Wiam Zemouri

Monitored and analyzed security events and incidents, identifying threats and vulnerabilities for effective detection and response. Leveraged Splunk for log analysis and security monitoring, enhancing threat detection and response efciency. Implemented incident mitigation strategies, signifcantly reducing incident response time. Monitored and analyzed security events leveraging SIEM, SOAR, and XDR technologies for enhanced threat visibility and automated response. Managed ticketing systems for tracking, prioritizing, and resolving security incidents efciently. Enhanced security processes and workfows, optimizing procedures for continuous improvement and resilience. Led security projects involving cross-functional teams, implementing targeted security solutions and ensuring robust communication across Dutch, English, and French-speaking stakeholders. Leveraged expertise in EDR and NDR tools, along with SIEM technologies, to monitor and manage threats effectively. Experienced with vulnerability management tools such as Nessus, OWASP ZAP, and Nmap for threat analysis and risk assessment. Conducted comprehensive penetration testing, identifying critical vulnerabilities and providing remediation recommendations to enhance client security. Managed Identity and Access Management (IAM) processes, ensuring proper role-based access control (RBAC), implementing least privilege principles, and conducting regular access reviews to strengthen user and data security. Improved IAM security posture by implementing strong authentication methods, auditing accounts, managing identity lifecycle processes, and integrating security controls for privileged access management. Managed and mitigated various cyber incidents, conducting forensic investigations to identify root causes, strengthening incident response readiness.

Conducted successful penetration tests on web applications, APIs, and mobile platforms, identifying critical vulnerabilities and providing actionable recommendations to development teams. Designed and implemented threat models to assess potential risks and prioritize mitigation strategies, improving application security posture. Spearheaded secure code reviews that uncovered and resolved issues aligned with OWASP Top 10 and secure coding practices. Leveraged tools like Burp Suite, Fortify, and Postman to perform automated and manual security assessments with high accuracy. Collaborated with cross-functional teams (development and QA teams) to integrate security testing into CI/CD pipelines, enabling faster identifcation and resolution of vulnerabilities. Developed and executed comprehensive SAST and DAST workfows, streamlining security testing for new and legacy applications. Mapped vulnerabilities and attack vectors using the MITRE ATT&CK framework, enhancing the organization's threat modeling capabilities. Played a pivotal role in addressing vulnerabilities, ensuring applications met compliance standards and minimizing risk exposure. Contributed to the implementation of secure coding practices within development teams, reducing recurring security faws in new releases. Designed and enforced secure coding guidelines for development teams, incorporating best practices to mitigate vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and Insecure Deserialization. Collaborated with development teams to remediate vulnerabilities and implement secure design patterns, ensuring compliance with industry standards.