Muhammad Yasir Siddique

[email protected] • +923014934469 • Lahore

LinkedIn: https://www.linkedin.com/in/yasir-siddique-3a683720/

PROFESSIONAL SUMMARY

Results-driven Associate Project Manager specializing in Application Security, expertly managing penetration testing projects to strengthen organizational defenses. Proven ability to lead cross-functional teams in executing security assessments, achieving a 30% reduction in vulnerability remediation time while ensuring compliance with industry standards and regulatory requirements. Adept at strategic project planning and delivery, driving secure development practices that enhance risk management and elevate overall security posture. Committed to delivering impactful security solutions that align with business objectives and protect critical assets.

WORK EXPERIENCE

Associate Project Manager

07/2022 - Present

CureMD , Lahore

• Provide expert guidance on risk management, compliance, and security best practices aligned with organizational objectives.

• Oversee vulnerability management, QA processes, and security audits to ensure compliance, data integrity, and system resilience.

• Serve as the primary security advisor for customer support and implementation teams, addressing product and client security concerns.

• Conduct penetration testing (Web & API), identifying and exploiting vulnerabilities to strengthen security posture.

• Collaborate with cross-functional teams to integrate security controls consistent with industry standards and best practices.

• Manage QA and security teams, reporting work-in-progress and performance metrics to the Manager of Quality Assurance.

• Validate client requirements in collaboration with business analysis teams to ensure technical and functional accuracy.

• Support User Acceptance Testing (UAT), postmortem analysis, and release retrospectives to enhance product quality and reliability.

• Ensure compliance with HIPAA and other healthcare regulatory frameworks for data protection and privacy.

Principle SQA

08/2017 - 09/2025

CureMD , Lahore

• Lead Release Management and Quality Assurance (QA) processes to ensure timely and reliable software deployments.

• Plan and manage resource scheduling, time and test effort estimations, and milestone definition for queued tasks.

• Resolve live client issues, perform root cause analysis, and document findings through lesson learned and postmortem reports.

• Conduct workflow impact analysis to evaluate change effects on system functionality and business operations.

• Identify critical testing scenarios and develop comprehensive checklists to guide QA execution.

• Create detailed Software Test Plans and Acceptance Criteria based on project specifications.

• Manage multiple QA teams across modules including Reports, EDI, Billing Automation, and Billing.

• Perform Regression, Sanity, Smoke, and Integration Testing to validate end-to-end software functionality.

• Oversee bug reporting and tracking in HP Quality Center (QC), ensuring timely defect resolution and team accountability.

Sr, SQA

09/2014 - 09/2017

CureMD , Lahore

• Assign and manage testing tasks among team members to ensure timely and high-quality project completion.

• Review and validate test cases prepared by the QA team to maintain consistency, accuracy, and coverage.

• Conduct domain training sessions to enhance team knowledge and strengthen QA competency.

• Demonstrate strong expertise in Healthcare Billing, EDI 837P, and Eligibility 270/271 transactions.

• Perform test planning, boundary value analysis, equivalence class partitioning, and detailed scenario writing for maximum test coverage.

• Develop Work Breakdown Structures (WBS) for accurate project estimation and resource planning.

• Lead and mentor a team of junior QA resources, providing coaching, performance feedback, and skill development support.

SQA engineer

11/2012 - 09/2014

CureMD , Lahore

• Develop and execute test cases and test scenarios to ensure product quality and functional accuracy.

• Participate in QA/Development review sessions to evaluate project scope, assess risks, and align testing efforts with change requirements.

• Conduct Regression, Sanity, Smoke, and Integration Testing for healthcare software products.

• Perform both functional and non-functional testing to validate performance, usability, and reliability.

• Log, track, and manage defects using TFS (Team Foundation Server), ensuring timely resolution and transparency across teams.

SQA Engineer

07/2011 - 11/2012

Kabot International , Lahore

• Analyze requirements, design test cases, and ensure comprehensive test coverage.

