Qatar
Experienced Information Security Consultant with a demonstrated history of working in the Computer & Network Security industry. Skilled in ISO 27001, Vulnerability Management, OWASP, Vulnerability Assessment, Networking, Pen testing, Risk Assessments, SOC and ICS/OT Security
Creating and implementing a strategy for the deployment of information security technologies for IT/OT Networks Responsible for all Blue team activities for IT and ICS environments Performing IT security risk assessments and reporting on ways to minimize threats Monitoring security vulnerabilities and hacking threats in network and host systems Tracking latest IT/OT security innovations and keeping abreast of latest cyber security technologies Complying with the latest regulations and compliance requirements including SCDL FIFA requirements Assisting the operational teams in implementing OTSOC Overseeing cyber security hygiene of OT networks Implementing an effective process for the reporting of security incidents Overseeing the investigation of reported security breaches Developing strategies to handle security incidents and trigger investigations Management & Reporting of IT Security KPIs Metrics in terms of Vulnerabilities, Availability, Integrity and Incidents
Analyze security aspect of the software applications or hardware infrastructure based on the requirement. Test client applications includes Web, Thick client and Mobile applications To perform penetration testing of the networks to identify the security flaws in the network Established policies and procedures inline with ISO 20000 and ISO 27001 Lead the departmental risk assessment activities Security of Databases, OS, Networks (incl. Segregation), private Cloud Responsible for overall cyber security hygiene at HIA incluing AV, EDR, App Whitelisting Tracking latest IT security innovations and keeping abreast of latest cyber security technologies Communicating with key stakeholders about IT security threats
Evaluate risk for application and network infrastructures as per OWASP and organizational security control standards and guidelines. As a part of research and development, I have helped in developing two new services – Thick Client and Mobile application security testing services Developed test checklists for Web, ThickClient and Mobile application platforms. Played a crucial role in streamlining the process and as a part of it, I have written the Process documents and testing methodologies. Incident management and handling skills; including knowledge of common probing and attack methods, viruses, botnets and other forms of malware. Correlating events from a Network, OS, Applications or IDS/Firewalls and analysing them for possible threats. Ensure a secure computing environment within the organization Monitor security violations, flag potential violations and investigate security incidents. Evaluate emerging technologies that might enhance the overall security posture of the organization while ensuring compliance to regulatory requirements Conducted Third Party Security Reviews for the vendors of North America Proficient in recording the security issues and preparing report using RSA Archer Manage and monitor tools to ensure security of internal and perimeter network while ensuring that adequate packets and network activity information is captured for investigating potential security incidents Developed and implemented security awareness programs Acted as a business unit trainer and helped in training the new batches on various occasions Achieve all the Process targets in terms of Productivity and Quality. Also met all the SLAs of the process Selected as Verifier and Process Specialist for application security testing team
Worked as an Information Security Analyst responsible for conducting Application Security testing and Third Part Security Reviews. My Contributions include - Performed Application Security Assessments for Web and ThickClient platforms Performed Mobile Application Security Testing Conducted Third Party Security Reviews for the vendors of NA.
Worked as a member of Application Security Testing team and served most of the tenure at the client side for one of the leading bank in India. The contributions include - Conducted application security testing of 200+ business applications Performed Penetration Testing of 300+ IP's Acquainted with various approaches to Grey & Black box security testing Performed Vulnerability Assessment for 100+ servers of various platforms Performed Proof of Concept activities for a leading bank Expert in using Burp Scanner and IBM AppScanner Listed below are some of the key projects Application Security Test of online Banking Applications Application Security Test of Internet Trade Applications Application Security Test of Online portal of a Stock trade company Application Security Test of an Online Exam Application Application Security Test of various Internet and Intranet facing applications of a well-known bank in India External and Internal network penetration tests of internet/intranet facing servers and devices Performed vulnerability assessments of critical servers includes OS, databases and web/app servers and network devices Experienced on service delivery, managing project requirements, customer relationship, allocating work and conducting status meetings. Provide security assessment/approval for all internal projects; perform security assessment for production environment.