Aya AlNimer
Information Security & Risk Officer Β· Amman, Jordan

Hi, I’m Aya β€” I help defend organizations and reduce risk.

SOC operations, ISO 27001, access reviews, blue team, and hands-on pentesting projects. I like turning messy security data into clear actions.

Download CV See my work

Security stack

SIEMWiresharkBurp Suite MetasploitFortiAnalyzerMITRE ATT&CKDLP
live-lab β–Ά tail -f /var/log/soc

            

              cluster=amman-soc β€’ feeds: SIEM/EDR/DLP β€’ sync OK
              latency 12ms
            

            
          


          
          

            

              
0

              
Incidents triaged (last 30d)

            

            

              
0

              
Access reviews closed

            

            

              
0

              
Policies updated (ISO 27001)

            

          

        

      


      
    


    
    

      
Experience 

      

        

          

            
Information Security & Risk Officer Β· Jordan Ahli Bank

            
    
              
  • Coordinated with vendors/service providers in response to threats and log anomalies.
    • 
              
  • Investigated potential card data leaks with Card Operations; reported findings & actions.
    • 
              
  • Supported ISO 27001: drafted/reviewed ISMS policies, procedures, and SoA.
    • 
              
  • Contributed to SOC Plan and system evaluation reports for a subsidiary.
    • 
              
  • Ran Infrastructure Security Benchmark assessments; tracked remediation plans through closure.
    • 
              
  • Performed access reviews (VPN, USB, shared folders) to enforce least privilege.
    • 
              
  • Tracked remediation for internal/external findings and audit recommendations.
    • 
              
  • Participated in daily SOC meetings; compiled weekly monitoring reports.
    • 
            

          

          

            
Jan 2025 – Present

            
Amman, Jordan

          

        


        

          

            
Security Operations Intern Β· Capital Bank

            
    
              
  • Phishing email analysis; triage & reporting with user coaching.
    • 
              
  • Log analysis across Windows, IPS/IDS, WAF, and firewalls using MITRE ATT&CK.
    • 
              
  • Assessed incident urgency, documented evidence, and escalated appropriately.
    • 
            

          

          
Aug 2023 – Sep 2023

        


        

          

            
Information Security Intern Β· Capital Bank

            
    
              
  • Updated systems on the authority matrix & asset classification inventory.
    • 
              
  • Monitored SIEM, DLP, SolarWinds, and FortiAnalyzer logs; summarized events.
    • 
            

          

          
Jul 2023 – Aug 2023

        

      

    


    
    

      
Selected Projects 

      

        

          
USB AV Evasion Pentesting Tool (Windows)

          
ATtiny85-based device disguised as a USB drive to evaluate endpoint defenses in a controlled lab.

          
    
            
  • Built payloads to test AV/EDR detection: obfuscation, process injection, LOLBins.
    • 
            
  • Simulated persistence & privilege-escalation via policy and service misconfigurations.
    • 
            
  • Live telemetry to a cloud server for run tracking and operator safety controls.
    • 
            
  • Delivered formal pentest reports with step-by-step PoC and mitigation guidance.
    • 
          

          
Ethics & scope
            
Designed strictly for authorized lab environments and educational use to surface defense gaps and improve blue-team controls.

          

        

        

          
Face ID Recognition for Smart Safe

          
PIC16F877A + Python/OpenCV access control with IR presence detection and servo locking.

          
    
            
  • Implemented facial-features model in Python; microcontroller handled sensor I/O and safety interlocks.
    • 
            
  • Secure unlock routine (0Β°β†’90Β°) with timeout relock and tamper-detection buzzer.
    • 
            
  • Designed PCB, wiring, and firmware; integrated LCD status + audit beeps.
    • 
            
  • Documented threat model and hardening (angle constraints, retries, enclosure).
    • 
          

        

      

    


    
    

      
Certificates 

      

        

          
CRTP (Bootcamp)

          
Completed β€œAttacking & Defending Active Directory: Beginner's Edition” (Nikhil Mittal).

          
View credential

        

        

          
Blue Team Level 1 (BTL1)

          
Phishing analysis, threat intel, DFIR, SIEM operations, incident response fundamentals.

          
View badge

        

        

          
Hack The Box – Pentesting Path

          
Hands-on labs focused on exploitation, enumeration, and post-exploitation.

        

      

    


    
    

      
Skills 

      

        SOC MonitoringThreat InvestigationISO 27001
        Access ReviewsWiresharkMetasploit
        Burp SuiteWindows Privilege EscalationLinux (bash)
        PythonC / C++Malware Analysis (basics)Office 365
      

    


    
    

      
Education 

      

        

          
BSc – Networks & Information Security Engineering Β· Princess Sumaya University for Technology

          
    
            
  • Certificates of Academic Excellence (2019–2020, 2020–2021).
    • 
            
  • Member of the Cyber Security Club.
    • 
          

        

        
Sep 2019 – Jun 2024

      

    


    
    

      
Community & CTFs 

      

        
    
          
  • CSCCTF v1 & v2 – annual cybersecurity competition at PSUT.
    • 
          
  • JUSTCTF – annual competition at Jordan University of Science & Technology.
    • 
          
  • Black Hat MEA CTF Qualifier 2024 β†’ Qualified for Finals (Riyadh).
    • 
        

      

    


    
    

      
Languages 

      
ArabicEnglish

    


    

      

        

          
Need a reliable security teammate?

          
I love bridging blue-team operations with practical, hands-on testing.

        

        Contact Aya