saleem km

• Support the organization’s information security program by managing security operations, incident escalation, and continuous improvement of detection and response capabilities.
• Act as a senior escalation point for security incidents, coordinating investigation, containment, and recovery activities with SOC teams, IT operations, and vendors.
• Led investigation and containment of high-severity incidents including ransomware alerts, account compromise, malware outbreaks, and lateral movement attempts affecting enterprise-scale environments.
• Lead investigation and response to complex incidents, leveraging Azure Sentinel, Microsoft Defender XDR, FortiEDR, FortiSOAR, and FortiAnalyzer.
• Manage and optimize Microsoft Sentinel, Microsoft Defender XDR, FortiEDR, FortiSOAR, and FortiAnalyzer to enhance visibility and reduce security risk.
• Contribute to post-incident reviews, root cause discussions, and remediation planning to strengthen security posture.
• Participate in security posture assessments, policy reviews, and alignment with compliance requirements such as ISO 27001 and NESA.
• Develop and enhance custom SOAR playbooks and Sentinel KQL queries to automate detection and response workflows, increasing operational efficiency.
• Mentor and support Level 1 & 2 SOC analysts in handling escalations, performing root cause analysis, and managing advanced persistent threats.
• Lead integration of Canary honeypots for proactive threat intelligence and deception-based detection.
• Manage vulnerability assessments and remediation activities using Qualys, ensuring enterprise-wide risk mitigation.
• Acted as a Project Manager for various projects including FortiSOAR, Microsoft Defender, and Microsoft Sentinel.
• Regularly perform policy reviews, security posture assessments, and SIEM/EDR tuning to maintain optimal detection coverage.

Played a senior role in the Security Operations Center (SOC) and Cyber Security team,
overseeing and managing the organization's security operations.
 Utilized SIEM technologies such as ArcSight and Azure Sentinel to monitor, analyze, and
respond to security events and incidents.
 Demonstrated expertise in KQL (Kusto Query Language) queries for efficient data analysis and
investigation within ArcSight and Azure Sentinel.
 Implemented and worked with SOAR (Security Orchestration, Automation, and Response)
platform Sentinel to automate and streamline incident response processes, enhancing overall
efficiency.
 Maintained and managed Email Security using IronPort, ensuring the implementation of SPF,
DKIM, and DMARC protocols for enhanced email protection.
 Leveraged Forcepoint Sandbox for advanced threat analysis and malware detection, providing
an additional layer of security to the organization's infrastructure.
 Administered Sourcefire Intrusion Prevention System (IPS) to proactively block malicious IP
addresses and detect and prevent network‐based attacks.
 Monitored logs from F5 load balancer to identify and respond to web attacks, ensuring the
availability and security of web applications.
 Utilized Kaspersky Endpoint Detection and Response (EDR) solution to detect and respond to
advanced threats and malicious activities within the organization's network.
 Managed and maintained Forcepoint Data Loss Prevention (DLP) solution, safeguarding
sensitive data and ensuring compliance with data protection regulations.
 Utilized ManageEngine for security event correlation, log management, and system
monitoring, ensuring the organization's infrastructure is secure and resilient.
 Administered Forcepoint Proxy to control and monitor internet traffic, enforcing acceptable
usage policies and protecting against web‐based threats.
 Employed Cisco Identity Services Engine (ISE) to block infected devices by their MAC
addresses, preventing unauthorized access to the network and maintaining a secure
environment.