Ahmed Hegazi

• Lead authorized penetration testing engagements across web applications, internal networks, and mobile
platforms in government and enterprise environments; validate vulnerabilities including SQL Injection, XSS,
SSRF, LFI, and authentication/authorization flaws aligned to OWASP Top 10 and PTES.
• Act as SOC Tier 2/3 escalation point for advanced investigations, threat hunting, and incident response during
high-severity events; lead incident-led DFIR for infostealer malware, internal data leakage, personal device
exposure, and third-party vendor incidents.
• Perform digital forensics including evidence acquisition, timeline analysis, impact assessment, and formal
reporting aligned to ISO 27001 and NIST CSF.
• Own end-to-end operations of SentinelOne EDR, Arista NDR, Splunk SIEM, and FortiSOAR, ensuring
detection coverage and operational readiness.
• Design and maintain SOC automation playbooks in FortiSOAR for triage, enrichment, and containment,
reducing manual analyst effort and improving response consistency.
• Develop and maintain detection content including YARA rules, Sigma rules, and YAML-based detections
across EDR and NDR platforms; manage IOC lifecycles and operationalize CVE intelligence into prevention
and detection controls.
• Perform sandbox-based malware and supply chain analysis on suspicious artifacts in enterprise software
updates including Oracle Database and SAP HANA.
• Participated in infrastructure security assessment.

• Designed and optimized SQL Server architectures for performance, reliability, and high availability across
healthcare production systems.
• Implemented backup, recovery, and failover procedures, improving system resilience and disaster recovery
readiness.
• Tuned queries and indexing strategies to reduce latency in regulated healthcare production environments.