Information Security Engineer
Secure Tech Cards (Pvt) Limited
Total years of experience :2 years, 10 Months
Plan, develop, implement and update the Information Security Policy & related documents
Plan, develop, implement and update the Risk Management process and its related
implementation
To ensure Compliance, in-line with International Standards and Security best practices
To ensure & supervise the Vulnerability Assessment & Penetration testing exercises are conducted
and all the identified vulnerabilities are shared with the relevant teams for mitigation
Develop, execute and track the performance of security measures to protect the information
assets
To ensure Information Security Awareness training to employees with frequent intervals
Performs other related tasks as assigne
Perform Vulnerability Assessment (VA) to identify information security related lapses in the
organization and assist asset owner in remediation of vulnerabilities under the supervision of
line manager
Development of information/cyber security related policies, procedures, framework and Sop’s,
regulator’s guidelines/instructions while covering Pakistan and overseas operations (Bahrain,
UAE, Sri Lanka)
Provide technical expertise/support in the areas of System and Application security
Ensure compliance with information security best practices introduced by the regulator (SBP,
CBSL, SWIFT, PCI DSS, NESA, ISO 27001 and Information Assurance.)
Web Application Pentesting OWASP Top10
Server and Network Pentesting
Vulnerability Assessment and Pentest Reporting
Web Application Pentesting
Network Pentesting
Scripting (Bash, Python)
Working on Linux web-servers (Nginx, Apache etc.)
Working on Linux firewall (IP-Tables)
Penetration Testing based on OWASP Top 10 guide.
Policies review and creating new policies as needed
Penetration Testing Reporting
Working on Basic and Advance Dockers