Khadija Arshad

Experience

• 

  National University of Modern Languages (NUML)

  Mar 2020 - Nov 2020

  Training: certification in cyber security
• 

  Pakistan Information Security Association (PISA)

  Mar 2020 - May 2021

  CyberSec Enthusiast – VOLUNTEER

  - Participated in International Cyber Drills AP-CERT. OIC-CERT. JP-CERT etc.- Participated in national and international cybersecurity awarenessseminars/workshops and conferences- Attended Trainings on Information /Cyber Security organized by PISA and International Organizationi.e. (Cyber Security Malaysia, Oman-CERT etc.)

• 

  Security Experts (Pvt) Limited

  Nov 2020 - May 2021

  Information Security Assistant

  - Identification of vulnerabilities by running multiple iterations of penetration testingagainst the web applications and networks.- Research in building the Capture the Flag competition labsincluding (hacking,digital forensic, and malware analysis)- Built customized digital forensic training and lab

• 

  Center of Pakistan & International Relations

  Jun 2021 - Jul 2021

  IT Officer

  - Microsoft 365- Editing and Updating Websites

• 

  DE RISC GROUP

  Sept 2021 - Nov 2021

  System Administrator

  - Auth& Un Authenticated Scanning- Vulnerability Assessment of Web Application- Functional Testin

• 

  Systems Limited

  Dec 2021 - Sept 2022

  Information Security SecOps

  - Network Architecture and IS Compliance / Audit• Participate in establishing and maintaining information security policies and processes according tocustomers’ security guidelines and international standards (ISO 27001); participating in annual ISMSreview.• DA Compliance• Identification of security controls Gaps.• Assets Inventory Gaps• Risks identification and categorization• Improvement suggestions and strengthening missing security controls.- Security Operations Coordinator• Maintainsthe Application Security RISK Register• Weekly Dashboard/Data representation ofsecurity operations for management meetings• Health Checks Report – Upgrade Plan ofsecurity tools• Daily Team wise Activities follow ups• Resource management and duty roster- Network Security Review• Internet Exposed Services Security Posture Uplifting• WAF optimization- Threat Intelligence/ Threat Advisories• Log4j vulnerability assessment, patching, tracking and mitigation ofmostly widely exploited vulnerability inlarge infrastructure. More than 1000 servers.• Spring 4Shell risk assessment and patching• Regulatory cyber advisories compliance and responses.- Vulnerability Assessment• Nessus• Assessment of critical Assets• CIS Compliance Benchmarking of OS and WEB- Penetration Testing• Application Testing (Web, Mobile)• Deep Scanning Show less

• 

  Trillium Information Security Systems

  Jan 2023 - now

  SOC Analyst

  - Worked in 24x7 Security Operation Center. - Threat Hunting - Monitor organization's network for security breaches by using SIEM solution.- Monitor for attacks, intrusions, unauthorized, and unusual activities.- Investigate violations/offenses caused by security breaches.- Using QRadar & Wazuh SIEM for incident response/triage.- Offense investigation and Reporting.- Logs Assessment.- Maintain reports (daily, weekly, and monthly) that document security breaches and the extent of the damage caused by those breaches.- Analyze violations/offenses to determine their root cause. Recommend appropriate guidelines, countermeasures, and tools in order to prevent security breaches.- Real-time security alert monitoring. - Prepare weekly, and monthly threat reports for executives.- Timely reporting of incidents to the management.- CompTIA Network+ (Training)- CompTIA Security+ (Training)- Incident Detection and Response.- Wazuh Deployment - Alerts Investigation Show less