ساحل Yahiya, Senior Information Security Consultant

ساحل Yahiya

Senior Information Security Consultant

National Commercial Bank

البلد
الهند - دلهي
التعليم
بكالوريوس, Computer Science & Engineering
الخبرات
11 years, 1 أشهر

مشاركة سيرتي الذاتية

حظر المستخدم


الخبرة العملية

مجموع سنوات الخبرة :11 years, 1 أشهر

Senior Information Security Consultant في National Commercial Bank
  • المملكة العربية السعودية - جدة
  • أشغل هذه الوظيفة منذ ديسمبر 2016

Security Operation Centre Shift Lead:
- Developing and managing communications to key stakeholders throughout the incident life-cycle
- Managing shift service levels, adherence to processes and work flow
- Determining the severity of alarms and alerts from critical devices and take appropriate action that includes escalation and managing first responders.
- Development and execution of Standard Operating Procedures and Event Handlers as required for successful completion of all tasks within the SOC
- Working with the Incident Response team to help create RCA's for events escalated to incident levels
- Ensure compliance to Internal SLA's, adherence to processes and improvisation to achieve operational objectives
- Conduct ad hoc, daily, weekly, and monthly security briefs and reporting to management
- Handling Critical Security Incidents escalated by L1 analysts/reported from Splunk, Symantec MSS, FireEye, Archer
- Administration of multiple security devices
- Triage Analysis using Mandiant Redline/FireEye HX and also performing Malware Analysis
- Conducting Vulnerability Management in the environment
- Spam/Phishing email analysis reported by End-users/Security devices
- Performing Incident Response Activity for Security Incidents
- Providing trainings for L1 & L2 analysts/new recruit.

Splunk Administrator & Content Developer
- Administration of Splunk Indexer Cluster and Search Head Cluster.
- Creation of Correlation rules with multiple log sources based on specific threats/ SOC
requirement.
- Splunk Custom regex creation and field extraction.
- Splunk Custom Addon & App development for log sources.
Creation of alerts, dashboards, reports and other knowledge objects in Splunk.
- Optimization of Splunk Knowledge objects for enhanced performance.
- Performing backup and restore process for Splunk
- Fine-tuning and whitelisting of Splunk UseCase/Correlation Searches for enhancing NCB
monitoring capability
- Creation of SOC workflow used by L1/L2 analysts for performing investigations.

Senior Information Security Analyst في EY
  • الهند
  • مايو 2013 إلى ديسمبر 2016

Incident Analysis & Response:
• Experience in working with global client in Real Time Incident management & Log Analysis.
• Experience in Splunk SIEM tool for incident management.
• Implementation of Splunk SIEM tool in multiple platforms like Linux, Windows.
• Creation of rules, alerts & dashboards in Splunk SIEM.
• Optimizing, managing and monitoring real time events from the devices like Firewall, Web Proxy, Antivirus, Servers, DC’s etc. using Splunk.
• Preparation of daily shift reports to the global client.
• Knowledge of Splunk implementation in clustered setup.
• Expertise in using Enterprise Security on Splunk Enterprise Edition.
• Expertise in Administration, Policies/Rule Creation and Alert Management using Fidelis XPS IPS/IDS/DLP appliance.
• Handling of Lancope Stealthwatch FlowCollector for netflow analysis.
• Network Packet analysis and Investigation with RSA Security Analytics
• Experience in ServiceNow Ticketing tool.


Threat Intelligence & Malware Analysis
• Initialized the Threat Intelligence service line incorporating Malware Analysis and Memory Forensics.
• Created work flow and process for Malware Analysis and Threat Intelligence project
• Implemented Malware Analysis lab with a wide variety of toolset.
• Expertise in using tools for Malware Analysis like Debuggers, Disassemblers, and Memory Forensic tools.
• Carried out research on threats based on malware families and variants.
• Analyzed multiple malware samples and prepared RCA reports on different sophisticated malwares.
• Expertise in both static and dynamic malware analysis.
• Carried out memory forensics using Volatility framework.
• Implementation and testing of multiple Automated Malware Analysis systems like Cuckoo Sandbox, ThreatAnalyzer.
• Created number of research papers on latest security incidents and terminologies.
• Implemented a Social Media Monitoring system for fetching latest information security news and threats.

الخلفية التعليمية

بكالوريوس, Computer Science & Engineering
  • في Cochin University of science and technology
  • نوفمبر 2012

DEGREE UNIVERSITY / COLLEGE YEAR OF PASSING PERCENTAGE B-Tech (Computer Science & Engineer

الثانوية العامة أو ما يعادلها, Computer Science
  • في DHSE
  • مارس 2008

Higher Secondary Education in Computer Science

Specialties & Skills

Information Security
Information Security Management
Computer Forensics
Incident Analysis
Network Security
IDS/IPS/DLP
Certified Ethical Hacker
Incident Management
Computer Hacking Forensic Investigator
Malware Analysis
Network Security
Scripting

اللغات

الهندية
مبتدئ
الملايام
اللغة الأم
الانجليزية
متمرّس
العربية
مبتدئ
التاميلية
متوسط

التدريب و الشهادات

GMON (SEC511: Continuous Monitoring and Security Operations) (الشهادة)
تاريخ الدورة:
April 2017
صالحة لغاية:
April 2021
Computer Hacking Forensic Investigator (الشهادة)
Splunk Certified Admin (الشهادة)
تاريخ الدورة:
August 2018
صالحة لغاية:
December 2022
SANS SEC 511 GMON (تدريب)
معهد التدريب:
SANS
تاريخ الدورة:
July 2016
المدة:
40 ساعة
LFS101x.2, Introduction to Linux (تدريب)
معهد التدريب:
Linux Foundation
Splunk Certified Power User (الشهادة)
تاريخ الدورة:
January 2016
صالحة لغاية:
January 9999
Oracle Certified Professional in Database Administration 10g (الشهادة)
Splunk Certified Knowledge Manager (الشهادة)
تاريخ الدورة:
November 2014
صالحة لغاية:
January 9999