About Muhammad Mohsin
A highly motivated Cybersecurity professional, holding a Master's in Corporate Information Security from OBS Business School. Possessing extensive experience in vulnerability management, I specialize in the identification, analysis, and remediation of cybersecurity vulnerabilities across diverse enterprise environments. My technical proficiency encompasses vulnerability scanning platforms like Splunk (SIEM), Tenable Nessus, and QualysGuard, enabling effective vulnerability lifecycle management and risk prioritization using CVSS v3.1. Core competencies: enhancing security posture via automation/orchestration of vulnerability workflows and security operations, supporting solutions for vulnerability triage, exploit mitigation, and remediation strategies.
Experienced in conducting cybersecurity audits and assessments, with deep knowledge of industry-standard frameworks and compliance regulations such as ISO 27001 and NIST CSF. Skilled in performing detailed contract security reviews, analyzing legal and technical requirements, and managing client security questionnaires to ensure robust security assurance. Proficient in developing and delivering security awareness training programs using IronScales and KnowBe4, emphasizing social engineering awareness and secure coding practices.
Proficient in leveraging GRC platforms (OneTrust) for enterprise risk management, including Third-Party Risk Management (TPRM) and managing internal risk registers. Background includes cybersecurity incident response (CSIRT) methodologies, with experience in creating incident response plans (IRPs), playbooks, and standard operating procedures (SOPs). Hands-on knowledge of Endpoint Detection and Response (EDR) solutions (Crowdstrike), network security monitoring (AlertLogic, Cisco Umbrella), and user activity monitoring (ObserveIT).
Also experienced in security event monitoring and log analysis using SIEM and network monitoring tools (Op5, Nagios) in Linux/Windows environments.
English
Native or bilingual
Spanish
Native or bilingual
Hindi
Conversational
Catalan
Fluent
Urdu
Native or bilingual
Can work on-site
Barcelona (up to 50km)
Experience
- Schwarz Digits SpainVulnerability Management S. Specialist L3January 2023 - Today (3 years and 5 months)Barcelona, Spain1. Documentation & Process Optimization for Vulnerability Handling:Developed and maintained comprehensive documentation for vulnerability handling and assignment processes. Designed new, streamlined workflows to improve the efficiency of vulnerability remediation. Leveraged Splunk data to inform and optimize assignment strategies, ensuring clear accountability. Focused on automating key steps to enhance response times and accuracy.2. Active Vulnerability Assignment & Tracking via Splunk Analytics:Actively managed the assignment of security vulnerabilities across all information systems, utilizing Splunk analytics to identify and prioritize findings. Analyzed Splunk data to accurately pinpoint affected systems and assign vulnerabilities to relevant owners. Tracked remediation progress and provided regular updates, ensuring timely action and effective communication.3. Automation & Technology Enhancement for Vulnerability Workflow:Supported the development of automated Splunk dashboards and alerts to improve vulnerability detection and assignment efficiency. Contributed to the continuous improvement of Splunk-based tools and technologies for vulnerability management workflows. Created and maintained reports to facilitate communication and action by vulnerability owners, enhancing transparency and accountability.4. Business Unit Coordination, Compliance, & Risk Acceptance:Coordinated with business units to ensure timely and effective action on assigned vulnerabilities, providing guidance and support. Ensured compliance with vulnerability management guidelines through clear communication and tracking of remediation efforts. Managed the documentation and risk acceptance process related to assigned vulnerabilities, ensuring adherence to established protocols. Provided regular reports on compliance and risk acceptance to relevant stakeholders
- PageGroupInformation Security AnalystMay 2022 - January 2023 (8 months)Barcelona, Spain1. Security Documentation & Process Development:Developed comprehensive security policies, procedures, and playbooks to enhance operational efficiency and mitigate risks. Used Confluence for knowledge sharing, ensuring accessible documentation. Streamlined workflows and ensured strong compliance. Designed new processes, improving overall security posture.2. ISO 27001 & NIST CSF Compliance:Supported internal audits, ensuring alignment with security standards. Conducted gap analysis and managed remediation efforts, addressing vulnerabilities. Provided audit evidence and documentation, demonstrating compliance. Collaborated with auditors for successful audits.3. Contract Review & Client Questionnaires:Reviewed client contracts for security risks, identifying potential issues. Responded to client questionnaires, addressing complex security concerns. Ensured adherence to best practices and maintained client trust. Analyzed contractual obligations for security requirements.4. Security Awareness & Training:Implemented security training programs using KnowBe4 and IronScales, focusing on phishing and data protection. Tracked training metrics and analyzed effectiveness, fostering a strong security culture.5. Risk Management & TPRM:Managed TPRM and internal risk registers using OneTrust (GRC), automating risk assessments. Conducted risk assessments and developed mitigation strategies, minimizing potential threats. Evaluated vendor security posture and ensured compliance with requirements.6. Penetration Testing & Policy Reviews:Assisted in penetration testing, collaborating with external testers to identify vulnerabilities. Conducted policy reviews, ensuring up-to-date alignment with industry standards. Analyzed vulnerabilities and recommended security control enhancements. Provided actionable recommendations for security improvements.7. Jira & Confluence Utilization:Utilized Jira for incident tracking and task management, ensuring timely resolution.
- NTT DATA, Inc.Information Security SpecialistAugust 2020 - May 2022 (1 year and 9 months)Barcelona, Spain1. Incident Response Management & Documentation:Expertise in Information Security Incident Response Management: Developed and implemented comprehensive incident response documentation, including procedures, playbooks, and guidelines, significantly enhancing team efficiency and response effectiveness. Designed and streamlined incident response processes to minimize security impact and improve resolution times.2. Security Tool Proficiency:Proficient in Leading Security Technologies: Hands-on experience with advanced security tools, including Crowdstrike, AlertLogic, Cisco Umbrella, and ObserveIT, for proactive threat detection, incident response, and security monitoring. Skilled in leveraging these tools to analyze security events, identify vulnerabilities, and mitigate risks.3. Vulnerability Management & Reporting:Vulnerability Assessment and Reporting: Conducted thorough vulnerability assessments using Qualys, identifying and prioritizing security weaknesses. Delivered clear, concise, and actionable reports using Excel, enabling stakeholders to understand and address critical vulnerabilities effectively.4. Process Improvement & Optimization:Process Development and Optimization: Proactively designed and implemented new security processes to streamline operations and improve overall security posture. Focused on creating efficient workflows and documentation to enhance team collaboration and response capabilities.5. Security Analysis & Reporting (General):Security Analysis and Reporting: (If you have other general analysis skills) Performed detailed security analysis and reporting to provide insights into security trends and potential risks. Translated complex technical data into clear, actionable information for stakeholders.
Recommendations
Be the first to recommend Muhammad Mohsin
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Master in Corporate Information SecurityOBS Business SchoolThe postgraduate degree in the Security of Corporate Information, teached in Spanish, helps professionals and directors to define strategies and gain awareness of the tools that allow us to work towards data security. For a lot of organisations, information has become their most valuable asset. Nowadays, data is an essential element for competitiveness and high profitability margins in modern business. Companies, regardless of their size, are making great efforts to safeguard information from its source until its exploitation for their operations and the decision-making, which is understandable given the amount of data that is generated each day from so many different sources. Social networks, mobile devices, e-commerce, the Big Data era, etc., are some of the factors that have caused IT management security and corporate information security to become key factors for today’s organisations.
Certifications
- Certified Cybersecurity Operations Analyst (CCOA)ISACA2026
- ISO 27001 Lead Implementer - Information Security CertificationBSI2024