Information Security Specialist
Family Development Foundation
مجموع سنوات الخبرة :18 years, 3 أشهر
1) Analyze existing security systems and make recommendations for changes or improvements in accordance with regulatory and compliance requirements.
2) Implement and maintain compliance with local and international ISMS standards such as ISO27001 and NESA.
3) Develop and enhance information security policies and procedures.
4) Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services.
5) Partner with business stakeholders across the company to raise awareness of risk management concerns.
6) Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.
7) Prepare reports and action plans in the event that a security breech does occur.
1) Lead and manage Security Operations Center (SOC) based on RSA Netwitness suite for various
customers (Managed security service provider).
2) Primarily responsible for security event monitoring, management and response.
3) Ensure incident identification, assessment, quantification, reporting, communication, mitigation
and monitoring
4) Ensure compliance to SLA, process adherence and process improvisation to achieve operational
objectives
5) Revise and develop processes to strengthen the current Security Operations Framework, Review
policies and highlight the challenges in managing SLAs
6) Responsible for team & vendor management, overall use of resources and initiation of corrective
action where required for Security Operations Center
7) Perform threat management, threat modeling, identify threat vectors and develop use cases for
security monitoring
8) Responsible for integration of standard and non-standard logs in SIEM
9) Creation of reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt.
10) Co-ordination with stakeholders, build and maintain positive working relationships with them
Achievements:
1) Played instrumental role in the successful implementation of LogRhythm SIEM solution and use cases.
2) Successfully Implemented Security Operation Center Standard Operating Procedures (SOC SOP).
3) Formulated Cyber security policies and related procedures.
4) Key role in the implementation of McAfee Data Leakage Prevention across the company.
5) Successfully implemented Arcos/Arcon Privileged access management solution.
6) Successfully Implemented Vulnerability management program and related technologies.
Responsibilities:
1) Responsible for working in a 24x7 SOC environment.
2) Contribute in the development and implementation of Information security policies and procedures in-line with local/International laws and regulations like Dubai Information security regulation V2 and ISO27001.
3) Assist various departments like Compliance, Audit and Quality assurance, etc.
4) Provide analysis and trending of security log data from a large number of heterogeneous security devices using the LogRhythm SIEM and Network Forensics solution.
5) Provide Information Security Incident Handling, Response and Reporting.
Provide threat and vulnerability analysis as well as security advisory services.
6) Analyze and respond to previously undisclosed software and hardware vulnerabilities.
Coordinate with Threat Intelligence analysts/agencies on activities impacting government entities.
Integrate and share information with other analysts and other teams.
7) Administer and manage McAfee EPO and IPS.
Qualys vulnerability management, Web application scanning and Policy compliance.
8) Provide relevant reports to the management and Information security governance committee (ISGC) on periodic basis.
Overall in charge of Information security at Amana group with more than 2000 users in 23 remote locations.
1) Plan, implement and manage company wide security infrastructure such as firewalls, IDS/IPS, end-point security, VPN’s, vulnerability scanners, patch management systems, email gateways, web application firewalls, etc.
2) Identify risks and put controls in place to meet industry standards like ISO 27001 - Information Security Management.
3) Research and recommend hardware and software solutions to enhance existing security measures as needed.
4) Investigate and report any security violations and incidents and ensure proper protection and corrective measures have been taken when an incident or vulnerability has been discovered
5) Contribute to the development of strategic plans and tactical initiatives necessary to achieve long-term goals related to information security.
6) Contribute to the development and maintenance of Information Security policies, standards, procedures, and guidelines.
I was primary in charge for administration of Linux based systems and networks at Amana group
1) Manage Linux based open source firewalls like IPcop, Pfsense and shorewall.
2) Establish and troubleshoot VPN connections using SSL/Ipsec.
3) Manage and maintain Squid proxy and caching servers.
4) Install and maintain Linux based servers, FTP servers, create users and manage permissions.
Automation of tasks using Linux shell scripts.
5) Manage and maintain Squid proxy and caching servers, logging and reporting.
6) Implement and maintain open source PBX solutions like Asterisk and Trixbox with IP based extensions, SIP and IAX trunks between branch offices; Fax-to-email solution called Hylafax.
7) Manage Microsoft System Center Configuration Manager (SCCM 2007) for Light touch installation deployments, Patch management and Inventory.
8) Manage open source ITIL based help desk system called OTRS.
9) Maintain enterprise wide end-point security through Trend micro office scan.
10) Provide support for Telephony system at Amana comprising of Nortel BCM 400/450 and Avaya IP office 500 with Digital and IP based extensions.
11) Managing iGuard security access control system and biometric recognition systems.
12) Setting up the POS which includes barcode scanner, card reader, customer display, cash-drawer, POS printer and related software like LS-retail, etc.
13) Manage VMware Vsphere cluster.
14) Support 24X7 Data center operations.
1) IT Support, supporting the end users for all desktop related issues, coordinating all the activities between head office, Engineers and different vendors.
2) Mastered administration and trouble shooting of desktops and Printers.
3) Installation / configuration of different communication devices like modems, routers, switches.
4) Maintain hardware, Software and LAN inventory.
5) Developed Project management skills and other soft skills essential for supervising a IT team.
6) Part of a successful team, Managing IT infrastructure of a huge corporate.
B. tech in Electronics and Communication Engineering