced professional, skilled in Penetration Testing, DevSecOps, and Application Security.
Passionate about ensuring digital landscapes are fortified against vulnerabilities. Adept at leading cross-functional teams, fostering collaboration, and driving results. Dedicated to enhancing cyber resilience while cultivating a culture of security-first mindset.
fahimeh_rezaei@outlook.com
