خلاصہ

Analytical Information Security Professional possessing thorough knowledge and broad expertise in Application and Network Security domain. Experience in application and network penetration testing, vulnerability assessment and rectification, Risk Management and Auditing.

پراجیکٹس

Home Automation Using Mobile Applications
DDOS Attack Detection Using Flow based Techniques

تجربہ

کمپنی کا لوگو
Senior Information Security Engineer
i2c Inc.
ستمبر ۲۰۲۰ - موجودہ | Lahore, Pakistan


ISO 22301:2019: Successfully initiated and completed Compliance with Business Continuity Management standard which included defining and assessing new requirements and controls, performing gap assessment, business impact analysis, communicating new controls to relevant teams, assessing their effectiveness and finally handling external audit for certification.
PCI3DS: Payment Card Industry 3D Secure standard compliance
Internal Audits: Performed periodic internal audits of various business functions to assess compliance with defined policies, procedures, regulations and industry standards. These business functions included Development, Operations (IT and support), HR, Administration, Customer service, Procurement etc.
Vulnerability Management: Managed discovery and vulnerability scans on networks, fixing vulnerabilities and identifying false positives to ensure their timely clearance.
Security Awareness: Revamped companywide security awareness program; added/updated topics and questions, provided trainings and published bulletins to raise awareness.

کمپنی کا لوگو
Information Security Officer
The Bank of Punjab (BOP)
جون ۲۰۱۷ - جنوری ۲۰۲۰ | Lahore, Pakistan

Application security testing (mobile, web and desktop) for both developed in-house and acquired applications

Perform discovery and vulnerability scans on networks and validate findings through penetration testing.


Coordinate and perform vulnerability assessment and penetration testing for information systems and databases both internal and 3rd party.


Evaluation, improvement and implementation of information systems access controls - to comply with “TSPs”.


Assess and ensure the implementation of Security Baseline(s).
Vendor and 3rd party due diligence.
Security Solutions implementation and evaluation
SSL/TLS testing and implementation on webs and Client-server applications
Research regarding information security (industry security trends, threats and countermeasure etc.)
Incident handling for applications and information systems
Web Application Firewall administration

تعلیم

National University of Science and Technology
ماسٹرز, ماسٹرز ان سائنس, Information Security‎
, ,
CGPA 3.0/4
2018
COMSATS Institute of Information Technology
بیچلرز, , (BS) Electrical Engineering‎
Telecommunication
2014

پیشہ ورانہ مہارتیں

ماہر Analytical
ماہر Certified Ethical Hacking
ابتدائی Cooperation
ماہر Energetic Skills
ماہر Financial and Budgeting Skills
متوسط Information Security Engineering
متوسط ISMS
متوسط ISO 27001
ماہر ISO 27001 Lead Auditor
متوسط PADSS
متوسط PCIDSS
متوسط Penetration Testing
ماہر Planning
ماہر Pulic Dealing
ماہر Quality Focus
ماہر Record Keeping
متوسط Risk Assessment
متوسط Team Building

زبانیں

متوسط انگریزی

آپ کن کمپنیز کی پیروی کر رہے ہیں