Information Security Consultant/Specialist/Manager
Evamp & Saanga
Total years of experience :15 years, 2 Months
As an Information Security Specialist I have been assigned role of technical lead for Information Security, especially application security and security management. My responsibilities include but are not limited to:
Develop, assess and verify application security requirements and architecture for critical business and financial applications, including but not limited to mobile financial services, telecom customer self-care applications, B2B and B2C portals etc.
To conduct application security reviews to identify policy non-compliance and security vulnerabilities in change management
To communicate the solutions for identified vulnerabilities to stakeholders as per defined policies and contractual requirements and support them to ensure that vulnerabilities are fixed in timely manner without affecting project deadlines
To responsibly disclose application vulnerabilities in 3rd party functionality and provide support and Proof of Concept attacks to fix the vulnerabilities.
To ensure that security is integrated into System Development Life Cycle (SDLC)
To design and implement security solutions and controls recommended by compliance audits.
To develop and maintain information security guidelines, standards, policies and procedures
Develop and maintain information security trainings and ISO 27001 security standard compliance reporting
Computer Security
Advance Networks and Web Security
Wireless Networks Security
IT Laws and Computer Forensics
Information Security Management
Information Security Evaluation and auditing
Vulnerability Exploitation and Defense
Information Security Project Management
Cryptography
Worked on a number of websites using:
Custom PHP
Content Management Systems e.g. Wordpress
MVC Frameworks such as Codeigniter
Various Shopping Cart Scripts such as Pinnacle Cart, Open Cart and a few Custom Carts
Different modules and routine based tasks.
Plug-in development, template/theme integration
Payment method integration, Ecommerce Sites customization (Frontend and database)
Search Engine Optimization
Testing and vulnerability assessment of web Applications and applying proper controls to fix the vulnerabilities.
Dynamic HTML Web Pages
Cascaded Style Sheets
JavaScript validation in web forms
Website Content Management
Information Security Assurance Information Security Evaluation and auditing Vulnerability Research and Exploitation Penetration Testing Risk Management Source Code Auditing Digital Forensics Cryptography Information Security Project Management Wireless Network Security
During 4 years of Bachelor of Science in Information Technology a number of course were taught regarding Computer Software/Hardware and Programming, Applications of IT to business.