Security Manager
KE Pakistan
Total years of experience :15 years, 5 Months
directly to IT security director (CISO).
•Managing Secops and Security Incident Management and Response Team.
•Managing cyber security leadership and team management.
•Managing security monitoring, forensics threat and hunting.
•Managing cyber security program management and strategy development.
•Managing and monitoring metrics for cyber security.
•Developing and managing cyber security strategy for energy sector.
•Business process re-engineering for cyber security transformation.
•Finding work around to meet security objectives along with meeting concerns of stakeholder and management.
EY Pakistan,
and Supervising incident management and response team in Emirates Airlines (CSOC).
•Tracking of logs status, optimization of noisy alerts and remediation of false positive alerts.
•Performing trouble shooting of MSS connectivity and assisting solution architect in deployment.
•Planning and development of dashboards to visualize (alerts, threats, vulnerabilities identified, reporting).
•Working on automation of alerts to streamline and reduce the number of ticket requiring human intervention.
•Monitor data sources (e.g., Threat Intelligent sources) and provide to SOC team relevant information (IOCs, Threat Feeds, YARA and TTPS) to maintain currency of security threat posture.
•Conducting periodic meeting with the customer and keeping management informed.
•Managing and fulfilment of customer requirements.
•Developing on-boarding and off-boarding documentation, SOP, playbooks, PIR report, periodic reporting (performance, incident and log tracking) and customer requirement.
•Responsible for incident escalation and for crisis management.
•Responsible to provide PIR (Primary Investigation Report) forensic investigation of incidents process life cycle.
•Mentoring SOC team with latest security trends, threat detection and analysis techniques etc., via internal training, external training, classroom training and team meetings.
•Actively threat hunting to identify threats that are unmanaged by existing security controls.
SOC team, incident response, escalations, periodic reporting, crisis management, PIR reports, RCA and investigations.
•Managing, reviewing and validating SOC design and architecture with accordance to deployments and best practices.
•Management reporting of risk and SOC threats to C-level and Board of Directors.
•Conducting review of logs status and escalating logs delay issues that exceeded agreed threshold.
•Conducting workshops, meeting and awareness session for key stakeholders and IT custodians to promote SOC on-boarding process.
•Developing and reviewing operational processes, procedures, playbooks, use cases, reporting templates, and tools.
•Conducting risk assessments and information security audits.
•Conducting POC (Proof of Concept) and UAT (User Acceptance Testing) during security technology adaptation and integration.
•Proposing and leading improvements in the current and future requirement of the organization accordance to the threat surface and security posture.
•Monitoring the execution of strategies, kept up to date with the new technology and researched latest Information technology market trends.
•Developed IOC’s and Intelligence feed management to optimize visibility of threat.
•Investigating complex incidents and providing root cause analyse (RCAs).
Lloyds Banking Group, Infrastructure Services,
Consultation (Pre Sales and Post-Sales Support)
•Worked closely with clients to analyse IT requirements, clients information technology needs and their resources in order to plan IT projects and fulfil clients expectations
•Designing and catering client requirement for security, provisioning technical and functional requirement.
•Advisory on solution with connectivity, quality and security requirement.
TOOLS EXPERIENCE:
•Splunk
•McAfee Nitro
•RSA Netwitness
•Fireye NX, HX, CMS. PX and ETP
•Security Center (Nessus)
•Symantec MSS
•Symantec Security Analytics
•Symantec DLP
•Fidelis Network
in Advanced Security and Digital Forensics (Accredited by GCHQ, MI5 division for Cyber-security government of UK
