Soc system analyst
Yanbu Aramco Sinopec Refining - YASREF
مجموع سنوات الخبرة :14 years, 9 أشهر
Responsible for working in a 24x7 IT Security operation center environment with RSA
Security analytics (SIEM) tool.
▪ Support client security policies and activities and applications including vulnerabilities management,
including reporting and continuous monitoring.
▪ Observe security solutions; firewall applications, intrusion prevention systems, data loss
prevention systems, analysis tools, log aggregation tools.
▪ Provide network intrusion detection expertise to support timely and effective decisions
making of when to declare an incident.
▪ Perform incident response activities such as host triage and retrieval, malware analysis,
remote system analysis, end-user interview and recommendation efforts.
▪ Follow detailed processes and procedures to analyze, escalate and assist in remediation of
critical information security incidents.
▪ Perform Email Forensics and Malware analysis.
▪ Perform detailed investigation on Quarantine, suspicious and phishing emails and take
the procedure action according to company requirement.
▪ Coordinate with RSA security analyst on open source activities.
▪ Provide Incident Management (IM) support when analyst confirms actionable
incidents.
▪ Open tickets in RSA Archer and closing incident with appropriate justification and
evidences.
▪ Investigate, document, and report on information security issues and emerging trends
▪ Protect system by defining access privileges, control structure and resources
▪ Recognize problems by identifying abnormalities, reporting
▪ Documents all activities during an incident and provide support with status updates during
life cycle of the incident.
▪ Ability to communicate and highlight security issues.
▪ Ability to read and use the results of malicious code, reverse engineer malware and
anti-virus software.
▪ Provide threat and vulnerability analysis as well as security advisory services.
As per organization compliance requirement enforce security policies to protect the
infrastructure.
▪ Create and maintain operational reports for Key Performance Indicators and weekly and
Monthly Metrics.
▪ Create new ways to solve existing production security issues.
Manage the SOC mailbox, monitor and analyze the email for threats including phishing
and malware and escalate per procedure.
▪ Review the IT Infrastructure, policy violations, and security applications for security
events and unauthorized actions and reports the number of incidents/violations
identified, action taken, and closed.
▪ Investigate the threats and ticket creation. Provide daily monitoring and alerting of
events that occur within the near real time environment.
▪ Ensure software is patched and able to protect from threats. Stay informed of current
events in the security industry including latest exploits and threats as well as prevention
measures, remediation and restoration techniques.
▪ Implementation and monitor security measure for protection of computer system,
network and information
▪ Monitor network activity to identify issues early and communicate them to IT teams
▪Identified and evaluated potential threats and vulnerabilities.
▪ Analyze network flow data for anomalies and detect malicious network activity.
▪ Monitor live systems to discover real-time threats.
▪ Strong hands-on experience with anti-virus software, intrusion detection, firewalls
and content filtering.
▪ Provide end-to-end expert guidance on how to manage edge device connectivity,
Network Access Control, network port/protocol security, firewalls, IPS/IDS, malware
detection and prevention, and Web Filtering.
▪ Design and configure perimeter security (firewall, IPS/IDS, VPN, web filtering,
malware/botnet protection) for data centers, POPs, remote sites, and cloud
connectivity ensuring a high degree of performance and service availability for our
clients
▪ Develop the strategic vision and agenda for network security, both perimeter and
internal, and communicate to IT Leadership ensuring alignment and support.
Strong understanding of endpoint security solutions to include File Integrity
Monitoring, Data Loss Prevention and Data Encryption.
▪ Review of the Active Directory logs, Firewall Logs, VPN logs and alert Team Lead on
security events.
▪ Protect system by defining access privileges, control structure and resources
▪ Recognize problems by identifying abnormalities, reporting
▪ Professional experience in a system administration role supporting multiple
platforms and applications.
▪ Ability to communicate and highlight security issues.
▪ Ability to read and use the results of malicious code, reverse engineer malware and
anti-virus software.
▪ Demonstrated effectiveness of security controls.
▪ Installing / uninstalling VSE for users and updating VSE.
▪ Monitoring the daily SOC reports and daily shift handover reports.
▪ Preparing for SIEM projects.
Configuration of Cisco ASA 5510 for new internet link in HQ.
Configuration & Troubleshooting of Cisco 2911, 3800 & 6500, 4507RE switches for Distribution/Access layer distribution. Configuration of HSRP on core switches 6500. Implementation of Cisco Aironet Access Point for wireless connectivity on different floors.
Coordination with ISP for link termination, configuration & implementation.
Documentation of entire network, Asset/Inventory management, Report & preparation of Network Diagram with ISO standard in MS Visio.
Monitoring the entire network using monitoring tool OP-Manager & What sup-Gold.
Configuration of Cisco Router 1700, 1800 series, Cisco Switches 1900 series.
Responsibilities included Assembling PC’s, Peripheral installations, OS and other support software installations like.
Installing & Configuring Win 2000/XP/2000 server/20003 server.
Installing software Office 2000/03/07, Acrobat reader.
Managing clients & Performs Internet downloads / upgrades & Installation.
Installing/Configuring Web Cameras, Scanners, Sound cards, Ethernet Cards.
Installing, Configuring & Troubleshooting Windows Family/ XP/ NT, 2000, 2003, Software Installation, Peripheral Installation and Troubleshooting.
Troubleshooting of Network issues, Server issues, PC’s & Laptops issues.
• All the location is connected to Riyadh and each other using MPLS VPN Connectivity. Backup ISDN connectivity is provided at all the locations.
• Configuration of Cisco Router 1700, 1800 and Switches 2950.
• Implementation and troubleshooting of network connectivity at all the locations and provide network connectivity as and when new location comes in to the network.
• Installing & Configuring Win 2000/XP/2000 server/20003 server.
• Installation and updating of Antivirus Patches, Weekly backup of logs
• Creating Active Directory User Accounts, providing access as per different policies. Active Directory management, Password Management, Antivirus Installation Client & Server Patch installations.
• Installing, Configuring & Troubleshooting Windows Family/ XP/ NT, 2000, 2003, LINUX, installation. Software Installation, Peripheral Installation and Troubleshooting.
• Installing, Configuring & Troubleshooting Windows Family/ XP/ NT, 2000, 2003, LINUX,
• Software Installation, Peripheral Installation and Troubleshooting.
• Troubleshooting of Network issues, Server issues, PC’s & Laptops issues
Network Products: CISCO Routers 1700, 1800, 2800. CISCO High End Routers 3800, 7200. CISCO Switches 2950, 2960G. CISCO Campus Switches 4948 Core Catalyst 4503, 4507