Naseer Alam
Summary
Results-driven security professional with notable success in planning, analysis and implementation of security initiatives. Strengths in utilizing cutting tech technologies and developing comprehensive automations for secure IT environment.
Overview
9
9
years of professional experience
1
1
Certification
Work History
Sr Security Consultant
ETS
02.2024 - Current
- Evaluated emerging security technologies to stay current on industry trends and incorporate innovative solutions into client projects where applicable.
- Coordinated third-party vendor risk assessments ensuring that external partners adhered to established security standards.
- Assisted clients in achieving regulatory compliance by developing comprehensive security documentation and frameworks tailored to their specific needs.
- Managed a team of security professionals, ensuring timely project completion and high-quality deliverables.
- Developed and implemented automation scripts to make API calls to the NVD for fetching CVEs. Configured and managed the storage of fetched CVE data in Amazon S3 buckets for further analysis and archiving.
- Created AWS Lambda functions to automate the process of data fetching, storage, and notification, ensuring timely and efficient vulnerability management.
- Delivered hands-on training to corporate stakeholders on topics such as DevSecOps, Application Security, Threat Intelligence, and Vulnerability Assessment methodologies.
Sr Security Engineer
Localyze
08.2022 - 07.2023
- Implemented Information Security controls as per CIS v8, audited the effectiveness through an external party. Lead the ISMS project for certification in ISO-27001.
- Mentored engineers, fostering a culture of continuous learning and professional growth within the team.
- Partnered with vendors to evaluate new products that offer improved security features while maintaining costeffectiveness.
- Streamlined secure software development processes by incorporating security best practices throughout the SDLC.
- Provided security expertise for cloud-based DevSecOps development and deployment.
- Evaluated emerging security technologies and made recommendations for implementation in alignment with company objectives.
- Monitored threat intelligence feeds regularly to stay informed about potential risks, proactively addressing vulnerabilities before they could be exploited.
- Developed and maintained company-wide endpoint security solutions.
- Worked closely with IT, Product, Engineering specialists in designing, configuring & developing security solutions for Localyze.
- Performed risk analyses to identify appropriate security countermeasures.
Systems Security Engineer
Allscripts
06.2021 - 07.2022
- Collaborated with DEV team & performed Code reviews, SAST, DAST scanning to secure CI/CD pipelines & deployed secure code into the production environment
- Designed secure architecture for applications, network & endpoints and eliminated potential threats and security breaches
- Monitored & remediated application level vulnerabilities like XSS, SQL Injection, CSRF, SIEM authentication bypass, weak cryptography, authentication flaws within client applications
- Implemented security controls as per ISO-27001 & NIST security frameworks
- Good understanding of CVEs & CWEs in applications as well as attack methodology and procedures
- Implemented passwordless authentication with OAuth to mitigate the password attacks risks from privileged & standard accounts as well as enabled MFA, Passkeys
- Performed threat analysis as per OWASP 10 standard & conducted risk assessment on Infra & cloud workloads
- (CSPM & CWPP)
- Conducted vulnerability scanning using Nessus & Qualys, reported and prioritized remediation plans within the team
- Developed Incident response policies, procedures, playbooks & remediation efforts as part of continuous improvement strategy
- Securely Configured Cloud services(EC2, VPCs, Lambdas, S3) as per applicable NIST, CIS controls
- Improved Cloud security posture management with industry best practices.(AWS Security Hub)
- Conducted Risk assessment on periodic basis securing On-prem & Cloud workloads.
Systems Security Professional
FISERV
02.2019 - 06.2021
- Provide remediation & suggestions to Implement tasks/projects critical to the organizations Endpoint technologies (workstations, laptops, servers, networks)
- Configured and deployed MFA, SSO
- Design and develop Cloud specific security policies, standards and procedures, identity management and access control
- Perform regular penetration testing / ethical hacking exercises on the network, infrastructure, cloud, and as well web-based applications
- Analyze attempted or successful efforts to compromise systems security and designs countermeasures
- Audit hardware, software, network firewalls and encryption protocols
- Coordinated with larger IT groups regarding any negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems that are related to the service
- Automation using scripting languages - Python/Powershell to automate pen testing procedures and tasks
- Experience in different web application security testing tools like Burp Suite, Sqlmap, Nessus, Nmap
- Performed security research, analysis and design for all client computing systems and the network infrastructure
- Sound knowledge and industry experience in Vulnerability Assessment and Penetration Testing on WEB based Applications & Infrastructure penetration testing.
