概要

Analytical Information Security Professional possessing thorough knowledge and broad expertise in Application and Network Security domain. Experience in application and network penetration testing, vulnerability assessment and rectification, Risk Management and Auditing.

项目

Home Automation Using Mobile Applications
DDOS Attack Detection Using Flow based Techniques

工作经历

公司标识
Senior Information Security Engineer
i2c Inc.
Sep 2020 - 代表 | Lahore, Pakistan


ISO 22301:2019: Successfully initiated and completed Compliance with Business Continuity Management standard which included defining and assessing new requirements and controls, performing gap assessment, business impact analysis, communicating new controls to relevant teams, assessing their effectiveness and finally handling external audit for certification.
PCI3DS: Payment Card Industry 3D Secure standard compliance
Internal Audits: Performed periodic internal audits of various business functions to assess compliance with defined policies, procedures, regulations and industry standards. These business functions included Development, Operations (IT and support), HR, Administration, Customer service, Procurement etc.
Vulnerability Management: Managed discovery and vulnerability scans on networks, fixing vulnerabilities and identifying false positives to ensure their timely clearance.
Security Awareness: Revamped companywide security awareness program; added/updated topics and questions, provided trainings and published bulletins to raise awareness.

公司标识
Information Security Officer
The Bank of Punjab (BOP)
Jun 2017 - Jan 2020 | Lahore, Pakistan

Application security testing (mobile, web and desktop) for both developed in-house and acquired applications

Perform discovery and vulnerability scans on networks and validate findings through penetration testing.


Coordinate and perform vulnerability assessment and penetration testing for information systems and databases both internal and 3rd party.


Evaluation, improvement and implementation of information systems access controls - to comply with “TSPs”.


Assess and ensure the implementation of Security Baseline(s).
Vendor and 3rd party due diligence.
Security Solutions implementation and evaluation
SSL/TLS testing and implementation on webs and Client-server applications
Research regarding information security (industry security trends, threats and countermeasure etc.)
Incident handling for applications and information systems
Web Application Firewall administration

学历

National University of Science and Technology
硕士, 科学硕士学位, Information Security‎
, ,
CGPA 3.0/4
2018
COMSATS Institute of Information Technology
学士, , (BS) Electrical Engineering‎
Telecommunication
2014

技能

熟练 Analytical
熟练 Certified Ethical Hacking
熟练 Cooordination Skills
初学者 Cooperation
熟练 Energetic Skills
中级 Information Security Engineering
中级 ISMS
中级 ISO 27001
熟练 ISO 27001 Lead Auditor
中级 PADSS
中级 PCIDSS
中级 Penetration Testing
熟练 Planning
熟练 Pulic Dealing
熟练 Quality Focus
熟练 Record Keeping
中级 Risk Assessment
中级 Team Building

语言

中级 英语

关注的公司