Technical Lead
STMicroelectronics
Total years of experience :14 years, 6 Months
The group ICT Risk Management, Compliance & Information Security - In-Charge of making sure that ICT-related risks are identified & kept within accepted limits, ICT Compliance with Sarbanes Oxley and ISO/TS, PCIDSS & information security management in ST.
•Manage the solutions in place for IT Infrastructures, AWS Cloud - Security Vulnerabilities and Compliance.
•Run the security testing service for IT infrastructures, DevOps.
•Run the compliancy service for IT infrastructures, DevOps.
•Internal IS Auditor.
•Performing- Internal Security Assessments Projects i.e for GSMA -STMicroelectronics Becomes First Chip Maker Accredited by the GSMA to Personalize eSIMs for Mobiles and Connected IoT Devices.
•Define and maintain technical compliancy policies to controls for Sarbanes Oxley.
•Define and maintain technical compliancy policies to security standards. Propose review/evolution of those standards.
•Support Teams to solve the security vulnerabilities or compliance gaps detected.
•Advice Designs in Security Solutions like Encryption and Advising Future needs information to Higher Management.
•Push and follow-up until resolutions of the security vulnerabilities or compliance gaps.
•Define and maintain the dashboard/Score Card for IT infrastructures security vulnerabilities and Security compliance, and use it to report and advise management.
•Define and provide any on-demand specific reports.
•Reduction of False Positives Case and Producing POC Evidence.
•Conducting Root Cause Analysis.
•To Study the current infrastructure status and proposing strategy for the Risk Management to get ready for Next Year Plan to C-level Management.
•Conducting Training Sessions for Technical Teams.
•Bug Reporting
Manual and automated assessment of Infra / web applications.
•Conducting web application security, network security and OS audit assessments.
•External and internal penetration testing assessments.
•Device/Host Security Configuration Review.
•Test plans creation.
•Firewall rule set review.
•Presenting to Top-Level management
Manual and automated assessment of web applications.
•External and Internal penetration testing assessments.
•Android application security assessment.
•Conducting physical security and Social Engineering assessments.
•Wireless security assessment.
•Threat Profiling.
•Risk assessment.
•Compiling CVE, CVSS scoring and CWE sheet based on the vulnerabilities.
•Mentoring teams’ members and report reviewing.
•Carrying out technical interview for recruitment process
Provide technical support services based on proven methodologies on complete range of Firewalls of Cisco, Checkpoint.
•Configure Policies and NAT on Checkpoint firewall, Cisco PIX/ASA to provide access of external network through firewall
Post Graduate Diploma in Information Systems & Cyber Security.
•Threat Profiling.
•Test plan creation.
•Conducting web application security and network security assessments.
•Carrying out forensics using FTK toolkit.
in
in with Specialization
URL removed due to policy violation. Please contact support for further information.