Noorul أمين

• SOC Management: Oversee and manage an CDC account, ensuring optimal service
delivery and customer satisfaction. Led and developed high-performing teams, including
SOC, IR, Platform admins, and IAM Team, comprising 40+ skilled professionals and
managers.
• Operational Efficiency: Implement and maintain robust security strategies, including
incident response, threat detection, and vulnerability management. Optimize IT
operations, reduce costs, and enhance overall system performance..
• Quality Assurance: Ensured 100% SLA adherence and optimized operational efficiency.
Prioritized customer satisfaction by ensuring zero SLA breaches and delivering
exceptional service. Orchestrating complex SOC projects, including SIEM migration, XDR
deployment, and IAM automation, resulting in improved security and operational
efficiency.
• Incident Response Optimization: Reduced MTTR and MTTD, significantly improving
our incident response capabilities and strengthened our detection capabilities to identify
and mitigate threats proactively.
• Client Relationship Management: Serve as the primary point of contact for clients,
fostering strong relationships and ensuring their needs and expectations are met. Work
closely with clients to understand their business objectives and tailor services to meet
their specific requirements.
• Incident and Problem Management: Oversee the resolution of incidents and problems,
ensuring timely and effective responses to minimize impact on business operations.
Implement robust problem management processes to prevent recurrence and enhance
service reliability.
• Strategic Planning and Execution: Develop and execute strategic plans to enhance
service delivery capabilities and support business growth. Align operational strategies
with overall business objectives, ensuring the delivery of value-added services to clients.

• Managing 9x5 and 24x7 outsourced operations and team,
• Being part of strategic cybersecurity initiatives, development and continuous improvement of the Telco’s Cyber Defenses.
• Advanced and multi-context cyber threat analysis to identify deep seated and hard to detect security threats through the use of custom use cases, external cyber threat indicators, and patterns of complex threat actor behavior.
• Evaluated and acquired the SIEM, Endpoint Detection and Response (EDR), APT (Sandboxing), AEP (Advanced Endpoint Protection) .
• Project manager for SIEM, EDR and TIP product deployment for Batelco and Bent Telco infrastructure.
• Expertise in security functions; Security Incident management, Risk Assessment, Security Advisories, Security dashboards and scorecards, KPI/KRI.
• Maintain awareness of up-to-date threat and vulnerability profiles, including respective countermeasures.
• Knowledge of deployment and mitigating techniques against zero day vulnerabilities, Unknown threats based on heuristics and behavior analysis.
• Investigate the document gaps in security controls, event data, and working with internal teams for resolution.
• Develop security reporting dashboards for Technical, Executive and Board of Directors
• Research and Develop technology requirements to provide architecture reviews pertinent to the operation of the SOC.
• Driving IRs for the true positive compromises and engaging with external IR team for mitigation.
• Handling Security operations and CIRT.
• Planning and executing security projects.

• Incident Response, malware Analysis, Threat Intelligence
• Vulnerability Assessments & Penetration testing
• Security Incident Analysis & threat management, risk-mitigation, Includes timely review of normalized alerts generated by security devices, assessment of the situation, and possible escalation to the client.
• Involved in protection of the OSN Infrastructure from Known & Emerging Threats, enabling them to protect their information assets and demonstrate compliance with industry regulation by understanding Threat Landscape and Researching on Zero- day attacks, malwares.

 Highly appreciated by D levels for mitigating the bruteforce attack by auto blocking from SIEM alert

 Successfully handled & implemented the Security Projects (DLP, PAM, CT, APT)

 Appreciated for creating use case and rules in SIEM tools for proactive monitoring.

