محمد زافرودين

•Lead and manage a team of security analysts in the detection, analysis, and response to security incidents promptly and effectively following the Incident Response (IR) plan and playbooks.
•Investigate intrusion events, analyzing host files, network files, and memory to gather information for custom signature development.
•Utilize SOAR capabilities to automate and improve incident response workflows, minimizing manual interventions and reducing response time.
•Assist in all compliance activities related to demonstrating regulatory compliance in the area of cyber defence and emerging threat landscape.
•Mentor and train teams through specialized training and knowledge transfer (KT) sessions.
•Conduct and document Incident Drills, establishing crisis management and cyber resilience plans.
•Ensure vendors are implementing and operating the controls effectively through monitoring Service Level Agreements, Key performance Indicators, and having weekly meetings to track implementation progress and operational performance.
•Support SOC manager in RFP, Renewal process for existing security solution.
•Proactively monitored security solution health check, troubleshooting issues, vulnerability assessment and continuously identifying security gaps, fine tuning activity and reduced alert fatigue by 90 %.
•Develop and maintain policies, processes, and procedures to ensure reliable and effective SOC operations.
•Collaborate across organizational lines and develop depth in cyber security discipline and technologies.
•Leading daily SOC standup call, preparing executive reports, weekly and monthly deck for clients.
•Stay up-to-date with the latest cybersecurity threats and trends via OSINT and other cyber news portals.

•Continuous Monitoring: 24/7 surveillance of SOC for potential compromises and threats.
•Incident Handling: Perform technical incident triage, investigations, remediation including memory/disk forensics, malware analysis, log investigations.
•Threat Hunting: Perform log analysis on EDR, SIEM to find unknown malicious entities in the environment by using KQL, SPL, XQL query language.
•Tool Management: Maintain and improve SOPs, fine-tune on SIEM, DLP & EDR and reduced alert fatigue by 90%, and leverage SOAR for automation.
•Intelligence and Collaboration: Obtain threat intelligence, monitor threat actors, and collaborate with teams for incident remediation and vulnerability assessment.
•Attack Surface Hardening: Analyzed organizational critical asset and network architecture, reduced attack surface by 95% through applying latest patch and upgrade of software.
•MITRE ATT&CK Mapping: Created playbook and use cases as per MITRE mapping.
•Strong knowledge of XSOAR. Security architecture, tool integration via API, automation and scripting through python, playbook and use case development.

•Oversee the monitoring of security alerts and events from various tools (SIEM, IDS/IPS, EDR, firewalls, etc.), ensuring prompt detection and response to potential threats.
•Conduct in-depth investigations of security incidents, manage escalations, and prepare detailed reports on findings and remediation actions.
•Provide guidance and training to junior SOC analysts, fostering a culture of continuous learning and improvement.
•Work closely with IT, security, and compliance teams to develop and implement robust security policies and practices that enhance overall security posture.
•Perform advanced threat hunting activities to proactively identify vulnerabilities and risks, recommending improvements to existing security measures.
•Conduct in-depth analysis and develop actionable intelligence reports, including situation and analyst reports, on cyber threats and incidents. Present threat actor briefings to both technical and non-technical stakeholders.
•Maintain, enhance, and execute incident response playbooks and documentation to ensure efficient handling of security incidents.
•Monitor and assess the latest cybersecurity threats, trends, and technologies, making recommendations for tools and processes to enhance security.
•Lead and participate in security awareness training initiatives for employees to promote a culture of security within the organization.

Worked as freelance Security researcher