Total Years of Experience: 3 Years, 9 Months
December 2021
To Present
Cyber Security Engineer
at Coordinates Middle East
Location :
Egypt - Cairo
- Handling Centralized tickets/alerts generated from SOAR of multiple MDR and MSS Clients’ SIEMS, EDRs and NDRs in UAE and Egypt.
- Working on the new automated and enriched model for the new and critical clients for the baseline purposes and enrichments recommendation.
- Hands-on experience on Forti-SIEM, LogRhythm and QRadar.
- Hands-on experience on MSATP, Sophos EDR, CrowdStrike EDR, FireEye EDR, Cisco AMP and Symantec EDR.
- Hands-on experience on NDR (Dark Trace) but only from alerts handling perspective by correlation with SIEMs and EDRs.
- Hands-on experience on Mail Security Gateways FireEye ETP, Office 365 portal, and Mimecast.
- Use cases creation on SIEMs and Hunting Queries creation on EDRs. (recently)
- Working on the new automated and enriched model for the new and critical clients for the baseline purposes and enrichments recommendation.
- Hands-on experience on Forti-SIEM, LogRhythm and QRadar.
- Hands-on experience on MSATP, Sophos EDR, CrowdStrike EDR, FireEye EDR, Cisco AMP and Symantec EDR.
- Hands-on experience on NDR (Dark Trace) but only from alerts handling perspective by correlation with SIEMs and EDRs.
- Hands-on experience on Mail Security Gateways FireEye ETP, Office 365 portal, and Mimecast.
- Use cases creation on SIEMs and Hunting Queries creation on EDRs. (recently)
March 2021
To November 2021
Cyber-Security Senior Analyst
at Cysiv MEA
Location :
Egypt - Cairo
Working on a centralized SOC model by providing SOC managed services to well-known financial sector clients in Egypt.
- Use Cases (Rules and Dashboards) and Report’s creation, implementation and fine-tuning.
- Alerts monitoring, triaging, investigation, verification, Incident Handling & Responding, following up with the corresponding teams and closing.
- Qradar SIEM Administration with Admin privilege Account
• System Configuration (Index, Network Hierarchy, License, Reference Set, Extensions and Routing Rules Management).
• User Management (Users, Roles and Security Profiles).
• Data Source (Events and Flows) management.
• Applications Management (IBM Resilient Qradar Integration, Log Source Management, Use Case Manager, Threat Intelligence Management, DNS Analyzer, etc.)
- Incident Playbooks manually Creation and Updating.
- IBM Resilient SOAR Administration with Admin Privilege Account, Incident Runbooks implementation and automation.
- Incident Management and Automation Using Qradar Side
• Incident Mapping Templates using JINJA Syntax
• Automation Escalation conditions creation
• Enable resilient users to search the Ariel databases from an incident using AQLs.
- Incident Management and Automation Using Resilient Side
• Incident types creating and mapping.
• Phases, Tasks, Functions, Workflows and Rules implementation and updating.
- Mail Analysis using Open-Source Threat Intelligence (OSINT) to detect and respond to phishing mails.
- Use Cases (Rules and Dashboards) and Report’s creation, implementation and fine-tuning.
- Alerts monitoring, triaging, investigation, verification, Incident Handling & Responding, following up with the corresponding teams and closing.
- Qradar SIEM Administration with Admin privilege Account
• System Configuration (Index, Network Hierarchy, License, Reference Set, Extensions and Routing Rules Management).
• User Management (Users, Roles and Security Profiles).
• Data Source (Events and Flows) management.
• Applications Management (IBM Resilient Qradar Integration, Log Source Management, Use Case Manager, Threat Intelligence Management, DNS Analyzer, etc.)
- Incident Playbooks manually Creation and Updating.
- IBM Resilient SOAR Administration with Admin Privilege Account, Incident Runbooks implementation and automation.
- Incident Management and Automation Using Qradar Side
• Incident Mapping Templates using JINJA Syntax
• Automation Escalation conditions creation
• Enable resilient users to search the Ariel databases from an incident using AQLs.
- Incident Management and Automation Using Resilient Side
• Incident types creating and mapping.
• Phases, Tasks, Functions, Workflows and Rules implementation and updating.
- Mail Analysis using Open-Source Threat Intelligence (OSINT) to detect and respond to phishing mails.
July 2020
To February 2021
Cyber-Security Analyst
at IP Protocol INC
Location :
Egypt - Cairo
- Incident Monitoring, Triage, Investigation, Verification, Escalation and Closing.
- Use Cases Creation, Implementation and Fine-Tuning on the SIEM Solution.
- Vulnerability Management using Tenable Security Center and Nessus Scanners.
- Vulnerability Management, using the SCAP Terminologies (CVEs and CVSS) to verify and report related and Zero-Day vulnerabilities.
- Mail Analysis using Open-Source Threat Intelligence (OSINT) to detect and respond to phishing mails.
- SIEM Solution Clean installation, License Management, Log/Flow Sources Integration, Network Hierarchy insertion, Server Discovery, Asset Management, and EPS/FPM Tuning based on suitable Log sources’ Events.
- Use Cases Creation, Implementation and Fine-Tuning on the SIEM Solution.
- Vulnerability Management using Tenable Security Center and Nessus Scanners.
- Vulnerability Management, using the SCAP Terminologies (CVEs and CVSS) to verify and report related and Zero-Day vulnerabilities.
- Mail Analysis using Open-Source Threat Intelligence (OSINT) to detect and respond to phishing mails.
- SIEM Solution Clean installation, License Management, Log/Flow Sources Integration, Network Hierarchy insertion, Server Discovery, Asset Management, and EPS/FPM Tuning based on suitable Log sources’ Events.
Share on Facebook
Share on Twitter
Share Via Email