Muhammad Yasir Siddique

[email protected] +923014934469 Lahore
LinkedIn: https://www.linkedin.com/in/yasir-siddique-3a683720/

PROFESSIONAL SUMMARY

Results-driven Associate Project Manager specializing in Application Security, expertly managing penetration testing projects to strengthen organizational defenses. Proven ability to lead cross-functional teams in executing security assessments, achieving a 30% reduction in vulnerability remediation time while ensuring compliance with industry standards and regulatory requirements. Adept at strategic project planning and delivery, driving secure development practices that enhance risk management and elevate overall security posture. Committed to delivering impactful security solutions that align with business objectives and protect critical assets.

WORK EXPERIENCE

Associate Project Manager
07/2022 - Present
CureMD , Lahore
Provide expert guidance on risk management, compliance, and security best practices aligned with organizational objectives.
Oversee vulnerability management, QA processes, and security audits to ensure compliance, data integrity, and system resilience.
Serve as the primary security advisor for customer support and implementation teams, addressing product and client security concerns.
Conduct penetration testing (Web & API), identifying and exploiting vulnerabilities to strengthen security posture.
Collaborate with cross-functional teams to integrate security controls consistent with industry standards and best practices.
Manage QA and security teams, reporting work-in-progress and performance metrics to the Manager of Quality Assurance.
Validate client requirements in collaboration with business analysis teams to ensure technical and functional accuracy.
Support User Acceptance Testing (UAT), postmortem analysis, and release retrospectives to enhance product quality and reliability.
Ensure compliance with HIPAA and other healthcare regulatory frameworks for data protection and privacy.
Principle SQA
08/2017 - 09/2025
CureMD , Lahore
Lead Release Management and Quality Assurance (QA) processes to ensure timely and reliable software deployments.
Plan and manage resource scheduling, time and test effort estimations, and milestone definition for queued tasks.
Resolve live client issues, perform root cause analysis, and document findings through lesson learned and postmortem reports.
Conduct workflow impact analysis to evaluate change effects on system functionality and business operations.
Identify critical testing scenarios and develop comprehensive checklists to guide QA execution.
Create detailed Software Test Plans and Acceptance Criteria based on project specifications.
Manage multiple QA teams across modules including Reports, EDI, Billing Automation, and Billing.
Perform Regression, Sanity, Smoke, and Integration Testing to validate end-to-end software functionality.
Oversee bug reporting and tracking in HP Quality Center (QC), ensuring timely defect resolution and team accountability.
Sr, SQA
09/2014 - 09/2017
CureMD , Lahore
Assign and manage testing tasks among team members to ensure timely and high-quality project completion.
Review and validate test cases prepared by the QA team to maintain consistency, accuracy, and coverage.
Conduct domain training sessions to enhance team knowledge and strengthen QA competency.
Demonstrate strong expertise in Healthcare Billing, EDI 837P, and Eligibility 270/271 transactions.
Perform test planning, boundary value analysis, equivalence class partitioning, and detailed scenario writing for maximum test coverage.
Develop Work Breakdown Structures (WBS) for accurate project estimation and resource planning.
Lead and mentor a team of junior QA resources, providing coaching, performance feedback, and skill development support.
SQA engineer
11/2012 - 09/2014
CureMD , Lahore
Develop and execute test cases and test scenarios to ensure product quality and functional accuracy.
Participate in QA/Development review sessions to evaluate project scope, assess risks, and align testing efforts with change requirements.
Conduct Regression, Sanity, Smoke, and Integration Testing for healthcare software products.
Perform both functional and non-functional testing to validate performance, usability, and reliability.
Log, track, and manage defects using TFS (Team Foundation Server), ensuring timely resolution and transparency across teams.
SQA Engineer
07/2011 - 11/2012
Kabot International , Lahore
Analyze requirements, design test cases, and ensure comprehensive test coverage.
Develop and execute manual and automated test scripts.
Identify, document, and track software defects using bug-tracking tool.
Participate in reviews of requirements, design, and code to ensure test-ability and adherence to standards.
Maintain test plans, test data, and detailed test reports.
Validate bug fixes and perform re-testing and verification before release.
System Support Engineer
03/2010 - 07/2011
FMH , Lahore
Provide technical support and troubleshooting for hardware, software, and network issues.
Install, configure, and maintain operating systems, applications, and network devices.
Perform regular system updates, patches, and security hardening.
Provide end-user training and technical guidance as needed.

EDUCATION

Bachelor of Computer Science
03/2005 - 11/2009
Punjab University of Information Technology , Lahore
ICS
12/2002 - 02/2005
F.C. College , Lahore

SKILLS

Technical Skills: Penetration Testing (Web, APIs), Vulnerability Assessment (VAPT) & Security Auditing, HIPAA & Risk Compliance, Security Testing & Awareness Training, Test Planning, Design & Execution, Manual & Web Application Testing, Database Testing (MS SQL Server), SDLC / STLC & Quality Management, Workflow & Process Analysis, Healthcare IT (CMS 5010, EDI 837P, Eligibility 270/271), Web Application Security, Project Management & Requirements Analysis, Problem Solving & Employee Training, Troubleshooting & User Support

PROJECTS

Cloudflare Implementation
Led the successful implementation of Cloudflare across the organization’s web infrastructure to enhance security, performance, and reliability. Configured and optimized key Cloudflare services, including Web Application Firewall (WAF), DDoS protection, bot management, rate limiting, and SSL/TLS encryption to safeguard applications from malicious attacks and unauthorized access.
Web & APIs Pentesting of 10g & Leap
Performed Web and API penetration testing on 10g and Leap applications, identifying and reporting security vulnerabilities (OWASP Top 10), validating fixes, and enhancing overall application security.
Android & iOS Application Security Assessment
Conducted security and functional testing for Android and iOS mobile applications, identifying vulnerabilities in authentication, data storage, and API communication. Collaborated with mobile developers to implement secure coding practices and enhance app resilience against attacks.
Subdomain and Third-Party Tools/Libraries VAPT
Performed Vulnerability Assessment and Penetration Testing (VAPT) on organizational subdomains and third-party tools/libraries to identify misconfigurations, outdated dependencies, and exposed assets. Conducted reconnaissance, enumeration, and dependency analysis using industry-standard tools to detect potential exploits
Novel Health / Telemedicine
Technologies: Tester | ASP.NET, SQL, C#, Web Services
Patient Advance Independent
Technologies: Lead, Analyst, Test Planning | ASP.NET, SQL, AJAX
Integrating Online Payments
Technologies: Lead, Tester | ASP.NET, jQuery/JavaScript, SQL
ICD10 Codes
Technologies: Tester | ASP.NET, AJAX, SQL, ASP Classic
Platform Independence (PI)
Technologies: Tester | JavaScript, jQuery DataTables, Bootstrap
CMS 4010 to 5010
Technologies: Tester | ASP.NET, AJAX, SQL, ASP Classic
Vista++ EHR (Electronic Health Record)
Technologies: Tester | ASP, SQL, C#
HMIS (Hospital Management System)
Technologies: – Tester and Trainer | C#, SQL, Windows Services

CERTIFICATIONS

Certified Ethical Hacker (Master)
12/2023
EC- Council
Certified Ethical Hacker (Practical)
12/2024
EC- Council
API Penetration Testing
10/2023
APISec University
Certified AppSec Practitioner (CAP)
02/2023
SecOps Group
Certified Ethical Hacker (CEH)
03/2022
EC- Council
Querying Microsoft SQL Server 2012/2014
02/2016
Microsoft
ISTQB CTFL
03/2014
ISTQB
Certificate in IT Service Management
04/2013
EXIN