security incident response engineer
dincloud llc
Total des années d'expérience :14 years, 6 Mois
• Threat Trigger/Incident responder, remediating serious attacks and documentation
• Lead the project for PCI DSS and SOC type l and SOC type ll Certification
• Assessing the scope of the attack and affected systems and initial investigation for further
analysis
• Identify potential, successful, and unsuccessful intrusion attempts and compromises
thorough reviews and analyses of relevant event detail and summary information
• Use threat intelligence to hunt for indications of compromise in log data and utilizing
endpoint security tools
• Document all activities during an incident and providing leadership and teams with status
updates during the life cycle of the incident
• Write reports after analyzing a variety of security appliance logs (Firewalls, NIDS, HIDS, Sys
Logs, etc.) to determine the correct remediation actions
• Provide information regarding intrusion events, security incidents, and other threat
indications and warning information
• Perform analysis and correlation of logs, Offense, Incident Correlation and alerts
• Experience hunting proactively for threats within an enterprise environment using different
tools
• log source integration, tuning, parsing and analysis
• Document required actions for vulnerabilities treatment, vendor security alerts and against a
security incident and track the progress
• Management of Sophos Central for Intercept X and EDR endpoint solution
• Experience with ELK stacks and Wazuh SIEM
Lead the project for ISO:27001 Certification
• Developed network security using Next-genertion firewalls with synchronized security
solution, IPS, Content Filtering, Web Filtering, Site-to-Site VPN and Remote Access VPN
• Analyse a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys
Logs, etc.) to determine corrective or mitigation actions and escalation paths for each incident
• Monitoring and maintaining Endpoint Security Solution operations/deployment along with
incident handling
• Secured 1000+ nodes LAN environment using layer 3 switches by implementing, Access
Controls Lists, VLANs and CIS hardening
• Scan and monitor system vulnerabilities on servers and infrastructure devices using a Threat
and Vulnerability security solution
• Follow detailed processes and procedures to analyze, escalate, and assist in remediation of
critical information security incidents
• Secure Firewall Configuration
• Multiple firewalls migrations projects (ASA, FortIGate, Sophos, juniper and SonicWall)
including site to site and dial-up VPNs, ACLs, and source IP and port based publishing
• Network Security Devices (Firewalls, DMZ, Virtual Private Network (VPN), Proxy Server, IDS/IPS
Solutions)
• Network Security Policy (Internet Usage Policies, Acceptable-Use Policy, User-Account Policy,
Remote-Access Policy, Firewall-Management Policy, Security Hardening Policy, Data
Backup/Disaster Recovery Policy, Switch/Router Security Policy)
• Endpoint Security (OS/Windows/Linux, Network Servers, Routers and Switches
Secured network by migrating from Cisco ASAs to NXGF FortiGate Firewalls
• Designed, implemented and maintained IPSec-based connectivity with remote sites and
customers
• Enabled and monitored logging on network devices
• Secured network with Cisco switches using VLANs & VACLs
• Installed and configured Cisco 3845 Routers on 4 sites, 1 for INet and 2nd for GRE over IPSec
Tunnels
• implemented ISMS policies and prepared respective documentation for multiple sites
• Maintained and updated Symantec Antivirus Server, and clients
• Assisted CSIRT/SOC with the investigation of and response to network security breaches
• Configured IDS/IPS on Fortinet Firewalls
• Monitored system and network activities for attack and intrusion
• Responded to information security incidents as needed
• Drafted security standards and procedures documents
Amazon AWS server’s
Network and Infrastructure management
• Active Directory 2003, DNS, DHCP, Group Policies and Exchange Server 2007
• VLAN configurations on Cisco switches
• Panda Anti-virus and Firewall
• Strong Network & PC/Mac knowledge
• Network printer installation
• Windows and Mac server environment troubleshooting
