Unit Manager - Security Testing
National Bank of Kuwait
Total des années d'expérience :12 years, 5 Mois
Managed Cybersecurity team of 15+ employees globally.
Managed various Cybersecurity activities like Purple Teaming, Red Teaming, Blue Teaming,
Internal/External Penetration Testing, Vulnerability Management, PCI DSS Security Assessments,
Web/Mobile Application Security Assessments, Cloud Security Assessments, API Security Testing,
Operating Systems / Databases Misconfiguration Reviews and implement DevSecOps with Secure
Code Reviews etc.
Managed various Cybersecurity Audits like PCI DSS, SWIFT CSP and ISO27001.
Managed Robotic Process Automation (RPA) Security Assessments by providing security
recommendations at every phase of each process by performing Threat Modelling, Process Security
Assessments on RPA tools like BluePrism, Selenium etc.
Managed various Building Management Systems Security Audits like CCTV, Intercom, Water
Leakage, Fire Alarm, Elevator, Intrusion Alarm, SCADA etc.
Provided Secure Architecture recommendations to during any new/existing initiatives/projects
implementation/upgrades/changes of infrastructures/applications.
Provided cloud security recommendations based on SaaS, PaaS, IaaS services on AWS and Azure.
Provided security recommendations on monitoring tools like F5 WAF, LogRythm, and Imperva
Database Access Monitoring etc.
Advised on various Cybersecurity advisories based on the advisories/researches from CERT,
TrendMicro, Fortiguard, CISA Alerts, Microsoft, CISCO Talos, to mitigate new trending
cybersecurity threats and Zero-day attacks.
Managed brand reputation vendors for analyzing organization external posture for brand abuses, site
impersonations, domain/sub-domain infringement, leaked credentials, phishing, scams, fake Ads, evil
twin sites, baiting news sites etc.
Present overall security posture of the organization to Management with various dashboards
Advised on Cybersecurity advisories based on the advisories/researches on emerging attacks
Advised Security Governance/Compliance teams on Key Performance Indicators and Key Risk
Indicators to enhance the security posture of the organization.
Conducted Risk Assessments during Risk Acceptance process by evaluating vulnerabilities to
examines probable threats exposed and advice management.
External Applications Security Testing.
Internal Applications Security Testing.
External Network Penetration Tests.
Internal Network Penetration Tests.
Configuration Audit/Vulnerability Assessment for various critical servers and devices of organization.
Mobile Application Security Testing.
Secure Code Review.
Wi-Fi Penetration Testing.
Proposal Preparations based on the RFP
Managed Security Services
1. Product Security
2. External Applications Security Testing.
3. Internal Applications Security Testing.
4. External Network Penetration Tests.
5. Internal Network Penetration Tests.
6. Configuration Audit/Vulnerability Assessment for various critical servers and devices of organization.
7. Mobile Application Security Testing.
8. Secure Code Review.
9. Vulnerability Management
1. Application Security Testing for many Banking and Core Banking application.
2. Application Security Testing for Online Shopping and business applications.
3. Internal and External Network Penetration Tests.
4. Configuration Audit/Vulnerability Assessment for various critical servers and devices for many organizations.
5. Mobile Application Security Testing
1. Application Security Testing for internal applications.
2. Involved into development of an internal application.
3. Worked on various QA deployments and bringing the changes to production environment.
Bachelors Engineering in Information Science