Analytical Information Security Professional possessing thorough knowledge and broad expertise in Application and Network Security domain. Experience in application and network penetration testing, vulnerability assessment and rectification, Risk Management and Auditing.
ISO 22301:2019: Successfully initiated and completed Compliance with Business Continuity Management standard which included defining and assessing new requirements and controls, performing gap assessment, business impact analysis, communicating new controls to relevant teams, assessing their effectiveness and finally handling external audit for certification.
PCI3DS: Payment Card Industry 3D Secure standard compliance
Internal Audits: Performed periodic internal audits of various business functions to assess compliance with defined policies, procedures, regulations and industry standards. These business functions included Development, Operations (IT and support), HR, Administration, Customer service, Procurement etc.
Vulnerability Management: Managed discovery and vulnerability scans on networks, fixing vulnerabilities and identifying false positives to ensure their timely clearance.
Security Awareness: Revamped companywide security awareness program; added/updated topics and questions, provided trainings and published bulletins to raise awareness.
Application security testing (mobile, web and desktop) for both developed in-house and acquired applications
Perform discovery and vulnerability scans on networks and validate findings through penetration testing.
Coordinate and perform vulnerability assessment and penetration testing for information systems and databases both internal and 3rd party.
Evaluation, improvement and implementation of information systems access controls - to comply with “TSPs”.
Assess and ensure the implementation of Security Baseline(s).
Vendor and 3rd party due diligence.
Security Solutions implementation and evaluation
SSL/TLS testing and implementation on webs and Client-server applications
Research regarding information security (industry security trends, threats and countermeasure etc.)
Incident handling for applications and information systems
Web Application Firewall administration