SOC Team Lead
Emirates National oil company
مجموع سنوات الخبرة :17 years, 5 أشهر
SOC Team LEAD (March 2017 till date)
➢ Manage a team of Security Analysts and to ensure the smooth operation of 24/7 Security Operation Center which focus on IT security and cyber threats.
➢ Research and analyze wide variety of commodity and APT based malware and techniques.
➢ Identify threat vectors and develop use cases for security monitoring.
➢ Provide support and guidance for the prevention and resolution of security threats.
➢ Ensure all alerts are being taken care by the SOC Team on time.
➢ Provide detection and response to security events and incidents across the ENOC
network.
➢ Handle incidents escalated by level 2 analyst.
➢ Thorough investigation of security alerts generated by detection mechanisms (IDS/IPS,
user reported, custom alerts, etc.)
➢ Handle every step of the alert, from detection to remediation.
➢ Handle user reported cases of potential phishing, and spear phishing campaigns.
➢ Threat hunt in the existing infrastructure for the indication of malware and malicious
events which are not detected by existing security controls.
➢ Review security incident reports and provide recommendation to improve security
postures.
➢ Creation of reports, dashboards, metrics for SOC operations and presentation to Mgmt.
➢ Ensure compliance to SLA, process adherence and process improvisation to achieve
operational objectives.
➢ Provide guidance and Information security recommendation to IT operation team about
newly acquired IT solution.
➢ Provide security clearance to the newly provisioned services before they go live.
• Working under the supervision of ITSM-ITIL based Service desk on various SLAs.
• Ensure the security of systems and networks which include about 700 servers, 600 network devices and 3000 end points which scattered across HO, 15 branches and 190 petrol stations.
• Implementation, administration and Monitoring of IPS/IDS system.
• Analyzing and taking actions on the suspicious Network traffic.
• Implementation, administration and Monitoring of SIEM solution.
• Responsible for Security Incident handling and corrective counter measures
• Responsible for monthly vulnerability assessment on network devices and Servers.
• Providing the assessment results and recommendation to the management and concerned team.
• Managing End point security systems.
• Implementation and managing of BMC Blade logic client Automation tool.
• Automation of security patches deployment on all windows Servers across ENOC network.
• Handling business application like Efax and Enterprise SMS system.
• Handling Retail applications.
System Administrator
Trigent Software Ltd, Bangalore-India-May 2007 to March 2008
□ Responsible for support of 60 servers (includes all aspects of Operating system Troubleshooting)
□ Responsible for DHCP, DNS & WINS Configuration and trouble shooting.
□ Implementing and troubleshooting Group policy.
□ Remotely connecting to servers and troubleshooting using VNC and TS.
□ Migration of DC, DHCP, WINS, and file servers from NT 4.0 to Windows 2003 Server.
□ File Server management.
□ Configuring and Managing Routing Remote Access.
□ Installation Configuration and Administration of Microsoft Exchange 2003 Server.
□ Responsible for backup and Restoration using Cobian.
□ Managing and Maintaining Antivirus Enterprise server and clients.
□ Desktop Implementation using Acronis True Image Management.
□ Installing, Configuring and Administration of Virtual Servers using VMware and MS Virtual Server 2005 R2.
□ Administration of Linux and Solaris Operating Environment.
□ Managing CISCO Routers and Switches
□ Providing support for a medium sized windows server 2003 network with servers including 2 DC, DHCP, DNS, FS, Exchange, WSUS etc and 500 clients.
□ Active directory management and Infrastructure updates.
□ User, Groups, OU and Group policy Management.
□ Planning and Implementing Backup and Restoration policies using ARCserv.
□ Installation and configuration of RIS Server.
□ Patch updating for WSUS server.
□ Managing McAfee antivirus Server and clients
□ Troubleshooting Outlook, Printers, Internet/Intranet connectivity.
□ Exposure to MAC system.
□ Set up and managed a medium sized Windows 2003 network.
□ Troubles shoot All Server related operations. (DNS, DHCP, IIS).
□ Creation of user and Groups.
□ Installing and Managing Fileservers.
□ GPO Management
□ Backup, Trouble shooting Outlook, Printers, Internet/Intranet connectivity.
□ Norton Antivirus installation and Updating.