Cyber Security Analyst
Saudi Business Machines
Total years of experience :12 years, 9 months
Incident Response specialist with key L2 role capabilities
• Working on different Security solutions like SIEM, IDP IPS, Web proxies, EDR, AV etc.
• Ensured cyber security policies are adhered to and that required controls are implemented and facilitated continuous monitoring system.
• Monitor, analyze and synthesize daily security alerts/events surfaced via internal and external sources.
• Perform real-time status monitoring of security equipment (IDS, IPS, Firewalls, etc.) and systems (servers, clients, etc.) using various tools (e.g. SIEM) to identify potential security incidents, threats and vulnerabilities.
• Examine security event data to identify patterns and trends, then normalize and integrate into existing automation tools to correlate the resulting data. Identify, assess and recommend remediation steps for security events
Role Responsibilities
• Experience in threat detection technologies including: intrusion detection and prevention systems (IDS/IPS), security incident and event management (Splunk SIEM) technology, and network packet analyzers. Experience with security data analytics, endpoint protection, malware analysis, and forensics tools to identify potential security incidents, threats and vulnerabilities.
• Provide security events analysis and support to include identifying potential threat, anomalies, and infections, documenting findings, providing recommendations within the SOCs incident management system, performing triage of incoming security events, performing preliminary and secondary analysis of those events, and validating the events.
• Managing different WAF like Akamai, Cloud flare, F5 for DDoS Mitigation.
• Working knowledge of a wide range of current network security technologies such as firewalls, proxies, network and host-based intrusion prevention, Data Loss Prevention, vulnerability assessment tools, security information/event management, endpoint security, anti-virus/anti-malware, etc.
• Examine security event data to identify patterns and trends, then normalize and integrate into existing automation tools to correlate the resulting data. Identify, assess and recommend remediation steps for security events
• Different AWS security resources like Cloud Trail, security groups, Guard duty, CASB etc.
• Mentor and train new personnel.
• Provide performance metrics as necessary. Participate in business security awareness and training initiatives
• Development of best practices protocols for Incident Analysis, Incident Response Coordination, Security Audits, Certificate Authority, Log Analysis & Diagnosis, and Host Vulnerability Scanning.
• Monitor, analyze and synthesize daily security alerts/events surfaced via internal and external sources.
• Perform real-time status monitoring of security equipment (IDS, IPS, Firewalls, etc.) and systems (servers, clients, etc.) using various tools (e.g. SIEM) to identify potential security incidents, threats and vulnerabilities.
• Management of different monitoring tools like OSSIEM, Nagios, PRTG, Cacti and custom based tools.
• Developing protocols & SOPs for and conducting Risk Assessment Analysis, Business Impact Analysis, Threat Vulnerability Analysis, Disaster Recovery and Business Continuity Planning
• Keeping a track of company owned Domain Names and renewing and reviewing them regularly.
• Migrated the entire production project and DR to AWS EC2 Cloud
• Earned PCI-DSS V3.2 certification for payment gateway products of the company.
Role Responsibilities
• Leading a Security/Nework Operations Centre team.
• Monitoring incidents, changes and problems.
• Taking care of all the business critical and in-production hosts and services which are running on Linux and Windows environment.
• Constant monitoring of all servers to ensure undisrupted service
• Executing consulting engagements in the areas of NOC/SOC.
• Adhering to all the points defined in the ITIL.
• Ensure quality delivery as per IBM/client requirements.
• Working with Change Management teams for new policies implementation.
• Coordinate with various teams during critical incidents- Development, Network, Tools, Automation and Orchestration
• SLA management of all the servers and services related to it. Completing the given tasks and errors within the given SLA’s.
• Auditing Servers and help the teams get them on production fully compliant after following different Ruleset and IT standards like PCI/HIPPA etc.
Role Responsibilities
• Managing the Data Centre with different networking Infrastructure.
• Running Internal and External Vulnerability assessments (Nessus) on a monthly basis and monitoring and escalating any Vulnerability issues.
• Configuring Apache, DNS, DHCP, NFS services with multiple concepts
• Maintaining Firewall and Proxy Rules. User Creation / Suspension / Deletion.
• Working with the NOC architecture for 24*7 uptime and Stability of the entire Infrastructure and Network with monitoring tools like Nagios, Monit, Munin, Alienvault, etc on a daily basis.
URL removed due to policy violation. Please contact support for further information.