Freelancer » Informations- und Kommunikationstechnologie » Qualitätsmanagement / Testing (IT)
freiberufler Cyber Security Consultant / Penetration testing auf freelance.de

Cyber Security Consultant / Penetration testing

online
  • 60‐80€/Stunde
  • 9000 Varna
  • Europa
  • bg  |  en  |  ru
  • 09.09.2024
Jetzt registrieren & Kontakt aufnehmen

Kurzvorstellung

Experienced Information Security Officer from the fin-tech industry. Achieved multiple PCI-DSS certifications. Skilled in Linux/Windows Security, Analytical Skills, Teamwork, Penetration Testing, Vulnerbility Management and Network Administration.

Auszug Referenzen (2)

"He has been one of the key factors for the success of this project; deep expertise, clear communication, valuable support and guidance - gladly again!"
Cyber Security Architect
Frank Domnick
Tätigkeitszeitraum

11/2022 – 6/2023

Tätigkeitsbeschreibung

Design and lead the Vulnerability Management transformation program for
a big client in the construction field
Implement different roll-our strategies
PoC a vulnerability management solution - Qualys
Led a team of 10+ people
Create and implement custom dashboards, widgets and reports for the
clients need
Align and integrate the Vulnerability Management system (Qualys) with
CMDB, NAC, SOAR and other solutions
Act as the final level of support for troubleshooting or creating custom
solutions in Qualys
Part of the Architecture board for the client

Eingesetzte Qualifikationen

Architekturinformatik, Cyber Security, IT Sicherheit (allg.)

"He is a great professional, focused on accomplishing his task on time. Demonstrates strong knowledge in Pen.testing Inf.Sec area."
Information Security Consultant (Festanstellung)
Kundenname anonymisiert
Tätigkeitszeitraum

12/2016 – 3/2019

Tätigkeitsbeschreibung

PCI-DSS Level1 Service provider
- Reviewing and approving security policies, controls and cyber
incident response planning
- Ensuring compliance with the changing laws and applicable
regulations
- Conducting internal security scans
- Ensuring that disaster recovery and business continuity plans
are in place and tested
- Taking part in the internal penetration testing
- Conducting awareness training
- Communicating best practices and risks to all parts of the
business

Eingesetzte Qualifikationen

Pci DSS

Qualifikationen

  • Cyber Security3 J.
  • Datenschutz7 J.
  • Ethical Hacking
  • Informationssicherheit1 J.
  • IT Sicherheit (allg.)2 J.
  • Pci DSS2 J.
  • Penetrationstest
  • Vulnerability Management

Projekt‐ & Berufserfahrung

Cyber Security Consultant
Galderma S.A Switzerland, Vaud
7/2023 – 7/2024 (1 Jahr, 1 Monat)
Gesundheitswesen
Tätigkeitszeitraum

7/2023 – 7/2024

Tätigkeitsbeschreibung

Patch Management process and implementation SME
Penetration testing SME - define scope, create tender, support pen. testing teams, approve the reports and translate them to the C-Level management.
Policy Compliance / Asset Inventory - hardening standard
Qualys and ServiceNow Vuln. Response synchronization project - Phase 2
CyberArk (IAM/PAM) integration and roll-our
KnowB4 staff awareness training and phishing simulations
PhishER phishing email protection integration and configuration
SME for Incident Response and Prevention

Eingesetzte Qualifikationen

Access Management, Bluecoat (allg.), Cyber Security, Identitätsmanagement, Informationssicherheit, IT Sicherheit (allg.), Kryptographie, Netzwerk-Sicherheit, Sicherheit von Webanwendungen

Cyber Security Architect
NTT DATA Germany, Remote
11/2022 – 6/2023 (8 Monate)
IT & Entwicklung
Tätigkeitszeitraum

11/2022 – 6/2023

Tätigkeitsbeschreibung

Design and lead the Vulnerability Management transformation program for
a big client in the construction field
Implement different roll-our strategies
PoC a vulnerability management solution - Qualys
Led a team of 10+ people
Create and implement custom dashboards, widgets and reports for the
clients need
Align and integrate the Vulnerability Management system (Qualys) with
CMDB, NAC, SOAR and other solutions
Act as the final level of support for troubleshooting or creating custom
solutions in Qualys
Part of the Architecture board for the client

Eingesetzte Qualifikationen

Architekturinformatik, Cyber Security, IT Sicherheit (allg.)

Security and Patch Management Consultant
International Committee of the Red Cross, Geneva
5/2022 – 11/2022 (7 Monate)
Soziale Einrichtungen
Tätigkeitszeitraum

5/2022 – 11/2022

Tätigkeitsbeschreibung

Assessment and evaluation of the PM process
Architectural design of a new PM process
Process involving over 200 apps and different teams.
Security and PM workshops
Hands-on implementation and configuration of a Vulnerability and PM
system(Qualys)
Knowledge transfer
Lowering of the FTE needed for different teams to patch using semiautomation
process

Eingesetzte Qualifikationen

Cyber Security, IT Sicherheit (allg.)

