SOC (Security Operation Center) Level 3 Engineer
Khalifa University
مجموع سنوات الخبرة :13 years, 3 أشهر
Acted as a key member of the Security Operations Center (SOC) team, responsible for
maintaining the security operations of the organization.
Monitored, analyzed, and responded to security events and incidents using Alien Vault USM,
FortiSoar, FortiSandbox, FortiMail, FortiEDR, FortiClient, and FortiAnalyzer.
Conducted in‐depth analysis of security events, correlating logs, analyzing network traffic, and
identifying indicators of compromise (IOCs) or suspicious activity.
Investigated security incidents, performed root cause analysis, and implemented appropriate
remediation actions to mitigate potential risks.
Developed various playbooks in FortiSoar, leveraging automation and orchestration
capabilities to streamline incident response processes and improve efficiency.
Configured, maintained, and tuned security tools and technologies, including FortiSoar,
FortiSandbox, FortiMail, FortiEDR, FortiClient, and FortiAnalyzer, to ensure optimal
performance and effectiveness.
Collaborated with the SOC team to develop and implement incident response playbooks,
workflows, and automation using SOAR (Security Orchestration, Automation, and Response)
technologies.
Regularly reviewed and updated security policies, procedures, and guidelines to align with
industry best practices and compliance requirements.
Stayed up‐to‐date with the latest security threats, vulnerabilities, and attack vectors through
threat intelligence sources and vendor notifications.
Conducted vulnerability assessments and penetration testing activities to identify potential
weaknesses in the organization's infrastructure and recommended appropriate remediation
measures.
Maintained accurate and detailed documentation of security incidents, investigations, and
remediation activities.
Generated regular reports on security events, incidents, trends, and key performance
indicators (KPIs) to provide insights and recommendations to management.
Collaborated with cross‐functional teams, including network engineers, system administrators,
and application developers, to ensure a secure infrastructure and promote a culture of
security awareness.
Shared knowledge and expertise with junior team members, providing mentorship and training
to enhance their skills and capabilities.
Played a senior role in the Security Operations Center (SOC) and Cyber Security team,
overseeing and managing the organization's security operations.
Utilized SIEM technologies such as ArcSight and Azure Sentinel to monitor, analyze, and
respond to security events and incidents.
Demonstrated expertise in KQL (Kusto Query Language) queries for efficient data analysis and
investigation within ArcSight and Azure Sentinel.
Implemented and worked with SOAR (Security Orchestration, Automation, and Response)
platform Sentinel to automate and streamline incident response processes, enhancing overall
efficiency.
Maintained and managed Email Security using IronPort, ensuring the implementation of SPF,
DKIM, and DMARC protocols for enhanced email protection.
Leveraged Forcepoint Sandbox for advanced threat analysis and malware detection, providing
an additional layer of security to the organization's infrastructure.
Administered Sourcefire Intrusion Prevention System (IPS) to proactively block malicious IP
addresses and detect and prevent network‐based attacks.
Monitored logs from F5 load balancer to identify and respond to web attacks, ensuring the
availability and security of web applications.
Utilized Kaspersky Endpoint Detection and Response (EDR) solution to detect and respond to
advanced threats and malicious activities within the organization's network.
Managed and maintained Forcepoint Data Loss Prevention (DLP) solution, safeguarding
sensitive data and ensuring compliance with data protection regulations.
Utilized ManageEngine for security event correlation, log management, and system
monitoring, ensuring the organization's infrastructure is secure and resilient.
Administered Forcepoint Proxy to control and monitor internet traffic, enforcing acceptable
usage policies and protecting against web‐based threats.
Employed Cisco Identity Services Engine (ISE) to block infected devices by their MAC
addresses, preventing unauthorized access to the network and maintaining a secure
environment.
in
[Saleem KM]