Syed Baqar

Team Lead Penetration Testing

Dubai Islamic Bank • Full-time

May 2025 - Present • 1 yr

As a Senior Cyber Security Researcher and Penetration Tester, I lead and manage security assessment initiatives across APIs, web applications, network services, Active Directory environments, cloud platforms, and Kubernetes clusters to identify vulnerabilities and strengthen overall security posture. I oversee end-to-end penetration testing engagements, from scoping and planning to execution, validation, and final reporting. In a managerial capacity, I mentor and guide security team members, assign testing tasks, review technical findings, and ensure quality assurance of deliverables. I coordinate with cross-functional teams, stakeholders, and leadership to align security objectives with business goals while maintaining strict timelines and compliance requirements. My experience extends to reviewing cloud infrastructure and containerized environments to ensure alignment with industry best practices and security compliance standards. I deliver comprehensive technical and executive-level reports with actionable remediation steps to enhance stakeholder awareness and organizational security maturity. Leveraging industry-standard tools such as Burp Suite, OWASP ZAP, Nmap, Metasploit, and advanced manual testing techniques, I ensure thorough vulnerability discovery and risk assessment while maintaining the highest standards of confidentiality and professionalism.

Senior Penetration Tester

Governance Risk & Compliance - GRC360 • Full-time

Jun 2024 - May 2025 • 11 mos

As a Senior Cyber Security Researcher and Penetration Tester, I have performed comprehensive security assessments across APIs, web applications, network services, Active Directory environments, cloud platforms, and Kubernetes clusters to identify vulnerabilities and strengthen overall security posture. My work involves simulating real-world attack scenarios to evaluate risk exposure and validate exploitability of complex security flaws. I have conducted in-depth source code reviews across multiple programming languages and frameworks to detect vulnerabilities at practical, also provide effective remediation guidance to technical team for mitigating risk. My expertise includes application security testing such as business logic analysis, misconfiguration reviews, privilege escalation, and exploitation of vulnerabilities. My experience extends to reviewing cloud infrastructure and containerized environments to ensure alignment with industry best practices and security compliance standards. I deliver comprehensive technical and executive-level reports with clear, actionable remediation steps to enhance stakeholder awareness and organizational security maturity. I leverage industry-standard tools such as Burp Suite, OWASP ZAP, Nmap, Metasploit, and other advanced security frameworks, complemented by deep manual testing methodologies to uncover hidden and high-impact vulnerabilities.

Penetration Tester

Risk Associates • Full-time

Jan 2021 - Jun 2024 • 3 yrs 5 mos

Conducted comprehensive penetration testing across APIs, web applications, network services, Active Directory environments, cloud platforms, and Kubernetes clusters to identify security vulnerabilities and misconfigurations. Simulated real-world attack scenarios to assess risk exposure, validated exploitability of findings, and delivered detailed reports with actionable remediation guidance to enhance overall security posture and resilience against evolving cyber threats.