Senior Cyber Security Specialist

DEEL DEZE PAGINA

Naw gegevens / Leeftijd

Naam: Sam
Leeftijd: 30 jaar
Woonplaats: Polen

Werkervaring

Senior Application Security Specialist (Senior Associate 3) – EY GDS Poland
Wroclaw, Poland – Full Time – Since Mai 2017 (Ongoing)
Conducting application penetration testing, vulnerability assessments based on SASP (Secure Application and System Policy) controls, preparing detailed review reports, researching new security areas and domains, collaborate in executing projects related to process improvement, Mentor junior team member, support the team in updating their skill and knowledge, DevSecOps, Web / Mobile / Cloud / Thick Client Infosec review, Security Awareness Programs for EY Employees (EMEA zone).

PCI-DSS / PA-DSS Consultant – DATAPROTECT
Casablanca, Morocco – Full Time – From Mail 2016 to April 2017
Providing security advisory services in accordance with the PCI DSS / PA DSS, Penetration Testing & Vulnerability Assessement , Web Application Penetration Testing , ASV Scans , Internal & External Pentesting (Infrastructure & Network) , Wifi Auditing , Configuration audit , Delivery of security architecture reviews , Payment Application Assessment , Compliance validation with PA DSS requirements , Gap Analysis / Remediation assistance (PCI DSS / PA DSS)

Information Security Analyst – LMPS Group
Casablanca, Morocco – Full Time –From January 2015 to Mai 2016
Penetration Testing & Vulnerability Assessment, Information Security Training, Mobile Applications (iOS, Android) , Web Application Penetration Testing , Source Code Analysis and Secure Architecture , Code guidelines , Security Research , Designing Secure Network Architecture , Implementing Security Policies , Incident Handling , Forensic collection and analysis of digital evidence / Configuration Audit , Information Security Training , Cloud Audit , PCI-DSS , ISMS (ISO27k1 & ISO27k2).

IT Security Consultant (Exploit and Vulnerability Evangelist) – BlueSkySec
Settat , Morocco – Full Time – from May 2011 to May 2014
Penetration Testing, Auditing, Training, Infrastructure Testing, Web Application Testing, Vulnerability Assessment, Security Research, Customer Interaction, Risk Assessment, IT Security / IT Support / Internal & External Network Pentesting.

Profiel Omschrijving

Deze kandidaat heeft in zijn loopbaan als penetratietester en beveiligingsonderzoeker met verschillende klanten gewerkt. Met zijn ruime 7 jaar werkervaring heeft hij zich vooral bezig gehouden met werkzaamheden als compliance-kwetsbaarheidsbeoordelingen, beveiligingsonderzoek en netwerkbeveiliging voor regionale en nationale klanten. Hij heeft met name interne en externe netwerktestmissies en infosec-beoordelingen van applicaties (Web, Mobile, Thick client en Cloud) uitgevoerd. De zwakke schakels  ontdekt, onderzocht en bekendgemaakt. Hij heeft uitstekende interpersoonlijke communicatieve vaardigheden met een klantgerichte benadering, analytisch, is gemotiveerd en kan zowel zelfstandig als in teamverband werken.

Salaris / Tarief

Brutojaar salaris € 70.00,-  / € 5.402,- pmnd

Beschikbaarheid

Per April 2019

Op basis van

Detacheren/ DetaVast / Werving en Selectie

Opleidingen / Cursussen / Diploma's

Trainings and Certificates
• Offensive Security Certified Professional (OSCP)
• CCNA Academic 1 & 2 & 3 & 4
• Certified DenyAll Detect
• Certified Acunetix User
• Database Activity Monitoring (DAM) 4.2 (Mcafee)
• Data Loss Prevention (Mcafee)
• Endpoint Encryption (Mcafee)
• Entreprise Security Manager (ESM) (Mcafee)
• Mcafee Endpoint Security 10.0 Web control
• Mcafee Endpoint Security 10.0 Firewall
• Network Security Platform 7.5 (Mcafee)
• Web Gateway 7.4 (Mcafee)
• Lead Scada Security (Training)
• Certified Ethical Hacker (CEHv8), Licence number: ECC86752523304
• Certified Lead Forensic Examiner (CLFE) Training - Self Study

Qualifications / Education
Master Degree in Software Engineering – Faculty of Sciences El Jadida (November 2011 –
October 2013)
Bachelor in Computer Systems Administration - Faculty of Sciences Rabat (September
2010 - July 2011 )
DUT in Networking and Systems Administration - EST Fez. (October 2007 - July 2009 )
Baccalaureate in Experimental Sciences – Ibne Rochd High School Fez (October 2005 - July
2007)

Vaardigheden

Security Skills :
Vulnerability testing, network security auditing as well as extensive experience in hardening/securing GNU/Linux & Windows public facing servers including web, ftp & email servers, android mobile pentesting
Web Vulnerabilities: SQLi & Blind Injection, XSS, RFI & LFI, RCE, Http Splitting / Cache Poisoning, Remote File Upload Vuln , CSRF , Directory Traversal , Insecure cookies Handling , CRLF Injection
Softwares Vulnerabilities: Remote / Local stack overflow, heap overflow, Local root exploit, Format Strings, ActiveX remote code execution.
Some vulnerabilities discovered by me :
https://www.exploit-db.com/author/?a=5640
https://packetstormsecurity.com/files/author/10744/
https://www.acunetix.com/vulnerabilities/network/vulnerability/moosocial-multiple-vulnerabilities/
https://web.archive.org/web/20180118225121/http://www.iss4m.com/

Computer Skills and Competences:
Programming: Java, C/C++, ASM , Shell scripting , Python
Web Design and Web Development: HTML, CSS, , PHP , Javascript, Ajax, JQuery , XML, JSON , REST architecture
Management systems, databases: Oracle, SQL Server, MySQL, Ms Access, HyperfileSQL , SQLite
Nessus , OpenVas , Metasploit , Acunetix (WVS | OVS) , QualysGuard , Retina , NMAP , Kali , Burpsuite , BackBox Linux , Aircrack-ng, WireShark , TCPDump , OWASP ZAP, NetSparker , John the Ripper , Hydra , SQLmap , Check Point Firewall-1, Cisco Pix, Core Impact, EnCase 7, Juniper Netscreen, Linux (RHEL5, CentOS, Ubuntu, RedHat), Snort, Sun Solaris 8, IBM Appscan, Websense Enterprise, Windows 2000 / XP / 2k3 / Vista / 7 , AlienVolt OSSIM , SecurityOnion , Cyberoam , IpCOP , Fortigate , Nexpose , DenyAll , Stonegate , BIG-IP F5 ASM, WAF , Cisco ASA , WebInspect , Veracode.

Social skills: Sociability, Teamwork abilities, Tact, patience, Avoiding and settling,Conflicts, Leadership

 

Interesse in deze kandidaat?

Meer informatie over deze kandidaat? Vul onderstaand formulier in en we nemen direct contact met u op.

Geplaatst in .