Saif Ali

Worked towards analyzing Customer Requirements and offered suitable solutions as per Industrial Cyber Security standards
• Participated in Technical discussions with customers and established coordination with multiple OEM vendors to integrate their ICS systems like DCS, SCADA, MMS, FMS, DeltaV, Triconex with the Cyber Security Infrastructure
• Contributed to the Development of DDS, FDS, MOS, FAT&IFAT, Network Architecture documents as per the standards like IEC62443 and NIST 800-82
• Performed FAT, SAT, and ISAT with QatarGas representatives and displayed excellent understanding knowledge of Industrial networking protocols security such as DNP3, Modbus, Profinet, ZigBee, IEC 104, OPC
• Gathered knowledge of IoT technical concepts such as JSON, OAUTH, ZIGBEE, and MUD. IoT protocols such as Extensible Messaging and Presence Protocol (XMPP), Data- Distribution Service (DDS), Advanced Message Queuing Protocol (AMQP), And Lightweight M2M (LwM2M).
• Coordinated with 3rd party vendor for assisting in Penetration testing for SIS and DCS systems and submitting the detailed report to the higher management, led and coordinated with the team for closure and fixation of the vulnerabilities reported.
• Conducted internal system-level vulnerability Assessment and reports of (IT-OT) ICS Systems as per penetration testing reports mitigating the vulnerabilities.
• Working with application development and maintenance team to ensure that the application security coverage from the requirement gathering level, SDLC, application implementation and after implementation.
• Coordinated with governance and risk management team to maintain application security management policies/ procedures and risk management.
• Threat hunting and assessment based on the adversaries and IOCs and improving the incident response plans.
• Follow and serve as a cyber security incident management and execution.
• Conducted digital forensic investigation to analyze and provide evidence of security compromise.
• Review and enhance customer internal processes and procedure as per cyber security standards.

Roles and Responsibility

• Implementing use cases, creating rules as per client’s requirement and security standards in SIEM
• Monitoring, fine tuning, of Alarms and all admin tasks performed on LogRhythm.
• Working on Log Source integration of windows, Linux, AV devices with LogRhythm SIEM.
• Event sources log reviewing regularly & log validation exercise as per developed standards and guideline.
• Regular interaction with associated customer to update regarding security issues being noted in the customer infrastructure and provide them daily, weekly and monthly reports
• Restrict malicious IOCs at all security tools which are reported for involvement in malicious activities.
• Perform Threat Hunting and log correlation actively through network.
• Review existing security alerts on client environment and fine-tune as per the industries best practice.
• Providing operational and technical support to GSOC Level 1 Team.
• Setup test environment and test alerts before implement on production SIEM solution.
• Working with client internal Cybersecurity team on critical and high security incidents
• Working on EDR (Active threat hunting based on emerging cyber threats)
• Malware Analysis
• Doing Analysis of vulnerabilities which is Scanned by Nessus and remediating the vulnerabilities
• Doing Web Application Scanning for vulnerabilities and Remediation.

• Monitoring, fine tuning, creating rules, use cases, Alarms and all admin tasks performed on LogRhythm.
• Working on Data Source integration of windows, Linux, AV devices with LogRhythm SIEM.
• Health Check on LR SIEM.
• Troubleshooting issues on SIEM.
• Creating Rules and reports as per requirement.
• Troubleshooting on devices which are not sending logs.
• Responsible for Integration, administration of SIEM infra for multiple clients in GSOC.
• Providing operational and technical support to GSOC Level 1 Team.
• Incident and Problem handling of unclassified suspicious events.
• Creating initial reports for security incidents
• Analysis of security log events from various event sources including firewalls, intrusion prevention systems, Windows servers, UNIX servers and custom applications.
• Responsible for all aspects of Cyber Security and Phishing.
• Scanning Infrastructure for vulnerabilities with Nessus.
• Doing Analysis of vulnerabilities which is Scanned by Nessus and remediating the vulnerabilities
• Doing Web Application Scanning for vulnerabilities and Remediation.

