Omar Farooq Malik

1. Architected and implemented AWS security controls, including GuardDuty for threat detection, Lacework
for cloud workload protection, and CloudWatch for security monitoring, alerting, and incident triage.
Developed custom detection rules for VPC Flow Logs and ELB access logs to identify anomalous network
behavior and potential threats.
2. Managed CrowdStrike Falcon for endpoint, EC2, and Kubernetes workload protection, conducting
proactive threat hunting, investigations, and incident response to contain and remediate malicious activity
across hybrid environments.
3. Architected a global Google SecOps ecosystem, onboarding diverse log sources via custom UDM parsers,
engineering YARA-L detection logic, and deploying automated SOAR playbooks to accelerate threat
hunting and incident remediation at scale.
4. Integrated WAF (Cloudflare / AWS WAF) and DDoS protection, implementing custom WAF rules, rate
limiting, and bot management in collaboration with the service teams to enhance web security while
minimizing business impact.
5. Monitored the external attack surface using platforms like CTM, identifying exposed assets,
misconfigurations, and vulnerabilities, and coordinated remediation efforts with service teams to
proactively reduce the organizations attack footprint.
6. Coordinated incident response activities, including evidence collection, root cause analysis, and
post-incident reporting with clear remediation recommendation.
7. Utilized HackerOne for vulnerability disclosure management, coordinating with internal teams for
verification and timely remediation of reported issues.
8. Engineered automation scripts and workflows to streamline alert enrichment, IOC correlation, and
endpoint status validation across multiple platforms, integrating LLM-powered intelligence to accelerate
triage and improve response efficiency.
9. Collaborated with cross-functional teams to enhance detection coverage and maintain continuous
compliance across hybrid environments.
10. Correlated multiple log sources using Exabeam to build UEBA-based detections, identifying anomalous
user and entity behavior across the cloud environment to enhance threat visibility and detection accuracy.

1. Detection Engineering & SIEM Architecture: Architected and deployed a global SIEM (Wazuh), engineering, custom parsers and detection logic that reduced false-positive noise by 40% while ensuring 100% log integrity and availability for forensic investigations.
2.  Offensive Security & Defensive Validation: Matured the organization’s defensive posture by conducting
adversary emulation exercises (MITRE ATT&CK) and web/mobile penetration tests,  using findings to close
detection gaps and harden security controls across the environment.
3.  Vulnerability Management & Governance: Spearheaded a risk-based vulnerability management program
using Nessus and CIS Benchmarking,  achieving full compliance with ISO 27001 and PCI-DSS standards
across critical infrastructure and firewalls.
4.  AppSec & Secure SDLC: Integrated security into the development lifecycle through automated source
code reviews and OWASP-based training,  significantly reducing the introduction of high-severity vulnerabilities in production codebases.
5.  Threat Operations & Risk Mitigation: Orchestrated the emergency patch management process and email
security workflows (KnowBe4),  reducing the organization's phishing click-rate by 60% through targeted simulations.

1. Custom scripts to scan the production environment for abnormalities.
2. Deploying and implementing Security Solutions.
3. Reproducing vulnerabilities reported on BugCrowd.
4. Patching the latest security vulnerabilities.