Profile

Cybersecurity Engineer with hands-on experience designing and operating security infrastructure in production environments. Specialized in detection engineering, access control architecture, and measurable attack surface reduction. Experienced in translating security frameworks such as NIST CSF and ISO 27001 into practical, enforceable technical controls across enterprise environments.

Education

Abu Dhabi University

Bachelor of Science (BSc) Cybersecurity Engineering
Jan 2021 – Expected June 2026 | Abu Dhabi, UAE
Work Experience

Freelance Cybersecurity Engineer

Confidential
Jun 2024 – Present | Remote
  • Designed and engineered a centralised SIEM architecture (Wazuh) for real-time log ingestion, correlation, and threat detection, improving signal accuracy by ~45% and reducing incident response latency.
  • Architected and implemented Zero Trust remote access architecture, eliminating exposed services and reducing successful brute-force compromise attempts from near-total to <5%.
  • Designed a layered web defense architecture (WAF, HSTS, rate limiting, access controls) to reduce external attack surface, eliminating observed SQLi and XSS vectors and hardening edge exposure.
  • Implemented unified endpoint management (UEM) to automate system hardening, monitor endpoint health, and enforce baseline security policies across Windows and Linux devices.
  • Designed and tested a redundant backup and disaster recovery architecture using NAS with automated off-site synchronisation, achieving 100% recovery success during drills.
  • Developed security policies and maintained a live risk register covering 30+ critical threats, mapping implemented controls to NIST CSF domains and ISO 27001 Annex A for structured risk treatment.

    • Cybersecurity Intern

    Bold Investment
    Jan 2025 – Feb 2025 | Abu Dhabi
  • Conducted vulnerability assessments and penetration testing using OpenVAS, Nessus, Nmap, Nikto, Metasploit, Hydra, and Burp Suite.
  • Configured and tested IDS/​IPS solutions (Snort, Suricata) for network-based threat detection.
  • Documented findings with remediation guidance aligned to OWASP Top 10 and NIST principles.
    • Certificates
    ISO 27001 ISMS - Lead Auditor: Exemplar Global|Project Management for Cybersecurity Professionals: EC Council|Industrial Cybersecurity Essentials: Cisco|Practical Ethical Hacker Course: TCM Security|CyberOps Associate: Cisco|CCNAv7 Intro to Networks: Cisco Netacad|Google Cybersecurity Professional: Google|Cybersecurity Engineer: TryHackMe|N|DE Network Defense Essentials: EC Council|Linux Fundamentals: TCM Security|Pentesting Foundation: EC Council|Intro to Cybersecurity:⁠ Cisco NetAcad.
    Skills
    Security Engineering & Operations — SIEM (Wazuh, Splunk), Log Correlation, Detection Engineering, Incident Response & Triage, Sysmon, Threat Analysis|Email, Endpoint & Identity Security — Phishing Analysis, SPF, DKIM, DMARC, Endpoint Hardening (Windows, Linux), Active Directory, Group Policy|Network & Infrastructure Security — Firewalls (Fortinet, pfSense), IDS/IPS (Suricata, Snort), Network Segmentation, VPN (WireGuard), Cloudflare (WAF, HSTS)|Automation, Platforms & Labs — Python, PowerShell, Docker, Proxmox, NAS, Security Automation Pipelines|Vulnerability, Risk & Governance — Risk Register Management, Control Mapping (NIST CSF, ISO 27001), Vulnerability Assessment (OpenVAS, Nikto), OWASP Top 10
    Projects

    Ethical Hacking Home Lab Kali Linux, Metasploitable

    Ameen Siddiqui
    1 / 1