Professional Experience

17+ years of progressive leadership in cybersecurity and enterprise security architecture

Cyber Security Engineer

December 2023 – Present

Aspire Tech Services and Solutions Corp., New York

End Clients: Cloud Himalaya USA, IDRA (World Bank Project in Bangladesh), BA Express NY

Key Achievements:

  • Led AI-powered threat detection integration in SIEM/SOAR: 60% response time reduction, 70% threat mitigation efficiency increase
  • Reduced false positives by 40% through SIEM correlation rule tuning and MITRE ATT&CK alignment
  • Implemented CNAPP solutions across multi-cloud environments with contextual risk prioritization
  • Designed and operationalized Zero Trust Architecture across enterprise environments
  • Deployed MDM solutions for secure mobile access in hybrid work environments
  • Conducted weekly threat hunts using IOC indicators from threat intelligence feeds
  • Integrated AI-enhanced vulnerability scanning: 40% improvement in risk management
  • Created playbooks for phishing, malware, privilege abuse: 30% reduction in junior analyst onboarding time
  • Provided mentorship to junior analysts in malware analysis and threat hunting
  • Delivered monthly security reports with KPI tracking to clients
Technologies: Splunk SIEM, Microsoft Sentinel, UEBA, SOAR, EDR, XDR, DLP, VAPT, WAF, Microsoft Entra, Intune, Nessus, Burp Suite, Metasploit, Qualys, Tenable.io, OpenVAS

Cyber Security Analyst (Senior Executive Officer)

April 2021 – November 2023

Bank Asia PLC, Bangladesh & BA Express, New York

Key Achievements:

  • Achieved 80% security enhancement through PCI-DSS v4.0.1 compliance project leadership
  • Conducted proactive threat hunting using behavioral analytics and anomaly detection
  • Configured and fine-tuned IPS rules with reduced false positives
  • Led threat modeling exercises against known APT groups and zero-day threats
  • Integrated TrendMicro IPS with SIEM and network security infrastructure
  • Collaborated on PCI DSS, GLBA, SOX compliance initiatives with successful audits
  • Deployed VMware Application Control for application whitelisting
  • Performed digital forensics including memory analysis and malware reverse engineering
  • Conducted regular risk assessments for SOC2, PCI-DSS, ISO27001 compliance
Technologies: RSA Netwitness, SOAR, EDR, XDR, DLP, VAPT, WAF, IDS/IPS, Nessus, Burp Suite, Metasploit, Qualys, OSSEC, Snort, Fortinet, Mimecast, Tenable.io, OpenVAS

Lead Cyber Security Engineer (Principal Officer)

February 2011 – March 2021

NCC Bank PLC, Bangladesh

Key Achievements:

  • Deployed endpoint protection across 1,500+ endpoints (Sophos, CrowdStrike, Microsoft Defender)
  • Developed and optimized 60+ automated playbooks using SOAR: 45% reduction in MTTD/MTTR
  • Reduced potential risks by 70% through vulnerability management deployment
  • Boosted organizational security by 80% using Palo Alto and Cisco firewalls
  • Secured critical web applications from 80% malicious traffic using F5 WAF
  • Mentored L1-L2 SOC analysts through hands-on training and tabletop exercises
  • Delivered executive-level briefings and technical deep dives
  • Built custom integrations using Python, PowerShell, JavaScript for automated enrichment
  • Configured Linux/Unix-based DNS and Cloudflare DNS for traffic filtering
  • Elevated security proficiency by 70% through team training in log analysis
Technologies: Palo Alto, Cisco, CrowdStrike, Microsoft Defender, Sophos, F5 WAF, LogRhythm, SolarWinds SEM, Python, PowerShell, JavaScript

IT Support Coordinator

May 2006 – February 2011

Mennonite Central Committee, Bangladesh

Key Achievements:

  • Configured and maintained critical servers (DNS, Postfix, Apache, Squid proxy)
  • Served as Linux/Unix system administrator for FTP, DHCP, DNS, SMTP, POP, IMAP, HTTP
  • Developed shell scripts for server monitoring and management
  • Diagnosed technical issues and implemented effective solutions
  • Minimized service disruption through proactive issue management
  • Presented technology solutions to clients across Bangladesh
Technologies: Linux/Unix, DNS, Postfix, Apache, Squid, Shell Scripting, FTP, DHCP, SMTP, POP, IMAP

Lecturer

February 2004 – April 2006

Daffodil Institute of IT (DIIT), Bangladesh

Key Achievements:

  • Delivered comprehensive lectures and seminars to undergraduate students
  • Developed course materials aligned with academic standards
  • Assessed student performance and provided constructive feedback
  • Fostered interactive discussions and critical thinking

Core Competencies

🛡️ Security Operations

SIEM, EDR, SOAR, incident response, threat hunting, forensics, and 24x7 SOC operations

☁️ Cloud Security

AWS, Azure, CNAPP, CSPM, Zero Trust Architecture, and hybrid environment security

🔍 Vulnerability Management

Risk assessment, patch management, threat modeling, and automated vulnerability scanning

✅ Compliance & Governance

NIST, PCI-DSS, ISO 27001, CMMC, SOX, GLBA, and GRC frameworks

🤖 Automation & Orchestration

SOAR platforms, Python, PowerShell, JavaScript, and workflow automation

👥 Leadership & Mentorship

Team leadership, analyst training, executive communication, and strategic planning

Ready to Leverage This Experience?

Let's discuss how my expertise can address your organization's security challenges.

Start a Conversation