Asif Salim, Developer in Melbourne, Victoria, Australia
Asif is available for hire
Hire Asif

Asif Salim

Verified Expert  in Engineering

Security Architect and Developer

Location
Melbourne, Victoria, Australia
Toptal Member Since
January 5, 2023

Asif is a seasoned cybersecurity professional with more than 15 years of experience across a wide range of industries, including financial services, healthcare, energy, and consulting. He is an expert in security strategy and architecture, cloud security, identity and access management, and application security. Asif is a SABSA Certified Security Architect and holds numerous industry certifications, including CISSP, CRISC, AWS, and Azure cloud certifications.

Security ArchitectureCybersecurityApplication SecuritySecurityInformation SecurityCloud SecurityIdentity & Access Management (IAM)Data ProtectionAmazon Web Services (AWS)Network SecurityGoogle Cloud Platform (GCP)JavaConfluenceJiraSlackZero TrustSecurity EngineeringVulnerability Assessment

Portfolio

Australian Energy Market Operator
Security Architecture, Azure, Security, Microsoft Azure
Australia Post
Security Architecture, Amazon Web Services (AWS), Google Cloud Platform (GCP)...
National Australia Bank
Strategy, Security, Security Planning, Threat Detection and Response (TDR)...

Experience

Cybersecurity - 15 yearsRisk Assessment - 15 yearsVulnerability Assessment - 10 yearsSecurity Architecture - 10 yearsSecurity - 5 years

Availability

Part-time

Preferred Environment

Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), Confluence, Jira, Slack

The most amazing...

...accomplishment I achieved was developing a bank's cybersecurity and fraud strategy and roadmap.

Work Experience

Security Architect

2020 - 2021
Australian Energy Market Operator
  • Delivered the solution architecture for various initiatives, including a cloud-native SIEM solution, detection and response management, vulnerability management, and attack surface monitoring, as the lead architect on the cybersecurity program.
  • Developed patterns and technology roadmaps for security capabilities, including threat detection and response (TDR).
  • Provided security architecture and consulting for various business and digital transformation projects.
Technologies: Security Architecture, Security, Azure, Microsoft Azure

Security Architect

2019 - 2020
Australia Post
  • Led the solution architecture for various security strategy initiatives as part of the Australia Post security uplift program, which included the endpoint detection and response (EDR), secure email gateway, and privileged access management projects.
  • Provided architecture governance across all stages of the project lifecycle, ensuring the effective implementation of the architecture and alignment with the strategic objectives.
  • Conducted security risk assessments on various projects to identify threats, assess proposed security controls, quantify and qualify security risks, and ensure risks were properly managed and tracked.
Technologies: Security Architecture, Amazon Web Services (AWS), Google Cloud Platform (GCP), Risk Assessment

Enterprise Security Architect

2018 - 2019
National Australia Bank
  • Spearheaded the development of the cybersecurity strategy to uplift the National Australia Bank's (NAB) cyber threat detection, prevention, and incident response capabilities in alignment with the business objectives.
  • Developed a holistic cyber fraud and investigation strategy and a three-year transformation roadmap.
  • Served as the principal architect on various security projects, including a security automation and orchestration platform, a threat intelligence platform, a fraud platform, a SIEM system, and an endpoint detection and response (EDR) solution.
Technologies: Security, Strategy, Security Planning, Threat Detection and Response (TDR), Security Architecture, Roadmaps

Security Architect

2014 - 2018
National Australia Bank
  • Served as the lead security architect on the financial crime and cyber fraud uplift program that delivered near real-time fraud detection solutions for the new payments platform (NPP).
  • Delivered the security solution architecture for NAB's internet banking transformation project.
  • Conducted security risk assessments on various projects to identify threats, assess proposed security controls, quantify and qualify security risks, and ensure risks were adequately managed and tracked.
Technologies: Risk Assessment, Security Architecture, Application Security, Cloud Security

Technical Information Security Officer

2013 - 2014
Citibank
  • Acted as the technical information security officer, providing end-to-end security architecture and security consulting for applications used within consumer banking across 11 countries in the Asia Pacific.
  • Served as the primary point of contact for the application development teams in the areas of information security technologies, security architecture, and security risk management.
  • Implemented secure SDLC processes to manage the information security risk during the development of new products and applications and provide continuous oversight throughout the application lifecycle.
  • Performed ongoing reviews and risk assessments on applications to identify possible areas of vulnerabilities and assist in the development of corrective action plans.
Technologies: Application Security, Risk Assessment, Identity & Access Management (IAM), Network Security, Infrastructure, IT Security, Data Protection, Regulatory Compliance, ISO Standards

Consultant | Security and Risk

2007 - 2012
Accenture
  • Served as the application security consultant on a national electronic health record implementation project, responsible for designing secure SDLC processes and ensuring the effective implementation, testing, and deployment of security controls.
  • Conducted information security risk and vulnerability assessments for multiple clients, including for a leading bank in Asia Pacific on their multi-country core banking solution deployment.
  • Provided consultancy in infrastructure deployment and Active Directory configuration for an identity and access management (IAM) solution at a global chemical company.
Technologies: Risk Assessment, Vulnerability Assessment, Application Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Identity & Access Management (IAM), Security Architecture

Implementing Zero Trust Architecture: A Practical Approach

https://www.youtube.com/watch?v=cy1qVkxgJyw&t=50s
Zero trust architecture has become the enterprise security model of choice. Public and private sector organizations around the world are looking to adopt zero trust to uplift their resiliency in the face of evolving threat landscape.

As a subject-matter expert in the field, I held the Implementing Zero Trust Architecture: A Practical Approach presentation at the BSides Islamabad conference.

A video of the presentation is available at:
https://www.youtube.com/watch?v=cy1qVkxgJyw&t=50s

Industry Expertise

Cybersecurity, Network Security

Other

Security Architecture, Information Security, Risk Management, Cloud Security, Strategy, Security Planning, Computer Networking, Vulnerability Assessment, Application Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Identity & Access Management (IAM), Risk Assessment, Infrastructure, Data Protection, ISO Standards, Threat Detection and Response (TDR), Roadmaps, Microsoft Azure, Security, IT Security, Regulatory Compliance, Zero Trust

Platforms

Amazon Web Services (AWS), Google Cloud Platform (GCP), Azure

Languages

Java

Tools

Confluence, Jira, Slack

2003 - 2007

Bachelor's Degree in Computer Engineering

National University of Singapore - Queenstown, Singapore

NOVEMBER 2021 - PRESENT

Microsoft Certified Azure Security Engineer (AZ-500)

Microsoft

AUGUST 2020 - PRESENT

AWS Certified Security – Specialty

AWS

JUNE 2019 - PRESENT

AWS Certified Solutions Architect - Associate

AWS

JUNE 2012 - PRESENT

Certified in Risk and Information System Controls (CRISC)

ISACA

DECEMBER 2011 - PRESENT

Certified Information System Security Professional (CISSP)

(ISC)²

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring