Go to Website
  • en
  • de

Syed (Ghazanfar) G.

Cyber Security Professional

Schaerbeek, Belgium

Experience

Aug 2024 - Jun 2025
11 months

Information Security Consultant

AGP Glass

  • Developed and updated security and privacy policies, standards, guidelines, and procedures across the organization.
  • Prepared amendments to the security framework in alignment with changing threats and evolving compliance standards such as TISAX, ISO 27001, NIS 2, DORA, and IATF.
  • Led collaboration with CSIRT and technical teams to define functional security requirements for ongoing IT initiatives.
  • Assessed and mitigated vulnerabilities within the network, cloud, and application layers.
  • Communicated cyber risks and posture improvements to senior management and executive leadership.
  • Ensured regulatory compliance and participated actively in internal/external audit cycles.
May 2023 - Feb 2024
10 months

Cyber Security Consultant and Vulnerability Management Specialist

Extra United Electronics

  • Lead Red Team operations to identify and address security vulnerabilities.
  • Conduct comprehensive vulnerability assessments across various systems.
  • Perform application security testing for both mobile and web applications, aligning with OWASP Top 10 principles.
  • Perform security testing and source code review of applications developed on .NET, Java, PHP, Python, JavaScript, Spring, AngularJS.
  • Establish and implement blackbox and whitebox penetration testing methodologies for a thorough security evaluation.
  • Execute quarterly risk assessments of the infrastructure to proactively identify and mitigate vulnerabilities.
  • Specialize in cloud security assessments, focusing on Azure and Software as a Service (SaaS) cloud environments.
  • Contribute to the organization's risk management strategy by identifying potential security threats and recommending proactive measures.
  • Collaborate with the team to achieve desired outcomes and contribute to the team's success.
Nov 2019 - May 2023
3 years 7 months
Pakistan

Cyber Security Specialist

Pakistan Telecommunication Authority

  • Vulnerability assessment of OS, network, DBMS, cloud infrastructure, applications, and end-users.
  • Established National Telecom Security Operation Center nTSOC.
  • Worked as CSIRT (Cyber Security Incident Response) analyst.
  • Developed security guidelines in accordance with National Telecom Regulation (CTDISR).
  • Security audit of telecom licensees of Pakistan according to Critical Telecom Data Infrastructure Regulation (CTDISR).
  • Coordinate and collaborate with CMOs (Cellular Mobile Operators) on cyber security issues and activities.
  • Develop customized reports on software vulnerability assessment operations for IT teams and relevant stakeholders.
  • Deployed Fortinet FortiGate web application firewall (WAF) and assessed false positives; investigated potential escalations regarding various attack types.
  • Assisted with patching recommendations and generated workarounds for zero-day threats.
  • Coordinated with senior management regarding improvement of the security posture of the organization.
  • Collaborated with other teams to build a secure national telecom ecosystem, including voice technologies (VoIP & SS7) and network elements.
  • Demonstrated strong knowledge of wireless technologies and wireless network security.
Mar 2018 - Nov 2019
1 year 9 months
Pakistan

Vulnerability Management & SOC Specialist

State Bank of Pakistan

  • Software vulnerability assessment operations of overall bank’s critical IT infrastructure including SWIFT applications and servers.
  • Worked on security monitoring and log solutions daily, reporting and presenting to senior management.
  • Deployed, operated, and maintained security incident monitoring and log solution using standard SIEM technology and integrated it with existing IT infrastructure components.
  • Reviewed and managed IT incident reports and maintained follow-up with IT operations for fixing identified security and procedural issues.
  • Coordinated and collaborated with IT operations on security monitoring issues and activities.
  • Disseminated IT security alerts and advisories to IT operation teams after analysis.
  • Undertook and completed tasks and assignments as assigned by the supervisor.
Nov 2017 - Mar 2018
5 months

Cyber Security Consultant

Ernst & Young

  • Coordinated with clients on projects related to penetration testing, social engineering, and ISO 27001.
  • Conducted security awareness sessions for multiple clients.
  • Developed and implemented security frameworks based on NIST, CIS, OWASP, ISO 27001 guidelines.
  • Researched security updates and coordinated with senior team.
  • Conducted network configuration audits and security reviews.
  • Implemented relevant project implementations and processes.
Sep 2016 - Sep 2017
1 year 1 month
Pakistan

