SULMAN FAROOQ S
About Candidate
Penetration tester with 1.10 years of experience uncovering vulnerabilities and executing penetration tests on a variety of systems, networks, and applications. Has a solid understanding of the most modern hacking tactics, security best practices, and regulatory compliance requirements. Worked independently or as part of a team to identify and address security issues. |
Education
Work & Experience
Monitor and analyze security logs and alerts to identify potentialsecurity incidents and threats. Investigate security incidents and provide recommendations for remediation and mitigation. Develop and implement security policies, procedures, and standards to ensure the confidentiality, integrity, and availability of our systems and data. Collaborate with cross-functional teams to ensure security isintegrated into all aspects of our organization's operations. Conduct in-depth analysis of security logs and alerts to identify and prioritize potential threats and vulnerabilities.
Conduct manual and automated penetration testing to identify and exploit vulnerabilities in clients systems and networks. Perform application security assessment for web, mobile, cloud, IoT, API and O365 applications. Perform different types of application security assessments as needed; this involves application penetration testing, network penetration testing, attack surface evaluation, threat modelling and security design reviews. Perform manual penetration testing of applications using appropriate tools and techniques to uncover critical security vulnerabilities in the software, the infrastructure, the configuration and business logic. Check separation of duties and access controls, review accounts management and check SSL certificates. Perform risk analysis and define prevention and mitigation controls for application vulnerabilities. Explain all vulnerabilities and weaknesses in the OWASP Top 10 and discuss effective defensive techniques. Provide mitigation strategies for applications from infrastructure, architecture and secure coding perspectives. Utilize application security scanning tools, interpret reports and validate identified vulnerabilities and associated risks.