1. Working in SOC of MSSP as Sr. L3 Consultant2. Multiple successful DFIR and SOC engagements.3. Support SOC team (L2,L1 and Engineers) as needed.4. Supporting Clients on SOC Audit Requirements which also includes providing evidence for SAMA and NCA Audit requirements.5. SOC and SIEM Processes, Playbooks, workflows and templates.6. SOC Assessment reviews that includes benchmark of the client SOC maturity against well known SOC maturity models.7. Prepare SOC Assessment report and Presentation with score and recommendations.8. Incident Response Investigations and documenting detailed Reports.9. Map Use cases based on MITRE Techniques.10. The use cases are devised based on latest Threat Intelligence (OSINT) and regulatory standards.11. The documentation of Technical Proposals customized for client requirements.12. MSS Pre Sales which includes gathering requirements from potential customers.

(CMPak is subsidiary of China Mobile)1. Monitoring and Incident Response plus to make sure Information Security is rightly implemented with the Controls.2. Floating Information Security advisories based on gathered Threat Intelligence (OSINT) to make sure potential vulnerabilities and misconfigurations are timely mitigated. So to minimize the IT attack surface.3. LR SIEM implementation support related to Integrations, Use Cases, Dashboards, Reports, AI Rules, Playbooks and Alarms.4. SIEM related work - Vendor coordination, Monitoring, Incident Response, log analysis (LR, Syslog, ELK) and forensics per requirements and the reporting of incidents.5. SIEM Threat Intelligence (TI) based rules implementation for detection of Phishing emails IOCs, anomalous IP IOCs alerts based on alienvault reputation databases, MITRE ATT&CK based AI rules.6. To criticize Information Security architecture so it is as per best practices.7. Investigating the identified / detected risks and recommending mitigation actions in-line with business requirements.8. LR and ELK Dashboards to support Monitoring of Controls and IS aspects of Financial systems.9. To make sure vulnerability assessments are done regularly.10. Make sure the vulnerabilities are mitigated per routine and as per industry guidelines.11. Verification of log availability as per the compliance requirements.13. Explore IS frameworks for guidelines on architecture and process comprehensiveness.14. The evaluation and response on Information Security approval requests.15. Recommendations to teams on IS related architecture / design scenarios.Annual Excellence Award 2022

1. Monitoring and Incident Response plus to make sure Information Security is rightly implemented with the Controls.2. Floating Information Security advisories based on gathered Threat Intelligence (OSINT) to make sure potential vulnerabilities and misconfigurations are timely mitigated. So to minimize the IT attack surface.3. LR SIEM implementation support related to Integrations, Use Cases, Dashboards, Reports, AI Rules, Playbooks and Alarms.4. SIEM related work - Vendor coordination, Monitoring, Incident Response, log analysis (LR, Syslog, ELK) and forensics per requirements and the reporting of incidents.5. SIEM Threat Intelligence (TI) based rules implementation for detection of Phishing emails IOCs, anomalous IP IOCs alerts based on alienvault reputation databases, MITRE ATT&CK based AI rules.6. To criticize Information Security architecture so it is as per best practices.7. Investigating the identified / detected risks and recommending mitigation actions in-line with business requirements.8. LR and ELK Dashboards to support Monitoring of Controls and IS aspects of Financial systems.9. To make sure vulnerability assessments are done regularly.10. Make sure the vulnerabilities are mitigated per routine and as per industry guidelines.11. Verification of log availability as per the compliance requirements.13. Explore IS frameworks for guidelines on architecture and process comprehensiveness.14. The evaluation and response on Information Security approval requests.15. Recommendations to teams on IS related architecture / design scenarios.

