Team Lead CSOC
Confidential Company
Total years of experience :24 years, 4 Months
Responsible for oversees the operations and allocate the required resources for Cyber Security Operation Center (CSOC) environment and manage overall situational awareness, security posture, and overall dedicated onsite position with the client.
Manage Team rotation plan to ensure 24x7x365 SOC coverage for performing daily operational 'eyes on glass' real-time monitoring and analysis of security events comes from multiple sources including but not limited to events from Security Information Monitoring tools, network and host based intrusion detection systems, firewall logs, system logs (Unix & Windows), mainframes, midrange, applications and databases.
Supervise & work collaboratively with other Cyber Security Analysts and Cyber Engineers to perform incident response and analysis, security monitoring, protection, and delivery of security services for the clients and give guidance to ensure compliance to SOPs and track SLA compliance.
Manage and increase the effectiveness and efficiency of the SOC through improvements to each function, define new correlated rules, fine-tune existing correlation rules to reduce false -positives, setting up dashboards and generate Ad-Hoc reports as and when needed, create work instructions for CSOC team to be able to act upon alerts generated by those use cases and resolution of security incidents within established customer Service Level Agreements.
Management of resources to include personnel, budget, shift scheduling, and technology strategy to meet SLA’s and ensure timely response and investigations of security events.
Monitor dashboards to keep track of security events, health of SIEM devices
troubleshooting and deep analysis of Security alerts.
Define rules, customized reports, and scheduled reports as per requirements and provide analysis and trending of security log data from a large number of heterogeneous security devices.
Manage SOC team training to ensure current knowledge and readiness for new types of security threats.
Escalation Management and organizational focal point for critical incidents.
Incident Response (IR) support when analysis confirms actionable incident and perform threat and vulnerability analysis as well as security advisory services.
Develop and administer SOC processes and review their application to ensure that SOC’s controls, policies, and procedures are operating effectively. Play a significant role in long-term SOC strategy and planning, including initiatives geared toward operational excellence.
Investigate, document, and report on information security issues and emerging trends. Identify and assess security risks and assist in implementing measures to manage and mitigate all identified risks.
Coordinate with Intel analysts on open source activities impacting State, Local, Tribal and Territorial (SLTT) governments.
Creation of dashboards, reports, and metrics for executive management and preparing Weekly, Bi-weekly, Monthly, Quarterly and Annual Security Threat Report with CSOC and coordinate team activities with other teams and perform other duties as required.
24/7 SOC activities (monitoring and operations), Incident Handling and Response, Report writing, Daily Security Operations & Controls of the Firewalls (Network Appliances, Software Solutions etc.), Enterprise & IP Networks (LAN, WAN, WLAN), Vulnerability Assessment, Cloud based Anti-Virus Services and Traffic Analysis. Monitor multiple security technologies, such as IDS / IPS, syslog, file integrity, firewall, proxy, mail gateway, and vulnerability scanners.
Supervise Computer Emergency Response Team (CERT) of South Region for handles information security incidents, report on vulnerabilities and promote effective IT security practices throughout the region, monitoring multiple security technologies using Event Management (SIEM) tool, AD Audit and log analyzer to detect IT security incidents.
Manage and maintain up-to-date configurations on all ERP Servers, Interface Systems, Network Switches, Gateway Firewall, Wireless Controller, End Point Security appliances and ensure that baseline for all technologies are maintained and updated.
Develop and maintain Information Security Policies & Process to provide an efficient, effective & up-to-date risk management environment in support of company strategic goals.
Ensure that information security is adequately addressed in the development stage of any new products / portals.
Collect and analyze event information and perform threat or target analysis duties. Interprets, analyzes, and reports all events and anomalies including initiating, responding, and reporting discovered events.
Implement and maintain the IT Audit & Risk Management standards for operations, backup and security policy of server, communication, network infrastructure, maintenance procedures, disaster recovery and data protection.
Work with IT team to design and develop systems that monitor system security and provide management reports to protect and ensure the safety of the company information assets.
Verify that information security controls around user access, change management, systems access and utilization are working as intended through the use of daily monitoring tools and provide reports to management.
Develop and manage the company Information Security Awareness Program and conduct training in support of same.
