Fajr Bantan

Vulnerability Management | Penetration Testing | ITIL | eJPT | Qualys | Tenable

Makkah Region

About

When I was a child, I played games on my brother's computer and that got me interested in the computer world. When I reached the teenage age, I finally got the computer from my brother and started learning about its components, how it works, how to fix and upgrade it. Eventually, that interest in computers led me to the information technology world and I chose the computer engineering as my major in university. Soon after that, I graduated as a fresh computer engineer with basic experience in the IT world. Luckily, I got an entry-level job in a telecommunication company (STC solutions) working as a second layer support where I supported my colleagues who works on the field as technicians in activating and fixing telephones and internet for people in business sectors. After three years with them, I got my second job in a semi-government (Royal Commission for Jubail and Yanbu) company that focused in investment business. I worked as first layer support for its employees providing them with the best IT equipment and solutions whether it was hardware or software that helped in achieving the best working environment for them. After three years of working under the IT support services department, I got the chance of changing my career path and requested to transfer to the Cybersecurity department and fortunately, it was accepted which was working as a Cyber Security Specialist for almost 1 year. Then, worked as an Endpoint Security Engineer at D360 bank for almost 1 year and 5 months. After that, I worked as Cybersecurity Defense Sr. Specialist at Jeddah Central Development Company for almost 2 years. Now, I am seeking my master degree in Information Technology specializing in Cybersecurity at University of Melbourne. Although I am still exploring the cybersecurity field and still not sure if it will be my passion or not but one thing for sure is that I am passionate about working in IT fields. I am looking forward to learn new things about it and share my knowledge and experience with the world which I hope that I leave positive impacts wherever I go. It is worth mentioning during this journey, I achieved ITILv4 Foundation certificate, eJPT certificate, Qulays certificates and I am looking forward to achieve more in the near future.

Experience

  • Cybersecurity Defense Sr. Specialist at شركة وسط جدة للتطوير | Jeddah Central Development Company
    Mar 2024 - Jan 2026 · 1 yr 11 mos

    ● Developing policies and procedures to ensure compliance with NCA regulations for vulnerability management and penetration testing ● Performing monthly vulnerability scans across all systems and producing executive-level reports ● Establishing a measurable SLA for the resolution of vulnerabilities and penetration test findings, ensuring timely mitigation ● Performing proactive assessments of system and application designs to uncover vulnerabilities and workflow defects ● Performing adaptive configuration reviews on all systems, adjusting the frequency based on operational requirements ● Communicating operational and security performance metrics, including KPIs, for vulnerability management and penetration testing ● Mapping the architectural landscape and attack surface of all JCD environments to facilitate effective penetration testing ● Establishing a RACI matrix to clarify accountability and ownership for vulnerability management and penetration testing

  • Endpoint Security Engineer at D360 Bank
    Oct 2022 - Feb 2024 · 1 yr 5 mos

  • Royal Commission for Jubail and Yanbu ()
    • Cyber Security Specialist
      Oct 2021 - Sep 2022 · 1 yr

      • Responsible of penetration testing, vulnerability assessment and SOC L1 tasks. • Completed four vulnerability assessments internally and externally for RCJY web apps using Tenable Nessus. • Applying and Following up with NCA release notes. • Searching for malicious activities using Splunk SIEM Solution and creating alerts of it. • Blocking malicious hashes, IPs, URLs and domains in Symantic EDR Solution. • Responsible of analyzing incoming phishing emails. • Supported in protecting the RCJY servers from Log4J vulnerability. • Responsible of following up with NCA Email Authentication Initiative (Haseen).

    • Systems Support Specialist
      May 2021 - Oct 2021 · 6 mos

      • Supported the Board of Directors meeting of Royal Commission for Jubail and Yanbu when they visited JCPDI • Supported the event of JCPDI and Hutchison Ports sign investment agreement for JCPDI Port

    • Communications and Networks Support Specialist
      Mar 2018 - May 2021 · 3 yrs 3 mos

      • Getting assigned with the representative role of the Jazan IT department • Using the BMC Helix ITSM in order to organize the work and meet the KPI of the Royal Commission • Assisting Royal Commission major meetings and events with IT services • Making distribution plans for the network equipment • Providing IT support remotely and physically to end users during the Covid-19 Pandemic • Leading small teams in achieving big IT projects • Training new employees on the IT services • Preparing and providing IT equipment and support for more than 200 employees • Upgrading the IT equipment to the latest technology

  • Technical Specialist at STC Solutions
    Mar 2015 - Mar 2018 · 3 yrs 1 mo

    • Supported more than 12 clients per day in activating and maintaining their copper and fiber telephones, internet and circuits • Cooperating with other departments using BMC Remedy ticketing system • Supporting field technicians using multi technologies such as, ALCATEL LUCENT, CISCO, HUAWEI, SIEMENS, etc