Incident Response Strategy & Management: Drive and manage the strategy for incident response to cybersecurity events, ensuring timely remediation and effective resolution of offenses and incidents.SOC Coordination & Mentoring: Collaborate with SOC management to set milestones and timelines, while mentoring SOC analysts and coordinating with cross-functional teams for efficient incident response and investigations.SIEM Optimization & Monitoring: Perform proactive monitoring and optimize SIEM solutions (Elastic Stack, Wazuh), including log analysis, event correlation, and automated threat detection through SOAR playbooks.Policy Development & Threat Analysis: Define and implement cybersecurity incident response policies, conduct in-depth analysis of incidents, and disseminate threat intelligence advisories to enhance organizational security awareness.Tool Integration & Incident Handling: Oversee the integration of various security tools, including EDR and EPP, for comprehensive monitoring and investigation, ensuring a robust security posture and effective threat management.

Elastic SIEM Monitoring & Analysis: Expert in monitoring and analyzing logs on open-source Elastic SIEM solutions to detect and respond to potential threats and security incidents.Incident Detection & Response: Skilled in detecting, investigating, and triaging security incidents from diverse log sources, including Firewalls, WAFs, and endpoint protection solutions.Proactive Threat Hunting & Reporting: Conduct proactive threat-hunting exercises and analyze security posture, generating detailed reports for senior management to enhance cybersecurity strategies.SOC Collaboration & Mentoring: Collaborate with cross-functional teams and mentor SOC analysts to drive effective incident response and investigation, while developing and implementing cybersecurity policies and procedures.Dashboard Creation & Security Awareness: Create real-time monitoring dashboards and develop security awareness campaigns, ensuring continuous protection and informed decision-making across the organization.

IBM QRadar SIEM Administration: Expert in installing, upgrading, and patching QRadar SIEM systems, managing network hierarchy, user access, and system configurations.Cyber Security Event Management: Skilled in identifying, categorizing, and escalating security events, with a focus on threat monitoring and incident response.Custom Rule and Dashboard Configuration: Proficient in implementing and analyzing custom correlation rules, reports, and dashboards, and configuring app extensions like UBA, QDI, and Threat Intelligence.Log Source Integration and Management: Experienced in integrating and managing log sources using multiple protocols, including Win Collect for Windows Events.False Positive Tuning and Event Handling: Adept at tuning false positives, clearing event and flow buffers, and conducting long-term network activity investigations.