Application Security Analyst

Habib Bank Limited

  • Information systems security review and risk assessment of critical IT assets.
  • Vulnerability assessment and management.
  • Source code review and analysis.
  • Ensured that IT infrastructure is developed and operated in full compliance with information security policies.
  • Prepared report on vulnerability assessment of network devices (switches, routers, IDS, firewall) and configuration assessment of network devices of domestic and international.
  • Performed manual and automated hardening of databases (SQL Server 2008, 2012) and OS (Windows Server 2003, 2008, 2012) and AIX server.
  • Conducted PCI hardening assessment and performed vulnerability assessment of project from UAT to live environment.
  • Undertook security vulnerability management, providing information assurance and risk assessment support using established security and risk management solutions.
  • Carried out risk assessments for various applications/systems.
  • Monitored WAF events covering many critical web applications.
  • Executed web application black box and white box security tests using automated tools and manual exploration of systems.
  • Understood Android and iOS security landscape and operating system internals.
  • Understood mobile application security concepts (ex. OWASP/SANS).
Oct 2011 - Aug 2016
4 years 11 months

System Administrator and Developer

XORSAT (Pvt) Ltd

  • VMware vSphere configuration and installation.
  • Installed and configured server-side applications e.g. Apache, MySQL, LAMP, FTP, SMTP etc.
  • Network configuration.
  • Network security.
  • Penetration testing.
  • Worked as a backend developer for PHP/MySQL, web services JSON parsing.
  • Knowledge of front end HTML, CSS, JavaScript, AJAX.

Summary

I am an enthusiastic Cyber Security professional with more than 10 years of experience. I have acquired hands-on experience in different technical and procedural aspects including planning, designing, implementation, deployment, optimization, and operation. I am committed to keeping up to date with the latest developments in the field of IT Security. My focus is largely on System and Information Security, System Development, IT Risk and Compliance, and the Security operation center.

  • Vulnerability Assessment and Penetration Testing
  • DevSecOps
  • API Security
  • Cloud Security (Azure, AWS)
  • Technology Risk Assessment
  • Incident Response and root cause analysis of cyber threats
  • Mobile Application Penetration Testing
  • Source code review and analysis
  • Social Engineering Assessments
  • OWASP / NIST / CIS Benchmarking
  • Network Configuration Audit & Security Review

Languages

English
Advanced
French
Elementary
Dutch
Elementary

Education

NED University Karachi

Master of Information Technology · Information Technology · Karachi, Pakistan

FAST Karachi

Bachelor of Science, Telecom · Telecom · Karachi, Pakistan

Certifications & licenses

Advanced Web Application Penetration Testing (eWPTX)

INE Security

Certified Azure Red Team Professional (CARTP)

Altered Security

Information Security Associate

SkillFront

Microsoft SC-900 Exam Preparation and Practice

Coursera

AWS Certified Solutions Architect – Associate

Amazon Web Services (AWS)

Certified AppSec Practitioner (CAP)

SecOps

Certified In Cyber Security (CC)

ISC2

Certified Information Security Auditor (CISA)

ISACA

Certified Information Security Manager (CISM)

ISACA

Certified Ethical Hacker V 9.0 (C|EH)

EC-Council

Certified Devsecops Professional (CDP)

Practical DevSecOps

Need a freelancer? Find your match in seconds.
Try FRATCH GPT
More actions

Similar Freelancers

Discover other experts with similar qualifications and experience

Valeri M.

DORA Readiness – Gap Analysis and Implementation for Banks

View Profile
Dirk M.

Project Lead

View Profile
Manfred L.

Support for the Chief Security Officer (CSO) and Chief Information Security Officer (CISO)

View Profile
Christian D.

Managing Director and Senior Consultant

View Profile
Markus W.

IT security consultant

View Profile
Federico L.

ISO – Senior Consultant Quality & Information Security

View Profile
Bernhard B.

Senior Security Architect - Technical Consultant - Project Manager - Network Engineer

View Profile
Stefan R.

ISO27001 Certification

View Profile
Henryk O.

Security Consultant

View Profile
Sascha L.

CEO

View Profile
Stephan S.

IT-Security Manager

View Profile
Nikolaus B.

ICT Risk Management and Information Security

View Profile
Ali Y.

Principal Product Security Engineer

View Profile
Christian G.

DORA Implementation Project

View Profile
Matthias S.

Senior Consultant Security (freelance)

View Profile
fratch Part of Bitkom logo
linkedIncrunchbaseyoutube
  • English
  • Deutsch

2025 © FRATCH.IO GmbH. All rights reserved.