App Security and Penetration Tester
Stc Specialized
Total years of experience :17 years, 4 Months
• Manage and maintain vulnerability management solution in collaboration with Infrastructure and IT Security department.
• Ensure vulnerability scans / penetration tests are run periodically in line with policies and standards across entire scope of IT assets.
• Perform automated code reviews as part of security review process, report the findings and explain the same to the development team along with clear recommendations to mitigate the vulnerabilities/risks.
• Conduct architecture review from security stand point and recommend improvement as per CS standards.
• Perform compliance scans for systems, servers, network devices, firewalls, routers and various technology components as per industry standard benchmarks.
• Guide the IT team in mitigating identified vulnerabilities/risks.
• Track and report the status of the identified risks on a periodic basis as per the vulnerability management standard.
• Automate the vulnerability management process to efficiently perform daily tasks.
Identification of risk considerations for new mobile and web apps development,
integration and deployment.
• Compliance of requirement for mobile and web apps with IT security standards and
policies.
• Provide proactive solutions to mitigate risk in phase of system development life cycle
(SDLC) through engagement with project managers and developers.
• Participate in Security Assessments of networks, systems and applications.
• Conduct regular security audits from both a logical/theoretical standpoint and a
technical/hands-on standpoint.
• Work on improvements for provided security services, including the continuous
enhancement of existing methodology material and supporting assets
• Keep abreast of new threats and vulnerabilities to mobile and web applications and the
industry to provide proactive solutions.
• Lead investigations of security violations and breaches and recommend solutions,
prepare reports on intrusions as necessary, and provide an analysis summary for
management.
• Managed and conducted multiple information security projects. Performed regulatory compliance testing as per the government defined standards and best practices. Performed network security threat analysis, critical telecommunication links assessment, digital forensics for evidence gathering.
• Assisted in safeguarding organization’s computer networks and systems. Planned and carried out security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks. Worked as part of a larger IT Security team and report directly to upper management.
• Contributed in development of information security plans and policies, implementation of protections, testing for vulnerabilities, monitoring and investigation for security breaches.
One of the pioneer member of the Broadband Pakistan project team.
• Managed Installation, maintenance of DSL internet connection in Rawalpindi Telephone
Exchange.
• Established a local helpline for smooth operations of Broadband project.
• Managed to a cross functional team to make Broadband project a success.
courses: Professional Certification and Courses * Certified Ethical Hacker – CEH – ECC80611697994 * Certified Information Systems Auditor-CISA-1087692(Expired) * Qualys Certified Specialist * Network and Web Security Training – TUBITAK-Turkey
URL removed due to policy violation. Please contact support for further information.