Skip to main content
SAFAL KORASK
Open to opportunities

SAFAL KORA

@safalkora

Security QA Engineer specializing in web, API, and mobile security testing and automation to strengthen DevSecOps.

India
Message

What I'm looking for

I'm looking for a hands-on security role focused on application security, API security, cloud security, and DevSecOps. I enjoy vulnerability assessments, penetration testing, threat hunting, and security automation while working closely with engineering teams. I want an environment that values ownership, continuous learning, and building secure, scalable products.

I’m a Security QA Engineer with 2+ years of cybersecurity experience, focused on securing web, API, and mobile applications through manual and automated assessments. I specialize in Web Security, API Security, Android & iOS security, Threat Hunting, Threat Modeling, and Penetration Testing.

In my current role, I execute OWASP-aligned security assessments for banking and enterprise applications, including verification of MFA, OAuth, JWT, session management, and access control. I’ve engineered Python and Bash automation for mobile security testing, reducing manual validation effort by 40%, and embedded security validation into SDLC and CI/CD workflows to reduce vulnerability verification timelines by 30%.

I also assess and analyze real-world risk signals—reviewing 100+ API endpoints and analyzing 50+ application and network events using security telemetry and threat intelligence correlation. I collaborate on STRIDE-based threat modeling with development teams and turn findings into practical mitigation recommendations, supported by OWASP Top 10, OWASP API Security Top 10, OWASP MASVS, and MITRE ATT&CK.

Experience

Work history, roles, and key accomplishments

FL
Current

Security QA Engineer

Fortytwo Labs

Dec 2024 - Present (1 year 7 months)

Executed web, API, and mobile (Android/iOS) security assessments for banking and enterprise applications aligned to OWASP standards. Automated security testing with Python/Bash, reducing manual validation effort by 40% and cutting vulnerability verification timelines by 30%.

Education

Degrees, certifications, and relevant coursework

SRM Institute of Science and Technology logoST

SRM Institute of Science and Technology

Bachelor of Technology, Computer Science Engineering (Cyber Security)

2020 - 2024

Activities and societies: Core competencies included threat hunting/modeling, secure SDLC, DevSecOps, CI/CD security, and OWASP Top 10/API security standards. Certifications included CAPIE (Certified API Hacking Expert), AWS Cloud Quest: Cloud Practitioner, and Applied Linux Command Line & Bash scripting; projects covered mobile security automation, API security program (100+ endpoints), and threat-hunting initiative (50+ events).

Earned a Bachelor of Technology in Computer Science Engineering with a Cyber Security specialization (2020–2024). Focused on application security, security testing, vulnerability assessment, penetration testing, and mobile/API security.

Get matched with your dream remote job

Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan