Assistant Security Engineer
- Provide 2nd Tier support on Managed Security Services based on Splunk SIEM > Regularly analyse security incidents and advise on remediation > Develop and fine-tune Splunk detection rules > Onboard Splunk data by adding log sources encrypted by TLS > Customized and published ~36 monthly reports via editing HTML, reduced report editing time of SOC team by 30% with a CSS script for automated page breaks on HTML print outs- Directed the deployment of SentinelOne EDR & Darktrace IPS from POC to production > Trained SOC team members to use SentinelOne via meeting, and wrote internal operation guide on SentinelOne with a colleague > Deployed >350 EDR agents across AD using Group Policy, applied Tokens via MSI Transforms to pre-configure Endpoint groupings according to their department > Hosted introductory meetings, and supported customers on all EDR & IPS related queries for 6 months- Deployed and Configured an IPS (Darktrace) with Cisco Switch that mirrors traffic > Wrote documentation on how to configure the Darktrace appliance and the Cisco Switch > Fine-tune the models in DarktraceRelated Products (sorted by relevance): SIEM - SplunkEDR - SentinelOne, Sangfor, Check Point HarmonyIDS - DarkTraceVMWare ESXi/vSphere & ConverterShell language - rsyslog-gnutls, Cisco CLI, FortiGate CLI, Ubuntu