Tel (Mob): +971-**-******* Skype: usman.khanisb
Email: firstname.lastname@example.org LinkedIn: https://ae.linkedin.com/in/usmankhanisb
Six plus years of overall experience in Cyber Security Solutions Delivery, Architecture, Security Operations and Consulting. Specialized in Application Security, incident response, threat intelligence, Vulnerability Management, Audit, Compliance, Risk Assessment, SIEM, Malware Analysis, Secure Software Development Life Cycle, Object oriented programming, Content Filtering and n-tier Security Architecture and Compliance. I am actively researching in artificial intelligence and machine learning domains as well.
Consulting: Security Operations and Security Incident Response, Security Intelligence and event monitoring, Security Business cases, Vulnerability Management, Security Compliance, Threat intelligence, Secure Code Analysis, WAF Auditing and Compliance, Logging, APT, N-Tier Application Architecture, Web Security, VAPT, SQA, SSDLC
Compliance: ISO 27001, COBIT 5, NESA, PCI-DSS, HIPPA, ADSIC
Certifications: CISSP (ISC2), Logrhythm SIEM LCSE, CompTIA Linux+ 103, 104, Fortinet FortiWeb Certified, Arbor DDoS, Splunk Certified User, Coursera Deep Learning and Neural networks, ISACA CISA (in process).
Roles: Pre-Sales - technical, Consultant, Senior Analyst, Technical Engineer
IT Management Server Configuration, SharePoint Server management, Solution Deployments, Database Administration, IT Support. IIS Management, Tomcat Configuration.
Security Tools: Logrhythm SIEM, IBM Qradar SIEM, Arbor DDoS, Lastline APT, Nessus Vulnerability Management, Kali Linux, ZAP OWASP, Web application firewalls, FortiWeb (certified), Qualys Vulnerability Assessment, Juniper JWAS, Fortinet Fortigate NGFW, IPS, PAM or PIM Solutions such as CyberArk and thycotic
Dubai, United Arab Emirates
July 2016 to Present
Senior SOC Consultant - Cyber Security
At the beginning of my job I performed following:
Cloud Security Assessment and Audit Cloud Security Compliance as per PCI-DSS and NESA Cloud Security Compliance as per Vendor mentioned best practices Cloud Security Assurance as per SANS and NIST Best Practices.
After successful completion of above project I joined security operations and IR Teams, the main responsibilities are:
Implementing Defense in depth of Etisalat Web Portals.
Integrating Web applications of Etisalat with Web Application Firewall.
Enabling and Optimizing IPS for public services of Etisalat.
Working on security architecture and planning projects.
Working with AI tools optimizing our security monitoring such as ELK and embedded AI features in present security controls.
Aligning out threat intel with our SIEM and developing relevant use case regarding recent campaigns.
Conducting a Security Quality Assurance on Web applications.
Defining and Enabling Application Layer with SIEM such as events correlation, Rules and offences for services such as DNS, Mail, IPTV and Web.
Coordinating with SOC, Network Security and Application teams to provide a better level application security.
Tier-2 Security Analyst and incident response responsibilities.
Regular input in developing security advisory for Etisalat services.
L2-L3 Incident response and BCP activities.
Incident response involving Malware analysis.
Helping SOC teams in meeting security audit and compliance requirements.
Dubai, United Arab Emirates
January 2014 to June 2016
Application Security and SIEM
DTS Solution is an innovative information and network security consulting company that works on next generation security solutions and delivers on professional services excellence at all stages of a project lifecycle.
My responsibilities at DTS include Application and Web Security team lead, SIEM solution, Application Recovery Policies and implementation. I work on projects related to Web Application penetration testing, Web application firewalls implementation and design, WAF compliance and audit, SIEM Solution Deployment and threat intelligence. I worked on projects for multiple entities ranging from Financial Institutions, Enterprise to various Public and Private sector companies.
Application Security - Web Security
SSDLC - Secure Software Development Life Cycle
Incident Response (call out for the companies getting breached).
NG Firewall and IPS.
Security Application Architecture.
OWASP Top 10, PCI DSS, HIPPA Compliance Consultancy
Web Application Firewalls implementation - FortiWeb, Imperva
Secure Code Review and Analysis
APT Solutions Implementation - Sandboxing.
End-point Security Solutions consultancy
Content Filtering policies and Next Generation Firewall/IPS/UTM
Active Directory Secure implementation
Sharepoint Secure Configuration and Implementation
A Hamson Private LTD
Islamabad, Punjab, Pakistan
May 2012 to January 2014
Working with .Net development team involved in code development.
Liaising software development requirements which are closely related with security and can have an impact on data confidentiality, service availability and data integrity.
Developing secure code practices and standards on per project basis.
Developing secure database design and secure database deployment.
Mitigating security loopholes in database access layer such as ORM, stored procedures, and database views.
Performing manual and automatic secure code analysis.
Developing policies and procedures for best coding practices in organization.
Defining technical requirement pertaining to security compliance and standards such as PCI-DSS and ISO 27001.
Involved in interacting with vendors and evaluating new security solutions.
Involved with security forensic team in identifying application related breaches and investigations.
Deploying and implementing security layer for published services such web application firewalls, Intrusion prevention systems and web content filtering.
Recommending and implementing required encryption standard for both data in motion and data at rest.
Developing security logging mechanism in software application for security monitoring of production environment.
Education: BS (CS), 16 years of education, CISSP (ISC2)
Date of Birth: August 20, 198
Marital Status: Single
Languages: English, Urdu, Hindi, Arabic (Novice)
Driving License: UAE