The document provides biographical and professional details about an individual, including their education, certifications, skills, and work experience in cybersecurity and related fields such as vulnerability assessment, penetration testing, and software development.
The document provides biographical and professional details about an individual, including their education, certifications, skills, and work experience in cybersecurity and related fields such as vulnerability assessment, penetration testing, and software development.
The document provides biographical and professional details about an individual, including their education, certifications, skills, and work experience in cybersecurity and related fields such as vulnerability assessment, penetration testing, and software development.
The document provides biographical and professional details about an individual, including their education, certifications, skills, and work experience in cybersecurity and related fields such as vulnerability assessment, penetration testing, and software development.
Cybersecurity Engineer experienced in vulnerability assessment, CERTIFICATIONS & ACHIEVEMENTS
penetration testing, security analysis, malware analysis, and software development, seeking new opportunities to leverage skills and expertise Certified Ethical Hacker (CEH) to enhance organizational security. 4 April 2021 Certified Ethical Hacker certificate EDUCATION through an examination administered by EC-
Daffodil International University, Daffodil Smart City, Ashulia, Dhaka Council.
— B.Sc. in Software Engineering C)VA: Certified Vulnerability Assessor In spring 2019 I started my Bachelor of Science (B.Sc.) in Software 4 April 2021 Certified Vulnerability Assessor Engineering (Major in Cyber Security), at Daffodil International certificate through an examination University, Dhaka, Bangladesh. CGPA:3.59 out of 4. administered by mile2.
Al-Amin Academy School & College, Chandpur — Higher Secondary Windows Forensics Certificate (HSC) in science 15 January 2021 Windows forensics authorized by Cyber Security Center 2018 Higher Secondary Certificate (HSC) in Science, Al-Amin Academy School & College, Chandpur, Chittagong GPA: 3.25 out of 5.00. Burp Suite: In-Depth Survival Guide
21 June 2022 authorized by Udemy.
Al-Amin Academy School & College, Chandpur — Secondary School Certificate (SSC) in science Linux Command Line
20 OCT 2020 is authorized by Coursera and
2015 Secondary School Certificate (SSC) in Science, Al-Amin Academy offered through Coursera. School & College, Chandpur, Chittagong GPA: 4.81 out of 5.00. Technical Support Fundamentals EXPERIENCES 21 Feb 2021 Technical Support Fundamentals are 15 Jan 2021-Windows Forensic workshop organized by Cyber Security Center, Daffodil International University. authorized by Google and offered through Coursera. 01 Jan 2021-Working on freelancing platforms like fiverr.com Intro to Bug Bounty Hunting and Web freelancer.com as a Web developer, Penetration tester, and Malware Analyst. Application Hacking
22 September 2022 authorized by Udemy.
01 Jan 2021- Started Working as Campus Ambassador in the paid task and conducted Vulnerability Assessment on their website. OSINT: Content Discovery
25 Jul 2020 - I started my internship as a Cyber Security Engineer at 2 September 2022 authorized by Udemy. Security Operations at Enterprise InfoSec Consultants (EIC) and worked on Spoken English Course various projects in reputed banks. 11 Oct. 2019 I got certificates for the” Spoken 01 Jan 2021- Started Working as a Cyber Security Engineer at Security English Course”. by Daffodil International Operations at Enterprise InfoSec Consultants (EIC) and worked on various Professional Training Institute with an “A” projects in reputed banks and organizations with more than 2 years of grade. experiences. Computer Office Application
The Banks and organizations I have worked with: 15 December. 2019 I got the certificate for” 1. International Finance Investment and Commerce Bank Limited Computer Office Application”. from Bangladesh (IFIC). Technical Education Board Dhaka with an “A+” grade. I conducted a comprehensive black box penetration testing of the server and web application using the OWASP ASVS checklist as a Secure 13 positions on National Cyber Drill 2022 framework. 12-13 Jul 2022 - Secure 13 positions on National Cyber Drill 2022 (BGD e-GOV CIRT CTF Ground). 2. DUNCAN brothers LTD. https://cyberdrill.cirt.gov.bd/scoreboard I conducted a gray box approach to both internal and external penetration testing of the system, covering web application, API, Workstation, and AD testing. This approach simulated an attack by a TECHNICAL SKILLS threat actor with some prior knowledge of the internal system architecture. 1. Penetration testing
3. United Commercial Bank (UCB). 2. Vulnerability Assessment
I conducted black box internal and external penetration testing 3. Digital Forensics focused on server testing, along with a dark web analysis to monitor the system's online presence in hidden areas of the internet where 4. Malware Analysis cybercriminals operate. 5. Sandboxing 4. Uttara Bank LTD. 6. SEIM 7. Dark and Deep Web Analysis I performed Vulnerability Assessment and Penetration Testing (VAPT) on the Core Banking System (CBS), workstations, servers, web 8. Endpoint Detection and Response (EDR) applications, and APIs as part of the project. 9. Linux 5. Lanka Bangla Finance Limited (LBFL). 10. Information Security & Risk Management As part of the project, I performed a Vulnerability Assessment (VA) on the network devices, servers, and workstations within the scope of PCI 11. Web Development DSS. 12. Security Analysis
6. Meghna Bank LTD. PROGRAMMING SKILLS
I conducted both Malware Analysis and Vulnerability Assessment and 1. C Programming
