Profiles search

Ameen Maali

Staff Engineer, Product Security at LinkedIn
San Francisco, CA, United States

Details

Education: Informatics



Indiana University Bloomington

2010 : 2014
Experience: Security engineer in LinkedIn Product Security Team

2022 : Present

LinkedIn

Staff Engineer, Information Security

Bug bounty hunter on the HackerOne platform, profile can be found here : https : //hackerone.com/neema

- Reported over 300 valid security vulnerabilities, including XSS, CSRF, RCE, SSRF, IDOR/Authorization Flaws, Session Management Flaws, Account Takeovers, Open Redirects, and more

- Currently ranked in the top 200 hackers on the platform

- Co-run security blog that highlights some bug bounty findings and lessons learned @ https : //medium.com/a-bugz-life

2019 :

Self-Employed

Bug Bounty Hunter

2019 : 2022

LinkedIn

Senior Information Security Engineer, Vulnerability Research and Assessment

- Fixed security vulnerabilities on the platform that came in through vulnerability discover methods (bug bounty program, internal testing, etc.)

- Developed internal tooling/applications related to application security, security automation, CI/CD, etc.

- Worked with engineering teams to help build products and services securely via design/implementation reviews, conducting training, and helping come up with solutions for identified vulnerabilities/issues

- Performed red team exercises and penetration tests of applications and services to identify high risk security issues

2018 : 2019

Tradeshift

Application Security Engineer

- Support/lead efforts as it relates to infrastructure security, application security, IT security, automation, and risk & compliance

- Manage bug bounty program on HackerOne and work with security researchers to validate, test, and remediate security vulnerabilities

- Work on several efforts related to infrastructure and AWS security, including HIDS implementation and tuning, IAM, WAFs, infrastructure and configuration automation with Terraform & Puppet, and more

- Help develop and mature security policies, procedures, security related training, and other documentation. Support compliance program and audit readiness efforts for PCI, ISO 27001 & 27002, SOC 1, and SOC 2

2016 : 2018

Tradeshift

Information Security Engineer
Company: LinkedIn
Years of Experience: 10

Skills

Amazon Web Services (AWS), aws, bash, Bug bounty, Burp Suite, C (Programming Language), C++, cloud security, Computer Security, Cybersecurity, Go (Programming Language), hids, HTML, Information Security, information technology, ISO 27002, Java, JavaScript, Kali Linux, Leadership, Linux, Mobile application penetration testing, Mobile Application Security, Penetration Testing, Privacy, Project Management, puppet, Python, Python (Programming Language), React.js, Risk Management, Security, Security Compliance, Software Development, SQL, terraform, Unix, web application securuity assessment, Microsoft Excel, Microsoft Office, PowerPoint, NIST Cybersecurity Framework, Security Maturity, Third Party Security, Mobile Security, Mobile Device Management, Symantec DLP, Security strategy, Information Security Governance, Third Party Vendor Management, Security Metrics, Security Audits, Privacy Compliance, Data Inventory, Business Development, IT Audit, CISA, Risk Assessment, Security Assessment, Decision-Making, MobileIron, MaaS360, data discovery, Privacy Assessment, Strategic Leadership, Team Leadership, CSS, NIST Cybersecurity

About

Github: https://github.com/ameenmaali

HackerOne: https://hackerone.com/neema