فضل رحمن

- Handle escalated tickets and Perform deep-dive incident analysis

- Handle EventTracker EDR on client environment and Deep Instinct EDR

- Integrating compliance devices with Splunk and EventTracker on frequent basis.

- Working with device administrators to configure the devices to enable/send the logs

- Maintain and improve the SIEM services to identify emerging threats and meet regulatory compliance.

- Monitor and report Vulnerability Assessment scans running on client environment using SAINT

- Conducting Monthly and weekly client review calls using advanced visualization tools like PowerBI and Report Builder.

- Monitoring SIEM logs, Firewall logs, Active Directory log, IDS and IPS logs.

- Creating and working with IOC and dashboards.

- Knowledge of tools like snort, Saint, Excel, Power BI, Dax Studio, Report Builder and Freshdesk as a ticketing tool.

- Analyzing alerts using Splunk Enterprise Security and EventTracker.

- Assisting the clients and Security Analysts with product and security related issues.

- Continuous monitoring, analyze security alerts and event information for all approved security feeds to include investigation of incidents using system logs, event correlation between IDS/IPS, firewall and other means of detection.

- To monitor the Status & connectivity of 3000+ Devices with SIEM.

- Handle escalated tickets and Perform deep-dive incident analysis

- Integrating compliance devices with Splunk on frequent basis.

- Working with device administrators to configure the devices to enable/send the logs

- Design and develop innovative methods of automatic event processing to satisfy compliance and operational requirements.

- Maintain and improve the SIEM services to identify emerging threats and meet regulatory compliance.

- Assessing the SIEM, Log Baselines implemented and the SOC Procedures, for finding the gaps.

- Conducting workshops to discuss Use cases and Log baselines with Clients

- Monitoring SIEM logs, Firewall logs, Active Directory logs

- Creating and working with IOC dashboards.

- Knowledge of Process Explorer and Carbon Black

- Analyzing alerts using Splunk Enterprise Security and Qradar

- Malware Analysis

- Email Phishing Analysis