Cyber Security Consultant
Al Yusr Leasing
Total years of experience :6 years, 9 Months
• Carried out SAMA and NCA compliance maturity assessments.
• Carried out risk assessments to identify and prioritize information
security risks.
• Developed and implemented risk mitigation strategies
• Ensure compliance with regulatory requirements
• Developed and reported on information security metrics.
• Work with business units to implement security controls.
• Respond to security incidents and alerts.
• Overseeing security awareness and training programs.
• Perform vulnerability Assessment and penetration test of internal
and external assets, provide mitigation suggestions, and perform
revalidation test after fixes.
• Worked with the vendor for the deployment of SIEM solution. Also
worked with the vendor for the deployment of the Database activity
monitoring tool and Network detection and Response tools.
• Worked on DLP policy deployment and Implementation.
Cyber Security Consultant
• Carried out cybersecurity compliance audit and provided reasonable
assurance against SAMA CSF domains for a Real State & Financial
Institution in KSA.
• Carried out Identity and access management and Privilege access
management audit at large government financial institutions.
• Cybersecurity posture to Maturity Level 3. Also ensured compliance
with ML3 controls based on NCA-ECC and SAMA CSF.
• Performed Identity & Access Management & Privilege Access
Management Audit at large financial institutions.
• Performed Cybersecurity Audits in financial institutions and
insurance companies with regard to NIST, SAMA Cybersecurity
Framework, and industry-wide best practices.
• Conducted IT Governance Audit at a large financial institution in
KSA.
• Performed Pentesting through the automated and manual
methodology.
• Performed OWASP Top Ten testing (2017-2021)
• Performed White box, Gray-box, and Black box Vulnerability
Assessments and Penetration Testing.
Key Responsibilities at Ecovis Al Sabti Saudi Arabia
• Performed regular Vulnerability Assessments and Penetration
Testing using various security tools such as - Burp Suite, Nmap,
Nessus, Metasploit, Acunetix, SQLmap, Wireshark, etc.
• Developed security assessment report.
• Suggests its mitigations and performs revalidation after a patch
update
Performed Monitoring of emails of Fire Eye.
•
Performed Monitoring of suspicious traffic creating DDoS or any other attack on the environment.
•
Performed log Analysis of network security devices, Databases, and application servers.
•
Performed Analysis of web application attacks.
•
Performed Analysis of Phishing emails and respond accordingly.
•
Performed Analysis of daily operational events on SIEM related to suspicious activity.
•
Performed vulnerability assessment of servers and web applications using Nessus and Nexpose Analyzed observed vulnerabilities and suggest mitigation.
•
Conduct Security audits on random servers and services.
• Resolve network issues.
• Perform Data Center Monitoring.
• Configure Switches and Routers.
• Provide network support services.
• Provide new connections to users within
organizational premises.
• Install and configure routers.
Majors in Information Security