Heeraj Nair, Developer in Kuala Lumpur Federal Territory of Kuala Lumpur, Malaysia
Heeraj is available for hire
Hire Heeraj

Heeraj Nair

Verified Expert  in Engineering

IT Security Developer

Kuala Lumpur Federal Territory of Kuala Lumpur, Malaysia

Toptal member since June 1, 2022

Bio

Heeraj is a cybersecurity professional with five years of experience in application security, vulnerability assessments, and penetration testing. With a background in product development, he is adept at reviewing source code for security vulnerabilities. Heeraj has also set up monitoring and addressed clients' AWS and GCP security issues. He is dedicated to providing the best possible security service, and he has a bachelor's degree in computer science.

Portfolio

Freelance
Amazon Web Services (AWS), Penetration Testing, Source Code Review...
DoctorOnCall
Application Security, Cloud Security, Risk Assessment, Compliance, ISO 27001...
BrewSec
Application Security, Cloud Security, Software Development, DevOps, DevSecOps...

Experience

  • Burp Suite - 5 years
  • Application Security - 4 years
  • Penetration Testing - 4 years
  • DevOps - 3 years
  • DevSecOps - 3 years
  • Google Cloud Platform (GCP) - 3 years
  • Compliance - 2 years
  • ISO 27001 - 2 years

Availability

Full-time

Preferred Environment

Burp Suite, QualysGuard, GitHub, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Amazon Web Services (AWS), Google Cloud Platform (GCP), SIEM, ISO 27001

The most amazing...

...thing I've done was co-founding a cybersecurity company that works on everything from product development to security assessment.

Work Experience

IT Security Engineer

2020 - PRESENT
Freelance
  • Performed application security assessments for clients, including red teaming simulations.
  • Worked on security controls to comply with ISO/IEC 27001:2013, including a gap assessment and implementation of the standard.
  • Prepared a security awareness initiative for an organization.
Technologies: Amazon Web Services (AWS), Penetration Testing, Source Code Review, Google Cloud Platform (GCP), QualysGuard, OpenVAS, Application Security, Cloud Security, Wazuh, SIEM, Cybersecurity, Architecture, Virtual Private Servers, Proxy Servers, Firewalls, IT Security, Networks, Linux, VPN, Azure, Azure DevOps

Security Engineer

2020 - PRESENT
DoctorOnCall
  • Identified, evaluated, treated, and reported security vulnerabilities in systems and the software that runs on them.
  • Assisted the organization in complying with the ISO/IEC 27001, NIST, and HIPAA standards.
  • Worked on cloud and infrastructure security and resolved security alerts.
Technologies: Application Security, Cloud Security, Risk Assessment, Compliance, ISO 27001, HIPAA Compliance, Information Security, OAuth, Secure Storage, System-on-a-Chip (SoC), OpenVAS, Nessus, UpGuard, Wazuh, Web Application Firewall (WAF), Amazon Virtual Private Cloud (VPC), Endpoint Detection and Response (EDR), MDM, Trend Micro, Red Teaming, Cybersecurity, Architecture, Virtual Private Servers, Proxy Servers, Firewalls, IT Security, Networks, Linux, VPN, Docker

Co-founder

2018 - 2020
BrewSec
  • Participated in product development of thebugbounty.com, a crowd-sourced bug bounty platform; created technical documentation, a product specification document, an architecture diagram, and a network diagram.
  • Led a team of four developers involved in daily stand-ups, sprint planning, execution, and retrospectives.
  • Established cloud monitoring in Amazon CloudWatch and Google Cloud Monitor. Implemented uptime checks, anomaly detection, and Amazon Simple Notification Service (SNS) notifications.
  • Reviewed source code for security vulnerabilities.
  • Conducted mobile and web penetration testing for numerous clients.
Technologies: Application Security, Cloud Security, Software Development, DevOps, DevSecOps, Penetration Testing, Network Security, CI/CD Pipelines, Ubuntu Server, Python 3, OpenVAS, Cybersecurity, Python, Architecture, Virtual Private Servers, Proxy Servers, Firewalls, IT Security, Networks, Linux, Grafana

Summer Intern

2017 - 2017
OWASP
  • Developed a guide for building and verifying secure software in a software development cycle.
  • Built secure code examples in Django and reviewed source code.
  • Developed secure code examples in Flask and reviewed code.
Technologies: Django, Flask, Source Code Review, Static Application Security Testing (SAST), Python 3, Cybersecurity, Python, IT Security

TheBugBounty

TheBugBounty brings together the smartest and best security researchers to help organizations counter the ever-growing challenges of security attacks. I participated in the product development of this crowd-sourced bug bounty platform. I also created technical documentation, a product specification document, an architecture diagram, and a network diagram. Finally, I led a team of four developers involved in daily stand-ups, sprint planning, execution, and retrospectives.

Threat Intel and Brand Security

Attack surface management tools provide open-source intelligence, which can be fetched from a domain name, organization name or keywords, or a VIP name. I worked on several of the tools and implemented APIs.

Tool capabilities included:
• Tracking of phishing simulation attacks and whether any look-alike domains were activates
• Asset discovery and checking for asset vulnerabilities
• Dark web monitoring
• Checking for botnets and malware in a system
• DNS security and SPF check
• Cloud misconfiguration

Security Awareness Program

Deliverables:
• Awareness initiative for the entire organization
• Monthly newsletter
• Phishing simulation for employees
• Security awareness training, videos, and quiz
• Tools to track and retrain employees
2014 - 2018

Bachelor's Degree in Computer Science

Amrita Vishwa Vidyapeetham - Kerala, India

DECEMBER 2021 - PRESENT

ISO 27001 ISMS – Certified Internal Auditor

Global Association for Quality Management (GAQM)

Tools

GitHub, Amazon Virtual Private Cloud (VPC), Nessus, VPN, Grafana

Languages

Bash, Python 3, Python

Frameworks

OpenVAS, Django, Flask

Paradigms

DevSecOps, HIPAA Compliance, DevOps, Penetration Testing, Azure DevOps

Platforms

Burp Suite, QualysGuard, Wazuh, Linux, Kubernetes, Amazon Web Services (AWS), Google Cloud Platform (GCP), UpGuard, Azure, Docker, WordPress

Industry Expertise

Cybersecurity, Network Security

Other

Ubuntu Server, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Capture the Flag (CTF), Deployment, Application Security, Source Code Review, Security, Web Application Firewall (WAF), Endpoint Detection and Response (EDR), MDM, Trend Micro, Red Teaming, IT Security, Firewalls, Proxy Servers, Architecture, Ethical Hacking, Software Development, Cloud, Networking, Cloud Security, Risk Assessment, Compliance, ISO 27001, Springbot, Information Security, OAuth, Secure Storage, CI/CD Pipelines, System-on-a-Chip (SoC), SIEM, Networks, Virtual Private Servers, Threat Intelligence, Security Awareness, Web Marketing, Training

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring