• Developed and tested SIEM & EDR Platform threat detection rules for enhanced security measures.• Created and tested SIEM strategies to address identified security gaps.• Designed and validated SOAR playbooks and runbooks for improved incident response.• Implemented EDR TTP based use cases to strengthen threat detection capabilities.

Serving as a SOC consultant for the following services:- Identification of Detection Gaps in current security posture- SOC detection gap identifications & recommendations for appropriate security controls- Detection Engineering Use Cases- SIEM Strategies/Use Case Creation & Testing for identified security gaps- SOC Use Cases & Run books creation and maturity validation- EDR TTP based use case creation and validation

Client: Saudi Authority for Data and Artificial Intelligence (SADAIA)1. Review and analyze IS Incidents to identify those that pose a significant risk to the client and its affiliates, and escalating those IS Incidents in accordance with client policy and procedures.2. Track follow-up documentation related to an IS Incident, including Root Cause Analyses (RCAs), Lessons Learned and SIRT Remediation Plans throughout the incident lifecycle till closure.3. Provide technical subject matter expertise to mitigating risk to impacted parties throughout an incident.4. Review and verifying the accuracy of the reported severity level of an incident.5. Review the details of all reported incidents to determine whether they constitute an IS Incident.6. Review and report on indicators/metrics and take action as necessary where any business appears to be operating, or to be at risk of operating, outside the established risk appetite.

Client: National Information Center (MOI-NIC)Key Responsibilities:1. Incident validation and prioritization: Assess potential business impactDetermine which incidents are likely to pose a risk to the enterprise and prioritize those with the highest potential for negative impact on the business.2. Incident analysis: Reverse engineer attacks.Answer who/what/why/when/how questions about attacks. Determine if attacks are still in progressand identify their effects.3. Containment and remediation: Stop the bleeding and eliminate vulnerabilities.4. Hunt missions: Proactively uncover hidden attacksUncover previously undiscovered attacks related to current incidents or to threats targeting the enterprise’s industry, geographical locations, applications etc.Additional Job Responsibilities: - Deep understanding of layered security and defense in depth: Network, Host/Endpoint and Application level in an enterprise environment, also responsible for mentoring L1 SOC analysts regarding the aforementioned concepts.- Raw and Log Data Analysis from disparate data sources such as Windows event logs, FireEye eMPS & NX, Juniper Netscreen, Cisco ASA & PIX, Palo Alto, Forcepoint Websense Mail & Internet Gateway, F5 ASM & APM, Bit9 logs. (Does NOT include Device Administration)- IOC hunting based on network and endpoint host data using HP ArcSight SIEM.- Anomaly Detection using Network and Endpoint Forensics.- Intrusion detection using manual and correlation-based event data- Handling delegated shift responsibilities and creation of weekly and monthly threat reports.Achievements:1. Worked on early detection and isolation of Mirai Botnet attack and the use of TCP port 7547 as a scan port for payload delivery to vulnerable devices.2. Successfully contained Petya/Petwrap ransom-ware attack 7 days earlier to the global outbreak using log data and mutex markers contained within the malicious DLL file delivered through poisoned HTTP update.

• Conducted continuous network monitoring in a 24/7 environment using AlientVault USM and SecurityOnion.• Detected network intrusions and anomalies through NSM activities leveraging threat intel from various sources.• Responded to cyber security incidents and analyzed forensic artifacts from compromised machines.

• Developed security protocols for computing networks based on best practices.• Designed and improved network architectures for secure operations.• Analyzed organizational computing setups to meet security needs.