Manager
SI CONSULT
Total years of experience :16 years, 3 Months
As SOC Manager working for Si Consult, I lead our 24x7 Security Operation Center, where I am responsible for managing our highly experienced SOC team, delivering excellence, new service offerings, innovation and supporting business development. Our MSSP SOC is responsible for protecting all of our customer IT Assets, including virtual assets, cloud and traditional infrastructure, by using the most advanced technology and expertise. Si Consult provides a tailored and responsive approach for each of our clients and the SOC services includes:
•Cyber Security Monitoring •Incident Response
•Threat Hunting •Cyber Attack Simulations
•Vulnerability Management •Daily, Weekly, Monthly Reports
•Threat Intelligence Services •Root Cause Analysis Report
As a SOC Supervisor, I was responsible for managing the SOC Monitoring team in detecting, investigating and responding to incidents, which involves complex investigations to identify indicators of compromise (IOCs), as well as assessing and fine tuning the event correlation rules.
• Perform necessary analysis and provide security Incident Response.
• Working with FireEye (HX) to create IOCs and contain systems.
• Lead complex investigation of incidents and provide evidence and reporting.
• Conduct periodic review of SOC/IR Policies, Standards and Procedures which improved response times, ease in transfer of internal information and reduced ticket resolution times.
• Ensure that the forensic tools and processes can accommodate new challenges.
• Deep Incident Investigation and Analysis through known incident response tools such as Wireshark, Volatility, Process Hacker and SysInternals as well as syslog’s (ArcSight, Symantec MSS services).
• Managing IT Security technology used within the SOC such as firewalls, Juniper SSL-VPN and Arbor Anti-DDoS Solution of Arbor Networks.
• Find the root cause of critical security incidents and provide recommendations.
• Monitor external data sources and working with SOC team and relevant information to maintain the current threat condition and determine which security issues may have an impact on the organization services.
• Worked on critical incidents, coordinated the Incident investigation and management activities with internal and external parties.
• Provided initial/basic forensic investigation of critical incidents - Identify, seize documentary or physical evidence - including digital media and logs associated with cyber intrusion, incidents, investigations and operations.
• Installation, integration, maintenance and technical support of the Arbor DDoS solution throughout MOBILY.
• Technical Support on all Arbor products Peakflow SP, Threat Management Solution (TMS).
• Provide real-time DDoS attack mitigation by analyzing packets and DDoS traffic patterns.
• Pre and post sales consultancy, installation, integration, maintenance and technical support of the McAfee solution to customers across Saudi Arabia.
• Installation and Technical Support of all McAfee products McAfee IPS Sensor M2950, M4000 and M8000, McAfee Endpoint Encryption for PC v6 and v7, McAfee ePO (ePolicy Orchestrator) v4.5 and v5 Server.
• Create internal technical knowledge base, which improved response times, transfer of internal information and ticket resolution times.
• Network/ System Vulnerabilities Assessment in Saudi Arabia.
Create internal technical knowledge base, which improved response times, transfer of internal information and ticket resolution times.
•Network/ System Vulnerabilities Assessment in Saudi Arabia.
McAfee ePO & McAfee Anti-virus deployment and configuration.
•To assure the smooth functioning of the Local Area Network & Wide Area Network in Hub & its computerized branches.
•Change & Configuration of media from Sky Link to Idirect (Acsys) in different branches.
Certification and Trainings: CISM Certified - (ISACA ID: 1215845) CHFI Certified - ECC4768390152 CCNA Security CSCO12131136 CCNP Security CSCO12131136 CISSP In Progress