Abdulrhman Bin Mohammed

• Monitor level 1/2 analyst performance by investigating incoming events using SOC-available tools.
• Ensure level 1/2 event(s) are addressed in a timely manner using available reporting and metrics.
• Approve and, if necessary, further investigate level 1-escalated events.
• Mentor level 1/2 analysts to improve detection capability within the SOC.
• Conduct research, analysis, and correlation across a wide variety of all
source data sets (indications and warnings).
• Manage SOC event and information intake to include gathering intelligence
reports, monitoring ticket queues, investigating reported incidents, and
interacting with other security and network groups as necessary.
• Serve as detection authority for initial incident declaration.
• Determine the extent of threats and recommend courses of action or
countermeasures to mitigate risks.
• Function as shift subject-matter experts (SMEs) on incident detection and
analysis techniques, providing guidance to junior analysts and making
recommendations to organizational managers.
• Drive and monitor shift-related metrics processes ensuring applicable
reporting is gathered and disseminated per SOC requirements.
• Provide timely detection, identification, and alerting of possible
attacks/intrusions, anomalous activities, and misuse activities and
distinguish these incidents and events from benign activities.
• Use cyber defense tools for continual monitoring and analysis of system
activity to identify malicious activity.
• Analyze identified malicious activity to determine weaknesses exploited,
exploitation methods, effects on system and information.
• Conduct analysis of log files, evidence, and other information to
determine best methods for identifying the perpetrator(s) of a network
intrusion.
• Characterize and analyze network traffic to identify anomalous activity and
potential threats to network resources.
• Analyze computer-generated threats for counter intelligence or criminal
activity.
• Validate intrusion detection system ( IDS ) alerts against network traffic
using packet analysis tools.
• Gather and analyze data (e.g., measures of effectiveness) to determine
effectiveness, and provide reporting for follow-on activities.
• Conduct analysis of log files, evidence, and other information to determine
best methods for identifying the perpetrator(s) of a network intrusion.
• Provide daily summary reports of network events and activity relevant to cyber defense practices.
• Capture and analyze network traffic associated with malicious activities
using network monitoring tools.
• Serve as a backup analyst for any potential coverage gaps to ensure
business continuity.
• Monitor and evaluate integrated SOC operations to identify opportunities
to meet organization objectives.
• Monitor and report changes in threat dispositions, activities, tactics,
capabilities, objectives, etc. as related to designated cyber operations
warning problem sets.
• Monitor and report on validated threat activities.
• Monitor operational environment and report on adversarial activities which
fulfill leadership’s priority information requirements.
• Monitor target networks to provide indications and warning of target
communications changes or processing failures.
• Document lessons learned that convey the results of events and/or
exercises.
• Facilitate the sharing of “ best practices ” and “lessons learned”
throughout the cyber operations community.
• Communicate new developments, breakthroughs, challenges and
lessons learned to leadership, and internal and external customers.
• Participate in the development or modification of the computer environment
Cyber Security program plans and requirements.

·Monitor Bank AlBilad environment to avoid any security incidents that may harm the Bank's data
·Prepare reports that document security breaches and damage percentages and magnitude for continuous improvement.
·Assist with forensic acquisition and preservation of electronic data from a wide range of information technology environments and platforms including social media and mobile devices.
·Perform penetration testing to locate, assess, and rectify system vulnerabilities and ensure that security risk levels are kept to a minimum.
·Participate in planning and achieving the organization’s way of handling security issues as per the recommended guidelines.
·Monitor Threat activities and Perform researches for cyber threats on the internet and Dark Web with a direct or indirect impact/relevance to financial sector.
·Collects, analyses, store, reports, maintains and applies information pertinent to security investigations end incidents in a form that can support current end/or future analysis, situational awareness, and law enforcement investigation efforts.
·Support security reviews/vulnerability risk assessments of network environments by providing guidance and follow-up for service acquisition and remediation recommendations & activities.
·Conduct trending analysis of security alerts end events to identify patterns indicative of new unauthorized activity.
·Evaluate communication security, data vulnerability, business continuity and compliance risks along with vulnerabilities/weaknesses in systems.
·Identify log and event sources including Active Directory event logs, Routers, Switches, Firewalls, PCAP/Flow data, DNS, audit and authentication logs, VPNJ IDS, and other sensor field tools and technologies.
·Provide Cybersecurity and Threat Analyst services to support active information security incidents and events from the Logging and Event Management solution.
·Develop new signatures and correlated searches based on a variety of requirements.

• Monitor daily the IT Infrastructure critical security logs and reporting the incident and alert to the Manager of Security Logging and Monitoring.
• Ensure all the critical Infrastructure.
• Participate in maintaining on-going communications with SOC team
• Review the SOC regular reports and attend related meeting for security
incidents.
• Reporting/Prepare Incident report.
• Ensure compliance with external requirements from regulators and industry
organisations.
• Comply with the corporate information security policies & procedures
relevant to his role.
• Preserve the Confidentiality of information by promising that data should
only be accessed by authorized people.
• Preserve Integrity of the information by safeguarding the accuracy and
completeness of information and processing methods;
• Preserve Availability of information, by ensuring that users under his
control has access to information and associated assets when required. • Protect organizational assets (information, software, hardware) against
compromises.
• Comply with Data Protection and Intellectual Property Rights legislation
valid in KSA.
• Ensure that all required physical security controls and mechanisms are
enforced within his area of work.
• Report immediately any observed and/or suspected information security
incidents and security breaches to his superior and to the Information
Security Team or Service Desk. • Initiate Incident response plan.

• Implementing controls recommended ISO27001 in order to maintain the accreditation status.
• Performing and maintaining security baseline discovery of current infrastructure and identification of gap between existing procedures, corporate policy, and industry standards/bestpractices.
• establishing and enhancing the architecture/platform specific information security policies.
• Assisting in conducting Risk Assessment and agreeing on risk treatment plan.

• Assist the infrastructure team in scope definition of ethical hacking / penetration tests to be performed by the vendors.
• Recording and analyzing incidents pertaining to confidentiality, integrity and availability of information assets.
• Assisting in Disaster recovery test and report results and follow-up action points.
• Verifying and validating business applications on functionality, documents and standards.
• implementing information s ecurity policies, procedures in order to ensure the protection of confidential information.
• Evaluating new security vulnerability alerts, perform vulnerability assessments on network and systems, make recommendations.
• Coordinating on the staff training and awareness program across the company to ensure that all the staff members are aware of the corporate security policies that are appropriate for their job function.
• Identifying potential threats and respond to reported security violations to determine causes, possible solutions, and remedial actions required to ensure data security.
• Coordinate, document, and report on internal investigations of possible security violations.

• Preserve the Confidentiality, Availability, and Integrity of organization data resources.
• Designs, develops and implements short- and long-term solutions to meet information technology needs through new and existing applications, systems architecture, network systems and applications infrastructure, and through the management of the Bank's IT infrastructure.
• Maintaining all Bank digital certificates, Anit-Virus (SEP), E-Mail and Web gateway (forcePoint), IPS & IDS (IBM SiteProtector), APT Solutions (FireEye EX, NX and Invincea), Tripwrie (file integrity monitoring), Winmagic, Mcafee ePolicy Orchestrator (Drive Encryption and SolidCore)
• Preform Vulnerability scanning, penetration testing, and information security periodic tasks.
• Making sure all the Security Policies and controls applied.
• Troubleshooting any issue that happened on the any security application and devices Handling all the projects which are related to security field.

i done my COOP trainee in Saudi Aramco for 3 months and half started from 2/fep/2013 to 15/may/2013