IT administration and security analyst
Saudi Electricity Company
مجموع سنوات الخبرة :6 years, 9 أشهر
Security Operation Center
*cyber security analyst
Perform real-time SIEM monitoring, triage and response per defined incident handling process and procedures.
Determine incident impact by applying event analysis and correlation of multiple log sources such as Windows, UNIX, Firewalls, Routers, Switches, IPS, Antivirus and Flow Data using SIEM technology.
Perform pre-approved provisioning requests and troubleshooting per approved use cases.
Manage incident coordination and response. Also, provide accurate, complete and timely written documentation when required.
Perform deep analysis and take action for each incident
Support traditional SOC operational activities to maintain approved SLA's.
Manage User service calls, service desk requests and emails as per defined procedures.
Perform health monitoring, basic technical support/troubleshooting and handle emergency cases.
Take action on critical Endpoint cases.
complete and timely Shift handover reports.
*F5 "ASM" administration
Application's policies Troubleshooting by Application's developer requests.
Policies creating for each application in order to published an Application.
Traffic monitoring, follow up with abnormal traffic targeting our system .
Manage Developer service calls, service desk requests and emails as per defined procedures
*FW and IPS administration
Access rules creating, to Allowing users\SRV owner communicate with their SRV Across FW to DMZ network.
Nating, Allowing User\SRV to Access Internet with Public IP, Also Creating a public IP for some SRV on order to receiving data such as Updates and Logs from others vender .
Manage SRV owner service calls, service desk requests and emails as per defined procedures.
IPS
Blacklist IP's and hases.
cyber security analyst
Perform real-time SIEM monitoring, triage and response per defined incident handling process and procedures.
Determine incident impact by applying event analysis and correlation of multiple log sources such as Windows, UNIX, Firewalls, Routers, Switches, IPS, Antivirus and Flow Data using SIEM technology.
Perform pre-approved provisioning requests and troubleshooting per approved use cases.
Perform preliminary analysis of unclassified incidents. And, escalate unclassified incidents findings to related SOC team (Level 2).
Manage incident coordination and response. Also, provide accurate, complete and timely written documentation when required.
Support traditional SOC operational activities to maintain approved SLA's.
Manage User service calls, service desk requests and emails as per defined procedures.
Perform health monitoring, basic technical support/troubleshooting and handle emergency escalations.
Escalate Endpoint emergency support calls to relevant SOC Analysts per process.
Provide accurate, complete and timely Shift handover reports.