Keywords
Skills
Summary
- 10+ years of experience in Information Security and Crypto related product
- PCI (Payment Card Industry) compliance.
- Solid Experience with security technologies: PKI (CAs, RAs, OCSP, CRLs, X.509, IETF PKI Standards, Certificate Policy), OAUTH, HSMs, SAML, Smart Cards, PKCS11, CAPI, Jar Signing, TLS, OpenSSL, Keytool
- Hands-on Amazon Web Services (AWS) Cloud such as EC2, RDS and S3, Route53, CloudWatch
- KMS (Key Management System) Implementation with safenet HSM
- Deep Packet Inspection and traffic analysis experience on Wimax, GGSN and LTE.
- Device and Gateway testing Experience of Tellabs 9100 series, Wireshark, tcpdump, traffic generator expertise
Project history
Professional Experience
Lead Security Engineer PKI
Unipagos, Mobile Wallet July 2013 – Present
National Radio and Telecom Corporation, Islamabad Pakistan April 2012 – Jan 2014
Tellabs (US Fortune 1000 company) April 2011 – February 2012
Horizon, Pakistan Feb 2008 – March, 2011
Bin Dawood Super Stores, Saudi Arabia Jan 2006 – Feb 2008
Lead Security Engineer PKI
Unipagos, Mobile Wallet July 2013 – Present
- Implementation of CDE (Card Data Environment), Tokenizer, Hashi Corp Vault with KMS (Key Management System) and safent Luna HSM
- Design and deployed EJBCA PKI infrastructure along with CloudHSM and Smart Card authentication using pkcs11 (LDAP, RBAC, PKI, SSH over X509, OpenVPN)
- Configured Centralized OCSP and External RA External RA Server for millions of Mobile wallet users.
- Experience of working in Agile/Scrum Model and Monitor and participate in workflow tracking (JIRA) and documentation (Confluence)
- Integrate 2 Factor authentication using Smart Cards/Tokens for all the Employees.
- Strong working knowledge of OpenSSL, OpenSC, PKCS11 and OpenVPN and Crypto Services.
- Security SIEM, IDS/IPS, Firewalls, log management and analysis along with Incident Handling experience
- Design and implement the Security infrastructure from scratch for a startup financial firm.
- Writing small Shell Scripts (JavaScript, Python and Go) to automate the tasks and can compile C/C++ codes for Linux and also having good understanding of deploying Java Applications and xml understandings.
- Code Signing and Static code analysis for OWASP top 10 PCI requirement.
- Ensure PCI Compliance IT controls are operating effectively, and all documentations are available for Internal and External Auditors.
National Radio and Telecom Corporation, Islamabad Pakistan April 2012 – Jan 2014
- Leading a team of 6 engineers to develop a secure VOIP solution
- RSA Crypto Module Integration with Samsung smart Phones
- Customer Test & Trail, onsite facing role for IP-Encryptor, FAX Encryptor, PSTN Telephone line Encryptor and Secure VOIP Encryptor
- Develop a solution using ZRTP protocol to secure voip call
- Embedded device testing
- Manual and automated testing using IXIA for IPSEC
- Traffic Analysis using Wireshark, tcpdump, Tshark
- Managing the KMS and PKI
Tellabs (US Fortune 1000 company) April 2011 – February 2012
- Perform Deep Packet Inspection Testing on LTE, Wimax and GGSN based Network.
- L4 to L7 Protocols testing over TCP and UDP based protocols (IMAP, POP, WAP, HTTP, SMTP, VOIP and SIP).
- Application signature testing (Skype, Bittorrent, youtube,facebook, QQ, gmail, yahoo, kaza……etc)
- Manual and automated testing using Breaking Point, Mu Dynamics, Spirent avalanche, Mu-Dynamics and many other tools.
- Test Automation using TCL, Shell and Expect.
- Analyze the traffic using TCPdump/WireShark, TCPreplay
- Maintain Test Lab of Client Environments including Linux, Mac, Windows Servers, Sharepoint, Mail Server’s, Torrent Clients MSSQL, MySql, VOIP Server’s and many other tools.
- Prepared various test plans for project releases
Horizon, Pakistan Feb 2008 – March, 2011
- Cross compiling the Linux IPSec stack to Cavium octeon Multicore architecture.
- Cross compilation of minisip soft phone to Nokia N900 MAEMO Debian distribution.
- Implemented 24x7 Public key infrastructures (PKI) EJBCA servers with OCSP and CRL Publisher on ubuntu Linux Server with LDAP, mail and video conferencing sever integration.
- Vehicle Access Management Application development with RFID Hardware Integration using VB.NET and MySQL.
- Prepared multiple test instances and deploy Secured Web Based Video Conferencing to communication between several site offices.
- Asterisk and OpenSips Server Based Secure VOIP setup with PSTN Gateway Integration.
- Designed, implemented Intrusion Detection (IDS) and Prevention system with Snort open source software, integrated it with Firewall to become intrusion-prevention systems (IPS).
Bin Dawood Super Stores, Saudi Arabia Jan 2006 – Feb 2008
- Regional IT In charge and System Engineer for Linux and Unix and POS (IBM & NCR) systems in highly critical 24/7 environments.
- AS400 Server Support
- Provided technical assistance into more than 16 Companies staff and Super/Hyper Market Point of Sales Machines, Weighing Scale, Barcode Printers, assisting with network access, printing, and application software operation.
- Assisted IT Coordinator with administration of a network of more than 1000 users, spanning several other City Offices.
- Physically and remotely configured, troubleshot, and administered users, laptops, tablet PCs, and blackberry devices for onsite and mobile users.
Local Availability
Only available in these countries:
Pakistan