• Develop and execute manual and automated test scripts.

• Identify, document, and track software defects using bug-tracking tool.

• Participate in reviews of requirements, design, and code to ensure test-ability and adherence to standards.

• Maintain test plans, test data, and detailed test reports.

• Validate bug fixes and perform re-testing and verification before release.

System Support Engineer

03/2010 - 07/2011

FMH , Lahore

• Provide technical support and troubleshooting for hardware, software, and network issues.

• Install, configure, and maintain operating systems, applications, and network devices.

• Perform regular system updates, patches, and security hardening.

• Provide end-user training and technical guidance as needed.

EDUCATION

Bachelor of Computer Science

03/2005 - 11/2009

Punjab University of Information Technology , Lahore

ICS

12/2002 - 02/2005

F.C. College , Lahore

SKILLS

Technical Skills: Penetration Testing (Web, APIs), Vulnerability Assessment (VAPT) & Security Auditing, HIPAA & Risk Compliance, Security Testing & Awareness Training, Test Planning, Design & Execution, Manual & Web Application Testing, Database Testing (MS SQL Server), SDLC / STLC & Quality Management, Workflow & Process Analysis, Healthcare IT (CMS 5010, EDI 837P, Eligibility 270/271), Web Application Security, Project Management & Requirements Analysis, Problem Solving & Employee Training, Troubleshooting & User Support

PROJECTS

Cloudflare Implementation

• Led the successful implementation of Cloudflare across the organization’s web infrastructure to enhance security, performance, and reliability. Configured and optimized key Cloudflare services, including Web Application Firewall (WAF), DDoS protection, bot management, rate limiting, and SSL/TLS encryption to safeguard applications from malicious attacks and unauthorized access.

Web & APIs Pentesting of 10g & Leap

• Performed Web and API penetration testing on 10g and Leap applications, identifying and reporting security vulnerabilities (OWASP Top 10), validating fixes, and enhancing overall application security.

Android & iOS Application Security Assessment

• Conducted security and functional testing for Android and iOS mobile applications, identifying vulnerabilities in authentication, data storage, and API communication. Collaborated with mobile developers to implement secure coding practices and enhance app resilience against attacks.

Subdomain and Third-Party Tools/Libraries VAPT

• Performed Vulnerability Assessment and Penetration Testing (VAPT) on organizational subdomains and third-party tools/libraries to identify misconfigurations, outdated dependencies, and exposed assets. Conducted reconnaissance, enumeration, and dependency analysis using industry-standard tools to detect potential exploits

Novel Health / Telemedicine

Technologies: Tester | ASP.NET, SQL, C#, Web Services

Patient Advance Independent

Technologies: Lead, Analyst, Test Planning | ASP.NET, SQL, AJAX

Integrating Online Payments

Technologies: Lead, Tester | ASP.NET, jQuery/JavaScript, SQL

ICD10 Codes

Technologies: Tester | ASP.NET, AJAX, SQL, ASP Classic

Platform Independence (PI)

Technologies: Tester | JavaScript, jQuery DataTables, Bootstrap

CMS 4010 to 5010

Technologies: Tester | ASP.NET, AJAX, SQL, ASP Classic

Vista++ EHR (Electronic Health Record)

Technologies: Tester | ASP, SQL, C#

HMIS (Hospital Management System)

Technologies: – Tester and Trainer | C#, SQL, Windows Services

CERTIFICATIONS

Certified Ethical Hacker (Master)

12/2023

EC- Council

Certified Ethical Hacker (Practical)

12/2024

EC- Council

API Penetration Testing

10/2023

APISec University

Certified AppSec Practitioner (CAP)

02/2023

SecOps Group

Certified Ethical Hacker (CEH)

03/2022

EC- Council

Querying Microsoft SQL Server 2012/2014

02/2016

Microsoft

ISTQB CTFL

03/2014

ISTQB

Certificate in IT Service Management

04/2013

EXIN