SOC Engineer
Salam
مجموع سنوات الخبرة :4 years, 7 أشهر
• Administering splunk and splunk apps to include developing new/custom apps to perform specialized functionality.
• Integration of splunk with threat intelligence and XSOAR
• Performing maintenance and optimization of existing culstered splunk deployments
• Perform Static and dynamic malware analysis
• Conduct log analysis using splunk
• Leverages emerging threat intelligence using Recoded future threat intelligence platform (IOCs, Updated Rules etc.) to identify affected systems and the scope of the attack.
• Perform Vulnerability assessment and CIS audit scan using Tenable SC . Scan and monitor system vulnerabilities on servers and infrastructure devices using a Threat and Vulnerability security solution
• Leading high priority vulnerability assessments from start to finish, responsibilities included configuring Nessus, app detective and burp on production and non production jump boxes, scanning the clients environment (Windows/Linux servers, databases, and websites), troubleshooting with the client to resolve network and scan related issues, manually analyzing the results to remove false positives before creating and delivering a final report.
• Working on endpoint security cortex XDR and creating IOCs and alerts based on recent trends.
• Working with SOC(Security Operations Centre) Team To conduct security monitoring or investigations.
• Managed Splunk configuration files like inputs, props, transforms, and lookups.
• Created Splunk Search Processing Language (SPL) inquiries, made Reports, Alerts, and Dashboards and modified them.
• Helped in Integration of Splunk with Service now, maintaining Splunk Instance and Monitoring health of the Cluster.
• Giving awareness and review of relevant legislation and familiarity with working within EU and international legislative and regulatory frameworks (GDPR)
• Handling of SOPHOS EDR to evaluate and perform incident escalation in accordance with incident response procedures.
• Utilizes a ticketing system (Atlassian Jira) to handle incident management.
• Functional and technical assistance of Oracle Netsuite ERP and other SaaS applications (VM Ware Horizon, Insphire, Checkpoint, smartequip)
• Creates phishing campaigns specific to the current climate and business.
• Supports and manage operational activities in of the Incident Management Team for incident investigations.
• Managing information assurance assessment program (IAAP) to evaluate the health of the wing infosec IQ program.