Sarhaan Mohammed

• Monitored and analyzed security events using SIEM tools like Splunk and LogRhythm to identify potential threats.
• Performed in-depth incident investigation for phishing, malware, insider threats, brute-force, and DDoS attacks.
• Conducted root cause analysis and provided detailed incident reports with remediation steps.
• Created and fine-tuned correlation rules, use cases, and playbooks to enhance SOC detection capability.
• Led threat hunting exercises to proactively identify anomalies and emerging attack vectors.
• Performed vulnerability assessments with Nessus and collaborated with IT teams for patch management.
• Investigated and responded to endpoint alerts leveraging Microsoft Defender for Endpoint.
• Utilized Cortex XSOAR for automated response workflows, reducing incident resolution time.
• Researched and integrated threat intelligence to stay ahead of evolving cyber threats.

• Designed and implemented automated playbooks in Cortex XSOAR to streamline incident response for phishing and malware alerts, reducing response time by 40%.
• Developed custom correlation rules and use cases in Splunk to detect brute-force, insider threats, and suspicious login attempts.
• Integrated threat intelligence feeds into SIEM to enrich alerts and improve detection accuracy.
• Conducted end-to-end incident simulation (Red vs. Blue team exercise) to validate SOC capabilities and fine-tune response processes.
• Documented workflows and created a knowledge base for SOC analysts to standardize investigations.