L3 SOC Analyst
IBM - Saudi Arabia
Total years of experience :15 years, 5 Months
• Incident handling and response
• Identifying key areas to improve SOC monitoring and processes
• Planning and implementing changes to improve SOC operations
• Providing management with reports and devising plan to work on improvements
• Preparing security incident reports and recommending actions
• Performing threat hunting to identify any potential advance threats in the environment
• Assisting in assessing different security solution against organizational requirements
• Created and maintained Incident Response process as per the guidelines of NIST.
• Identifying anomalies and policy violations by monitoring and audit.
• Planning and implementing proactive changes to improve security posture of organization with respect to emerging threats.
• Protecting system and information by defining policies, procedures and guidelines.
• Developing plans for risk mitigation by analyzing and assessing potential security risks.
• Evaluating security tools and technologies and providing feedback to management.
• Professional communication and documentation of processes and procedures.
• Leading technical activities for different security solutions in order to meet client’s requirement.
• Primarily looking after the pre-sale, post-sale and R&D activities for:
o IBM QRadar SIEM
o IBM XGS and SiteProtector
o IBM Guardium DAM
o IBM Privileged Identity Management
o Avecto Defendpoint Privileged Management
o CA Strong Authentication
o CA Shared Account Management
• Carrying out PoCs for different solutions in order to demonstrate solution of client’s problems.
• Arranging and managing pre-sales and post-sale activities
• Creating solution documents for customers
• Planning and Managing technical projects
• Performing Research and Development
• Managing technical resources
• Diagnosing application errors and network connectivity problems
• Management of various services like DNS, Domain Controllers and Active Directory.
• Managing LAN, WAN and VPN
• Installation, configuration & administration of Windows Server 2003/2008. Installation and troubleshooting Windows Operating System, Servers.
• Installation, configuration & administration of Linux OS, Maintain & Manage various services running in Linux system which include proxy server (squid) and DHCP.
• Maintaining inventory of assets and keeping record of asset issuance/retrieval, theft/sabotage of assets etc.
• Creating Daily, Weekly and Monthly activity reports and incident reports etc.
• Performed daily, weekly and monthly back up of data
• Developing schedules, resource allocation plans, and system test plans
• Assisted users, and gave training for installed systems and programs including Oracle Financial and CC&B
• Attended technical conferences and seminars to stay informed about new product developments
Following subjects were part of this course. Advance Network and Web Security Cryptography Crypt-analysis Computer Security Information Security Management Standards Applied Mathematics Information Theory and Coding