Abdullah Aftab
@abdullahaftab1
Senior GRC & security engineer who automates audit-ready compliance and strengthens enterprise security across hybrid environments.
What I'm looking for
I’m a Senior Security Engineer focused on GRC & Compliance, with 6+ years of hands-on experience designing and scaling Governance, Risk, and Compliance programs. I author information security policies and procedures, and I’m proactive about turning compliance requirements into reliable, operational workflows.
I lead third-party vendor risk assessments and manage the full POA&M lifecycle—from finding identification through remediation validation—while enforcing frameworks including NIST 800-53, NIST CSF, RMF, HIPAA, and PCI-DSS. I bring deep expertise in GRC architecture, risk assessment, and security policy development across federal and enterprise environments.
I also use my secondary security engineering background to improve detection and response outcomes. I refine SOC use cases and MSSP-related workflows by improving alert triage and security event correlation using Microsoft Sentinel and Splunk, and I’ve engineered MITRE ATT&CK-aligned detection rules to reduce MTTD and false positives.
In practice, I automate compliance workflows using Microsoft Sentinel Logic Apps and Playbooks (SOAR automation) and deliver audit-ready reporting through Splunk dashboards and executive GRC documentation. I’ve consistently improved efficiency—reducing manual compliance tracking by 50%, improving SOC efficiency by 40%, and strengthening IAM outcomes through enforced MFA and zero-trust governance.
Experience
Work history, roles, and key accomplishments
Senior Security Engineer
FavorTech Consulting
Mar 2021 - Present (5 years 4 months)
Designed, rolled out, and continuously improved an internal GRC framework and security architecture using NIST 800-53, NIST CSF, RMF, HIPAA, PCI-DSS, and DFARS controls. Authored security policies, automated compliance workflows with Microsoft Sentinel Logic Apps/Playbooks (SOAR) to reduce manual tracking and triage workload by 50%, and managed POA&M lifecycles through remediation validation.
SOC Analyst & GRC Detection Engineer
U.S. Department of Justice
Feb 2020 - Mar 2021 (1 year 1 month)
Provided 24x7 real-time security monitoring, alert triage, and escalation in a high-security federal SOC environment under FISMA and NIST compliance mandates. Developed and refined Splunk-based SOC use cases/detection logic (with Snort and Suricata), performed log correlation and vulnerability scanning (Nessus, Nmap), and authored audit-ready incident reports following NIST 800-61 using ServiceNow
Education
Degrees, certifications, and relevant coursework
George Mason University
Bachelor of Science, Cybersecurity and Information Assurance
Bachelor of Science in Cybersecurity and Information Assurance from George Mason University.
Northern Virginia Community College
Associate of Science, Information Technology
Associate of Science in Information Technology from Northern Virginia Community College.
Tech stack
Software and tools used professionally
Availability
Location
Authorized to work in
Job categories
Skills
Interested in hiring Abdullah?
You can contact Abdullah and 90k+ other talented remote workers on Himalayas.
Message AbdullahGet matched with your dream remote job
Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!
