Application and Systems security specialist
Qatar Airways
مجموع سنوات الخبرة :13 years, 6 أشهر
Conducted application penetration testing of airport/airline applications
Conducted vulnerability assessments for 100+ severs of airport infrastructure
Member of change management board
Conducted department risk assessments
Skilled in using network monitoring tools like AD Audit Plus, Netka NMS
Working closely with anti-virus and patch management teams to ensure the systems and servers are regularly updated
Managing Internal Audits
Responsible for closure of SOC incidents
Conducted application penetration testing of 250+ business applications
Conducted vulnerability assessments for 500+ severs of various platforms and network devices
Acquainted with various approaches to Grey & Black box security testing
Proficient in understanding application level vulnerabilities like XSS, SQL Injection, response splitting attacks, session hijacking, authentication bypass, weak cryptography, authentication flaws etc.
Skilled using Burp Suite, Paros proxy tools, Qualys scanner and Tenable Nessus scanner for web application penetration tests
Expert in using Burp Scanner, Acunetix and IBM AppScanner
Evaluate risk for application and network infrastructures as per OWASP and organizational security control standards and guidelines.
As a part of research and development, I have helped in developing two new services - Thick Client and Mobile application security testing services
Developed test checklists for Web, ThickClient and Mobile application platforms.
Played a crucial role in streamlining the process and as a part of it, I have written the Process documents and testing methodologies.
Incident management and handling skills; including knowledge of common probing and attack methods, viruses, botnets and other forms of malware. Correlating events from a Network, OS, Applications or IDS/Firewalls and analysing them for possible threats.
Ensure a secure computing environment within the organization
Monitor security violations, flag potential violations and investigate security incidents.
Evaluate emerging technologies that might enhance the overall security posture of the organization while ensuring compliance to regulatory requirements
Conducted Third Party Security Reviews for the vendors of North America
Proficient in recording the security issues and preparing report using RSA Archer
Manage and monitor tools to ensure security of internal and perimeter network while ensuring that adequate packets and network activity information is captured for investigating potential security incidents
Developed and implemented security awareness programs
Acted as a business unit trainer and helped in training the new batches on various occasions
Achieve all the Process targets in terms of Productivity and Quality. Also met all the SLAs of the process
Selected as Verifier and Process Specialist for application security testing team
Conducted application security testing of 200+ business applications
Worked on a long term project with a leading bank in India
Listed below are some of the key projects
Application Security Test of online Banking Applications
Application Security Test of Internet Trade Applications
Application Security Test of Online portal of a Stock trade company
Application Security Test of an Online Exam Application
Application Security Test of various Internet and Intranet facing applications of a well-known bank in India
External and Internal network penetration tests of internet/intranet facing servers and devices
Performed vulnerability assessments of critical servers includes OS, databases and web/app servers and network devices
Experienced on service delivery, managing project requirements, customer relationship, allocating work, conducting status meetings and customer reviews, technical support and system administration
Provide security assessment/approval for all internal projects; perform security assessment for production environment.
68%