Senior Cyber SecurityConsultant
Rewterz
مجموع سنوات الخبرة :9 years, 7 أشهر
-Conducting in-depth VAPT(Vulnerability Assessment and Penetration Testing) across web,
mobile, and API platforms, thoroughly addressing OWASP Top 10 vulnerabilities, identifying
business logic flaws, and expertly leveraging application scenarios to uncover potential attack
vectors. Prioritizing risks based on business impact to ensure proactive and impactful security
measures.
-Formulating yearly security plans aligned with SAMA CSF, SAMA ITGF, NCA CSCC, NCA ECC, and
PCI-DSS, ensuring compliance and proactive risk management.
-Collaborating effectively with IT teams to prioritize and remediate vulnerabilities within
established timeframes, exceeding client expectations for responsiveness and resolution.
-Demonstrating expertise in OS-level attacks and various security assessment tools (Core
Impact, Tenable SC, Nessus, Nmap, Metasploit, Acunetix, Appscan, Splunk, QRadar, Volatility,
Hydra, BurpSuite, SonarQube, SQLMap, Fortify) to comprehensively assess and mitigate risks.
-Conducting rigorous network and server configuration reviews for all appliances, adhering to
NIST and CIS benchmarks, or crafting customized Minimum Baseline Security Standards (MBSS)
leveraging whitepapers for non-standard devices, to fortify infrastructure security and minimize
attack surfaces.
-Conducting SIEM audits, threat hunting, and source code reviews to identify integration
issues, potential threats, and codebase vulnerabilities.
-Possess strong communication and interpersonal skills, fostering collaboration and ensuring
effective communication with cross-functional teams during assessments and remediation
efforts.
To perform VAPT activities which include: Hunting for OWASP Top 10 over at Web Applications and Mobile Applications which include the use of Tools(Nmap, Metasploit, Nexpose, Nessus, Burp, Hydra, and more.)
-Perform Threat Hunting Activities to look out for Malicious Actors. Activities include: Hunting for Actors at SIEM(Splunk/Q Radar), Performing thorough Memory Analysis(Volatility), and Searching for any Indicators over at Endpoints.
-To perform VAPT activities which include: Hunting for OWASP Top 10 over at Web Applications and Mobile Applications which include the use of Tools(Nmap, Metasploit, Nexpose, Nessus, Burp, Hydra, and more.)
-Perform ATM Testing in order to look out for any potential malware over at the Critical Endpoint
-To carry out SIEM Audits in order to identify any issues in the integration of SIEM.
Activities and societies: -Former Team Lead at Bahria University Debating Society -Brand Ambassador BUMUN'18Activities and societies: -Former Team Lead at Bahria University Debating Society -Brand Ambassador BUMUN'18 Projects: -Real Estate Management System (Back End Developer) i) Based on C++ ii) A Software-based clone of Zameen.com -Inventory Management System (Back End Developer) i) Based on Java ii) Used OOP Concepts -Online Restaurant Management System(Junior Developer) i)Based on Android ii)Similar to Foodpanda -Online Recruitment System(Back End Developer) i)Based on HTML,PHP and JavaScript ii)Similar to Rozee.pk -Custom Language Compiler(Back End Developer) i)To create a Custom Language ii)Creation of Lexical, Semantic and Syntax Analyser -Facial Recognition App(Back End Developer) i)Based on Python ii)To be able to recognize a person accurately -Brain Tumor Detection using Computer Vision and Machine Learning(FYP)(Back End Developer) i)Based on Python and Flask ii)To be able to correctly recognize an Image iii)Be able to correctly segment out the tumour
