Farrukh H.

Sysops Engineer

435 dollar
Freelancer
16 ans
Londres, ROYAUME-UNI

Mon expérience

Voir plus

Self-Employed / ContractorMarch 2018 - Présent

Working as an Application Security Automation Engineer alongside the DevOps team in adapting and integrating security testing automation in CI/CD environment. I am focusing on finding and exploiting vulnerabilities and help development team to fix those issues throughout the development life-cycle.

- Setup an automated security testing pipeline for CI environment.
- Find false-negative and perform manual testing.
- Perform SAST and DAST.
- Parameterize of DAST through functional testing to make testing more realistic and robust.
- Perform security regressions tests and integrate with CI pipeline for reusability and scalability.
- Use JIRA for planning, bug tracking and generating tickets.
- Communicating assessment results to multiple tiers of leadership as a requirements of PCI compliance and ISO27001 and managing communication around remediation of the risks.
- Performing research as necessary on reported issues and emerging risks to identify best-practice solutions.
Voir plus

Self-Employed / ContractorOctober 2016 - February 2018

I worked as an Infrastructure Pen-Tester to perform testes against the compliance requirements to ensure that the Infrastructure service meet the audit prerequisites:

- Performing penetration tests and vulnerability assessments on company assets and 3rd party services in scope.
- Communicating assessment results to multiple tiers of leadership as a requirements of PCI compliance and managing communication around remediation of the risks.
- Finding issues and translate these into requirements to secure and pass the compliance audit.
- Performing research on new threats, vulnerabilities and emerging risks.

Tools: Metasploit, Nmap, Nessus, OpenVas, SPARTA, BeEF, ZAP and Arachni
Voir plus

Copyleft Solutions ASAugust 2015 - August 2016

Worked as a system administrator with the focus on designing and deploying single sign-on solution using OpenLdap on Linux.
Voir plus

A-NAT Solutions LLCNovember 2011 - May 2015

Being a security engineer my focus was finding and exploiting vulnerabilities, maintaining threat management platform and associated environment, and proposing counter measures and help in designing secure solutions to mitigate the risks. Some of technologies used:

Snort / Honeypot: Use these to monitor and gather information about any potential attack.

Metasploit: Use this to perform testing to eliminate the risk of being expose or breach of any security vulnerabilities.

OWASP: Use this to perform application vulnerabilities assessment
Voir plus

nscglobalMarch 2011 - October 2011

Worked on Royal Bank of Scotland network transformation project. This project was about WAN, LAN & IPT refresh for global financial services over 6000 sites in scope.
Have learnt:
Cisco router, switch and IP telephone.
Voir plus

MUSHKO Electronics Pvt LtdJanuary 2000 - August 2005

Worked as a member of a solution design and deployment team liaises with Hewlett Packard Singapore and Australia research and development office responsible for deploying successful I.T. service solutions.

Have learnt:
1. HP intel enterprise and HP-UX server deployment
2. HP SAN/NAS deployment
2. Windows, Linux and HP-UX
3. Network monitoring using HP node manager

Mes compétences

Application servers

Microsoft SharePoint

Analysis methods and tools

DevOps, JIRA

Other

SPARTA, CI, IPT, OWASP, NAS deployment, Microsoft Windows 2000 Server, Cluster, ISO 27001 Standard, solution design and deployment, Intrusion Prevention System, Intrusion Detection System, CD, HP-UX, HP Hardware, Microsoft Windows, Windows Sharepoint Services, Compaq/Digital Hardware

Protocols

DNS

IT Infrastructure

Nessus, Active Directory, Windows Server, Linux, Windows, Cisco, Network Security, System administration, Networking, Azure, Security, Cloud Computing, Linux Server, WAN, Virtualization, LAN, Information Security, CCNA, Cisco Switches/Routers

Big Data

Big Data

Open Source solutions

OpenLDAP

Middleware

Jenkins

Languages

Java, C++, HTML

Embedded and Telecom

Telecommunications

Others

Snort, nmap, Teamwork, ITIL, Management

Databases

Data Security

Software testing

ZAP, Functional testing, Penetration testing, Regression testing, Manual testing, Metasploit, Security testing

Mes études et formations

Master of Science, Forensic Computing - Staffordshire University2005 - 2007