Resume

Summary

Shehnaz Khan

Cybersecurity engineer experienced in penetration testing, threat modeling, and red teaming. Specializes in web/API/mobile VAPT and security automation. Speaker at Google Dev Fest and Breach Force.

Professional Experience

Cybersecurity Engineer

Mar 2024 – Present

R.U.D.R.A Cybersecurity Pvt. Ltd., Mumbai

  • Conducted end-to-end penetration testing on web applications, APIs, and Android apps using black-box and gray-box methodologies.
  • Developed scripts, tools, and methodologies to enhance penetration testing process within the organization.
  • Led junior security engineers during VAPT engagements.
  • Developed threat models to map application architecture and identify attack vectors.
  • Participated in incident response and forensic analysis.
  • Interfaced directly with clients to explain technical findings.
  • Maintained documentation including test plans, schedules, and exit reports.
  • Completed all rounds to obtain key cybersecurity certifications (certIN).
  • Executed Red Team assessments using frameworks like MITRE ATT&CK and tools like Merlin C2.
  • Wrote custom Semgrep rules for secure code reviewing.
  • Created Nuclei templates for vulnerability scanning.
  • Basic knowledge of ISO 27001.
  • Worked with both red and blue teams to enhance organizational security.

Cyber Security Analyst

Feb 2024 – Mar 2024

Cipherbeam Technologies LLP, Mumbai

  • Performed web application pentests based on OWASP Top 10 standards.
  • Utilized tools such as BurpSuite, SQLmap, WPScan, and Hydra.
  • Authored detailed VAPT reports and mitigation recommendations.

SOC Intern

Nov 2023 – Jan 2024

Chaitanya Cyber Strix Technologies Pvt. Ltd., Mumbai

  • Monitored security logs and alerts using Splunk and Wazuh.
  • Conducted basic threat intelligence with VirusTotal and Shodan.

Certifications

Education

B.E. in Electronics & Telecommunication

2020 – 2024

AIKTC, Mumbai University

CGPA: 8.5

Honors in Cybersecurity and Ethical Hacking

2022 – 2024

AIKTC, Mumbai University

CGPA: 8.3

Projects & Blogs

Projects

  • Automated API Security Testing – Python + Nuclei
  • Semgrep Rules for Secure Code Review
  • Mass Android App Scanner – Python
  • Khoj Recon Tool – Built in n8n
  • Attack Surface Management – n8n Workflow

Blogs

Skills

  • Languages: Python, Bash, HTML, JavaScript (Basic)
  • Security: Web/API/Android VAPT, Red Teaming, Threat Modeling
  • Tools: BurpSuite, Nmap, SQLmap, Hydra, Nessus, WPScan, Netcat
  • Platforms: Kali, Parrot, Ubuntu, Windows, Android
  • SIEM: Splunk, Wazuh
  • Frameworks: MITRE ATT&CK, OWASP Top 10, NIST

Achievements

  • Founder – ETS Group (Cybersecurity Education)
  • Speaker – Google Dev Fest & Breach Force
  • Member – Ethical Hackers Club, AIKTC