Project Manager Penetration Testing
Gulf International Bank
Total years of experience :8 years, 11 Months
Working in GiB as a Project Manager Penetration Testing.
Looking all PT related activities.
Worked in TAQA group as a Cybersecurity Technical Specialist and independently looked after the following activities:
o Managing application security and VA/PT related activities.
o Reviewing SOC and Threat Hunting reports periodically.
o Handling NCA & Saudi-Aramco releases.
o Vendor compliance assessment as per TAQA standards.
o Worked on NCA-ECC and SAC-021 Framework.
o Top Projects:
• Implementation of NCA controls and security solutions (MDM, EDR etc.)
• Blackbox PT and Threat Hunting.
• Compromise assessment with Loki & YARA rules.
Worked in TMFB as a Manager Application Security in Information Security Department (Risk Division) and independently looked after the following activities:
o Security of financial app EasyPaisa.
o VAPT of Network Devices, Infrastructure, Applications (Branchless and Core Banking).
o Worked as DevSecOps, to ensure the security of architecture design and mitigate code flaws.
o Awareness and Training for the implementation of Secure-SDLC process.
o Worked in CTI (Cyber Threat Intelligence) Unit with State Bank of Pakistan (SBP) team, to mitigate the risk of security threats from outside the organization.
o VAPT of in house Private Cloud including IaaS, PaaS, SaaS and DaaS. Provided by “Ant Financial Services”.
o Support SOC (Security Operation Control) team to improve SIEM maturity.
o Delivering a range of CR assessment types including Desktop/Web/Mobile Application, APIs, Databases, 3rd party Integrations and Servers.
o Worked closely with other teams such as Infra, Network, IT Dev., Operations, Solution Architect, PD & PMO for the mitigation of organizational risk.
o Top Projects:
• VAPT of T24 Temenos (Found 3 Zero Days, which were reported to Temenos global).
• VAPT of Alibaba cloud system (Implemented by Ant Financial group, China).
• Annually PT and Compromise assessment
• Network Assessment Exercise.
• Recommended permanent solution for prevent app cloning incident for reduce the Fraud/Risk.
• Application Audits.
For a long term project worked in a semi government organization as an Information Security Manager. Lead the Security team and independently looked after the following activities:
o Bug Hunting for Mobile, OS and Web Based Applications.
o Hardware, Software, Network and Web based penetration testing for Local/Remote Area.
o Supervised R&D Team.
o Virus/Malware/Backdoor Analysis and reverse engineering
o Suggestion/Decision & Implementation for Secure Networks.
o Python scripting for automation process.
o Supervise Red Team for in-house CTF Events.
Done my Graduation in 2011. Worked on Industrial Automation Project, Wireless Security System, RF Control, Information Security, Python Programming, MCU's Programming with Robotics Development and Control, Linux based Embedded System.
URL removed due to policy violation. Please contact support for further information.