About Experience Research & Focus Talks Awards Contact
Security Researcher • Product Security • AI/ML Security Focus

Mohammad Arif

Senior Product Security Engineer with 5+ years of experience securing modern products across web, API, mobile, cloud, and secure SDLC workflows. I am now extending that foundation into AI/ML security, with growing focus on adversarial ML, model abuse scenarios, and secure design for AI-enabled systems.

Let’s Connect LinkedIn AI Security Notes
California, USA
DEFCON Speaker
AppSec • Cloud • Threat Modeling
Open to impactful security work

What I bring

I work at the intersection of offensive security, secure engineering, and program design — helping teams ship faster with better security posture.

Product Security Leadership

Built and operationalized security review processes, threat modeling, release certification, secure coding enablement, and vulnerability management across engineering organizations.

Hands-on Assessment Depth

Strong execution across web, API, mobile, source code review, network assessment, AWS security, supply chain risk, and CI/CD security.

Research-Driven Mindset

Active in security communities, talks, workshops, and practical learning around adversarial ML and AI/ML security, with a bias toward real-world demonstrations.

Experience

A track record of improving coverage, reducing risk, and building practical security programs inside high-growth product environments.

Sep 2023 – Jul 2025
PoshmarkSenior Security Engineer
  • Designed and implemented security review processes that improved coverage across 50+ repositories.
  • Expanded secure code coverage through SAST/DAST automation in CI/CD pipelines.
  • Reduced remediation time by leading web, API, and mobile assessments with direct developer partnership.
  • Strengthened AWS security posture across IAM, S3, and network configurations.
  • Upskilled 100+ engineers through secure coding workshops and CTF-style learning.
Apr 2023 – Sep 2023
PaytmSenior Security Engineer
  • Built SSDLC and Security Champion programs to embed security from design stage onward.
  • Led threat modeling and architecture reviews for critical, high-traffic applications.
  • Delivered secure coding training aligned to real development workflows and OWASP risks.
  • Managed bug bounty and vulnerability disclosure workflows at scale.
Jun 2021 – Apr 2023
PaytmSecurity Engineer
  • Performed web, API, mobile, and network security assessments on customer-facing applications.
  • Drove faster remediation through vulnerability triage, dashboards, and security playbooks.
  • Partnered with engineering and DevOps to secure pipelines and reduce insecure deployment patterns.
May 2020 – May 2021
MyntraSecurity Intern
  • Conducted security testing across 30+ projects with focus on high-impact findings.
  • Built Jira-based workflows and dashboards to track remediation and SLA progress.

Technical Depth & Transition into AI/ML Security

The profile below is optimized to show both practical industry experience and forward-looking security curiosity.

Core areas

Web Security API Security Mobile Security Threat Modeling Secure SDLC SAST / DAST Cloud Security AWS Security Source Code Review OAuth / JWT Network Security Bug Bounty Operations AI/ML Security (Emerging Research Focus) Secure RAG Architecture Secure AI Systems

AI/ML Security Direction

I am actively transitioning into AI/ML security by building on my background in product security, offensive testing, cloud security, and secure SDLC. My current focus includes adversarial machine learning, model abuse scenarios, and secure-by-design approaches for AI-enabled products.

I document this journey publicly through my 100 Days of AI Security playbook.

Talks & community presence

I don’t just practice security — I teach, demo, and contribute to the communities that shape it.

Black Hat – Tool DemonstrationInvited speaker at Black Hat, demonstrating real-world security tooling and exploitation scenarios
DEFCON 33 – AppSec & Cloud DemoDelivered live demonstration on application and cloud security techniques at DEFCON.
Seasides Cloud VillageDemonstrated AWS metadata exploitation using SSRF with Burp Suite and real-world misconfigurations.
c0c0n Security ConferencePresented modern web security risks and mitigation strategies focused on JavaScript and compliance.
Crac0n and Seasides TrainerHands-on training on IAM abuse, cloud misconfigurations, and real-world attack scenarios.
RedTeam Summit TrainerDelivered training on firmware reversing and embedded system exploitation techniques.
Seasides TrainerDelivered training on Drone Hacking and hardware-level security.
Seasides Village TrainerTrained participants on hardware-level architecture, soldering skills, Badge building techniques.

Community Leadership

• Core Team Member – Seasides Security Conference
• Hardware Village Lead – Seasides (Hardware Security & Embedded Systems)
• Active contributor to global security communities including OWASP & BSides

Awards & recognition

Recognition earned through execution, consistency, and contribution to the broader security ecosystem.

Best Team PlayerPoshmark • 2024
Superstar of the TeamPaytm Security Team • 2023, 2022
Rising Star of the TeamPaytm Security Team • 2021
Security Researcher Hall of FameRecognized by organizations including Mastercard, Bosch, Western Union, Arkose Labs, Under Armour, and Skyscanner

Let’s build secure products that scale.

I’m especially well suited for roles in product security, application security, cloud security, security engineering, and AI/ML security, bringing a practical engineering foundation with growing specialization in secure AI systems.

Emailmohammadarif1@toromail.csudh.edu
GithubZero0x00
LinkedInmohd--arif
CredlyCredly profile
Credential.netCredential.net profile
Built as a single-file HTML profile for GitHub Pages hosting.