Cyber Security Consultant
Axa GO, Paris
6/2021 – 6/2022 (1 Jahr, 1 Monat)
Versicherungen
Tätigkeitszeitraum

6/2021 – 6/2022

Tätigkeitsbeschreibung

Part of Operational Resilience team
DDoS Protection Assessment on 50+ entities
DDoS Strategy creation
Fast Isolation and Recovery
Attack case scenarios creation - Ransomware, DDoS, Data leakage, etc.
Red Button creation use case

Eingesetzte Qualifikationen

Cyber Security

Cyber Security Consultant
Galderma S.A., Lausanne
12/2020 – 12/2021 (1 Jahr, 1 Monat)
Gesundheitswesen
Tätigkeitszeitraum

12/2020 – 12/2021

Tätigkeitsbeschreibung

Vulnerability management - Qualys
XDR management - Dell Taegis
Architecture Board forum member and SME
SOC Incident response management
Documentation - SOP & Work instructions development
PhishER management
Penetration testing projects management
Patch management process rebuild

Eingesetzte Qualifikationen

Cyber Security

Penetration tester
Fin-Tech company - NDA, Sofia
9/2019 – 10/2019 (2 Monate)
Banken
Tätigkeitszeitraum

9/2019 – 10/2019

Tätigkeitsbeschreibung

External penetration test on the network infrastructure, Exchange servers,
web servers, customer portal, blog and more.

Eingesetzte Qualifikationen

Penetrationstest

Information Security Consultant
Kundenname anonymisiert, London
12/2017 – 3/2019 (1 Jahr, 4 Monate)
Banken
Tätigkeitszeitraum

12/2017 – 3/2019

Tätigkeitsbeschreibung

PCI-DSS Level 2 Service provider certification

Eingesetzte Qualifikationen

Pci DSS

Data Protection Consultant
Kundenname anonymisiert, Varna
10/2017 – offen (7 Jahre, 2 Monate)
Ship Management
Tätigkeitszeitraum

10/2017 – offen

Tätigkeitsbeschreibung

▪ Act as point of contact with EU residents, supervisory authorities and internal teams
▪ Identify and evaluate the company’s data processing activities
▪ Provide advice and instructions on how to conduct Data Protection Impact Assessments (DPIAs)
▪ Monitor data management procedures and compliance within the company
▪ Participate in meetings with managers to ensure privacy by design at all levels
▪ Maintain records of processing operations
▪ Address all queries from data subjects within legal timeframes
▪ Liaise with other organisations that process data on company behalf
▪ Write and update detailed guides on data protection policies
▪ Perform audits and determine whether we need to alter our procedures to comply with regulations
▪ Offer consultation on how to deal with privacy breaches
▪ Arrange for training on GDPR compliance for employees
▪ Follow up with changes in law and issue recommendations to ensure compliance

Eingesetzte Qualifikationen

Datenschutz

Information Security Consultant (Festanstellung)
Kundenname anonymisiert, Varna
12/2016 – 3/2019 (2 Jahre, 4 Monate)
Banken
Tätigkeitszeitraum

12/2016 – 3/2019

Tätigkeitsbeschreibung

PCI-DSS Level1 Service provider
- Reviewing and approving security policies, controls and cyber
incident response planning
- Ensuring compliance with the changing laws and applicable
regulations
- Conducting internal security scans
- Ensuring that disaster recovery and business continuity plans
are in place and tested
- Taking part in the internal penetration testing
- Conducting awareness training
- Communicating best practices and risks to all parts of the
business

Eingesetzte Qualifikationen

Pci DSS

Weitere Projekt‐ & Berufserfahrung anzeigen

Zertifikate

Certified Data Privacy Solutions Engineer (CDPSE) - ISACA
2020
Offensive Security Certified Professional (OSCP)
2019
Cloud Security Assessment and Response - Qualys Inc.
2018
Global IT Asset Inventory and Management - Qualys Inc.
2018
PCI Compliance - Qualys Inc.
2018
Cloud Agent - Qualys Inc.
2018
Web Application Scanning and Cloud Agent - Qualys Inc.
2018
Advanced Policy Compliance - Qualys Inc.
2018
Vulnerability Management - Qualys Inc.
2017
Interactive Programming in Python - Rice University
2015
Software Defined Networking
2015
Python First Stage Programming - University of Michigan
2015

Über mich

My background, while extensive, isn't traditional and believe
me I know that. After years working for the Blue team ( Cyber
Security), I decided that is not enough. I wanted to find ways to
contribute even more to organizations. This is why I jumped the
fence and started studying and working for the Red team (
Penetration testers), as this allows me to be a Purple team
member. Now I can do a penetration test on your
infrastructure, do an educational phishing attack against your
employees, after that sit with the IT and IS teams and do the
Vulnerability, Patch and SIE management and after that stand
in front of the Board of Directors and translate all that them.

Weitere Kenntnisse

Windows, Linux, Python, Vulnerability management tools (qualys,nessus, owasp zap, openvas),
Microsoft Office 365 Security administration, Network Security, WebApplication Security, SIEM, DLP, HSM ( SafeNet ), Data Privacy, GDPR, Card schema integration ( Visa, MasterCard, JCB )

Persönliche Daten

Sprache
  • Bulgarisch (Muttersprache)
  • Englisch (Fließend)
  • Russisch (Gut)
  • Italienisch (Grundkenntnisse)
Reisebereitschaft
Europa
Arbeitserlaubnis
  • Europäische Union
  • Schweiz
Profilaufrufe
2813
Alter
38
Berufserfahrung
13 Jahre und 9 Monate (seit 02/2011)

Kontaktdaten

Nur registrierte PREMIUM-Mitglieder von freelance.de können Kontaktdaten einsehen.

Jetzt Mitglied werden