Senior Security Analyst
CPX
Total des années d'expérience :12 years, 8 Mois
Working as a Senior SOC Consultant.
- Technical Analysis and Investigation of Security Events, Escalations and Reporting.
- Working with different GOV Entities, Driving new Used Cases, security controls and Fine tune existing use case configured in SIEM environment.
- Performing documentation for organization Standard Operation Procedures (SOP) and/or development of SOPs and training material, perform health checks for SOC solutions and systems under monitoring, Review periodically to ensure Enterprise information SOP’s.
- Experience in SOC (Security Operations Centre) methodology such as Incident Handling, Threat detection, Network traffic monitoring, real time security event handling, log analysis, real-time guidance to customers on network configuration, security settings and policies, attack mitigation procedures, anti-phishing operations, network flow data analysis for anomalies and detect malicious network activity.
- Engaged in security consulting for clients across Middle East.
- Key project experience includes: SIEM and SOC Projects, SIEM Solution implementations, Security consulting’s, breach and fraud assessments.
- Drive the response to Cyber Security Incidents by coordinating with team members, leading incident calls and SOC activities, and creating the required communications and updates.
- Perform daily real-time monitoring and analysis of security events from a variety of sources to determine effective resolution from a security and business perspective.
- Understand client needs and create required Service Level Agreements (SLA’s) to match client requirements.
- Participate in SOC Projects and Engagements as a SOC representative, in addition to completing assigned tasks.
- Integration Of New Devices for log collection and reporting.
- Use of Source fire-Snort NIDS for signature based detection of security related events and alerts.
- Analysis and Troubleshoot of IDS captures of the suspected traffic by checking the alert logs by using tools like Splunk and other Siem tools.
- Performing Root Cause Analysis of reported incidents and issues.
- Tuning the alerts signatures by checking for the patches and CVE for the IDS cases to reduce the false positives.
- Using open source tools like - Wireshark, Google Suit Toolbox, Cisco Talos site, Virus Total, Mxtoolbox, Bluecoat Site Review, WHOIS, URLVoid, URLpng, Alexa, Fortiguard for troubleshooting and analysis of URLs and logs related to external links.
Client: -Cleveland Clinic AbuDhabi.
- Technical Analysis and Investigation of Security Events, Contextual Systems and Incident Escalations and Report Generation and Presentation.
- The key event is to respond the Security Events from managed customer security systems as part of a team on a rotating 24 x 7 x 365 basis.
- Part of Red and Blue Team Activity and have performed Forensics, technical and management reports.
- Lead the operations of the SOC to ensure Optimal Identification/ Resolution of security incidents.
- Asset Classification, Categorization, Vulnerability Assessment and Mitigation Work and follow-up with the IT and other Business Units to develop action plans to Mitigate them to Promote Security Initiatives.
- Device (Medical, Finance, and Others) Security Assessment to ensure compliance is maintained.
- Forensic analysis and reporting on Malware Outbreaks, including network traffic analysis, file system artifact assessment and searching for indicators of compromise (IOC).
- Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, and malware analysis tools.
- Define and evaluate security technologies, Perform POC, Used Cases and deploy them and create report before going for environment rollout to ensure cyber defense, I.e.: EDR, Trend XG etc.
- Participate in design and information gathering workshops to understand the customer’s existing design and technical requirements, and assess pros and cons of ideas.
- To test new releases, fixes, and workarounds to operating software and to ensure that they are implemented and functioning correctly in the live environment.
- Produce written summary reports of the status of security devices, per customers requirement.
- Follow all relevant departmental policies, processes, Standard Operating Procedures and instructions so that work is carried out in a controlled and consistent manner.
Clients: - Estée Lauder and Deutsche Bank.
- Completed Security Offshore Transitioning and Knowledge Transfer sessions delivered to L2/L3, Team & Document Creation/Review Viz. Standard Operating Procedures (SOP) Documents, Run-books, Network Diagram, LLD, HLD, Implementation Plan & Disaster Recovery Plans.
