كلما زادت طلبات التقديم التي ترسلينها، زادت فرصك في الحصول على وظيفة!

إليك لمحة عن معدل نشاط الباحثات عن عمل خلال الشهر الماضي:

عدد الفرص التي تم تصفحها

عدد الطلبات التي تم تقديمها

استمري في التصفح والتقديم لزيادة فرصك في الحصول على وظيفة!

هل تبحثين عن جهات توظيف لها سجل مثبت في دعم وتمكين النساء؟

اضغطي هنا لاكتشاف الفرص المتاحة الآن!
نُقدّر رأيكِ

ندعوكِ للمشاركة في استطلاع مصمّم لمساعدة الباحثين على فهم أفضل الطرق لربط الباحثات عن عمل بالوظائف التي يبحثن عنها.

هل ترغبين في المشاركة؟

في حال تم اختياركِ، سنتواصل معكِ عبر البريد الإلكتروني لتزويدكِ بالتفاصيل والتعليمات الخاصة بالمشاركة.

ستحصلين على مبلغ 7 دولارات مقابل إجابتك على الاستطلاع.


تم إلغاء حظر المستخدم بنجاح
شكراً لك، تم إرسال بلاغك وسيتم مراجعته قريباً.
Youssef Kharoufi, SOC Analyst

Youssef Kharoufi

SOC Analyst·RTL Belgium,

قطر

ماجستير, Cybersecurity

الخبرة العملية

مجموع سنوات الخبرة: 6 سنوات, 4 أشهر

SOC Analyst

يونيو 2024 - أبريل 2026

RTL Belgium,

Brussels، بلجيكا هجين

يونيو 2024 - أبريل 2026

• Investigated a high-severity alert in Splunk related to abnormal file activity on a user workstation, identifying patterns consistent with ransomware behavior.
• Analyzed Sysmon logs to detect a high volume of file modifications and renaming within a short timeframe, indicating potential mass encryption activity.
• Correlated process creation events to identify a suspicious process responsible for modifying multiple files and generating new file extensions.
• Cross-analyzed alerts from CrowdStrike EDR, identifying a malicious process chain initiated from a user-downloaded file leading to file encryption.
• Detected defense evasion techniques, including attempts to disable security tools and delete shadow copies, commonly associated with ransomware attacks.
• Isolated the compromised endpoint via CrowdStrike to prevent lateral movement and further impact across the network.
• Collected and analyzed indicators of compromise (IOCs) to support incident response and containment efforts.
• Contributed to improving detection capabilities by implementing SIEM rules based on abnormal file modification rates and execution from suspicious paths.

مجال الشركة:
الإنتاج الإعلامي
الدور الوظيفي:
تكنولوجيا المعلومات

SOC Analyst

يناير 2022 - يناير 2024

Amexio (client Pratt & Whiteney)

Montreal، كندا هجين

يناير 2022 - يناير 2024

• Performed a SOC investigation using Sysmon logs ingested into Splunk to detect and reconstruct a system compromise.
• Leveraged Sysmon EventCodes to analyze malicious activity, including file creation events (EventCode 11), process execution in memory (EventCode 1), outbound network connections (EventCode 3), and process termination events (EventCode 5).
• Correlated multiple log sources to identify the malicious process responsible for the infection, analyze command-line execution, process paths, parent-child relationships, and cryptographic hashes.
• Validated file hashes using VirusTotal to confirm malicious behavior and identified the cloud-based distribution method.
• Analyzed defense evasion techniques such as timestomping, tracked dropped files on disk, and identified network activity related to an UltraVNC backdoor.

مجال الشركة:
خدمات دعم الطيران
الدور الوظيفي:
الهندسة الميكانيكية

Cybersecurity Analyst

سبتمبر 2020 - أبريل 2021

Planning and Statistics Authority : PSA

الدوحة، قطر

سبتمبر 2020 - أبريل 2021

Mission 1 :
• Analysis and investigation of alerts generated by Splunk based on Windows Security logs within a critical environment.
• Detection of suspicious activity characterized by multiple failed authentication attempts (Event ID 4625) followed by a successful logon (Event ID 4624 - Logon Type 3) on a sensitive internal server.
• Review of assigned privileges via Event ID 4672 to identify potential privilege escalation.
• Examination of process creation events (Event ID 4688) to detect abnormal behavior.
• Correlation with Sysmon logs enabling the detection of wmic.exe execution followed by remote execution of cmd.exe.
• Analysis of parent-child process relationships revealing unusual PowerShell-initiated execution.
• Identification of a lateral movement pattern originating from a user workstation previously involved in a security alert.
• Performed MITRE ATT&CK mapping.
• Escalated the incident, disabled the compromised account, and contributed to improving SIEM correlation rules.
Mission 2 :
• Performed browser forensic analysis as part of incident response and digital investigations to reconstruct user activity. Analyzed Google Chrome artifacts located in AppData\Local\Google\Chrome\User Data\Default, including browsing history, downloads, extensions, and user preferences.
• Examined Chrome SQLite databases using DB Browser for SQLite, focusing on the urls and visits tables.
• Analyzed visited URLs, visit frequency, timestamps, and page titles to identify browsing behavior.
• Interpreted the transition field to determine how websites were accessed (link clicks, manual URL entry, searches, redirects) and leveraged the visit_duration field to assess time spent on webpages, enabling detailed reconstruction of user navigation during investigations.
• Supported threat hunting activities by identifying attacker techniques that bypassed existing SIEM rules and proposing new detection logic.
• Documented attack scenarios, detection gaps, and recommendations to improve SOC alerting and incident response workflows.

