Aug 2023 – Mar 2025 · 1 yr 7 mos · Islāmābād, Pakistan · On-site

• Partnered with Common Criteria Pakistan (CCP) to establish first national IT security evaluation and assurance facility, aligning with the standards (ISO 15408, ISO 17025, ISO 17065) set by international Common Criteria Recognition Agreement (CCRA)
• Developed, maintained, and operated a state-of-the-art Vulnerability Disclosure Platform, streamlining reporting and resolution process.
• Spearheaded Vulnerability Management initiatives, conducting regular risk assessments and implementing proactive measures to fortify organization's security posture.
• Played a pivotal role in facilitating organizations and departments in the development of Internal Bug Bounty Programs
• Orchestrated extensive training sessions for the national Incident Response Team, equipping them with the proficiency to adeptly manage cybersecurity incidents
• Led Risk and Vulnerability Assessments, proficiently pinpointing and prioritizing security risks, and implementing targeted mitigation strategies
• Directed, synchronized, and coordinated Cyberspace Planning and Operations, ensuring a cohesive and strategic approach to cybersecurity initiatives.
• Collaborated with internal and external stakeholders to foster a robust cybersecurity culture and ensure alignment with organizational goals.
• Lead development of competitive RFPs, curate top-tier products, and craft contracts aligning with security goals
• Delivered awareness sessions on security standards and their importance

Apr 2020 – Jul 2023 · 3 yrs 3 mos · New Jersey, United States · Hybrid

• Team Management
• Project design, development, evaluation, assurance
• Procurement of information security solutions
• Oversaw project security budget, estimated expenditures, and contributed to project management
• Audit Operations including internal and external audits
• Risk Assessments & Management
• Developed Compliance and Governance framework, policies and procedures
• Conducted comprehensive training sessions for the national Incident Response Team, ensuring they were well-equipped to handle cybersecurity incidents effectively.
• Conducted Risk and Vulnerability Assessments, identifying and prioritizing security risks, and implementing mitigation strategies.
• Security Consultation and Development for cryptographically secure software and mobile applications
• Research and Analysis for latest cyber security domains

Jun 2018 – Mar 2020 · 1 yr 9 mos · Islāmābād, Pakistan · On-site

• Conduct comprehensive cybersecurity assessments to ensure resilience of information systems
• Mentor secure coding practices throughout software development life cycle
• Identify and manage security risks, contributing to enhanced digital landscapes
• Ensure compliance with industry standards and regulatory requirements
• Proactively respond to and resolve security incidents
• Collaborate with cross-functional teams to foster a culture of security awareness

May 2013 – Jul 2018 · 5 yrs 2 mos · Islāmābād, Pakistan · On-site

• Pen-testing and security risk assessment of cryptographic systems, mobile apps and various IT security products (Fips 140-2, OWASP)
• Provide assistance in assessing vulnerabilities and ensuring secure coding practices for mobile and software applications
• Implementing and testing cryptographic algorithms, protocols and mechanism
• Developed security assessment platform for one of the national cyber security strength evaluation facility
• Responsible for identifying and mitigating security risks across a diverse range of IT security products
• Provide expertise in fortifying digital landscapes against evolving cyber threats
• Assisted in defining Audit scope, planning, risk assessment, operation and report

Aug 2007 – Apr 2013 · 5 yrs 8 mos · Islāmābād, Pakistan · On-site

• Contributed to the development and maintenance of automated testing frameworks, enhancing efficiency and reducing manual testing efforts
• Provided valuable insights during the software development life cycle, helping to identify potential risks and recommending preventive measures for early issue resolution
• Actively participated in requirement analysis and design review meetings, ensuring a clear understanding of project objectives and alignment with testing strategies
• Implemented and maintained access controls, encryption, and authentication mechanisms to safeguard sensitive information within the software management system
• Contributed to the development and enforcement of security policies and procedures to align with industry standards and compliance requirements
• Collaborated with cross-functional teams to integrate secure coding practices into the software development life cycle, reducing the likelihood of vulnerabilities at the source