• Incident Monitoring, Investigation and reporting the incidents to customers (Government Entities, Power & Oil Sector and Bank)
• Performing Network/Digital forensic using EnCase & Wireshark
• Investigating on SPAM Emails, and malware analysis on suspicious files.
• Organizing the threat feeds and providing customized threat intelligence feeds to SOC,
• Updating the Use Case based on threat indicators
• Providing recommendation on threat mitigation.
• Helping customer to build the new rule to increase the Anomalies & APT detection efficiency.
• Predictive analysis on APT/Attack with Logs and Events by threat Intelligence.
• Preparing the executive incident reports with key points
• Providing Intelligence to preventing the cyber-attack.
• 24/7 monitoring the network and responding the alerts and analyzing the true /false positive and true/false negative
• Successfully organized the team on incident response and maintaining the incident template for all customer, Fine-tuned and created threat indicators and detecting McAfee WG, NSM and Cisco IronPort for investigation and configuration changes.
• Posting security news about latest vulnerabilities and attacks to customers
• Performing Vulnerability assessment and penetration testing on customer environment based on the request.
• Coordinating with Network & server team to mitigate the risk.
• Providing recommendation to setup SOC by considering the Industry best practices.
• Keeping SIEM rules up to date based on expected attacks on critical servers.
• Performing update, Administrator activities on SIEM solution

• Worked in the integration part of various network/security devices with SIEM tool.
• Taking care of 450 customer network security.
• Identifying security incidents by analyzing network traffic and logs data.
• SOC operations include log analysis and finding anomalies, designing new correlation rules, setting up dashboards, generating audit reports, fine-tuning existing correlation rules to reduce false-positives and responding to incidents in ARC and Event Explorer.
• Correlating events/activities observed from a host and providing detailed analysis to the customer.
• New Threats identification and enabling detection methodology for the same.
• Observe attack pattern and preparing threat report.
• Writing Regular Expressions for new threats detection based on its traffic pattern.
• Reviewing and suggesting improvements in security posture of the client based on attack pattern/threats observed in the customer network.
• Reviewing customer queries and guiding customers with threat remediation strategies and best security practices.
• Querying database to address customer arbitrary queries, for complex reports generation etc.
• Experienced in manual vulnerability assessment using Backtrack, Burp suite and other open source security suites.
• Experienced in identifying various Web based and network based vulnerabilities.
• Log analysis for the following device
• FireEye, Snort, McAfee intrushield, checkpoint, Cisco IDS, Fortinet, Palo Alto, Websense
• Tuning the signature by identifying the FP.
• Identifying malicious IPs & submit for blacklist.
• Updating the Global SOC with latest threat.
• Worked with Intelligence to preventing the cyber-attack.

• Worked in the integration part of various network/security devices with RSA envisions.
• SOC operations include log analysis and finding anomalies, designing new correlation rules, setting up dashboards, generating audit reports, fine-tuning existing correlation rules to reduce false-positives and responding to incidents in envision and Event Explorer.
• Investigating the Security incidents and following the same until closure.
• Analysis on incidents that includes collecting evidence, maintaining integrity between procedures, maintaining chain of custody, documenting the findings, submitting corporate reports and taking it to closure.
• Identifying malicious hits from Websense report and proceeding the investigation on infected machine
• Investigating Malware Incidents to identify the root cause (RCA) of infection on host machines in the network by visual and behavioral analysis
• Analyzing Symantec Vontu - DLP system incidents
• Audit the incidents reported in Symantec DLP and take necessary steps to reduce false positives by fine tuning the rules.
• Part of server and peripheral device compliance tuning

• Log review, Policy creation and report generation
• Ensure scheduled tasks like log collection and GEM loading occurred successfully.
• Creation of policies and configuring grouping.
• Assess the Scan report and prioritize the Non Compliance
• Create vulnerability scans in the tools like ISS, McAfee Foundstone
• Add new event sources when they come online and remove retired event sources.
• Assist other security teams to pinpoint cause and do impact analysis
• Recommends, develops, and monitors security and compliance policies by using TCIM features like policies, grouping, and special attentions alerts.
 Subject matter expert responsible for defining, implementing and assuring security policies, processes, tools that encompass: - Logical controls - Network security controls - Physical controls & Issue management - Security status checking.
 Have knowledge over several Audits performed and have experience of handling/performing Audits
 OS Servers, Application servers, Network Device Security Analysis & Management (across all Platforms). Security Assessing and identifying of Non Compliances. Ticketing these non compliances.
 Have knowledge over several Audits performed and have experience of handling/performing Audits
 Knowledge on GSD331 Customer Security Standards and ITCS104 standards IBM Standards.
 Handling Escalations.