Roles and Responsibility

• Managing integration, troubleshooting, fine tuning, creating rules, alerts and end to end handling of SOC tools- LogRhythm, McAfee DLP, McAfee ePO, Cisco SMA, Arbor, Cisco TG, Cisco AMP, McAfee ATD.
• Reviewing information security policies, incident response plans, change management, vulnerability management, patch management policies, as they apply to various facets of the infrastructure in scope.
• Investigating security incidents and classifying them based on criticality. Also, end to end consulting for remediation of IT environment damages post an incident accompanied by sanitization of the organization assets after an attack.
• Performing external and internal penetration tests, network vulnerability assessments to provide a comprehensive view of the clients` network weaknesses that are exposed to threats.
• Managing for closure of Vulnerability assessment findings and planning patch management for different applications.
• Communicate and follow-up with all levels of management on audit related issues.
• Preparation of recommendations for corrective action and risk mitigation for new modules w.r.t ISMS policies.
• Preparation of Information Security awareness Videos, posters and Seminar Sessions for Employees.
• Ensuring proper functioning of Security Operations Center and providing guidance.
• Analysis of security log events from various event sources including firewalls, intrusion prevention systems, Windows servers, UNIX servers and custom applications.
• Deep Packet Inspection using RSA Security Analytics and Live.
• Work with data owners of different business functions to ensure smooth implementation of Security Solutions without impacting business.
• Define rule and policy in RSA DLP, RSA SA and RSA Archer as per organization’s compliance requirement and enforce IT Security Policies, Protect their Infrastructure, and effectively managing the Systems.
• Network Access Control - Implementing a secure solution to identify network devices and profiling the Network devices to allow or disallow access based on the device type
• Formulating Security Incident Response Mechanism.
• Scanning Infrastructure for vulnerabilities with Qualys.
• Doing Scanning and Analysis of vulnerabilities which is reported by Qualys and Mitigating the vulnerabilities.
• Doing Web Application Scanning for vulnerabilities and Mitigation.

Roles and Responsibility :

 Monitoring real time alerts from Network devices, Servers and applications by using SIEM Tool-

LogRhythm

 Creating Cases and Investigating the breaches, Authentication Failure, Network Anomaly, Malware

detection, Potential exploits, vulnerabilities.

 Mitigating and resolving the Information Security related issues.

 Whitelisting and Black listing the Spam, phishing and spoofed emails on proof point after

investigating it.

 Scanning for vulnerabilities with Nessus.

 Doing Analysis of vulnerabilities which is reported by Nessus and Mitigating the vulnerabilities.

 Doing Web Application Scanning for vulnerabilities and Mitigation.

• Monitor alerts from Alert Logic, SolarWinds, OSSEC
• Perform Vulnerability scanning using Nmap, Nessus
• Perform Web Application Vulnerability Scanning using Accunetix
• Making reports on Vulnerabilities generated by WhiteHat Security, QualysGuard.
• Responsible for Patch alerts reporting.
• Provide escalation services to NOC team for Network & Security monitoring and maintenance
• Involve in audit and reporting.
• Provide thorough documentation on each alerts and analysis.

• Perform Qualys Authenticated and Non-Authenticated scans in various instances and servers.
• Escalating it to Senior security engineers based upon the severity levels of the vulnerabilities.
• Reproducing the well-known vulnerabilities. And reporting it to the development team.
• Following up with the Development teams until the particular vulnerability is patched with.
• Analyzing the reported vulnerabilities based upon the severity and priorities.
• Checking each instances with the security patch updates and suggesting the development team for the latest updated packages.
• Based on the reported vulnerabilities will be finding the false positive alerts and that will be white listed.
• Monitored events, responded to incidents and reported findings.

Working with I.T.S Solution as Desktop Support Engineer from September 2013-present.
Roles and Responsibility: • Install, upgrade, support and troubleshoot XP, Windows 7 and windows 8 and Microsoft Office 2007/2010/2013 and any other authorized desktop applications.
• Install, upgrade, support and troubleshoot for printers, computer hardware.