SUMMARY:

• He has over 9 years of experience in a variety of roles including Sr. Information and Network Security Engineer, Security Engineer, and Software Design Engineer. As a Security Consultant, he has overseen and performed penetration test, secure code review and architectural risk analysis of systems built from a few thousand lines of code t systems containing tens of millions of lines of code Java, .Net, C/C and Obj - C .
• Able t apply both technical and business knowledge t all aspects of a project during all phases of the project lifecycle, thereby keeping each phase in line with the big picture business and technical goals Identifies and articulates risks t senior management and individual contributors, and develops mitigation strategies t manage risks.
• Omair Manzoor has published responsible disclosures against well-known vendors such as Microsoft. His exploits are now part of penetration frameworks such as Immunity Sec's Canvas and Metasploit Framework. His work als includes a technical review for a book called Computer Security 2nd edition by Prof. Dr. William Stallings.

Confidential

EXPERIENCES:

Confidential

• Act as technical lead for multiple ongoing assessments from major financial institution t health care organizations.
• Responsible t perform complete Vulnerability Assessment for clients using Threat Modeling, Architecture Risk Analysis, Penetration Testing and Code Review.
• Responsible for Architecture Risk Analysis ARA of various applications, infrastructure and solutions including real-time trading system, cloud based services, virtual appliances, online games and mobile payment solutions.
• Perform Threat Modeling for clients' application s and infrastructure as a part of vulnerability assessment.
• Execute and lead Penetration Test on different platforms and software that includes web-application, thick clients Windows, Linux and Mac OS X, mobile applications iOS, Android and Windows Phone and web-services.
• Responsible for Manual and Automatic Code Review for Fortune 500 customers.
• Architects secure applications and infrastructure for several clients.
• Responsible for analysis and design review of clients' solution from security perspective.
• Helps clients build secure software development programs and provide guidance t software development teams on software weaknesses and remediation.
• Work as a trusted technical advisor for several clients t mitigate their technical and business risks, evaluate security posture of their application, infrastructure and security controls in place.
• Act as subject matter expert within the organization for security of web-applications, thick client applications Windows, Linux and Mac OS X and mobile applications iOS, Android and Windows Phone .
• Client coordination t ensure smooth and efficient projects' execution.
• Research coordination within the organization t develop internal tools and intellectual property that aids in security assessment during engagements.
• Co-authored Foundation of Mobile Security, iOS security, Defensive programming C/C and Defensive Programming Android classes taught by Cigital.

Senior Engineer.

Confidential

• Responsible for security and overall testing of content aware infrastructure DPI in 2.5G 3G and 4G networks.
• Security assurance of application aware networking in UMTS/, HSPA, LTE and WiMax and other mobile Internet technology.
• Responsible for extensive security and other testing on Packet Core Technology and Deep Packet Inspection WiCHROUS specific .
• Conduct strong Layer 4 t Layer 7 in terms of OSI model testing on ASN, GGSN and on Smart Internet breakout products of company.
• Assist organization t develop deep packet inspection for content based charging and Defense in Depth technology integrated with mobile Internet gateways and similar technologies.
• Design, development, execution, and automation of complex test scenarios for the network security and application identification 300 applications on Layer 7 in organization's product line.
• Setup infrastructure and perform vulnerability assessment on Mobile Internet Gateways and similar products from infrastructure point of view.
• Perform penetration testing on DPI module t testify against security threats and coordinate with development team for solutions.
• Train new employees and help them in understanding of AAA, RADIUS/DIAMETER, GGSN, SGSN, PDN Gateways and other Internet Service Gateways.
• Responsible for developing test plans for black box, white box and unit testing framework for Network Processing Units NPUs .
• Test complete product line particularly focusing on network security capabilities and mechanisms access control on wire-line and wireless networks, IPSec, firewalls, deep packet inspection, and transport security.
• Identify potential product issues and defects and champion their successful resolution.
• Deployment of test topology and execute use case scenarios for product benchmarking, performance and stress testing.
• Manage offshore test team and lead them t deliver accurate test results for final deployment of product.
• Design development of test automation frameworks from scratch and code sophisticate natured tools according t custom specifications or team needs.
• Present Tech-Talk technical presentations t developers helping them in mitigation of new attacks vectors and best defensive approaches against vulnerabilities.

Sr. Information Network Security Engineer.

Confidential

• Perform security risk assessment for new projects, including provision of expert advice on system, network architectures, appropriate security controls, and overall risk rating.
• Conduct code-reviews and assurance of industry's best security methodologies in implementation for in-house development.
• Development of long term strategies for IT security.
• T act as the company's technical security expert with a particular focus on Microsoft Linux/Unix, Oracle and Cisc technologies.
• Act as technical incident response expert, including when required the application of computer forensic analysis techniques.
• Technical evaluation and selection of IT security management tools t enable the implementation of IT Security Policies, Procedures and Standards.
• Advising Board and Management on Information Security Issues.
• Conduct Vulnerability Assessment, Penetration Testing t ensue confidentiality, integrity and availability of networks and applications including web-applications .
• T ensure the establishment of security guidelines, procedures and compliance with security policies.
• Generate and present reports on security vulnerabilities t both Management and Development teams.
• Perform other duties as assigned.

Software Design Engineer.

