Security Engineer (Onboarding Engineer)
IT People Consultancy | Contract Position for Atos- Qatar LLC
Total years of experience :4 years, 4 Months
• To perform SOC Remediation for clients.
• SIEM health check & Visibility Enhancement for SOC Monitoring (MSSP - Logrhythm Platform)
o Log source Assessment
o Log validation
o Parser Validation & Development
o Use Case Assessment.
o Use Case Fine Tuning and testing
o Hardware health checks for recommended resources
o System Monitor Agent (SMA) Assessment - to ensure it is in good health
o Reports Assessment & Creation
• Identify GAPS for SOC Monitoring and provide recommendation to full fill them.
• Log source integration (onboarding) - Onboarding of new devices including a custom application database,
Windows & Linux devices, network devices, etc.
• Log source troubleshooting
• AI Engine Use case development & reporting as per the compliance.
• SMA installation, configuration & troubleshooting.
• Research security enhancements and make recommendations to management
• Create reusable and efficient Automation Playbooks
• LRXM(AIO) installation for greenfield customers.
• Customized integrations for unsupported devices including meta fields parsing and MPE mapping (Parser Development for customized log sources)
• To provide an administration support 24/7 to clients on security products.
• Solution designing and implementing deployment on security products.
• Define and Design application enterprise monitoring strategy and capability roadmap.
• Perform the On-premises installation of Security Solutions. Set up connections between server
andrequired services.
• Working on proof of concepts, demonstrating Product’s ability to meet and exceed customer
requirements.
• Monitor organization’s networks for security breaches and investigate violation when one occurs.
• Prepare reports that document security breaches and the extent of the damage caused by the
breaches.
• Develop security standards and best practices for client’s organization.
• Checking and monitoring archive and audit logs.
• Daily, Weekly & Monthly reports
• IBM Q-Radar troubleshooting of log sources in case of any issue, troubleshooting all issues related
to both hardware and software.
• Creating and testing new policies (Use Cases) as per client’s requirement on security products.
• IBM Q-radar professional services of custom DSM (For unsupported assets & applications) and event mapping.
• Integration of assets with security products.
• Health Checks ofsecurity solutions and GAP Analysis of Security Operation Center
• Security threat analysis and providing suggestions
• Provide trainings to clients after deployment ofsecurity solutions
L2 SIEM Admin | Resident Engineer at Bank Alfalah on Behalf of COMMTEL - Pakistan (6 months)
• SOC Monitoring
• Managing day to day Security application monitoring, log analysis, VM/ Endpoints scanning; Identification
and mitigation of threats.
• Analysis of security events and identifying the false and true positives, creating security incidents.
• Running basic investigation and search based on the common security events and proactively identifying
the security threat in environment.
• Creation of the alerts in SIEM and fine-tuning in correlation rules based on the analysis of the events and event triaging. Performing technical cyber security investigation on security incidents, root cause analysis, recommendation.
• SIEM Upgrade, Fine tuning, Health checks, Log source integration/troubleshooting and Custom parser
development.