Sign in

Security Engineer

Dubai, United Arab Emirates
November 19, 2018

Contact this candidate


Usman Khan

Tel (Mob): +971-**-******* Skype: usman.khanisb

Email: LinkedIn:

Personal Profile

Six plus years of overall experience in Cyber Security Solutions Delivery, Architecture, Security Operations and Consulting. Specialized in Application Security, incident response, threat intelligence, Vulnerability Management, Audit, Compliance, Risk Assessment, SIEM, Malware Analysis, Secure Software Development Life Cycle, Object oriented programming, Content Filtering and n-tier Security Architecture and Compliance. I am actively researching in artificial intelligence and machine learning domains as well.


Consulting: Security Operations and Security Incident Response, Security Intelligence and event monitoring, Security Business cases, Vulnerability Management, Security Compliance, Threat intelligence, Secure Code Analysis, WAF Auditing and Compliance, Logging, APT, N-Tier Application Architecture, Web Security, VAPT, SQA, SSDLC

Programming: C/C++, Bash, Python, .NET(C#), .Net (VC ASP.NET, Java, JavaScript, JQuery, HTML

Compliance: ISO 27001, COBIT 5, NESA, PCI-DSS, HIPPA, ADSIC

Certifications: CISSP (ISC2), Logrhythm SIEM LCSE, CompTIA Linux+ 103, 104, Fortinet FortiWeb Certified, Arbor DDoS, Splunk Certified User, Coursera Deep Learning and Neural networks, ISACA CISA (in process).

Roles: Pre-Sales - technical, Consultant, Senior Analyst, Technical Engineer

IT Management Server Configuration, SharePoint Server management, Solution Deployments, Database Administration, IT Support. IIS Management, Tomcat Configuration.

Security Tools: Logrhythm SIEM, IBM Qradar SIEM, Arbor DDoS, Lastline APT, Nessus Vulnerability Management, Kali Linux, ZAP OWASP, Web application firewalls, FortiWeb (certified), Qualys Vulnerability Assessment, Juniper JWAS, Fortinet Fortigate NGFW, IPS, PAM or PIM Solutions such as CyberArk and thycotic



Dubai, United Arab Emirates

July 2016 to Present

Senior SOC Consultant - Cyber Security

At the beginning of my job I performed following:

Cloud Security Assessment and Audit Cloud Security Compliance as per PCI-DSS and NESA Cloud Security Compliance as per Vendor mentioned best practices Cloud Security Assurance as per SANS and NIST Best Practices.

After successful completion of above project I joined security operations and IR Teams, the main responsibilities are:

Implementing Defense in depth of Etisalat Web Portals.

Integrating Web applications of Etisalat with Web Application Firewall.

Enabling and Optimizing IPS for public services of Etisalat.

Working on security architecture and planning projects.

Working with AI tools optimizing our security monitoring such as ELK and embedded AI features in present security controls.

Aligning out threat intel with our SIEM and developing relevant use case regarding recent campaigns.

Conducting a Security Quality Assurance on Web applications.

Defining and Enabling Application Layer with SIEM such as events correlation, Rules and offences for services such as DNS, Mail, IPTV and Web.

Coordinating with SOC, Network Security and Application teams to provide a better level application security.

Tier-2 Security Analyst and incident response responsibilities.

Regular input in developing security advisory for Etisalat services.

L2-L3 Incident response and BCP activities.

Incident response involving Malware analysis.

Helping SOC teams in meeting security audit and compliance requirements.

DTS Solution

Dubai, United Arab Emirates

January 2014 to June 2016

Application Security and SIEM

DTS Solution is an innovative information and network security consulting company that works on next generation security solutions and delivers on professional services excellence at all stages of a project lifecycle.

My responsibilities at DTS include Application and Web Security team lead, SIEM solution, Application Recovery Policies and implementation. I work on projects related to Web Application penetration testing, Web application firewalls implementation and design, WAF compliance and audit, SIEM Solution Deployment and threat intelligence. I worked on projects for multiple entities ranging from Financial Institutions, Enterprise to various Public and Private sector companies.

Application Security - Web Security

SSDLC - Secure Software Development Life Cycle


Central Logging.

Incident Response (call out for the companies getting breached).

NG Firewall and IPS.

ERP Security.

Penetration Testing.

Application Recovery.

Security Application Architecture.

OWASP Top 10, PCI DSS, HIPPA Compliance Consultancy

Web Application Firewalls implementation - FortiWeb, Imperva

Secure Code Review and Analysis

APT Solutions Implementation - Sandboxing.

End-point Security Solutions consultancy

Content Filtering policies and Next Generation Firewall/IPS/UTM

Active Directory Secure implementation

Sharepoint Secure Configuration and Implementation

A Hamson Private LTD

Islamabad, Punjab, Pakistan

May 2012 to January 2014

Security Engineer

Working with .Net development team involved in code development.

Liaising software development requirements which are closely related with security and can have an impact on data confidentiality, service availability and data integrity.

Developing secure code practices and standards on per project basis.

Developing secure database design and secure database deployment.

Mitigating security loopholes in database access layer such as ORM, stored procedures, and database views.

Performing manual and automatic secure code analysis.

Developing policies and procedures for best coding practices in organization.

Defining technical requirement pertaining to security compliance and standards such as PCI-DSS and ISO 27001.

Involved in interacting with vendors and evaluating new security solutions.

Involved with security forensic team in identifying application related breaches and investigations.

Deploying and implementing security layer for published services such web application firewalls, Intrusion prevention systems and web content filtering.

Recommending and implementing required encryption standard for both data in motion and data at rest.

Developing security logging mechanism in software application for security monitoring of production environment.

Personal Information

Education: BS (CS), 16 years of education, CISSP (ISC2)

Date of Birth: August 20, 198

Marital Status: Single

Languages: English, Urdu, Hindi, Arabic (Novice)

Resident: UAE

Driving License: UAE

Contact this candidate