محمد المزعل

I work for Mobily Telecom company as a Cyber Security Analyst to plan, coordinate, integrate, and synchronize cyber defense and prevention activities throughout IT. My major duties and responsibilities include but are not limited to:

• Responsible for identifying, investigating, and mitigating real/potential malicious activity on Mobily networks and endpoints.
• I conduct teaming Adversary Emulation to enhance threat detection and assess the detection capabilities of different security controls.
• Resolve security escalation from NOC & threat intelligence team.
• Ensure deploying appropriate containment, eradication, and remediation steps to protect Mobily infrastructure driving incidents through the IR process.
• Determined disposition and appropriate escalation by applying professional judgment while performing initial analysis and investigation of SIEM alerts.
• Identify improvement areas for detection tuning and investigation practices.
• Used MITRE ATT&CK in conjunction with CrowdStrike to understand the Tactics, Techniques, and Procedures (TTPs) of Attackers when analyzing alerts and activity.
• Work with Security Engineers to plan and build proactive defenses, automation, and event detection into SOC solutions.
• Apply security knowledge skills and abilities with supervision on projects and programs.
• Investigate malicious phishing emails, domains, and IPs using OpenSource tools and recommend proper blocking based on analysis.

• Monitoring and analysis of security events to determine intrusion and malicious events and take appropriate action when needed based on workflow.
• Working on incidents, reviewing the alerts, and doing a detailed analysis on alerts.
• Investigate incidents via logs and capture the network packet using RSA Netwitness SIEM.
• Read and parse multiple types of security devices logs
• Monitor real-time security events on SIEM, Event Analysis, and Investigating and mitigation.
• Create daily, weekly, and monthly reports.
• Perform health checks of security tools.
• Maintain/ Update SOC Ticketing & knowledge base systems.
• Provide reporting service for the customer.
• Performed threat hunting to eliminate any threat.

Working as a SOC Analyst for multi different clients and one of them is Saudi National Bank and others, where my responsibilities fall on many sensitive tasks, such as the timely and accurate identification of security events, mastery of the technologies and information that I analyze while maintaining expert-level knowledge of detection tools and techniques, and proper escalation of incidents for an immediate response, containment, and recovery.

• Profile and predict the behavior of suspects based on an analysis of the offense and the manner in which it was committed.

• Perform cyber threat intelligence operations including intelligence collection (IOCs), tracking threat actors, identifying, and tracking malicious infrastructure.

• Analyzing alerts from different security intelligence tools such as FireEye and Proofpoint to validate if there is any impact.

• Supports Information Security functions by analyzing, researching, improving, defining, implementing, and executing info security controls and standards.

• I handled investigations, managed incident tickets, and response with the appropriate action using the Cortex (XSOAR) tool. Which is an extremely useful tool. Through it, the number of false positives can be reduced which makes it easier for me as an analyst to focus on real incidents, and through it, I was able to build and follow a playbook to manage and close the cases professionally and with minimal errors.

• Worked as a SOC Analyst with monitoring and serving multiple different clients where they're from different sectors; educational, insurance, financial and industrial.

• Hands-on knowledge of two different SIEM tools, LogRhythm & McAfee ESM & Splunk.

• Searching and Reporting capabilities with SIEM Tool and custom dashboard creation.

• Integration and troubleshooting of log sources.

• Create custom queries and event parsers.

• Incident Management process.

• Work closely with other Information Security teams to ensure effective intrusion detection and incident response.

• Reviewing reports to ensure quality and accuracy.

Intensive training has been completed for a period of four months (440 hours) in cooperation with the most powerful international companies providing training in cybersecurity with a total of five courses with professional certificates accredited to the SOC Analyst.

• CompTIA - Security+
• ElearnSecurity - Practical Network Defense & Incident Handling & Response Professional.
• EC-Council - Certified SOC Analyst CSA.
• LogRhythm - Analyst Product Training.

I performed several tasks related to the implementation of the Business Continuity Management (BCM) program for one of the largest telecom companies, which will help to protect and enhance their business value, especially during crises.

The tasks were:

1- Interlock with client during each BCM phases and provide periodic Reporting.
2- Involved working on business impact analysis for identifying critical processes, systems, facilities, internal organizations, and suppliers.
3- Analyze all processes in all departments of the company and find out their dependencies.
4- Detect potential threats that may affect the company's continuity of services.
5- Understand all the company's services and needs, choose software tools that are utilized to manage BCM program through all phases of the BCM life cycle, counting planning and execution.
6- Performed risk analyses to identify appropriate security countermeasures.
7- Develop business continuity plans & design BCM strategy options.
8- Design a systematic plan for BCM system maintenance and continual improvement, management review, crisis management, and departmental recovery.

Networking & Security:
• Privacy and authenticity of data and programs, network and database security, computer viruses, cryptography, private and public key cryptosystems, protocols.
• Setting up and managing LAN and WAN.
• Monitoring network activities to insure stability.
• Setup Servers & Firewall (PfSense, Windows, Debian).
• Maintain and upgrade internal parts of computers and servers.
• Monitored network capacity and performance, as well as diagnosed and resolved complex network problems.
• Monitored networks and network devices to ensure swift problem resolution.
• Prepared operational reports, including trouble resolution and analysis, project status, equipment and network requirements.
• Configured, managed and evaluated multi-protocol network elements to ensure effective end-to-end communications.
• Managed application patches, data backup, security changes and network configuration and replaced boards, changed servers and loaded and tested software applications.

Tech Support:
• Monitor and test PC’s performance and provide PC’s performance statistics and reports.
• Configure, install, maintain, test, monitor, and troubleshoot end-user workstation hardware, network peripheral devices, and networking hardware products like switches.
• Troubleshoot and either repair or replace PC faulty hardware such as hard drive, motherboard, power supply, network interface controller, PCIe, RAM’s, monitors, and warranty repairs.
• Maintaining and upgrading internal parts of computers to improve efficiency and performance.
• Managed application patches, data backup, security changes, and network configuration, changed servers, and loaded and tested software applications.
• Provide software maintenance, install programs, and provide instructions remotely.
• Setup new printers and scanners.
• Maintaining, troubleshooting, and repairing printers and scanners.