Istanbul, Türkiye
Insightful, results-driven, energetic and academically trained Information Security Analyst over 8 years of successful career in the IT. Demonstrated hands-on experience on penetration testing, vulnerability scan & management, system hardening & patching. In-depth knowledge of cyber security principles, vulnerability remediation, risk assessment according to vendors best practices. Involve large-scale projects proactively in enterprise environments to perform mission critical services, provided the opportunity to gain a deep technical background. Goal-oriented and dedicated team player, prioritizing tasks according to project needs and manage deadlines.
Involved and managed 60+ projects to performed penetration tests according to OWASP Test Guide v4, PTES v1, OSSTMM v3 on various Web Applications, core network and infrastructure gears and SCADA/ICS devices for client’s entire organizations. Executed periodically scan for clients, evaluated vulnerability assessments and generated reports for organizations arrange be agreement. Performed systems (Windows, Linux), databases (Oracle, MS SQL), security products such as antispam gateway, proxy, endpoint security products and network devices hardening evolution according to CIS security benchmark guide via Tenable Nessus Professional. Developed hardening parameters with bash scripting and PowerShell for RedHat, Windows and MSSQL servers. Managed vulnerability scanning processes, developed systems and applications to secure for PCI DSS. e.g. identified vulnerabilities with Qualys and created remediations into change control procedure. Provided technical consultancy on application design, architecture control and system performance optimization via growing technologies. Implemented vulnerability management processes and managed tools to identify vulnerabilities, track their remediations and solutions for clients. Identified and classified cyber security vulnerabilities and worked on mitigation plans with system owners, ensure plans are documented understood and tracked the results of the plan executed. Completed +50 Distributed Denial of Service (DDoS) and social engineering tests. Presented weekly vulnerabilities key performance indicator (KPI) reports to clients such as number of open critical/high vulnerabilities, closed vulnerabilities, accepted vulnerabilities and vulnerabilities reopen rates. Designed, implemented and managed vulnerability management process and vulnerability scanner products such as Nexpose, Tenable Security Center, Nessus and Qualys for financial and insurance companies. Analyzed some cyber security incidents for clients.