Senior Cyber security Analyst
Help AG Middle East
Total des années d'expérience :8 years, 10 Mois
• Performing Real-Time Monitoring, Investigation, and Analysis of Security Events from Multiple log sources such as IDS/IPS, Firewalls, Switches, VPNs and other security threat data sources; for wide range of customers such as governments, banking, and private companies.
• Creating, analysing, fine-tuning, and disposing use-cases based on the dynamic operation of SOC.
• Analysis of log files, including forensic analysis of system resource access.
• Regularly Monitoring and doing health check-up on customers Splunk including use-cases, Licensing and Console Performance related Issues.
• Assigning appropriate severity and priority (based on the impact) of the on-going incidents, advising recommendations and remediation’s actions, acting as L2 within the SOC.
• Implementation of Security intelligence and advisories, searching for latest threats and vulnerability to patch them and integrate related feeds which includes CnC URLs, Domains hashes to SIEM.
• Creating documents for technical reference, Identifying Customer reporting requirements; translate requirements into SIEM technical Specifications and implement SIEM changes in creating reports for daily, weekly and monthly, meeting the SLA and timeframe.
• Perform remediation’s services, on-site forensic analysis, and VA/PT testing with respect to customer contracts agreement and incidents severities.
• Assist customers with periodic risk-based reviews of the security of information and information system controls.
• Perform vulnerability assessment for MSS customers and do scoping of critical infrastructure, run the vulnerability scan, create monthly vulnerability reports & coordinate with customers to close vulnerability.
• Creating and following detailed SOP’s (Security Operational Procedures) to appropriately analyse, escalate, and assist in remediation of critical information security incidents.
• Maintaining a high degree of awareness of current threat landscape; affording analysis on customers’ attack surfaces, and procedures of threat modelling analysis.
• Hands-on different AV products, analysing the malwares codes and advising the customer with its reversing-engineering techniques, to prevent and detect any malicious code propagation.
• Participating in knowledge sharing with other Analysts and writing technical articles for Internal Knowledge Bases; participating in Blue/Read teams exercises on continual basis.