Faizal Ali

Performed security assessments and secure code reviews for products, internal tools, and third-party integrations. Collaborated closely with engineering and architecture teams to implement secure design principles during all phases of the SDLC. Conducted threat modeling for new product features and supported privacy-by-design initiatives across the platform. Discovered multiple High and Critical severity infrastructure-level vulnerabilities across both external and internal applications, leading to timely mitigation. Contributed to the development of internal AppSec best practices and hardening guides tailored to business units.

Conducted over 50 SAST and DAST assessments for high-risk applications in FinTech. Provided detailed remediation guidance to AppSec and development teams, improving vulnerability remediation time by 40%. Performed secure code reviews across Java, .NET, and JavaScript applications, identifying insecure coding patterns and logic flaws.

Performed 150+ security assessments across Web, Mobile, API, Thick Client, and Network layers for clients in Finance, Insurance, and QSR domains. Identified and reported OWASP Top 10 and business logic vulnerabilities through manual and automated testing. Led end-to-end security assessment projects, including scoping, testing, reporting, and retesting. Assisted clients in interpreting findings, prioritizing risks, and implementing effective remediation. Created internal scripts and workflows in Python and Bash to improve testing efficiency.