Skip to main content
Abdullah AftabAA
Open to opportunities

Abdullah Aftab

@abdullahaftab1

Senior GRC & security engineer who automates audit-ready compliance and strengthens enterprise security across hybrid environments.

United States
Message

What I'm looking for

I’m looking to protect teams with a scalable, automated, audit-ready compliance program—pairing GRC and security engineering, POA&M lifecycle management, and SIEM-driven detection to reduce risk across hybrid environments.

I’m a Senior Security Engineer focused on GRC & Compliance, with 6+ years of hands-on experience designing and scaling Governance, Risk, and Compliance programs. I author information security policies and procedures, and I’m proactive about turning compliance requirements into reliable, operational workflows.

I lead third-party vendor risk assessments and manage the full POA&M lifecycle—from finding identification through remediation validation—while enforcing frameworks including NIST 800-53, NIST CSF, RMF, HIPAA, and PCI-DSS. I bring deep expertise in GRC architecture, risk assessment, and security policy development across federal and enterprise environments.

I also use my secondary security engineering background to improve detection and response outcomes. I refine SOC use cases and MSSP-related workflows by improving alert triage and security event correlation using Microsoft Sentinel and Splunk, and I’ve engineered MITRE ATT&CK-aligned detection rules to reduce MTTD and false positives.

In practice, I automate compliance workflows using Microsoft Sentinel Logic Apps and Playbooks (SOAR automation) and deliver audit-ready reporting through Splunk dashboards and executive GRC documentation. I’ve consistently improved efficiency—reducing manual compliance tracking by 50%, improving SOC efficiency by 40%, and strengthening IAM outcomes through enforced MFA and zero-trust governance.

Experience

Work history, roles, and key accomplishments

FC
Current

Senior Security Engineer

FavorTech Consulting

Mar 2021 - Present (5 years 4 months)

Designed, rolled out, and continuously improved an internal GRC framework and security architecture using NIST 800-53, NIST CSF, RMF, HIPAA, PCI-DSS, and DFARS controls. Authored security policies, automated compliance workflows with Microsoft Sentinel Logic Apps/Playbooks (SOAR) to reduce manual tracking and triage workload by 50%, and managed POA&M lifecycles through remediation validation.

U.S. Department of Justice logoUJ

SOC Analyst & GRC Detection Engineer

U.S. Department of Justice

Feb 2020 - Mar 2021 (1 year 1 month)

Provided 24x7 real-time security monitoring, alert triage, and escalation in a high-security federal SOC environment under FISMA and NIST compliance mandates. Developed and refined Splunk-based SOC use cases/detection logic (with Snort and Suricata), performed log correlation and vulnerability scanning (Nessus, Nmap), and authored audit-ready incident reports following NIST 800-61 using ServiceNow

Education

Degrees, certifications, and relevant coursework

George Mason University logoGU

George Mason University

Bachelor of Science, Cybersecurity and Information Assurance

Bachelor of Science in Cybersecurity and Information Assurance from George Mason University.

Northern Virginia Community College logoNC

Northern Virginia Community College

Associate of Science, Information Technology

Associate of Science in Information Technology from Northern Virginia Community College.

Get matched with your dream remote job

Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan