هادي أبو نادر

• Working with application development and maintenance teams to ensure that the application security coverage from the requirement gathering level, SDLC, application implementation and after implementation.
• Coordinate with vendors and conduct vulnerability assessments and penetration testing for applications (web, on premises, mobile, public facing)
• Managing Oracle database security project, including overseeing timelines and collaborating with development and maintenance teams to develop effective solutions for clients.
• Part of Identity and Access Management (IAM) project, collaborating with cross-functional teams to ensure timely delivery of IAM solutions as per client requirements.
• Managed Dynatrace project, coordinating with development teams and successfully implemented Dynatrace for monitoring the performance of applications and infrastructure, resulting in improved system performance and increased client satisfaction, in addition to Application security module.
• Successfully implemented ISO 27001 certified information security systems, ensuring compliance with industry standards and promoting a culture of maintaining confidentiality, integrity and availability of information. Obtained ISO 27001:2013 certification through rigorous auditing and adherence to best practices in information security management.
• Conduct security static and dynamic testing through the provided tools - before go-live (new or changes)
• Coordinate with Cybersecurity Engineer - governance and risk management to maintain application security management policies/ procedures and risk management.
• Assist to develop, implement, and manage the overall application enterprise process for information security and associated architecture standards such as ISO 27001, NIA, cyber security law, privacy management law and Qatar 2022 cyber security requirement.
• Evaluate suspected security breaches and recommend corrective actions (including incidents involving outside vendors).
• Work with IT Security lead to coordinate with MOI security shield and maintain the NCSOC onboarding and continuity of connectivity
• Follow cyber security incident management and incident response plan.
• Serve as the part of the security incident response planning and execution.
• Assist Risk Management, Internal Audit and IT department in the development of appropriate criteria needed to assess the level of new/existing applications and / or technology infrastructure elements for compliance with enterprise security standards.
• Assist in the review of application and/or technology environments during the development or acquisition process to assure compliance with corporate security policies and directions and assist in the overall integration process regarding client's own technology environment.
• Maintenance of Application layer to support the organization's information security/privacy policies and procedures and ensure timely updating thereof in light of changing circumstances/ best practices/ regulatory directives.
• Work with IT Security lead to coordinate with MPTO team and maintain Qatar 2022 implementations based on the agreed roadmap
• Provide daily, weekly and monthly reports to Information Security Lead related environment application level changes,
• incidents, problems, service operation and critical area.

Email security, Data security and Web security proxy administration.
• Communicate with business and IT teams in order to establish standard access rights for bank
applications.
• Tools expertise include SIEM, Vulnerability Assessment tools, IDS/IPS, Firewalls, File Integrity
Monitoring (FIM), Network Access Control (NAC), Network Automation (NA).
• Use frameworks (such as MITRE ATT&CK) to guide hypothesis-driven hunts and turn these into
automated processes for future hunts.
• Monitoring the network for malicious activity
• Implement Auditd on all our Unix servers and tune rules based on our needs.
• Incident response investigations, containment, and root cause analysis activities and security
posture improvement recommendations across multiple platforms.
• Access Rights and Identity Management, by ensuring compliance of the current Bank’s systems
with their defined access rights.
• Policy Compliance assessments preparations/validations including PCI-DSS, and core banking.

Offering Impeccable customer service.
• Demonstrate ultimate styling tips for clients.
• Problem solving, an active team player.
• Optimize product availability on the floor.
• Communicating effectively with employees, management, and customers.
Technical Skills
• Manage and monitor Email, Web and Data Loss
Prevention: Infrastructure, Rules, and Releases.
• SIEM rules implementation.
• Respond immediately to security incidents and
provide post-incident analysis.
• Web application scanning for vulnerability
assessment.
• IPS Monitor Traffic for unusual activity.
• Perform and implement Policy Compliance.
• Penetration Testing.
• Defend system against unauthorized access,
modification and/or destruction.
• IT Asset Inventory Management.
• Determine the most effective way to
protect computers, networks, software,
data and information systems against any
possible attacks.
• Build and promote security awareness
programs and sessions.
• Monitor compliance with information
security standards and best practices.
• Monitor information security and privacy
compliance to regulatory and legal bodies,
including internationally-adopted
standards.
• Prepare and apply Information Security
standards, policies & procedures, and
perform periodic assessments to ensure
continuous compliance.
• Research and recommend security
upgrades for the latest vulnerabilities