Information Security Analyst

• Nov 2022 - Present

● Assigned in the implementation of ISO 27001 information Security Management (ISMS) System within the organization ● Conduct Security assessment of system and application to identify vulnerabilities and recommend solution for remediation. ● Collaborated with cross-functional teams to identify and document information Security risks and vulnerabilities and controls ● Conduct training and awareness sessions in ISO 27001 & 9001 ● Created and maintained security policies and procedures. ● Designed, implemented, operated and maintained ISMS and QMS based on the ISO/IEC 27001 Conduct internal audit activities in the organization ISO and 27001& ISO 90001● Identified risk and perform risk assessment based on ISO standards Show less

Cyber Security Analyst

• Feb 2022 - Present

Jobs and Responsibilities:● Conduct Penetration tests on Computer Systems, Networks, and Web Applications Pinpoint methods and entry points that attacker may use to exploit vulnerabilities or weaknesses● Find the best methods to Secure Web Apps and Networks● Implemented and Maintained OWASP WSTG Framework for the Web App Security● Conducted Vulnerability Assessment and Penetration Tests on Web Applications● Performed Pentesting of the Network both Internal and External, and found Critical Vulnerabilities● Suggested best methods to Mitigate, Patch, and Secure Network and Web App Vulnerabilities● Pinpointed Methods and Entry points that attacker may use to Exploit Vulnerabilities or Weaknesses● Provided Professionally Written Technical Reports of Vulnerabilities, Findings, CVE Exploits, and Mitigation Solutions to Management● Perform risk assessment every three month or following significant change to proactively mitigate the potential for security breaches. Show less

Cyber Security Analyst

• Feb 2022 - Present

PENETRATION TESTING

• Jul 2023 - Sep 2023

Conducted thorough web application penetration tests to identify vulnerabilities and security weaknesses. Conduct a security assessment of the system and application to identify vulnerabilities and recommend solutions for remediation. ●Maintained a strong understanding of web application security standards, including OWASP Top Ten, and applied this knowledge to improve testing methodologies. ●Performed manual and automated testing of web applications to assess security controls and defenses. ●Utilized tools such as Burp Suite, OWASP ZAP, and Nikto to scan for common web application vulnerabilities. ●Tested for common web application vulnerabilities such as SQL injection, Cross-Site Scripting (XSS), Cross-Site RequestForgery (CSRF), and insecure session management. ●Collaborated with developers and project managers to integrate security best practices into the development lifecycle. ●Simulated various attack scenarios, such as brute force attacks, input validation bypasses, and business logic vulnerabilities, to assess the resilience of web applications. ●Conducted security awareness training for clients' development and IT teams, enhancing their understanding of web application security best practices. ●Generated detailed reports outlining discovered vulnerabilities, and their potential impact, and recommended remediation strategies, ensuring clear communication with clients.Generated detailed and clear reports for clients, including technical findings, risk assessments, and recommended mitigation strategies. Show less