Cyber Security Engineer
Current Implemented advanced threat detection technologies to monitor and respond to potential cyber assaults, cutting incident response time by 40%. Developed and implemented security policies and procedures to ensure compliance with industry standards like ISO 27001, NIST, and PCI DSS. Regular vulnerability assessments and penetration testing were carried out utilising tools such as Nessus, Metasploit, and Burp Suite, resulting in the identification and mitigation of major vulnerabilities. I managed and configured firewalls, intrusion detection and prevention systems (IDS/IPS), and security information and event management (SIEM) systems. Using Python and PowerShell, we automated security activities and incident response procedures, enhancing efficiency and decreasing human error. Designed and executed network security architectures, including the separation of essential systems and data to prevent lateral movement. Collaborated with IT and development teams to incorporate security into the software development lifecycle (SDLC) through DevSecOps methods and tools such as Jenkins and GitLab. Employees received security awareness training, which drastically reduced the success rate of phishing attacks. Forensic analysis and root cause investigations of security issues were conducted utilising tools such as EnCase and FTK. Implemented multi-factor authentication (MFA) technologies to improve the security of important systems and applications. Managed and updated endpoint protection solutions to ensure all devices were safe from malware and other threats. Regularly audited security controls and processes to detect holes and make recommendations for changes. Developed and tested disaster recovery and business continuity procedures to ensure prompt recovery in the event of a security compromise. Developed and administered data loss prevention (DLP) techniques to keep sensitive information safe from unauthorised access and exfiltration.