Cyber Security Analyst
Algerie Telecom
Total des années d'expérience :3 years, 11 Mois
- Security monitoring and incident handling across a complex network.
- Analyze event logs and detect IoCs.
- Work in a 24x7 Security Operation center (SOC) environment.
- Investigate, document, and report on information security issues and emerging trends.
- Collaborate with other IT teams and security stakeholders to provide security-related information and support.
- Developed content for, as well as conducted the following tasks for Azure Sentinel (SIEM):
● Used custom PowerShell script to retrieve metadata from Windows Event Viewer to be sent to third-party API in
order to derive geolocation data
● Configured Log Analytics Workspace in Azure to import custom logs containing geo-information
● Configured Azure Sentinel (Microsoft cloud SIEM) workbook to visualize global attack data (RDP brute force) on a
world map according to the attacks’ physical location and magnitude.
- Working with vulnerability assessment tools such as Nessus and OpenVas, followed by doing more investigation
using Valhalla to evaluate attack vectors, identify system vulnerabilities, and develop remediation plans.
- Perform security analysis tasks using Wireshark to investigate a variety of suspicious activities including ARP
Spoofing, FTP/TFTP buffer overflow, ICMP flooding, and other unusual network traffic.
- Configure AD in Windows Server 2016 (Remote Access, DirectAccess VPN, Routing, NAT, DHCP, DNS, etc.)
- Implement and configure an Open Source SOC by using these components:
● Aggregate and visualize security event Elastic SIEM (ELK) powered by ElasticSearch, Logstash, and Kibana.
● Collaborate and analyze observable incidents using Cortex and TheHive.
● Collect, store, and share cyber security indicators and threats about cyber security incidents analysis and malware
analysis using the MISP sharing tool.
● Deploy and configure other event sources like Snort IPS, WAZUH monitoring system, Twitter Bot, and use Atomic
Red Team library for attack simulation.
- Deploying a solution for network security automation:
● Create a network penetration testing tool in python using Scapy that performs about 25 well-known attacks in the
3 network planes: management, data, and control against Cisco devices, NGINX servers, and Linux VMs.
● Deploy security mitigations measures using python libraries (Netmiko, Scapy) and Ansible playbooks.
● Prepares a variety of written communication, reports, and documents to ensure smooth operations.
● The application will help the network security team to perform their day-to-day work more effectively.
- Provide identification, configuration, and implementation of network perimeter / LAN security, tasks include:
● Allowed/blocked data flow related to TCP/IP stack and TCP/UDP service
● Email and web security management
● IPSec and SSL VPN technologies.
- Knowledge and experience with Microsoft Active Directory, Group Policy management, and RDP services.
● Provide level-2/3 support and troubleshooting to resolve network issues.
● Respond to network connectivity issues and resolve any wireless communications.
● Optimization of triggers, workflows, and notifications in the SolarWinds monitoring system.
● Installation, configuration, and maintenance of Windows Server 2012 virtual machines.
● Design and maintain switch network with other Cisco L3 switches (Catalyst 3750/2960) in multi-VLAN, configured
802.1Q trunking in Access layer switches providing inter-VLAN routing.
● Configuring Layer-2/3 technologies including VLANs, trunking, 802.1Q, Port Security, and inter-VLAN routing.
● Managing the inventory of all network hardware; the management, and monitoring of devices using SSH, Syslog,
SNMP, and NTP.
https://www.esi-sba.dz/fr/index.php/specialite-ingenierie-des-systemes-informatiques-isi/