Information Security Specialist at Telenor SOC.IS Incident Response @ SOCDoing incident management and response steps of monitoring, detection, triage, analysis,containment and reporting.This includes working and reviewing on SIEM (Splunk, HP), Endpoint Security (Cisco, Kaspersky), WAF (F5), Application layer firewall (Cisco), IDS (Snort), IPS+AMP+DPI+FTD+FMC (Cisco), Email and Web Security (Cisco).Doing investigations, digital forensics, and evaluating information security operations.Incident response for malware related incidents. The response included detection,acquisition, forensic analysis including extraction plus blocking of IOCs/C2, containment,remediation and reporting based on gathered evidence.Routine analysis and response on access and rights requests after conforming therequirements with the organizational IS guidelines.Support in integration of multiple customized log sources with SIEM.Implemented real-time alerts for critical malicious events via SIEM.Gathering focused open source intelligence.Floating update and patching advisories for severe information security vulnerabilities.Escalation of incidents to stake holders for resolution.Getting the necessary changes implemented that are required for corrective and preventivemeasures.

Managing projects, defining project plans / scope of work and performing Governance, Risk and Compliance projects for the customer SOC.Research on regulatory compliance regulations for the Financial Institutions with a focus on customer implementing SOC controls and monitoring processes. This includes specification of the compliance criteria and the definition of required controls to meet compliance. Recommending on Risk remediation plans and prioritizing set of controls necessary after benchmarking Compliance against existing IT controls.Association with FinTech: Perform Risk assessments as a team for customers. Risk assessment customers include well known financial organizations.The risk assessments are performed to measure compliance against regulator published regulations on Prevention against Cyber attacks, Payment Card Security and Regulations for the Security of Internet Banking. The reporting includes key findings and mitigation advice and mitigation / control implementation plan for SOC. The risk assessment help customers prepare to anticipate, withstand, detect and respond cyber attacks. The work also includes review of customer SOPs / policies and SOC controls processes.My work also include performing generic risk assessments focused on assets that consist of technology, people and processes.Risk assessment methodology included steps of asset identification, Threat and Vulnerability identification, Risk assessment and Risk evaluation.Managing cutting edge/new deployment projects, pre-sales and Proof of concepts (POCs) that include IBM Mobile Device Management, IBM Privileged Identity Management and Avecto defendpoint Privilege Management. Configuring customer use cases for the same. Association with Well known bank: Successful Pre-Sales and deployment of Avecto defendpoint solution for privilege management SOC component.Guiding deployment and pre-sales teams in routine projects/activities.

Managing projects, defining project plans / scope of work, Team and self-enablement, supervising technical pre-sales and deployment team activities of SOC specific IT controls to complete within defined plan based on scope. Defining technical proposals / responses, scope and plan of projects including Risk assessments, SIEM and Endpoint SecurityTo provide product trainingsWorking on multiple products to resolve implementation issues and fortify deployment process (IBM - MDM, AppSec, SIEM, Guardium)Association with Telco client: Managed and Performed successful Pre-Sales of IBM Enterprise Mobility Management / MDM (MaaS360). The solution is to add mobile device monitoring and protection capability to SOC.Association with Energy sector client: Managed successful project of IBM Enterprise Mobility Management (MaaS360). Once deployed it is required to configure device policies to comply with SOC requirements and processes. The objective is to achieve centrally managed secured and restricted corporate mobile devices. Association with well-known FI/banks: Managed successful SIEM deployment. The objective of the project is to achieve detection and visibility of malicious events across the organization for a successful SOC.Association with well known banks/FIs: Managed successful centralized Endpoint Security deployments. The objective is to keep the endpoints and servers protected and provide endpoint security visibility in SOC.Association with well-known bank: Performed successful Pre-sales for IBM Privileged Identity Management. Configured customer use cases with focus on privileged identity monitoring in the SOC. Managed successful POC and deployment of Privileged Identity Management base product.Association with Energy sector client: Team Lead and implementer of Nexpose Ultimate Vulnerability Management solution. The implementation scaled the complete infrastructure. The implementation is the primary vulnerability management control in the SOC.

