Jubaer Alnazi Jabin, Developer in Singapore, Singapore
Jubaer is available for hire
Hire Jubaer

Jubaer Alnazi Jabin

Verified Expert  in Engineering

Security Engineer and Developer

Singapore, Singapore

Toptal member since July 18, 2022

Bio

Jubaer, an OSCP specialist, holds a reputable position in information and cloud security. With 5+ years of experience, he discovered the Apple vulnerability (CVE-2023-23526) and identified vulnerabilities in 300+ companies like Apple, Grab, Google, Yahoo, Facebook, and Uber. Jubaer excels in HackerOne, writes insightful articles, and creates Python and Go tools. His expertise spans security compliance (GRC) and Web3 technologies, making him invaluable in securing data and systems.

Portfolio

TRS Forensics
Python, Web Security, Mobile Security, Wireless, Burp Suite, Ethical Hacking...
Axiata
Social Engineering, Red Teaming, Bash Script, Docker, Security...
Binary.com
Web Security, Mobile Security, Wireless, Networks, Ethical Hacking, Linux...

Experience

  • OSCP - 6 years
  • Ethical Hacking - 5 years
  • Web Security - 5 years
  • Network Security - 5 years
  • IT Security - 5 years
  • Hacking - 5 years
  • Penetration Testing - 5 years
  • Mobile Security - 3 years

Availability

Part-time

Preferred Environment

PyCharm, Burp Suite, GitHub, Amazon Web Services (AWS), Docker, Web Security, Ethical Hacking

The most amazing...

...security vulnerability I've discovered was in Grab, where I hacked their payment system and ordered for free, thus earning a reward of $11,000 from them.

Work Experience

Penetration Test Lead

2021 - PRESENT
TRS Forensics
  • Delivered more than 100+ quality pentest projects on time.
  • Implemented different SOPs to ensure productivity in the team.
  • Increased the revenue of the company by scaling the pentest workflow.
  • Developed multiple tools to exploit vulnerabilities and satisfy clients' needs.
  • Managed top tech clients in Singapore to ensure the smooth delivery of the project.
Technologies: Python, Web Security, Mobile Security, Wireless, Burp Suite, Ethical Hacking, Bash Script, Docker, Security, Penetration Testing, MongoDB, OWASP, IT Security, Hacking, Cybersecurity, Vulnerability Assessment, DevSecOps, Database Security, Vulnerability Management

Offensive Security Specialist

2020 - 2021
Axiata
  • Contributed to multiple pentest projects and consulted other teams about security.
  • Ensured a secure environment through numerous red team engagements.
  • Participated in various social engineering engagements to ensure employee security.
Technologies: Social Engineering, Red Teaming, Bash Script, Docker, Security, Penetration Testing, Web Security, Mobile Security, OWASP, IT Security, Hacking, Cybersecurity, Vulnerability Assessment, Database Security

Security Engineer

2019 - 2020
Binary.com
  • Ensured security for the in-house products by performing penetration tests.
  • Developed specific tools to help with security and monitoring.
  • Conducted security training sessions to educate employees about information security.
  • Triaged security vulnerabilities that were reported through the HackerOne program.
Technologies: Web Security, Mobile Security, Wireless, Networks, Ethical Hacking, Linux, Burp Suite, Bug Triage, Docker, Bash Script, Security, Penetration Testing, Amazon Web Services (AWS), OWASP, Cloud Security, IT Security, Hacking, System Administration, Cybersecurity, Threat Modeling, Vulnerability Assessment, DevSecOps, Database Security, Cloudflare

Bug Bounty Hunter

2017 - 2020
HackerOne
  • Reported more than 100+ vulnerabilities, and a good percentage were of high severity.
  • Ranked in the world's top 100 out of 100,000+ registered hackers in 2018.
  • Earned the Hacking the Hackers badge by reporting an issue to HackerOne.
Technologies: Web Security, Mobile Security, Network Security, Bash Script, Docker, Security, Penetration Testing, OWASP, IT Security, Hacking, Cybersecurity, Database Security, Cloudflare

SniffCon—Ultimate Recon Dashboard

https://github.com/h33tlit/SniffCon-Ultimate-Recon-Dashboard-For-Bug-Bounty-And-Pentesting
Sniffcon has a comprehensive list of powerful online bug bounty tools to find security vulnerabilities. It is a platform where users can find heavy lifting tools that provide organized recon data, which is crucial during bug bounty and penetration tests.

Jbin Website Secret Scraper

https://github.com/h33tlit/Jbin-website-secret-scraper
Jbin gathers all the URLs from the website and exposes their secret data. It collects both URLs and JavaScript links to scrape secrets out of them. The new release also enables users to find a specific string in a page, run a custom regex, and generate an informative report.

Parameter-Reflect-Finder

https://github.com/h33tlit/Parameter-Reflect-Finder
A Python-based tool that helps users find reflected parameters with potential XSS or open redirection vulnerabilities. It scans for reflected parameters and shows some URLs with possible open redirect vulnerabilities. The user can also set the max thread to make the script faster.
2017 - 2020

Bachelor's Degree in Cybersecurity

Staffordshire University - Staffordshire, United Kingdom

JANUARY 2023 - PRESENT

Offensive Security Certified Professional (OSCP)

Offensive-Security

Tools

GitHub

Languages

Bash Script, Python, Python 3, JavaScript

Paradigms

Penetration Testing, DevSecOps

Platforms

Burp Suite, Docker, Amazon Web Services (AWS), Linux

Industry Expertise

Network Security, Cybersecurity

Storage

Database Security, MongoDB

Frameworks

Flask

Other

Web Security, Mobile Security, Ethical Hacking, Bug Triage, OWASP, Security, Wireless, IT Security, Hacking, OSCP, Vulnerability Assessment, Cloudflare, Cloud Security, System Administration, Threat Modeling, Vulnerability Management, Coding, Red Teaming, Social Engineering, Networks

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring