Gaining experience from multiple domains of IT helped me understand the Information Systems more efficiently and as a part of Information Security team I performed numerous Information Systems audits during my job. Moreover, the blend of knowledge that I gained through the network security and penetration testing trainings helped me in performing the tasks related to network penetration testing effectively.
IT Security Engineer
Working as InfoSec Engineer on the following projects:
Implementation of ISO 20000 (ITSMS)
Conducting regular activities for ISO 27001 and 9001 standard conformance
Optimisation of IBM QRadar SIEM solution according to the new and upcoming threats
Providing technical support for audits, certification and other compliance efforts including HIPAA/HITECH, PCI-DSS, ISO27001 etc. Below are some highlights of my work:
• Implemented multiple controls of ISO 27001: 2013 that ensured:
o Segregation of production, development and testing environment by assigning role-based rights
o Classification of data by redefining the asset management procedures
o Capacity planning by regularly observing the network performance monitoring tools and company strategies
o Preventing unauthorized access on Information System assets by providing access only on required basis
• Performed internal network penetration testing and proposed remediations to encounter network attacks like MITM, SNMP enumeration, firewall evasion etc.
• Suggested strong access control procedures for all of the information resources by performing multiple Information Systems audits
• Highlighted the critical assets and risk areas by performing qualitative risk assessment biannually
• Performed testing of Disaster Recovery Plan by successfully achieving the desired RTO and RPO on recovery site
• Performed vulnerability assessment of all the critical assets of MTBC on weekly basis
Documented, designed, deployed and maintained security systems to protect company assets and information while being compliant with applicable federal, state and commercial security standards. Following are my major accomplishments working as ISO:
• Performed daily log analysis for URLs, incoming/outgoing emails and VPN
• Analyzed the security aspects of change management forms
• Worked on Solarwinds Log and Event Manager for monitoring of security events on critical assets
• Documented and designed access control procedures during the transition of hard copy forms to electronic portal
• Performed multiple audits including audits of access control procedures, change management processes etc.
• Served as official contact point for information security and privacy incidents
Clients’ requirement elicitation and proposal of business friendly solution(s) with least development cost. Following are some of my major projects:
• Proposed complete flow of Access Control Automation for critical assets of company
• Proposed the workflow for login page of all web/mobile applications to minimize the effect of security threats
• Analyzed all the application changes from security perspective
• Analysis and design of major mobile applications (i.e. MTBC PHR, MTBC iCheckin, MTBC iDictate etc.)