| 20,000+ Fresh Resumes Monthly | |
|
|
| | Click here or scroll down to respond to this candidateNasanbuyan Otgonbaatar Cybersecurity EngineerPHONE NUMBER AVAILABLE EMAIL AVAILABLE LINKEDIN LINK AVAILABLE SummaryA cybersecurity engineer with over six years of experience, specializing in advanced penetration testing, vulnerability assessments, threat hunting, incident response, and deploying defense mechanisms. I am eager to leverage my extensive skills in cloud security and offensive operations to enhance a companys cybersecurity posture by applying a proactive and strategic approach. Technical SkillsPenetration testing tools: Nmap, Nessus, Burp Suite, Frida, Metasploit Framework, Hydra, Jadx, Drozer, MobSF Forensic tools: FTK Imager, Volatility, Memoryze, SIFT Workstation, ExifTool, PsTools, Plaso(log2timeline), Redline Security solutions: FireEye ETP Cloud, DefensePro DDoS Protection, Cisco Firepower IPS/IDS, Imperva WAF, NAC, Arc- sight SIEM, Splunk ES, Mandiant EDR, SASE, Palo Alto NGWF, Zscaler CASB, Okta IAM, Proofpoint DLP, SAST/DAST Security Framework: NIST Cyber Security Framework (CSF), OWASP, CIS Controls, MITRE ATT&CK, ISO 27001 Cloud service provider: Amazon Web Services(AWS), Microsoft Azure DevOps tools: Docker, Kubernetes, ELK Stack, Postman, Jenkins, Ansible, Terraform, CloudFormation Coding: Java, Python, BashSOAR: Splunk SOAR, XSOARCertificationsCompTIA Pentest+ Issued Apr 2023 - Expires Apr 2026 ExperienceCybersecurity Engineer Jun 2022 Jul 2023Khan Bank Conducted a Red team operation, resulting in fixing of two critical vulnerabilities that had the potential to compromise the organizations external systems Implemented the Splunk Enterprise Security solution, substantially enhancing real-time insights into security threats and reducing the manual hours required for threat monitoring and response Conducted threat hunting that uncovered a hidden backdoor created by Advanced Persistent Threat(APT) group and mitigated a critical vulnerability exploited to establish the backdoor Developed a Python script that automated firewall policy tasks, reducing manual workload by 80 hours each month Penetration Tester Dec 2021 - Jun 2023Check Point Part-time Executed penetration testing on multiple client websites and mobile applications, identifying critical vulnerabilities with the potential to compromise application systems, and provided an actionable remediation plan Remediated a vulnerability that led to the loss of cryptocurrency from our clients customers wallets. This was due to attackers stealing passwords from the database via a compromised web application Cybersecurity Analyst Jan 2021 - Jun 2022M Bank Detected a Business Email Compromise (BEC) incident by implementing Microsoft 365 security best practices and setting up alerting mechanisms for suspicious activities Implemented mobile application protection software for our mobile banking application used by 2M+ users, enhancing its resilience against reverse engineering, MITM, SSL Pinning bypass and tampering Managed incident response, attacker had compromised over 10 production server via web shell that detected on ap- plication server. Identified vulnerability of the application server and eradicated the web shell, preventing further unauthorized access.Cybersecurity Engineer Aug 2017 - Jan 2021MobiCom Corporation Deployed Endpoint Detection and Response (EDR) solution across the organization, enhancing endpoint security by 90% and substantially enhancing the detection and response capabilities against advanced threats Detected and mitigated cyber attacks by developing a SIEM (Security Information and Event Management) rule specially designed to identify indicators of previous attacks Deployed proxy system to enhance network security and internet usage control, resulting in a 25% improvement in web traffic filtering and a significant reduction in access to malicious websites. EducationMongolian University of Science and Technology Mongolia Bachelor of Computer Science in Computer system security 2013 - 2017 |