Sep 2022 – Apr 2026 · 3 yrs 7 mos · Dubai, United Arab Emirates · On-site

• Driving enterprise-wide cybersecurity strategy covering governance, compliance, cloud security, DevSecOps, and risk management.
• Key Achievements & Responsibilities
• Revamped cybersecurity governance frameworks aligned to ISO 27001, ensuring compliance with regulatory, legal, and organizational requirements.
• Spearheaded Saudi PDPL compliance program—led data mapping, privacy audits, and deployment of privacy-enhancing technologies.
• Designed and implemented a full Third-Party Risk Management (TPRM) lifecycle, including vendor risk classification, onboarding controls, and automated due-diligence workflows.
• Successfully achieved and maintained PCI-DSS certification through gap remediation, readiness assessments, and QSA coordination.
• Advised executive leadership with security dashboards, risk briefings, audit results, and strategic cybersecurity recommendations.
• Led enterprise Cyber Insurance program, ensuring control adherence and compliance with insurer security requirements.
• Built and managed organization-wide Security Awareness Programs, including phishing simulations and targeted training campaigns.
• Oversaw MSSP operations—improving incident response, SOC performance, alert triage, and threat hunting workflows.
• Implemented enterprise DLP controls aligned with legal and business requirements to mitigate insider and data leakage risks.
• Integrated SSDLC and DevSecOps practices into CI/CD (SAST, DAST, VAPT), improving application security posture.
• Tuned and optimized WAF policies to mitigate OWASP Top 10 and zero-day threats.
• Deployed CSPM tools to secure AWS and Azure environments by remediating misconfigurations.
• Implemented Microsoft 365 E5 Defender security stack (EDR, email protection, identity security, DLP).
• Led dark web monitoring and breach-response readiness to reduce external exposure risks.

Jun 2020 – Sep 2022 · 2 yrs 3 mos · Abu Dhabi Emirate, United Arab Emirates · On-site

• SOC Leadership & Mentorship: Directed L1/L2 SOC operations, fostering professional growth through mentorship while architecting Standard Operating Procedures (SOPs) and automated incident response playbooks.
• Tier-3 Escalation SME: Served as the senior Subject Matter Expert for complex threat hunting and advanced investigations, performing deep-dive Root Cause Analysis (RCA) for high-priority incidents.
• Security Architecture & Visibility: Led the end-to-end onboarding and integration of SIEM platforms, vulnerability management tools, and centralized logging to eliminate visibility gaps.
• Detection Engineering: Optimized SIEM detection logic and data pipelines, significantly improving alert high-fidelity and reducing false-positive fatigue for the SOC team.
• Incident Lifecycle & Reporting: Managed the full incident lifecycle—from detection to remediation—and delivered executive-level security posture reports to stakeholders.
• Audit & Compliance: Ensured 100% audit readiness and strengthened technical controls for PCI-DSS and ISO 27001 frameworks.

Jul 2018 – Feb 2020 · 1 yr 7 mos · Hyderabad Area, India · On-site

• Comprehensive VAPT: Led end-to-end Vulnerability Assessment and Penetration Testing (VAPT) across diverse ecosystems, including Web, Mobile, API, and Network infrastructures.
• Application Security (AppSec): Spearheaded SAST/DAST initiatives and secure code reviews using industry-standard tools to identify and mitigate vulnerabilities early in the development lifecycle.
• API Security & Testing: Performed deep-dive API security testing utilizing advanced toolsets to ensure robust endpoint protection and data integrity.
• Threat Modeling & Governance: Developed detailed threat models and designed security controls to ensure technical architectures remained aligned with global compliance standards.
• Security Awareness: Engineered targeted phishing simulation campaigns to strengthen organizational resilience against social engineering attacks.
• Third-Party Risk Management (TPRM): Conducted technical risk assessments for third-party onboarding to ensure vendor integrations met internal security benchmarks.

Oct 2016 – Jun 2018 · 1 yr 8 mos · Hyderabad Area, India · On-site

• Vulnerability Lifecycle Management: Managed the end-to-end vulnerability lifecycle for 10,000+ assets, overseeing discovery, prioritization, stakeholder coordination, and final remediation verification using enterprise-grade tools.
• Detection Engineering & SIEM: Strengthened security posture by conducting deep-dive Root Cause Analysis (RCA) and developing custom SIEM detection rules to identify complex threat patterns.
• VAPT & Cross-Functional Leadership: Executed comprehensive VAPT engagements, acting as a technical lead to guide infrastructure and application teams through successful remediation cycles.
• Strategic Client Advisory: Served as a subject matter expert for clients, providing actionable insights on emerging threats and long-term mitigation strategies.

Dec 2014 – Oct 2016 · 1 yr 10 mos · Hyderabad, Telangana, India · On-site

Sep 2008 – Oct 2012 · 4 yrs 1 mo · Delhi, India · On-site