L3
IBM - Saudi Arabia
Total years of experience :12 years, 0 Months
I’m working in IBM as a L3 DFIR- SOC Analyst on John Hopkins Aramco Healthcare project
Shift Lead - SOC
Managing the Shift of L1 & L2 total 10 members
Key person to Identify and mitigate Shamoon 2 Disttract Malware.
Responsible for monitoring and maintaining systems, policies, procedures etc.
Support in building and performing Incident Response duties for SABIC Computer Security Incident Response
Plans (CSIRP)
Performing Dynamic Malware analysis using automated malware analysis solutions.
Analyze the Artifacts of malware and do research on the payload and Update sec controls.
Performing daily monitoring and incident response reporting for issues related to malware threats, and
Intrusion detection
Extensive use of Open Source Intelligence (OSINT) and proprietary intelligence Source to conduct research on malicious domains, IP addresses, file extensions and creating IOCs on those findings in our internal environment (Fire wall, IPS EDR etc.),
Monitoring alerts, reviewing firewall logs, host logs both on Virus and malware infections.
Conducting research on phishing & spam alerts using Phise-me tool, Co-Fense and Update for malicious actors on Security controls.
Monitoring SABIC networks for alerts triggered in (SIEM) system & Perform Deep dive on triggered/Escalated alert.
Responsible of providing steps required for both the investigation and resolving security incidents to the service desk team
Creating SOPs & Playbooks on tools utilized for the CIRT
Developing RCAs for security investigation and discuss with all SME’s for implementing Lesson Learnt action items captured during security incident investigation.
Researching on Threat Intel alerts in Security Center
Creating IOC (Indicator of Compromise) from malware reverse engineering on events investigated
Consisted of the following of procedures to triage and investigate security alerts, and escalate issues as necessary. Assisted in improvement of Log Management, Network Analysis.
Configuring and trouble Shooting Routers, End points, Client support monitoring
Meeting all the business requirements based on the client’s needs in presales.
Played a key role to mitigate DDOS and protected the reputation of the organization &
its clients.
Maintaining the firewall & proxies, Update IOC’s, create rules and push policies
Upgraded to SOC by the year end as a L1 SOC analyst.
Conducted Audits (QA) on Monthly Basis to assure the Information Security Management across business functions.
Handled emergency response to the critical vulnerability outbreak.
Maintenance of network infrastructure and architecture.
Built a good Network for Threat actors & IOCs Updates
Certifications
Certified Ethical Hacker (CEH): License No- ECC99211186658.
Splunk Enterprise Security Certified Admin
Education