Working on Microsoft Copilot for security use cases.Devised the Findings Management Strategy.Architected and helped deploy the new organization-wide Application Security service (Snyk).Architected the ServiceNow AVR/VR for vulnerability management.Offensive Security Projects – Confidential.Cyber Defense Projects - Confidential.Skills: Security Architecture, Application Security, Vulnerability Management, Offensive Security, Cyber Defense
Devised the Application Security Strategy and roadmap.Architected for the Workplace security (endpoint, email and data protection), Cloud Security, and Application Security (DevSecOps) Programs.Security Advisor and Architect for the AMP’s technology simplification and transformation program.Designed the governance model to enable the use of Microsoft Azure at AMP.Enabled workplace and cloud technologies such as Virtualization (Azure VDI), Automation (Power Platform), and Email (Exchange Online).Skills: Application Security, Endpoint Security, Cloud Security, DevSecOps, Governance, Automation
Managed enterprise risk management program and ISMS for the organization.Drove and maintained compliance with industry-related certifications (such as ISO/IEC 27001:2013) for the organization.Devised a framework for DevOps and MLOps security.Part of pre-sales team; assisted sales team by providing timely security support for different international markets including US, EU, APAC, and MENA.Assisted in compliance with international security & privacy standards and laws such as GDPR, HIPAA, and PDPPL.Devised strategies and implemented unique solutions to protect customer and employee data in multiple AI, ML, and data engineering use cases.Skills: Risk Management, Compliance, DevOps Security, MLOps Security, Data Protection
Responsible for the security of large transformation programs such as business banking, Payments, and Application Modernization.Integral part of Australia’s first large-scale business banking system migration to the public cloud.Wrote reference architectures and patterns related to Kubernetes, application security, AWS services, and other multi-cloud initiatives.Conducted security assessments of multiple cloud services to facilitate public-cloud migration of cards, payments, business banking, and other systems.Skills: Security Architecture, Cloud Security, Application Security, Kubernetes, AWS Services
Subject matter expert for application security technologies such as SAST, SCA, IAST, and WAF.Reviewed and assessed applications and microservices for deployment in AWS.Devised plans and worked with stakeholders and internal teams to fast-track API/Digital security assessments.Designed and developed microservice-based automation solutions for application assessment during CI/CD using Fortify and other software.Managed, monitored, and provided second-line support for Akamai WAF.Used ML to create a POC for automated triage of code review findings.Skills: Application Security, DevSecOps, Automation, Penetration Testing, Machine Learning
Led the Security Code Assessment practice.Aligned and revised source code assessment to facilitate Agile development.Implemented HP Fortify for automated code assessment.Managed the secure code training program for developers.Performed penetration testing of internal systems.Assisted developers in the remediation of pen-testing and code review findings.Skills: Code Assessment, Secure Code Training, Penetration Testing
Designed, deployed, and supported RSA SecurID for authentication to the trading system.Architected and maintained RSA Envision (SIEM) for Security Operations Center (SOC).Introduced Secure SDLC along with developer training in the organization.Developed Security Policies and Procedures.Skills: Authentication, SIEM, Secure SDLC, Policy Development
Led the team that managed and supported a 24x7 asterisk-based call center for virtual companies.Designed and developed InfiniWalls, a dual-homed internet system, based on iptables.Involved in pre-sales activities of InfiniWalls.Developed custom modules to integrate call center services with other products.Managed Pakistan and UK office network, call center, and security operations.Developed InfiniSource to automate code check-in, testing, and deployment.Skills: Network Security, Call Center Operations, Security Operations