Muneer Ali
Riyadh,Saudi Arabia
Summary
Experienced Application Security Engineer with over 15 years of comprehensive IT background, including 7 years of dedicated expertise in Application Security. Proficient in conducting thorough vulnerability assessments for a wide range of web, API, and mobile applications. Adept at seamlessly integrating cutting-edge Application Security tools into the CI/CD pipeline effectively for more than 70 projects across different technology stacks in various domains.
Overview
16
16
years of professional experience
1
1
Certification
Work History
DevSecOps Senior Engineer
Elm
01.2023 - Current
- Collaborated with cross-functional teams to strategically plan, develop, and establish a robust DevSecOps initiative
- Integrated AppSec tools(Nexus Lifecycle and Sonarqube) into the CI/CD pipeline (Jenkins, Bamboo and bitbucket )across 70+ projects, enhancing application security
- Automated routine tasks using AppSec tools' APIs, boosting efficiency and accuracy.
- Led the implementation of a secure SDLC process, integrating security checkpoints and automated testing.
- Developed and maintained security-related documentation, including standard operating procedures and incident response plans.
- Conducted threat modeling exercises to identify potential risks and vulnerabilities in critical applications.
- Worked closely with development teams to integrate security controls into the software development lifecycle (SDLC).
- Evaluated and optimized the performance and accuracy of machine learning models.
- Participated in the testing of Disaster recovery activities.
- Assisted in the planning and execution of storage capacity management activities.
- Identified recurring themes from reported issues driving comprehensive fixes and enhancements to improve customer satisfaction.
- Possess expertise in storage media, backup and recovery services, z/OS storage environment, and disaster recovery.
App Security Senior Engineer
Elm
02.2016 - 01.2023
- Conducted comprehensive application penetration testing using burpPro and nuclei tools
- Utilized a combination of manual and automated testing techniques include custom rules in semgrep to do code reviews to detect the vulnerabilities
- Developed comprehensive security policies, procedures, and standards to ensure products security
- Collaborated with cross-functional teams to ensure the security of products and services
- Produced detailed reports of security issues, including recommended solutions
- Provided expert consultation on security related issues
- Conducted post-penetration tests to ensure security patches have been applied
- Collaborated with GRC team to develop KPIs and SLAs for secure coding practices
- Administered the sonarqube portal, and tuning tool for reduced false positives and efficient reporting
- Trained junior staff on penetration testing best practices
- Created and maintained a dashboard to manage and monitor pentest requests, track defects, and monitor KPIs.
Senior Software Tester
Elm
05.2014 - 01.2017
- Designed and executed test cases in collaboration with development teams
- Utilized Selenium and JIRA for effective functional testing and test management.
- Optimized test cases to maximize the success of manual software testing.
- Optimized test cases to maximize success of manual software testing.
- Defined, created and controlled testing environments for successful software deliverables.
- Directed teams completing regression tests to support successful product development stages.
- Documented integration issues and vulnerabilities and outlined improvement recommendations.
- Authored and maintained well-organized, efficient and successful manual test cases for entire team.
- Checked software beyond testing scripts for interconnected problems not covered by established specifications.
- Worked closely with different departments to develop innovative solutions to functionality issues.
- Planned and devised cohesive test plans for projects using advanced testing technologies.
- Coordinated work with various teams to solve problems and improve efficiency for software testing and automation.
Software Engineer
STC
05.2012 - 03.2014
- Developed an internal order management system using Java, Spring Framework, and JavaScript.
- Worked with software development and testing team members to design and develop robust solutions to meet client requirements for functionality, scalability, and performance.
- Reviewed project specifications and designed technology solutions that met or exceeded performance expectations.
- Integrated third-party tools and components into applications.
Software Tester
CogWin
03.2008 - 04.2012
- Specialized in black box functional testing for software products.
- Collaborated with QA team to test software quality through manual and automated testing.
- Supported test review, defect control and configuration management within delivery pipeline.
- Assisted team with development of web-based applications in Agile environment.
- Coordinated work with various teams to solve problems and improve efficiency for software testing and automation.
- Stress tested security fixes and patches.
- Created successful test scripts to manage automated feature testing,
Education
Higher Diploma in Software Engineering -
Aptech
10.2007
Skills
- Standards & Frameworks: OWASP top 10, OWASP ASVS, MASVS, SAMM and NCA
- Application Scanners: Burp Pro, ZAP, SQLMap, Nexus IQ, Sonarqube, Coverity, Appscan, Semgrep, Dependency-Track and MobSF
- CICD: Bamboo and Jenkins
- Databases: MySQL, MS SQL, Oracle
- Programming Languages: Java, C#, Python, JavaScript
- Proposal Development
- Resource Management
- Deadline Management
Certification
- GWAPT
- Internal
- Java
- ISTQB
Languages
Arabic
Full Professional
English
Full Professional
Timeline
DevSecOps Senior Engineer
Elm
01.2023 - Current
App Security Senior Engineer
Elm
02.2016 - 01.2023
Senior Software Tester
Elm
05.2014 - 01.2017
Software Engineer
STC
05.2012 - 03.2014
Software Tester
CogWin
03.2008 - 04.2012
Higher Diploma in Software Engineering -
Aptech
- GWAPT
- Internal
- Java
- ISTQB
Similar Profiles
Ali AljaloudAli Aljaloud
Product manager at ElmProduct manager at Elm
Ryan StaussRyan Stauss
Trouble Technician at ELMTrouble Technician at ELM
Ahmed Bin MadhiAhmed Bin Madhi
Program Manager at ElmProgram Manager at Elm