Heeraj Nair
Verified Expert in Engineering
IT Security Developer
Kuala Lumpur Federal Territory of Kuala Lumpur, Malaysia
Toptal member since June 1, 2022
Heeraj is a cybersecurity professional with five years of experience in application security, vulnerability assessments, and penetration testing. With a background in product development, he is adept at reviewing source code for security vulnerabilities. Heeraj has also set up monitoring and addressed clients' AWS and GCP security issues. He is dedicated to providing the best possible security service, and he has a bachelor's degree in computer science.
Portfolio
Experience
- Burp Suite - 5 years
- Application Security - 4 years
- Penetration Testing - 4 years
- DevOps - 3 years
- DevSecOps - 3 years
- Google Cloud Platform (GCP) - 3 years
- Compliance - 2 years
- ISO 27001 - 2 years
Availability
Preferred Environment
Burp Suite, QualysGuard, GitHub, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Amazon Web Services (AWS), Google Cloud Platform (GCP), SIEM, ISO 27001
The most amazing...
...thing I've done was co-founding a cybersecurity company that works on everything from product development to security assessment.
Work Experience
IT Security Engineer
Freelance
- Performed application security assessments for clients, including red teaming simulations.
- Worked on security controls to comply with ISO/IEC 27001:2013, including a gap assessment and implementation of the standard.
- Prepared a security awareness initiative for an organization.
Security Engineer
DoctorOnCall
- Identified, evaluated, treated, and reported security vulnerabilities in systems and the software that runs on them.
- Assisted the organization in complying with the ISO/IEC 27001, NIST, and HIPAA standards.
- Worked on cloud and infrastructure security and resolved security alerts.
Co-founder
BrewSec
- Participated in product development of thebugbounty.com, a crowd-sourced bug bounty platform; created technical documentation, a product specification document, an architecture diagram, and a network diagram.
- Led a team of four developers involved in daily stand-ups, sprint planning, execution, and retrospectives.
- Established cloud monitoring in Amazon CloudWatch and Google Cloud Monitor. Implemented uptime checks, anomaly detection, and Amazon Simple Notification Service (SNS) notifications.
- Reviewed source code for security vulnerabilities.
- Conducted mobile and web penetration testing for numerous clients.
Summer Intern
OWASP
- Developed a guide for building and verifying secure software in a software development cycle.
- Built secure code examples in Django and reviewed source code.
- Developed secure code examples in Flask and reviewed code.
Experience
TheBugBounty
Threat Intel and Brand Security
Tool capabilities included:
• Tracking of phishing simulation attacks and whether any look-alike domains were activates
• Asset discovery and checking for asset vulnerabilities
• Dark web monitoring
• Checking for botnets and malware in a system
• DNS security and SPF check
• Cloud misconfiguration
Security Awareness Program
• Awareness initiative for the entire organization
• Monthly newsletter
• Phishing simulation for employees
• Security awareness training, videos, and quiz
• Tools to track and retrain employees
Education
Bachelor's Degree in Computer Science
Amrita Vishwa Vidyapeetham - Kerala, India
Certifications
ISO 27001 ISMS – Certified Internal Auditor
Global Association for Quality Management (GAQM)
Skills
Tools
GitHub, Amazon Virtual Private Cloud (VPC), Nessus, VPN, Grafana
Languages
Bash, Python 3, Python
Frameworks
OpenVAS, Django, Flask
Paradigms
DevSecOps, HIPAA Compliance, DevOps, Penetration Testing, Azure DevOps
Platforms
Burp Suite, QualysGuard, Wazuh, Linux, Kubernetes, Amazon Web Services (AWS), Google Cloud Platform (GCP), UpGuard, Azure, Docker, WordPress
Industry Expertise
Cybersecurity, Network Security
Other
Ubuntu Server, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Capture the Flag (CTF), Deployment, Application Security, Source Code Review, Security, Web Application Firewall (WAF), Endpoint Detection and Response (EDR), MDM, Trend Micro, Red Teaming, IT Security, Firewalls, Proxy Servers, Architecture, Ethical Hacking, Software Development, Cloud, Networking, Cloud Security, Risk Assessment, Compliance, ISO 27001, Springbot, Information Security, OAuth, Secure Storage, CI/CD Pipelines, System-on-a-Chip (SoC), SIEM, Networks, Virtual Private Servers, Threat Intelligence, Security Awareness, Web Marketing, Training
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring