Expert Information Security
Omantel
مجموع سنوات الخبرة :16 years, 2 أشهر
• Leading in Telecom Security Operation Center (TSOC)/MSS business to operate and manage security technologies and toolsets.
• Providing comprehensive governance leadership for security operations, standard operating procedures, field manuals, and operating instructions
• Ensuring incident identification, assessment, quantification, reporting, communication, and mitigation while confirming SLA compliance, process adherence, and process improvisation to achieve operational objectives
• Building information security budgets and contributing to overall IT budget.
• Ensuring compliance to SLA/OLA, process adherence and process improvisation to achieve operational objectives
• Revise and develop processes to strengthen the current Security Operations Framework, Review policies and highlight the challenges in managing SLAs
• Responsible for team & vendor management, overall use of resources and initiation of corrective action where required for Security Operations Center
• Management, administration & maintenance of security devices under the purview of TSOC which consists of state-of-the art Security technologies
• Perform risk assessment, design and implement Identify, Protect, Detect security controls as per NIST 800-53 guidelines for Telecommunication services - Some are; Mobile PS/CS/EPC core (2G, 3G, 4G, Private APN, IMS, Machine-to-Machine/M2M, Mobile Virtual Network Operator/MVNO, Femtocell voice and data, VAS, SMS, MMS) Fixed Voice, Fixed On/net MPLS, Fixed Off net (internet and cabling landing station), FTA/IP TV, Mobile number portability (MNP), Public Wi-Fi, etc.
• Network security assessment on telecommunication network benchmarking to ITU X.805 standard and ISO 27001
• Perform independent security assessment on telecommunication services and protocols such as, SS7/Sigtran, GTP, SCTP&Diameter
• Perform threat assessment and threat vector analysis
• Integrate mobile services in SOC for service based monitoring, which includes create threat objectives for use case creation, escalation for incident management, potential attack surface and provide log files and create logic for triage and analytics.
• Consult and provide technical solution for cyber defense (detect, protect, respond) functions.
• Plan, design and implement security solution for customers, for on-boarding new services.
• Management of security technologies for various customers, like firewalls, IPS, mail gw, AV, SIEM etc.
• Vulnerability and patch management for security platforms.
• Handling Technical Escalation on security products; email gateway, Firewall, IPS, AV and security incidents.
• Preserved, harvested and processed electronic data according to the firm’s policies and practices.
• Examined individual items of evidence for data recovery, specific material of probative value, evidence of tampering and related examinations
• Conducted comprehensive and authoritative technical analyses of evidence in all types of difficult and complex cases, often creating new techniques of examination
• Experience with current cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks
• Interacting with application owners for security requirement analysis and converting business requirements to technical use case.
• Ensuring controls is monitored and their effectiveness is measure as per organization policy.
• Lead SIEM Engineer responsible for architecture and engineering of HP ArcSight and Dell Secure works systems.
• Integration of new and existing technologies to the SIEM and define specific technical requirements for
SIEM use cases.
• Investigation of security incident to find root cause for policy violation, malware detection and exploit attempts.
• Security Incident trend and Advanced Persistence Threats analysis.
• Manage configuration of SOC technologies, implement new data feeds and providing cyber intelligence into
SIEM environment
• Manage security incident, response and escalation processes
• Development of advance correlation rules and custom parser
• Planning, design and Implemented Juniper SRX and Fortinet core firewalls as part of security revamping.
• Planning design and implemented Cisco UCS B series and VmWare 5.1 for Siem and Bigdata solutions
• Conduct ISO/IEC 27001:2012 and SAS 70 assessment as part of internal auditing
• Current experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
• Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations
• Good understanding of IAM technologies (SAML, OAuth, Openid)
• Strong Ability to write correlation content to address complex use cases. Strong Ability to design and build complex reports.
• Maintains latest IDS, IPS, Antivirus signatures (Tipping point, Fireeye, Norton).
• Strong varied technical experience with Unix/Linux and Windows, broad range of security devices, software development background or scripting
• Expertise in (RedHat, Suse, Ubuntu, Debian, Kali, Backtrack)Linux deployment and management.
• Successfully design and implemented 4 Pairs of SRX 3600 Next generation Firewall for LTE deployment.
• Successful conduct the Next Generation firewall (Fortinet, Juniper SRX, Palo Alto) POC in testbed submit result to higher management.
• Deploys, manages and maintains all security systems and their corresponding or associated software, including Firewalls, Intrusion Detection Systems, Intrusion Prevention Systems, Cryptography systems, and Anti-virus software.
• Ensures of policies, procedures and associated plans for system security administration and user system access based on industry-standard best practices are adhered.
• Monitors and reviews Access controls on Windows Servers, Linux, SUN Servers etc.
• Knowledge of L4-L7 protocols such as SSL, HTTP, HTTPS, DNS, SMTP and IPsec.
• Expertise in Linux server deployment and security hardening
• Strong QRadar design and implement in critical Telecom and MSS environment.
• Strong Ability to write correlation content to address complex use cases. Strong Ability to design and build complex reports.
• Strong varied technical experience with Unix/Linux and Windows, broad range of security devices, software development background or scripting
• Monitors and reviews Malware Statistics on daily basis.
• Ensures all the workstations and servers are updated with latest security patches.
• Administers and maintains High privileged user accounts (ex. Root, system, Administrator etc...), permissions, and access rights.
Global SOC, handling the security Operation center of the leading Petrochemical Company
• Preserved, harvested and processed electronic data according to the firm’s policies and practices.
• Examined individual items of evidence for data recovery, specific material of probative value, evidence of tampering and related examinations
• Conducted comprehensive and authoritative technical analyses of evidence in all types of difficult and complex cases, often creating new techniques of examination
• Experience with current cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks
• Interacting with application owners for security requirement analysis and converting business requirements to technical use case.
• Ensuring controls is monitored and their effectiveness is measure as per organization policy.
• Lead SIEM Engineer responsible for architecture and engineering of HP ArcSight and Dell Secure works systems.
• Integration of new and existing technologies to the SIEM and define specific technical requirements for
SIEM use cases.
• Investigation of security incident to find root cause for policy violation, malware detection and exploit attempts.
• Security Incident trend and Advanced Persistence Threats analysis.
• Manage configuration of SOC technologies, implement new data feeds and providing cyber intelligence into
SIEM environment
• Manage security incident, response and escalation processes
• Development of advance correlation rules and custom parser
• Planning, design and Implemented Juniper SRX and Fortinet core firewalls as part of security revamping.
• Planning design and implemented Cisco UCS B series and VmWare 5.1 for Siem and Bigdata solutions
• Conduct ISO/IEC 27001:2012 and SAS 70 assessment as part of internal auditing
• Current experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
• Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations
• Good understanding of IAM technologies (SAML, OAuth, Openid)
• Strong Ability to write correlation content to address complex use cases. Strong Ability to design and build complex reports.
• Maintains latest IDS, IPS, Antivirus signatures (Tipping point, Fireeye, Norton).
• Strong varied technical experience with Unix/Linux and Windows, broad range of security devices, software development background or scripting
• Expertise in (RedHat, Suse, Ubuntu, Debian, Kali, Backtrack)Linux deployment and management.
• Successfully design and implemented 4 Pairs of SRX 3600 Next generation Firewall for LTE deployment.
• Successful conduct the Next Generation firewall (Fortinet, Juniper SRX, Palo Alto) POC in testbed submit result to higher management.
• Deploys, manages and maintains all security systems and their corresponding or associated software, including Firewalls, Intrusion Detection Systems, Intrusion Prevention Systems, Cryptography systems, and Anti-virus software.
• Ensures of policies, procedures and associated plans for system security administration and user system access based on industry-standard best practices are adhered.
• Monitors and reviews Access controls on Windows Servers, Linux, SUN Servers etc.
• Knowledge of L4-L7 protocols such as SSL, HTTP, HTTPS, DNS, SMTP and IPsec.
• Expertise in Linux server deployment and security hardening
• Strong QRadar design and implement in critical Telecom and MSS environment.
• Strong Ability to write correlation content to address complex use cases. Strong Ability to design and build complex reports.
• Strong varied technical experience with Unix/Linux and Windows, broad range of security devices, software development background or scripting
• Monitors and reviews Malware Statistics on daily basis.
• Ensures all the workstations and servers are updated with latest security patches.
•
• Preserved, harvested and processed electronic data according to the firm’s policies and practices.
• Examined individual items of evidence for data recovery, specific material of probative value, evidence of tampering and related examinations
• Conducted comprehensive and authoritative technical analyses of evidence in all types of difficult and complex cases, often creating new techniques of examination
• Experience with current cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks
• Interacting with application owners for security requirement analysis and converting business requirements to technical use case.
• Ensuring controls is monitored and their effectiveness is measure as per organization policy.
• Lead SIEM Engineer responsible for architecture and engineering of HP ArcSight and Dell Secure works systems.
• Integration of new and existing technologies to the SIEM and define specific technical requirements for
SIEM use cases.
• Investigation of security incident to find root cause for policy violation, malware detection and exploit attempts.
• Security Incident trend and Advanced Persistence Threats analysis.
• Manage configuration of SOC technologies, implement new data feeds and providing cyber intelligence into
SIEM environment
• Manage security incident, response and escalation processes
• Development of advance correlation rules and custom parser
• Planning, design and Implemented Juniper SRX and Fortinet core firewalls as part of security revamping.
• Planning design and implemented Cisco UCS B series and VmWare 5.1 for Siem and Bigdata solutions
• Conduct ISO/IEC 27001:2012 and SAS 70 assessment as part of internal auditing
• Current experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
• Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations
• Good understanding of IAM technologies (SAML, OAuth, Openid)
• Strong Ability to write correlation content to address complex use cases. Strong Ability to design and build complex reports.
• Maintains latest IDS, IPS, Antivirus signatures (Tipping point, Fireeye, Norton).
• Strong varied technical experience with Unix/Linux and Windows, broad range of security devices, software development background or scripting
• Expertise in (RedHat, Suse, Ubuntu, Debian, Kali, Backtrack)Linux deployment and management.
• Successfully design and implemented 4 Pairs of SRX 3600 Next generation Firewall for LTE deployment.
• Successful conduct the Next Generation firewall (Fortinet, Juniper SRX, Palo Alto) POC in testbed submit result to higher management.
• Deploys, manages and maintains all security systems and their corresponding or associated software, including Firewalls, Intrusion Detection Systems, Intrusion Prevention Systems, Cryptography systems, and Anti-virus software.
• Ensures of policies, procedures and associated plans for system security administration and user system access based on industry-standard best practices are adhered.
• Monitors and reviews Access controls on Windows Servers, Linux, SUN Servers etc.
• Knowledge of L4-L7 protocols such as SSL, HTTP, HTTPS, DNS, SMTP and IPsec.
• Expertise in Linux server deployment and security hardening
• Strong QRadar design and implement in critical Telecom and MSS environment.
• Strong Ability to write correlation content to address complex use cases. Strong Ability to design and build complex reports.
• Strong varied technical experience with Unix/Linux and Windows, broad range of security devices, software development background or scripting
• Monitors and reviews Malware Statistics on daily basis.
• Ensures all the workstations and servers are updated with latest security patches.
• Administers and maintains High privileged user accounts (ex. Root, system, Administrator etc...), permissions, and access rights.
• Preserved, harvested and processed electronic data according to the firm’s policies and practices.
• Examined individual items of evidence for data recovery, specific material of probative value, evidence of tampering and related examinations
• Conducted comprehensive and authoritative technical analyses of evidence in all types of difficult and complex cases, often creating new techniques of examination
• Experience with current cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks
• Interacting with application owners for security requirement analysis and converting business requirements to technical use case.
• Ensuring controls is monitored and their effectiveness is measure as per organization policy.
• Lead SIEM Engineer responsible for architecture and engineering of HP ArcSight and Dell Secure works systems.
• Integration of new and existing technologies to the SIEM and define specific technical requirements for
SIEM use cases.
• Investigation of security incident to find root cause for policy violation, malware detection and exploit attempts.
• Security Incident trend and Advanced Persistence Threats analysis.
• Manage configuration of SOC technologies, implement new data feeds and providing cyber intelligence into
SIEM environment
• Manage security incident, response and escalation processes
• Development of advance correlation rules and custom parser
• Planning, design and Implemented Juniper SRX and Fortinet core firewalls as part of security revamping.
