Muhammad Shaheer
Information Security Analyst at Al Nafi Cloud- Claim this Profile
Click to upgrade to our gold package
for the full feature experience.
Topline Score
Bio
Credentials
-
Practical Ethical Hacking
TCM SecurityOct, 2023- Sep, 2024 -
Jenkins
KodeKloudMay, 2023- Sep, 2024 -
Learning Linux Basics Course
KodeKloudMay, 2023- Sep, 2024 -
DevOps Pre-Requisite Course
KodeKloudMar, 2023- Sep, 2024 -
Docker - SWARM | SERVICES | STACKS - Hands-on
KodeKloudMar, 2023- Sep, 2024 -
Docker Training Course for the Absolute Beginner
KodeKloudMar, 2023- Sep, 2024 -
GIT for Beginners
KodeKloudFeb, 2023- Sep, 2024 -
Certified Information Systems Security Professional (CISSP)
Al NafiSep, 2022- Sep, 2024 -
Cyber Security Essentials Revisit
Al NafiSep, 2022- Sep, 2024 -
ISO 27001, ISO 27017, ISO 27018 Lead Implementer & Auditor
Al NafiJun, 2022- Sep, 2024
Experience
-
Al Nafi Cloud
-
Canada
-
IT Services and IT Consulting
-
1 - 100 Employee
-
Information Security Analyst
-
Nov 2022 - Present
● Assigned in the implementation of ISO 27001 information Security Management (ISMS) System within the organization ● Conduct Security assessment of system and application to identify vulnerabilities and recommend solution for remediation. ● Collaborated with cross-functional teams to identify and document information Security risks and vulnerabilities and controls ● Conduct training and awareness sessions in ISO 27001 & 9001 ● Created and maintained security policies and procedures. ● Designed, implemented, operated and maintained ISMS and QMS based on the ISO/IEC 27001 Conduct internal audit activities in the organization ISO and 27001& ISO 90001● Identified risk and perform risk assessment based on ISO standards Show less
-
-
Cyber Security Analyst
-
Feb 2022 - Present
Jobs and Responsibilities:● Conduct Penetration tests on Computer Systems, Networks, and Web Applications Pinpoint methods and entry points that attacker may use to exploit vulnerabilities or weaknesses● Find the best methods to Secure Web Apps and Networks● Implemented and Maintained OWASP WSTG Framework for the Web App Security● Conducted Vulnerability Assessment and Penetration Tests on Web Applications● Performed Pentesting of the Network both Internal and External, and found Critical Vulnerabilities● Suggested best methods to Mitigate, Patch, and Secure Network and Web App Vulnerabilities● Pinpointed Methods and Entry points that attacker may use to Exploit Vulnerabilities or Weaknesses● Provided Professionally Written Technical Reports of Vulnerabilities, Findings, CVE Exploits, and Mitigation Solutions to Management● Perform risk assessment every three month or following significant change to proactively mitigate the potential for security breaches. Show less
-
-
-
Al Nafi
-
Canada
-
E-Learning Providers
-
100 - 200 Employee
-
Cyber Security Analyst
-
Feb 2022 - Present
-
-
-
Blockwise Technologies
-
San Marino
-
IT Services and IT Consulting
-
1 - 100 Employee
-
PENETRATION TESTING
-
Jul 2023 - Sep 2023
Conducted thorough web application penetration tests to identify vulnerabilities and security weaknesses. Conduct a security assessment of the system and application to identify vulnerabilities and recommend solutions for remediation. ●Maintained a strong understanding of web application security standards, including OWASP Top Ten, and applied this knowledge to improve testing methodologies. ●Performed manual and automated testing of web applications to assess security controls and defenses. ●Utilized tools such as Burp Suite, OWASP ZAP, and Nikto to scan for common web application vulnerabilities. ●Tested for common web application vulnerabilities such as SQL injection, Cross-Site Scripting (XSS), Cross-Site RequestForgery (CSRF), and insecure session management. ●Collaborated with developers and project managers to integrate security best practices into the development lifecycle. ●Simulated various attack scenarios, such as brute force attacks, input validation bypasses, and business logic vulnerabilities, to assess the resilience of web applications. ●Conducted security awareness training for clients' development and IT teams, enhancing their understanding of web application security best practices. ●Generated detailed reports outlining discovered vulnerabilities, and their potential impact, and recommended remediation strategies, ensuring clear communication with clients.Generated detailed and clear reports for clients, including technical findings, risk assessments, and recommended mitigation strategies. Show less
-
-
Education
-
Virtual University of Pakistan
Bachelor of Computer science, Computer and Information Systems Security/Information Assurance -
Standard Group of College
Information of Computer Science (ICS), Computer Science -
Prime Roots Of Public School
Matric, Computer Science -
Virtual University of Pakistan
Bachelor of Computer science, Cyber Security