Confidential

• Responsible for researching, designing, writing new software programs and investigating new technologies focusing on security aspects of software.
• Develop software and coordinate with other team members.
• Working with different computer coding languages.
• Design Application Programming Interfaces for Hardware Integration.
• Working closely with other staff, such as project managers, graphic artists, systems analysts, and sales and marketing professionals.
• Information security evaluation for new projects.
• Training Project Management Team for deployment of project and troubleshooting.
• Constantly updating technical knowledge and skills by attending in-house and/or external courses, reading manuals and accessing new applications.
• Problem-solving and thinking laterally as part of a team, or individually, t meet the needs of the project.

Security Support Engineer.

Confidential

• Train users and promote security awareness t ensure system security and t improve server and network efficiency.
• Develop plans t safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and t meet emergency data processing needs.
• Maintaining Confidentiality, Integrity and Availability of Data.
• Perform risk assessments and execute tests of data processing system t ensure functioning of data processing activities and security measures.
• Perform Penetration Testing and Vulnerability Assessment of complete network including application level testing as well as network level.
• Document computer security and emergency measures policies, procedures, and tests.
• Review violations of computer security procedures and discuss procedures with violators t ensure violations are not repeated.
• Implementing the unified security module Firewall, IPS, IDS, Antivirus, surveillance security application modules .

AREAS OF EXPERTISE:

• Information, Network and Software Security.
• Vulnerability Assessment and Penetration Testing Application and Infrastructure .
• Information Risk Management.
• Architecture Risk Analysis and Threat Modeling.
• Reverse Engineering on Windows, Linux, Mac OS X, iOS and Android.
• Mobile and Computer Security.
• Threat Monitoring and Mitigation.
• Exploit development.
• Secure Architecture.
• Computer Operating System GNU/Linux Unix .

KEY SKILLS AND COMPETENCIES:

INFORMATION SECURITY MANAGEMENT:

• Security business role
• Security in software development
• Information Risk management
• Risk Analysis
• Policies, Standards, Strategies, Principles and Procedures
• Information classification
• Access Control Systems such as DAC, MACs etc.
• Cryptographic Key Management
• Patch Management
• Identity Management
• Business Process Re-engineering
• BS 17799 Part I, II and II or IS 27001-2

INFORMATION SECURITY TECHNICAL:

• Incident Handling/Response
• Designing Implementation of Secure System and Network Architecture
• Vulnerability Assessment for Mobile, Web- /Applications, Operating Systems and Networks Risk Analysis
• Information Gathering
• Configuration Management Testing
• Authentication Testing
• Authorization testing
• Session Management Testing
• Data Validation Testing
• Penetration Testing for Mobile, Web-/Application, Operating System and Networks.
• Foot printing
• Scanning Enumeration
• Exploitation Attacking
• Escalation
• Reporting
• Security solutions.
• Personal Access Control System
• Vehicle Access Control System
• Open Source Technology Integration and Implementation of Secure Enterprise level Services architecture
• Symmetric, Asymmetric and PKI Cryptography.
• AES, DES, 3DES, Blowfish TwoFish
• Diffe-Hellman, ECC RSA
• DSS and PGP
• Custom Security tools development
• Intrusion Detection/Prevention Auditing Scripting
• Exploit Development.
• Reverse Engineering
• Rootkit Honeynets
• Wireless Network Security Testing

OPERATING SYSTEMS:

RedHat, Fedora, Mandrake, Susie, Ubuntu, Slackware, Solaris, Windows and Linux based RTOS systems.

REVERSE ENGINEERING:

• Expertise in reverse engineering of Windows, Linux Unix, and Mobile applications using several debuggers like
• GDB, WindDBG, ollydbg and IDA pro.
• Exploit coding using different techniques such as Buffer Overflows, Format String Bugs and Heap corruption.
• Expertise in Windows and GNU/Linux shell coding.
• COMPUTER NETWORK SECURITY:
• Expert level abilities of Penetration testing, Vulnerability scanning and auditing.
• Has used Snort, Dsniff, Ettercap, Air snort, IPchains, TCPdump, Ethereal.
• Capable of designing simple t complex Firewall using IPTables.
• Expertise in ARP, DNS poising and WIRELESS Security.
• Capable of implementing the unified security module Firewall, IPS, IDS, Antivirus, surveillance security application modules .
• In-depth knowledge on networks from Layer 2 t Layer 7 OSI-model .
• Knowledge in IPv4 Forwarding, VLANs, routing, IPv6, IPSec etc.
• Expertise in deep packet inspection and strong hands-on experience in TCP/IP networking.
• Hands on experience in traffic simulators like Spirent STC L4L7, AX4000 or IXIA.
• Can perform Cyber Forensic Services using FTK.
• Proficient with OWASP tools for web-app penetration testing and other tools such as Burp Suite, Web-Inspect, AppScan, Acunetix, Metasploit framework and Backtrack.

PROGRAMMING TOOLS:

• Intermediate t Advanced C/C programming experience.
• Intermediate t Advanced experience of using GDB, make-file, CVS, g, gcc, OPNET.
• Intermediate experience of using SQL, MATLAB, Assembly, Pascal and Visual Basic.
• Basic Kernel level device driver programming in GNU/Linux.
• Expert level knowledge of PHP, Perl, Bash scripting, Expect and TCL scripts.
• Proficient with PostgreSQL, PL/SQL, T/SQL, Visual C 2005 dot net, ASP.net and JAVA programming.