- Built Process Frameworks, Guidelines, Metrics and related Workflows.
- Handled Escalations and part of Investigating Teams with the help of network monitoring tools l.e. TCP View, Process Monitor & Explorer.
- Changes/ Compliance Report/ Reviewer/Global access for team.
- Service Level Report, Audit, Compliance Report and Customer Presentation.
- Review and Assess Software Upgrade and Bug Fixes along with Updating the OS patch cycle document.
- Operational Issue handling of McAfee Products, Proof Point Email Security Solution, Zscaler Proxy, Palo Alto Firewall, VPN Issues and Move-IT SFTP Solution.
- Operational Support to Team on daily basis, along with availability for escalation and High Priority Issues.
- Here is the list of projects actioned.
1. McAfee EPO Migration Between Two Data Centers.
2. McAfee EPO Maintenance and Fine tuning Wrt. Performance Issues, Space Issues, and Database Maintenance.
3. Implementation of File Integrity Monitor (Solid Core) on Windows and Non-Windows platform.
4. Upgraded HIPS and Drive Encryption to N-1 version to Stabilize the Environment.
5. QRadar’s fine tuning and log source management.
6. POC and used case testing of McAfee and Symantec DLP along with Data Classification and Data Discovery management along with in different communication sources.
Clients: - United States Army, Barclays Bank and Fortune 50 Customers.
- Solutions Designing and Implementation of McAfee Security Products for IT Organizations across Globe which involves activities such as Information Gathering, Planning, Deployment, Configuration, Maintenance and Finetuning.
- Creating customized deployment strategies for different customer environments.
- Encouraging customers to invest in better threat intelligence, and threat management techniques and products.
- Products Handled are E-Policy Orchestrator, Host Intrusion Prevention (IPS and Firewall), MOVE (Agentless & Multiplatform), Agent Handlers, Virus Scan Enterprise, Drive Encryption, Data Loss Prevention (DLP), VSE for Storage (VSE-Stor), TIE, DXL, Solid Core, File Integrity Monitor (FIM), Application Control, Site Advisor, SIEM (Nitro).
- Managed Applications, Systems Compliance, Testing (New Patches, Hotfixes, Extra DATS) and Escalation Management (P1/ P2 Issues/ Pre/ Post-Sales).
- Provided Guidance in developing the multimedia information security training program, ongoing Security Awareness Campaign and Conducting interviews.
- Publishing Technical Articles for new issues post OS layer TS done under observation of Product management team.
- Assisting global and local customers with emergency deployments of endpoint products and controlling malware breakouts.
- Dump Analysis and Handling Global, and Client Specific Malware Outbreaks.
- Preventive Measures for Virus Outbreaks, Test New Hash Detection and implantation in production.
- Part of Interview Panel and New Hire Technical Training Group.
- Educating customers on best practices for combatting different malware attacks, sample isolation, determining infection vectors and helping identify indicators of compromise.
- Installation, Configuration, Administration & maintenance of DNS/DHCP/DHCP Relay Agent/ Windows Servers i.e. 2003 & 08.
- Backup and restore User and System State Data along with the client OS/This clients.
- Attending Customer calls and troubleshooting, resolving issues immediately and create a document for team’s reference.
- Monitoring anomalous behavior on various security controls across the network for suspicious activity & take necessary actions to mitigate the threat.
- Creating outlook accounts and profiles for new joiners including mail backup, archives and moving accounts.
- Gather threat intelligence to identify top security threats, in-the-wild malwares, recent APTs, exploit kit attacks & hunt for similar behavior in the enterprise.
- Malware analysis on commercial, open source sandboxing platforms to understand malicious behavior & create reusable IOCs that can be deployed in security controls.
- Analysis of malicious emails & attachments to identify zero-day/unknown malwares & provide signatures to antivirus vendors.
First Class