Open to opportunities

Muhammad Mubassir

@muhammadmubassir

Message

Dedicated Ethical Hacker and Security Researcher with proven expertise.

Pakistan

Message

What I'm looking for

I am looking for a role that fosters collaboration, encourages continuous learning, and allows me to tackle challenging security issues.

I am an Ethical Hacker and Security Researcher based in Karachi, Pakistan, with a strong focus on penetration testing and security assessments. My journey in cybersecurity has been marked by significant contributions to major companies, where I have discovered critical vulnerabilities and earned recognition in various Hall of Fame entries. I thrive in collaborative environments, enhancing application security posture through meticulous testing and innovative solutions.

Throughout my career, I have successfully performed security testing on terminal APIs, identified SQL Injection vulnerabilities, and communicated technical findings to senior stakeholders effectively. My certifications, including OSCP and CEH, reflect my commitment to continuous learning and professional growth. I have led initiatives such as phishing awareness campaigns that resulted in a substantial increase in user-reported phishing attempts and a notable decrease in click-through rates.

As a member of the Synack Red Team and a finalist in the Digital Pakistan Cybersecurity Hackathon, I have demonstrated excellence in offensive security and vulnerability research. My passion for cybersecurity drives me to stay ahead of emerging threats and contribute to a safer digital landscape.

Experience

Work history, roles, and key accomplishments

Current

SecOps Engineer

Current

ZealsTech

Feb 2024 - Present (1 year 4 months)

Discovered major vulnerabilities in web applications including IDOR, Broken Access Control, XSS, and DOM XSS, strengthening overall application security posture. Performed security testing of terminal APIs for POS machines, uncovering critical flaws and helping secure financial transaction layers.

Penetration Testing Application Security API Security Vulnerability Assessment Cloudflare WAF PCI DSS Nessus KnowBe4

Current

Red Team Member

Current

Synack

Jan 2021 - Present (4 years 5 months)

Performed web application penetration testing using black box, grey box, and white box approaches to uncover high-impact vulnerabilities aligned with OWASP Top 10. Conducted API security testing, identifying issues such as broken authentication, IDOR, and excessive data exposure in RESTful APIs.

Penetration Testing API Testing OWASP Top 10 Vulnerability Research Technical Reporting

Application Security Analyst

BankIslami

May 2021 - Oct 2021 (5 months)

Scoped and conducted penetration testing on mobile applications, web applications, and infrastructure systems across BankIslami’s digital environment. Performed detailed web and mobile application security assessments on all external-facing platforms to identify vulnerabilities and protect customer data.

Mobile Security Application Security Infrastructure Security

Bug Bounty Hunter

HackerOne

Feb 2017 - Jan 2021 (3 years 11 months)

Reported 78 validated vulnerabilities through the HackerOne platform, showcasing hands-on expertise in offensive security. Conducted penetration tests on web, mobile, and host-based systems as part of bug bounty programs, identifying critical vulnerabilities across multiple Fortune-listed companies.

Bug Bounty Penetration Testing Web Security Mobile Security Exploit Development Proof of Concept

Education

Degrees, certifications, and relevant coursework

Segi University

Bachelor of Information Technology, Information Technology

Completed a Bachelor of Information Technology, gaining foundational knowledge in various aspects of IT. Focused on developing skills relevant to the technology sector.