• Planning design and implemented Cisco UCS B series and VmWare 5.1 for Siem and Bigdata solutions
• Conduct ISO/IEC 27001:2012 and SAS 70 assessment as part of internal auditing
• Current experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
• Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations
• Good understanding of IAM technologies (SAML, OAuth, Openid)
• Strong Ability to write correlation content to address complex use cases. Strong Ability to design and build complex reports.
• Maintains latest IDS, IPS, Antivirus signatures (Tipping point, Fireeye, Norton).
• Strong varied technical experience with Unix/Linux and Windows, broad range of security devices, software development background or scripting
• Expertise in (RedHat, Suse, Ubuntu, Debian, Kali, Backtrack)Linux deployment and management.
• Successfully design and implemented 4 Pairs of SRX 3600 Next generation Firewall for LTE deployment.
• Successful conduct the Next Generation firewall (Fortinet, Juniper SRX, Palo Alto) POC in testbed submit result to higher management.
• Deploys, manages and maintains all security systems and their corresponding or associated software, including Firewalls, Intrusion Detection Systems, Intrusion Prevention Systems, Cryptography systems, and Anti-virus software.
• Ensures of policies, procedures and associated plans for system security administration and user system access based on industry-standard best practices are adhered.
• Monitors and reviews Access controls on Windows Servers, Linux, SUN Servers etc.
• Knowledge of L4-L7 protocols such as SSL, HTTP, HTTPS, DNS, SMTP and IPsec.
• Expertise in Linux server deployment and security hardening
• Strong QRadar design and implement in critical Telecom and MSS environment.
• Strong Ability to write correlation content to address complex use cases. Strong Ability to design and build complex reports.
• Strong varied technical experience with Unix/Linux and Windows, broad range of security devices, software development background or scripting
• Monitors and reviews Malware Statistics on daily basis.
• Ensures all the workstations and servers are updated with latest security patches.
• Administers and maintains High privileged user accounts (ex. Root, system, Administrator etc...), permissions, and access rights.
Infra, handling the security Operation center infrastructure of the leading telecom company in Dubai, Du telecom. • Deployment of VMware vSphere ESXi 4.1 in multi Datacenter environment.
• Strong varied technical experience with Unix/Linux and Windows, broad range of security devices, software development background or scripting
• In depth knowledge and extensive experience of corporate strategic planning and execution.
• Excellent communication, problem solving, persuasion, negotiation, and decision making skills.
• Demonstrated ability to effectively communicate with a multi-cultural and multi-national workforce.
• Excellent written and verbal communications skills with the ability to communicate concepts as appropriate to customers, contractors, and staff.
• Primary responsibility is to identify, review, and mitigate the IT Data Centers form security vulnerabilities and threats.
• To provide support ensure that the rules of use for any network elements or systems comply with the company's information security policies.
• To manage and implement security related projects in the area of Corporate and IT domains.
• Liaise with respective suppliers and update the knowledgebase.
• Experience with DOS / DDOS analytics and mitigation strategies
Contribution
•Preserved, harvested and processed electronic data according to the firm’s policies and practices.
•Examined individual items of evidence for data recovery, specific material of probative value, evidence of tampering and related examinations
•Conducted comprehensive and authoritative technical analyses of evidence in all types of difficult and complex cases, often creating new techniques of examination
•Experience with current cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks
•Interacting with application owners for security requirement analysis and converting business requirements to technical use case.
•Ensuring controls is monitored and their effectiveness is measure as per organization policy.
•Lead SIEM Engineer responsible for architecture and engineering of HP ArcSight and Dell Secure works systems.
•Integration of new and existing technologies to the SIEM and define specific technical requirements for
SIEM use cases.
•Investigation of security incident to find root cause for policy violation, malware detection and exploit attempts.
•Security Incident trend and Advanced Persistence Threats analysis.
•Manage configuration of SOC technologies, implement new data feeds and providing cyber intelligence into
• Preserved, harvested and processed electronic data according to the firm’s policies and practices.
• Examined individual items of evidence for data recovery, specific material of probative value, evidence of tampering and related examinations
• Conducted comprehensive and authoritative technical analyses of evidence in all types of difficult and complex cases, often creating new techniques of examination
• Experience with current cyber threats and the associated tactics, techniques, and procedures used to infiltrate computer networks
• Interacting with application owners for security requirement analysis and converting business requirements to technical use case.