مجال الشركة:
المنظمات غير الربحية
الدور الوظيفي:
تكنولوجيا المعلومات

SOC Analyst (School Final Project)

فبراير 2020 - أغسطس 2020

La Banque Postale,

Toulouse، فرنسا

فبراير 2020 - أغسطس 2020

• Conducted Windows forensic investigations following simulated attacks using Atomic Red Team (ART) to assess system impact and attacker activity.
• Executed controlled attack scenarios using scripts and executables, then collected forensic artifacts with KAPE (Kroll Artifact Parser and Extractor).
• Configured Target Options for artifact acquisition (file system, registry hives, event logs, execution artifacts) and used Modules for parsing and analysis.
• Performed in-depth NTFS analysis focusing on $MFT (Master File Table) and USN Journal ($J) artifacts to reconstruct event timelines using MACB timestamps (Modified, Accessed, Changed, Birth).
• Leveraged MFTECmd and Timeline Explorer (Eric Zimmerman) to identify file creation, modification, deletion events, and file overwriting behavior linked to ART attack activity.
• Supported threat hunting activities by identifying attacker techniques that bypassed existing SIEM rules and proposing new detection logic.
• Documented attack scenarios, detection gaps, and recommendations to improve SOC alerting and incident response workflows.

مجال الشركة:
البنوك
الدور الوظيفي:
البنوك

Cybersecurity Analyst Intern

يناير 2017 - يناير 2018

National Telecommunications Regulatory Agency (ANRT),

الرباط، المغرب

يناير 2017 - يناير 2018

• Conducted in-depth Windows Registry forensic analysis to identify user
activity, persistence mechanisms, and evidence of execution.
• Loaded and analyzed primary registry hives (SAM, SECURITY, SOFTWARE,
SYSTEM, NTUSER.dat, UsrClass.dat) collected via KAPE using Registry
Explorer.
• Used RegRipper to automate the extraction and parsing of registry
artifacts, performing targeted keyword-based analysis (TaskCache, Run
keys, Services). Investigated persistence keys such as Run Keys, Windows
Services, and Scheduled Tasks to detect automatic execution of malicious
scripts or programs.
• Analyzed additional artifacts including Prefetch, UserAssist, RecentDocs,
ShellBags, BAM (Background Activity Monitor), and ShimCache to
reconstruct execution history, user activity, and interactions with the file
system and external devices.
• Correlated forensic findings with SIEM alerts and endpoint telemetry to
validate indicators of compromise (IOCs).
• Contributed to threat hunting activities by identifying persistence
techniques often missed by automated detections.

مجال الشركة:
مكاتب إدارة الشركات

Cybersecurity Analyst Intern

يناير 2017 - يناير 2017

Libération Journal,

الدار البيضاء، المغرب

يناير 2017 - يناير 2017

• Performed comprehensive analysis of suspicious emails to identify
phishing campaigns and impersonation attempts. Conducted detailed
examination of email headers (.eml) to trace message routing via SMTP,
IMAP, and POP3 protocols, and analyzed interactions between MUA and
MTA.
• Verified SPF, DKIM, and DMARC authentication mechanisms using DNS
queries (nslookup) to detect inconsistencies, spoofed domains,
unauthorized IP addresses, and invalid DKIM signatures.
• Identified advanced techniques such as domain spoofing, lookalike
domains, and compromised accounts. Analyzed malicious attachments by
calculating SHA-256 hashes and submitting them to threat intelligence
platforms such as VirusTotal, ANY.RUN, and tri.age to assess file behavior
and risk level.
• Cybersecurity awareness initiatives:
◦ Implemented a cybersecurity awareness platform
◦ Conducted phishing simulation campaigns
◦ Performed USB drop attack simulations

مجال الشركة:
الصحافة

التعليم

IMT Nord Europe

أغسطس 2020

أغسطس 2020

ماجستير، Cybersecurity

فرنسا

Lycée René Descartes

يوليو 2014

يوليو 2014

بكالوريوس، Applied Mathematics

المغرب

Skills

SOAR

Expert

Crowdstrike

Expert

Incident response

Expert

CYBER THREAT HUNTING

Expert

SECURITY INFORMATION AND EVENT MANAGEMENT SIEM

Expert

SNORT INTRUSION DETECTION SYSTEM

Expert

SPLUNK

Expert

Microsoft Defender for Endpoint

Intermediate

اللغات

الفرنسية

اللغة الأم

الانجليزية

متمرّس

الاسبانية

متوسط

العربية

اللغة الأم

التدريب و الشهادات

الشهادات
CompTIA Security

الهوايات والاهتمامات

One Piece…
Attack On Titan,
Mangas and animés from Japan (Naruto, Dragon Ball,
Drawing.
Soccer (Real Madrid, Toulouse FC).
Karting.