Worked on Vulnerability and Risk Management policies, Project Planning, Scoping, Management of implementation projects and RFP Response preparation.Application Security Testing (DAST and SAST) policies for application monitoring component of SOC. The included deployment and configuration of the well-known AppScan Suite. The objective is to configure application scans of application source and published applications to make sure that vulnerabilities are detected as soon as possible and patched in a repetitive loop to comply with organizational information security policies.Automated Penetration Testing. The activities include detection of vulnerabilities in web apps in scope as a team.Integration of QRadar SIEM with Vulnerability Management Solutions.Worked on protection from Advanced Antimalware (Lastline Enterprise APT solution). The proof of concepts included implementation of the APT solution on gateway. The objective is to evaluate the effectiveness of the solution as advanced anti malware solution for the detection/prevention and forensic sandbox analysis of malware detected on the appliance. The anti-APT solution provides app based integration with QRadar SIEM for monitoring and protection control of SOC.Worked on Kaspersky Linux Mail Security appliance. The project included implementation of the email security solution and its out-of-the-box integration with postfix/sendmail MTAs. The objective is to achieve spam and malware free corporate emails with logs for analysis at SOC.Worked on the area of digital forensics and incident response.Online and Onsite product demonstrations and presentations, Implementation project and POC plans, RFP responses and presentations. SUPPORTProvided in time support including incidence response to customers. The support activities included extensive log analysis and recommended configuration assessment of systems and the solution in focus. The objective was to implement best practices.

Worked on Vulnerability Management and Scanning, Risk Management.Automated Penetration Testing and Vulnerability Validation.Enterprise Endpoint Security Management and Enterprise Email Gateway Security Solutions.Association with well-known bank: Tripwire Enterprise FIM Pre-Sales / POC. Rapid7 Nexpose Enterprise Implementation, Metasploit Pro Implementation and Kaspersky Endpoint Security Deployment. Nexpose Enterprise Training. These are the integrity monitoring, vulnerability management and endpoint security components of the customer SOC program.Implementations.• Kaspersky Endpoint Security Upgrade at well-known Telco• Rapid7 NeXpose Enterprise Implementation at well-known bank• Team Lead Rapid7 Metasploit Pro Implementation at well-known bank• Team Lead Rapid7 Metasploit Pro Implementation at well-known bank• Team Lead Rapid7 NeXpose Enterprise Implementation at well-known bank• Kaspersky Endpoint Security Deployment at well-known bank• Tripwire Enterprise POC at well-known bank• Kaspersky Endpoint Security POC at well-known University.• Kaspersky Endpoint Security POC at large enterprise Trainings Provided.• CEH and SIEM Training at well-known organization • CHFI Training from TISS platform• CEH and Metasploit Pro Training at well-known bank• Customized CEH Training at well-known bank • Metasploit Pro Training at well-known bank • NeXpose Enterprise Training at well-known bank Penetration Tests.• Penetration Testing at well-known banksSupport.Provided in time support including incidence response to customers.

Working on ISMS ISO 27001 Implementation.Working on information security and IT projects that include development, application security, innovation, providing trainings and research. Co-Founder of AaoYaar (A unique business portal).

Working on detection of Encrypted VoIP traffic from Live Internet traffic collected at Gateways

In continuation with NIMIS. Taking part in Digital Forensic investigations and Offensive Security trainings in addition to Information Security trainings, Web management and Research & Development work.Worked on FTKPrepared complete Ethical Hacking /Offensive Security workshopIncidence ResponseTrainerDeveloped purchase portal for Forensics Products with Cart system

In NIMIS as an Information Security Analyst my responsibilities include:Penetration TestingRisk and Vulnerability AssessmentInformation Security TrainerProviding Information Security ConsultationInformation Security ResearchWeb Security AssessmentDesigned procedural flowcharts for Global PharmaceuticalsWorked on Data Loss ProtectionWorked on Remote System Monitoring (ObserveIT)Worked on ITSMWorked on ISMS

under Next Generation Wireless Networks Research Group. See details below.Project page: http://www.case.edu.pk/NgwnResearchGroup.aspx

Did research and completed my Final Year Project with NESCOM in C Sharp and SQL on GPS and RFID Based Tracking system.RFID card Lock/ Access Control using Microcontroller

Responsibilities and training included:Functional Units of EWSD Exchange.Common Channel Signaling CCS-7