Penetration Testing (VAPT) on the network device, web application, and server within the scope of PCI DSS as part of the project. 2. PHP
3. Python 7. ABG Technologies. 4. HTML I conducted a Vulnerability Assessment and Penetration Testing (VAPT) on the network devices and servers using a white box approach 5. CSS as part of the project. 6. JAVA 8. Midland Bank Limited PROJECTS
I conducted a Vulnerability Assessment and Penetration Testing 1. SNMPS — This script is created to simplify "find (VAPT) on the web application to identify and address potential and discovering live host" and "NMAP scan" vulnerabilities as part of the project. (nmap contain -T4 -A (everything) - p- (all ports) -O(OS)) 9. Pathao https://github.com/naimurrahman04/snmaps
As part of the project, I conducted a Vulnerability Assessment and 2. BDCTF — CTF platform to solve CTF challenges. Penetration Testing (VAPT) on the payment service system's web This platform is created with HTML, CSS, application to identify and address potential vulnerabilities. BOOTSTRAP, AND PHP. http://bdctf.unaux.com/
29 June 2023- Started Working as Advance Cyber Security Engineer at 3. MEDICAREHELPDESK — MEDICAL HELP DESK Cyber Security Department at ITCOM (Philippines)and worked on various to Help someone find blood and doctors. This field of cyber security. platform is created using HTML, CSS, BOOTSTRAP, AND PHP. http://medicarehelpdesk.ezyro.com/ 1. Monitoring and Handling Threats (SANGFOR CC): 4. EVANDERBD — Multi-vendor ECommerce Proactively monitored and managed security threats within the website. This platform is created using WordPress. organization's network using SANGFOR CC security solutions. https://evandarbd.com/ Identified, analyzed, and responded to various security incidents, ensuring minimal impact on operations. 5. D&M — This website is created for clients. https://github.com/naimurrahman04/ 2. Malware Analysis: 6. Load-testing— This code appears to be a script for testing the response times of a list of URLs. Conducted in-depth analysis of malware, including behavior, code, https://github.com/naimurrahman04/Load- and characteristics, to enhance detection and prevention strategies. testing Developed effective strategies to mitigate the risks posed by various types of malicious software. 7. mac-forensic— Help us to do mac-book forensic. 3. Managing and Implementing DRM (FASOO): https://github.com/naimurrahman04/mac- forensic Administered and deployed Digital Rights Management (DRM) GitHub links- solutions provided by FASOO to safeguard sensitive digital assets. Controlled access and managed permissions to protect intellectual https://github.com/naimurrahman04/ property and confidential information. PERSONAL SKILLS
4. Vulnerability Assessment and Penetration Testing: Languages
English language – Moderate proficiency.
Identified and assessed vulnerabilities in IT infrastructure and Fluent in speaking, Decent in reading and applications, taking proactive measures to address them. writing. Conducted penetration testing to simulate real-world attacks, Bangla language – Native Fluent in speaking, ensuring the organization's security readiness. Decent in reading and writing.
5. Handling EDR and SIEM: X-Factors
Great Communicator: Excellent verbal and
Managed and maintained Endpoint Detection and Response (EDR) solutions to detect and respond to threats on individual endpoints. written communication skills Ability to explain Effectively utilized Security Information and Event Management complex technical concepts to non-technical (SIEM) tools to centralize security event data analysis. stakeholders. Effective collaboration with 6. Threat Analysis: cross- functional teams Early Learner: Passion for learning and staying up Conducted comprehensive threat analyses to assess potential security threats and their impact on the organization. to date with the latest trends and technologies. Informed decision-making processes for security measures and risk Proven track record of acquiring new skills quickly. mitigation strategies based on threat assessments. Eager to take on new challenges. Creative Thinking: Ability to approach challenges KEY DELIVERABLES from multiple angles. Think outside the box to find 1. Specialized in public and private corporate security systems. innovative solutions. 2. Utilized dynamic and static malware analysis tools like Cuckoo Enthusiastic Researcher: Understanding the Sandbox, joe Sandbox, Malware Bazaar, Vmray, Any.run, Fireeye importance of staying informed about the latest and VirusTotal etc. to detect and analyze malicious software. threats Continuously research and stay up to date 3. Deployed and configured SEIM and SOC solutions to monitor and on new vulnerabilities and exploits. Use research to respond to security events in real-time. inform threat intelligence and mitigation strategies 4. Conducted threat intelligence analysis to proactively identify and Enthusiastic Researcher mitigate potential cyber threats. 5. Commanding knowledge of VAPT concepts and best practices. 6. Extensive experience with White Box, Grey Box and Black Box penetration testing. 7. Experience with common automated VAPT tools such as Nessus, Burp Suite, and Trustwave etc. 8. Proficiency with other common attack tools and frameworks such as Wireshark, Kali, Metasploit, etc. SIGNATURE 9. Expert understanding of the difference between a vulnerability assessment and a penetration test in the context of assessment scope, objectives, and deliverables. 10. Prepared detailed VAPT reports for executives, including technical findings, risk prioritization, and actionable recommendations for mitigation. 11. Support the technical implementation of ongoing security requirements, including access control and technical audits. 12. Assessed security risks and reported them to the cyber security team for strategic patching.