• Ensuring controls is monitored and their effectiveness is measure as per organization policy.
• Lead SIEM Engineer responsible for architecture and engineering of HP ArcSight and Dell Secure works systems.
• Integration of new and existing technologies to the SIEM and define specific technical requirements for
SIEM use cases.
• Investigation of security incident to find root cause for policy violation, malware detection and exploit attempts.
• Security Incident trend and Advanced Persistence Threats analysis.
• Manage configuration of SOC technologies, implement new data feeds and providing cyber intelligence into
SIEM environment
• Manage security incident, response and escalation processes
• Development of advance correlation rules and custom parser
• Planning, design and Implemented Juniper SRX and Fortinet core firewalls as part of security revamping.
• Planning design and implemented Cisco UCS B series and VmWare 5.1 for Siem and Bigdata solutions
• Conduct ISO/IEC 27001:2012 and SAS 70 assessment as part of internal auditing
• Current experience with network intrusion detection and response operations (Protect, Defend, Respond and Sustain methodology)
• Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations
• Good understanding of IAM technologies (SAML, OAuth, Openid)
• Strong Ability to write correlation content to address complex use cases. Strong Ability to design and build complex reports.
• Maintains latest IDS, IPS, Antivirus signatures (Tipping point, Fireeye, Norton).
• Strong varied technical experience with Unix/Linux and Windows, broad range of security devices, software development background or scripting
• Expertise in (RedHat, Suse, Ubuntu, Debian, Kali, Backtrack)Linux deployment and management.
• Successfully design and implemented 4 Pairs of SRX 3600 Next generation Firewall for LTE deployment.
• Successful conduct the Next Generation firewall (Fortinet, Juniper SRX, Palo Alto) POC in testbed submit result to higher management.
• Deploys, manages and maintains all security systems and their corresponding or associated software, including Firewalls, Intrusion Detection Systems, Intrusion Prevention Systems, Cryptography systems, and Anti-virus software.
• Ensures of policies, procedures and associated plans for system security administration and user system access based on industry-standard best practices are adhered.
• Monitors and reviews Access controls on Windows Servers, Linux, SUN Servers etc.
• Knowledge of L4-L7 protocols such as SSL, HTTP, HTTPS, DNS, SMTP and IPsec.
• Expertise in Linux server deployment and security hardening
• Strong QRadar design and implement in critical Telecom and MSS environment.
• Strong Ability to write correlation content to address complex use cases. Strong Ability to design and build complex reports.
• Strong varied technical experience with Unix/Linux and Windows, broad range of security devices, software development background or scripting
• Monitors and reviews Malware Statistics on daily basis.
• Ensures all the workstations and servers are updated with latest security patches.
• Administers and maintains High privileged user accounts (ex. Root, system, Administrator etc...), permissions, and access rights.
responsibility is to identify, review, and mitigate the IT Data Centers form security vulnerabilities and threats.
•To provide support ensure that the rules of use for any network elements or systems comply with the company's information security policies.
•To manage and implement security related projects in the area of Corporate and IT domains.
•Liaise with respective suppliers and update the knowledgebase.
•Experience with DOS / DDOS analytics and mitigation strategies
Team Size
25
Contribution
•Manages security for Local Area Networks, the company website, the company intranet, servers and e-mail communications.
•Manages and ensures the security of databases and data transferred both internally and externally.
•Performs Vulnerability Assessment, Penetration testing of all systems in order to identify system vulnerabilities.
•Implements, and reports on security system and end user activity audits.
•Monitors server logs, Firewall logs, Intrusion Detection/Prevention logs, VPN Logs and network traffic for unusual or suspicious activity.
•Recommends, schedules (where appropriate), and applies fixes, security patches, disaster recovery procedures, and any other measures required in the event of a security breach.
•Assesses need for any security reconfigurations (minor or significant) and execute them if required.
•Keeps current with emerging security alerts and issues.
•Conducts research on emerging products, services, protocols, and standards in support of security enhancement and development efforts.
•Generates Incident Report on case to case incident basis and escalates to the concern department for their action and ensures that prompt action taken appropriately.
courses: 2012 Skill Set •Worked on multiple Security Products Firewalls, SIEM, Sandbox, APT solution, •Deployment Experience Qradar SIEM, Cisco ASA FW, Nexus switches, Vmware,