Crop Picture
NOTE: Do not upload any image that violates our Picture Policy. Doing so will result in the removal of the concerned image without prior notification.
خلاصہ
As a security enthusiast I have 2+ year of experience in web application pentesting, network & system pentesting and logs analysis and threat hunting. My area of interest includes web applications and network penetration testing but can also work with defensive security very well
تجربہ
Ethical Hacker
Assessing the current state of security posture, envision the future state, and provide remediation roadmap to our clients in security engagements.
24/7 Security monitoring with SIEM analysis, reporting and incident response.
Cloud SOC monitoring for AWS (CloudWatch, GuardDuty, Security Hub) and GCP (Security Command Center).
Cloud SOC deployment and integrations with multiple SIEM technologies for AWS and GCP.
Conduct vulnerability assessment, penetration testing and OS/Device hardening checks, application security assessments with commercial and open-source tools. • Deployment and integration of various HIDS and NIDS tools like Suricata, Snort, Zeek OSSEC and syslogs monitoring for unix based systems.
Playbook creation for implemented security solutions both SIEM and EDR.
Conduct and compile findings on new threats and false-positive removal.
Troubleshooting security problems at both on-prem and cloud.
Responding to all system and/or network security breaches at both on-prem and cloud.
Ensuring that the organization data and infrastructure are protected by enabling the appropriate security controls at both onprem and cloud.
Reporting findings to management.
Educating staff members on information security through training and awareness
Security Engineer
Web App Pentesting using different automated tools & manual testing, exploiting client side & server side vulnerabilities, logic flaws and DOS & DDOS attacks etc.
Source code review & suggesting mitigations for the discovered vulnerabilities. Conducting network penetration testing includes MITM attacks, audit of internal network for open ports & vulnerabilities related to versions, routers, camera & printers having default passwords, weak passwords, exploiting unpatched machines and using automated tools like Nessus, hydra, NMAP etc.
Risk assessment and Red teaming includes performing phishing attacks & social engineering attacks etc.
Writing scripts for different kinds of monitoring alert like SSH login attempts, blocking USB and Bluetooth ports and services for staff.
Implementing server side mitigations on Nginx servers.
Conducting security awareness sessions for company staff.
De-obfuscation and Obfuscation of code.
Collaboration with other teams for solving issues.
Making new policies to implement security as required.
Policies review, Reporting & Technical documentation
Network Support Engineer