Scribd
Upload
53 views4 pages

Cyber Security Professional CV Training

Amber Manzoor is a seasoned cyber security professional with over 11 years of experience in various domains including SOC operations, risk management, and compliance. Currently serving as Manager of Cyber Security, she has a strong background in implementing frameworks like NIST-CSF and ISO27001, and has led multiple projects related to SOC maturity and risk assessment. Her extensive experience includes managing teams, conducting training, and developing security policies across various organizations.

Uploaded by

Uzair Mughal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
53 views4 pages

Cyber Security Professional CV Training

Amber Manzoor is a seasoned cyber security professional with over 11 years of experience in various domains including SOC operations, risk management, and compliance. Currently serving as Manager of Cyber Security, she has a strong background in implementing frameworks like NIST-CSF and ISO27001, and has led multiple projects related to SOC maturity and risk assessment. Her extensive experience includes managing teams, conducting training, and developing security policies across various organizations.

Uploaded by

Uzair Mughal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Amber Manzoor

Cyber Security Professional

Contact Objective
Islamabad Dynamic, detailed oriented cyber security professional with 11+ years
Pakistan of experience in information security, vulnerability management, SOC,
+92 306 0528 461 incident management, risk evaluation, and management strategies
amber_caps@[Link] while augmenting and instigating key information security objectives
[Link] and control frameworks and enterprise compliance with applicable
in/ambushb7a919183/ federal laws and regulations.

Education Experience
Center for Advanced Studies in March 2024 - Present
Engineering (CASE) Manager Cyber Security •
Islamabad, Pakistan Confidential
MS Information Security
• Managing overall SOC operations.
PMAS University of Arid
Agriculture • Maturity Assessment of in-house SOC
Rawalpindi, Pakistan • Threat Advisories based on latest threats
BS Information Technology • Implementation of Cyber Security Framework based on NIST-
CSF and ISO27001
• Devising SOC policies and procedures
• Devising SOC governance program
Key Skills • Assist in designing RFPs and project contracts with vendors.
• Conducting awareness sessions and in-house employees'
Cyber Threat Intelligence training.
Research & Development Projects
GAP Analysis & Security
Assessment • 1st Party Audit
Regulatory Compliance & • Risk Assessment
Standard • SOC maturity Assessment
Risk Assessment • SOAR evaluation for procurement
Monitoring, Detection & • GAP analysis (to identify the potential security loopholes)
Response September 2022 – March 2024
Team Management Manager SOC • NERA Telecommunications
Forensics Analysis
Project Management • Head managed SOC operations for PK and Dubai region.
Communication • Assisted and performed Risk Assessment
Problem-solving • Devising and Implementation of the cyber security framework
based on NIST CSF and ISO27001.
• Training and managing SOC analysts
• Threat analysis based on 3GPP compliance
• Assistance in RFP(s) evaluation and provide technical
assistance in cyber security projects.
• Proposing and analyzing security solutions based on
organization and customer’s requirement.
• Involved in meeting with potential customers for SOC/SOAR
services.
• Devising SOC/SOAR policies and procedures.
Projects
• ISO27001 Implementation
• Risk Assessment
• SOC maturity Assessment
• SOAR evaluation for procurement
• GAP analysis
March 2022 – September 2022
Team Lead/Information Security Specialist • Netsol Technologies
• ISO 20000-2011 to ISO20000-2019 transition
• Security standards requirement analysis and implementation
including ISO27001, ISO 31000, and GDPR.
• Assisting and guiding in SOC development
• Devising SOC KPIs and KRIs.
• Training of SOC analysts.
Projects
• ISO20000-2011 to ISO20000-2019 transition
• ISO27701 requirement analysis
• SIEM solution evaluation

September 2018 – March 2022


Manager SOC • Etisalat – PTCL
• Led and managed SOC 24/7 SOC operations.
• Managing SIEM operations, offense monitoring, and
investigation.
• SIEM Use-cases & anomaly rules creation and optimization
• Incident logging and resolution via an automated Incident
Response platform
• Research the latest threats and publish security bulletins.
• Engage with the technical team(s) in the rectification of active
threats by providing guidelines.
• SOC KRI & KPI metrics monitoring
• Forensics investigation and malware analysis.
• Operational training and awareness sessions
• Operational, Tactical, and Strategic Threat Intelligence
• Devising workflows, policies, and SOPs as per SOC
requirement(s), and periodic reviews as required.
• Reporting to HOD regarding weekly and monthly team
progress.
• Preparation of Forensics and Incident reports.
• Interact and liaison with internal and external auditors as per
the company’s audit requirement.
• Devise and suggest necessary policy amendments to enhance
the company’s security and hygiene.
Projects:
• MSSP Cloud PCI-DSS – Involved in Vulnerability Assessment
(ASV Scan), Policy Compliance and SIEM integration.
• SIEM and SOAR maturity – designed IR procedure for
organization and designed SOAR platform in conjunction with
vendor.
• ISO27001 implementation for datacenter.

March 2016 – September 2018


Assistant Manager SOC • Etisalat – PTCL
• Security monitoring & analysis via SIEM solution
• Vulnerability Assessment & Penetration testing of critical
assets & devising mitigation plans.
• Malicious traffic, malware analysis, and devising
comprehensive remediation plans.
• POC, research, analyze, and evaluate the efficacy of various
security products as per organizational requirements.
• Policy Compliance of critical assets.
• Documentation, reporting, and policy analysis for the
organization and presenting to management.
October 2013 – March 2016
Information Security Officer • MTBC
• Vulnerability Assessment and Penetration Testing
• ISO 27001:2013 implementation & internal audits.
• Development and review of information security policies as per
the company’s goal and strategies.
• Providing enterprise security/compliance solutions in
accordance with corporate governance & risk standards. (i.e.,
HIPAA, NIST, FIPS, ISO)
• Evaluate, incorporate, and ensure newly developed
module/application information security and compliance.
• Research & recommendation of automated tools to enhance
the security posture of the organization.
• Communicating Information Security education & awareness to
the different levels of the organization as a part of an
information security awareness program.
• Interact with internal and external auditors as per audit
requirements
Projects:
• ISO27001-2013 implementation
• HIPAA certification
• MU certification
• Taken part in assessing and deploying Vulnerability
Management solutions

July 2012 – March 2013


Software Developer • Deltasoft Technologies
• Installation/configuration of Snort.
• Threat, Network Monitoring & expertise in IDPS.
• Web application development in JSF framework.
Projects:
• Installation & deployment of snort IDPS
• Lab environment to test IDS with real-time traffic and attack
simulations
December 2011 – July 2012
Information Security Officer • MTBC
• Vulnerability Assessment.
• Reporting anomalies in Company’s Security Policies.
• Responsible for assessing, reporting & auditing the remediation
of IT security vulnerabilities, and applications used/developed
by the company

Leadership
Successfully led a team to deliver managed SOC operations to a
customer.
Successfully led a team to implement SOAR solution for a client.

Trainings & Certifications


• CISSP Training – RIPHAH University
• IBM Certified Associate Administrator – Security QRadar
• ISO 27001:2022 Lead Auditor Training / PECB
• IELTS / British Council
• TOEFLS IBT

You might also like