Service Experience II
COMPUCOM CSI SYSTEMS
07.2016 - 02.2019
- Collaborated with infrastructure team to analyse possible security incidents to determine if an event is fit as a legitimate security breach.
- Identified and evaluated potential threats and vulnerabilities. Assessed incoming threats and developed plans to close loopholes.
- Supported migration of LDAP to Active Directory and SSO to Azure as part of IT modernization effect.
- Established vulnerability scanning resolution on server, cloud and desktop environments. Maintaining risk security awareness and solutions to ensure updates within departments on a regular basis.
- Monitored and analysed network traffics using wireshark to resolve downtime. Maintained, created, operated a schedule of vulnerability scanning, including business co-ordination with IT stakeholders.
Technical Engineer
AMAZON INDIA
08.2015 - 02.2016
- Provided exceptional technical support, addressing client concerns and ensuring their needs were met.
- Improved system performance by troubleshooting and resolving complex technical issues.
- Maintained service schedule for software and hardware.
- Executed troubleshooting and server support in both in-person and remote situations.
- Designed custom solutions tailored to client-specific requirements, exceeding expectations with creative problem-solving techniques.
- Performed patch management via SCCM and ensured Windows, Linux servers had latest approved patches.
- Monitored security patch levels of the servers, workstations and network environments.
Education
BE Computer Engineering -
Government College of Engineering & Research
07.2015
Higher Secondary School (HSC) -
N.E.S Science College
07.2008
Secondary School Certificate (SSC) -
Queens English School
06.2006
Skills
- Vulnerability Assessment
- OWASP 10
- Patch management
- Cloud Security
- Identity & Access Management (IAM)
- Security Awareness Training
- Security Architecture
- Application security
- Secure Coding
- Threat Management
- Risk Management
- MITRE ATT&CK
Certification
- CompTIA Security+
- Microsoft Azure Security (AZ-500)
- Certified Ethical Hacker (CEH)
- Cisco Certified Network Associate(CCNA)
Accomplishments
- Extra Mile Award - Amazon Customer Service Week (10/2015)
- Star Performer of Year - Compucom R&R (07/2017)
- Star Performer of Quarter - Compucom R&R (10/2018)
- Employee of the Month - Fiserv Cares Awards (09/2019)
Languages
English
Marathi
German
Hobbies and Interests
- Travelling
- Gardening
- Tech savvy
- Gaming
Projects
Website Consultant (Freelancer), Worked on client concerns to determine best method of defending Wordpress sites. Quarantined and removed any security issues found., 02/2016, 05/2016
Timeline
Sr Security Consultant
ETS
02.2024 - Current
Sr Security Engineer
Localyze
08.2022 - 07.2023
Systems Security Engineer
Allscripts
06.2021 - 07.2022
Systems Security Professional
FISERV
02.2019 - 06.2021
Service Experience II
COMPUCOM CSI SYSTEMS
07.2016 - 02.2019
Technical Engineer
AMAZON INDIA
08.2015 - 02.2016
BE Computer Engineering -
Government College of Engineering & Research
Higher Secondary School (HSC) -
N.E.S Science College
Secondary School Certificate (SSC) -
Queens English School
- CompTIA Security+
- Microsoft Azure Security (AZ-500)
- Certified Ethical Hacker (CEH)
- Cisco Certified Network Associate(CCNA)
Similar Profiles
Giselle ArreolaGiselle Arreola
Behavior Therapist at ETSBehavior Therapist at ETS
Ujani BhuniaUjani Bhunia
Lead Business Analyst at ETSLead Business Analyst at ETS
Clifford AllenClifford Allen
Workplace and Industrial Safety at ETSWorkplace and Industrial Safety at ETS