Perform periodic reviews of Information security policies compliance and prepare reports for management.
Liaise with local/international vendors during security products evaluation, review & finalization of technical proposals/solutions.
Interact and liaison with internal and external auditors as per company audit requirements and tracked, followed up & closed audit observations raised relating to IT Security.
Setting up IT infrastructure including IBM X Series Servers, Dell PowerEdge Servers, HP Proliant Servers, HP StoreEasy 1650 Storage, HP layer 3 & 2 Switches, Cisco network equipment, high available communication infrastructure for Property Management System Fidelio Opera 5, Micros Fidelio Materials Control and Financial Control as well as Micros 9700 Point of Sales.
24/7 NOC activities (monitoring and operations), Incident Handling and Response, Report writing, Daily Security Operations & Controls of the Firewalls (Network Appliances, Software Solutions etc.), Enterprise & IP Networks (LAN, WAN, WLAN), Vulnerability Assessment, Cloud based Anti Virus Services and Traffic Analysis.
Administer and maintain support of various hosted services of Office 365 & Azure Active Directory.
Deployed security controls to ensure the confidentiality, integrity and availability of Hotel's business services and infrastructure to reduce exposure to risks.
Review and provide recommendations for systems/network designs, development, testing, backup data, application software, network services & security, and performance monitoring.
Project management and technical leadership during the deployment of new technical solutions and Collaborate with vendors and Telecom providers for specific requirements of a project.
Network testing & management using monitoring tools, traffic generators and sniffers to produce network management reports, troubleshoot, analyze and perform Risk Management and capacity planning.
Implement and maintain the IT Audit & Risk Management standards for operations, backup and security policy of server, communication, network infrastructure, maintenance procedures, disaster recovery and data protection.
Co-ordinate with Internal and External IT Auditors in IT Audit process.
Focus on enhancements of infrastructure and growth of IT and operations teams.
Provide support of daily network problems/task of SBP Central Directorate Network comprising more than 3800 plus clients on Cat 6 cabling with Fiber Optic is used for backbone connectivity.
Successfully Installed WAN link between SBP, Karachi to Ministry of Finance, Islamabad on DXX is Primary link and ISDN BRI is backup link using Cisco 2610 series modular routers.
Actively participated in commissioning of Video Conferencing Equipment of Picture Tell using 4 ISDN BRI lines between SBP, Karachi to World Bank Islamabad.
Monitor WAN connectivity between different remote locations to SBP.
Actively participated in deployment of CIB On-line project of SBP using Cisco Access Server 3660, connect through ISDN PRI line and Radiator Server used for authentication.
Network support of Internet permanent Leased Circuit from PTCL (I.T.I.).
Supervised new requirement of Networking infrastructure, Network Cabling, Connectivity and testing at remote sites.
Liaise with local/international vendors besides being involved in review & finalization of technical proposals.
Designed & Configured IVR (Interactive Voice Response) System for ARY Digital in Pakistan.
Plan, Schedule and coordinate all system administration activities, including installation, testing and configuration of hardware and software. Planning of DRP, backup application software, network services & security maintenance procedures and virus protection.
Successfully installed, configured Dial-On-Demand Routing on Cisco 2503 router for TCP/IP based WAN access for Lahore & Islamabad on ISDN BRI.
Support network comprising one Windows 2000 Advance Server, one Backup Server, one Database Server of MS SQL Server 2000 and six Computer Telephony Servers of Windows 2000 Professional.
Configured Dialogic JCT 600 2E1 Telephony Cards for IVR System.
Actively participated in Commissioning of Rack-mounted Siemens TransXpress SMA 1K for connecting, maintaining and terminating 20 ISDN PRI (E1) signals on Fiber Optic.
Manage and Administering Windows based network.
Administer servers of Exchange 5.5, IIS 4.0 and Proxy Server 2.0.
Installation and support of Network & Client Operating System.
Installing and Configuring Operating Systems (Win 95, NT 4.0) Services & Device Drivers.
Provide support for desktop and hardware problems for 60 client computers on network.
Configure Gateways for connectivity to other Operating System.
Installing and Configuring IIS 4.0 and Exchange Server 5.5.
Manage company’s local Intranet.
in