Daily Tasks:• Perform data collection from different feeds and analyze them to assemble relevant findings.• Enforce security policies, standards, and best practices across development, testing, and production environments.• Create and disseminate vulnerability Reports.• Automating the execution of security checks throughout the software development lifecycle (SDLC) is essential for identifying and addressing security vulnerabilities early in the process.• Building Docker images for runners to run the automation security and test jobs inCI/CD pipelines.Projects:Static Application Security Testing (SAST): Implemanting and automating SASTsolution to integrate it in CI/CD pipelines• Software Composition Analysis (SCA) solution: Implementing a SCA solution todetect SBOM vulnerabilities• Container scanning : Implement and integrate a container scanning solution• Dynamic Application Security Testing (DAST): Implementing and automating aDAST solution in CI/CD pipeline to identify vulnerabilities in web applications andgenerating actionable reports

To comply with vulnerability management and incident management norms in SWIFT CSP and PCI DSS, our solution comprises three modules:iTop: An ITIL/ITSM open-source web application, enhanced with a vulnerability management menu featuring three ticket creators:Discovery Scan: Scans a specified network or VLAN.Asset Vulnerability Scanning: Conducts vulnerability scans on specific assets or multiple assets.Vulnerabilities: Catalogs each discovered vulnerability with detailed information such as CVSS scores and remediation steps.Nexpose from Rapid7: Performs the scans initiated from iTop. The resulting reports are extracted as CSV files and imported into iTop for further analysis and management.QRadar: Acts as the incident management module. It analyzes network anomalies in real-time by centralizing all logs and custom logs (e.g., using auditd), thereby enhancing the detection and response to security incidents.

Setting up a solution for managing logs and monitoring security events to ensure comprehensiveobservability.

During this internship, I learned to distinguish between free, licensed, and paid applications, gaining insights into software choices in a professional setting. I worked on customizing a registry application to better suit the department's specific needs, improving functionality and user experience. Additionally, I introduced Prezi as a cost-effective, open-source alternative to PowerPoint for presentations. This experience strengthened my practical skills in software adaptation and strategic tool selection for operational efficiency.