Dubai, United Arab Emirates
Cybersecurity Security Analyst with extensive experience in proactive threat detection, incident response, and vulnerability management. Adept at investigating and mitigating security incidents across various vectors, including EDR detections and email security alerts. Proficient in configuring WAFs and application control policies to safeguard web applications and endpoints.
• Leading and managing end-to-end SOC functions, overseeing a team of analysts to ensure effective threat monitoring, incident response, and continuous security posture improvement • Performing SIEM platform migration and Lift-and-Shift initiatives for seamless operational transition and minimal downtime • Developing and maintaining SOC content, including custom use cases, alert tuning, and comprehensive playbooks/runbooks to standardize incident response workflows. • Conducting detailed phishing investigations, malware sandboxing, and root cause analysis (RCA) for complex threats to ensure timely and accurate incident resolution. • Reviewing and validating L1 incident escalations, performing in-depth alert analysis, and ensuring accurate threat classification and response actions. • Monitoring security logs, network traffic, and endpoint activity to detect anomalies, identify risks, and escalate incidents. • Onboarding critical log sources into IBM QRadar SIEM, performing regular health checks, and ensuring proper parsing and normalization for effective threat detection. • Executing proactive threat hunting using threat intelligence to identify emerging threats. • Conducted vulnerability assessments and provided actionable recommendations to mitigate risks from emerging and known threats. • Preparing and presenting weekly, monthly, and quarterly reports to internal stakeholders and clients, highlighting SOC performance, incident trends, and key operational metrics. • Designing and implementing use cases based on real-world incident scenarios to enhance SOC effectiveness and align with frameworks such as MITRE ATT&CK and NIST.
• Proactive monitoring of system logs and network traffic for anomalies using advanced SIEM platforms • Conducted in-depth analysis of flagged threats, validating true positive security incidents and minimizing false positives to enhance system reliability and incident response accuracy • Streamlined SIEM functionality by onboarding diverse log sources and developing custom use cases • Performed comprehensive vulnerability assessments, identifying potential system weaknesses and delivering actionable insights to mitigate risks of exploitation by emerging and known threats • Investigated and resolved EDR detections, performing root cause analysis to isolate security incidents and implementing containment measures that reduce the risk of reoccurrence • Analyzed and responded to email security alerts triggered by email security gateways, successfully thwarting phishing and other email-based attacks • Configured and optimized Cloudflare WAF, implementing policies to block, whitelist, or allow traffic, enhancing the security of web applications
• Performed real-time monitoring of network devices and system logs in a Security Operations Center, ensuring timely detection of potential security threats and anomalies • Led investigations into security incidents, coordinating with cross-functional teams to remediate issues, ensuring thorough tracking and timely incident closure with all stakeholders • Handled user-reported spam and phishing emails, conducting detailed analysis and taking necessary actions to safeguard systems from potential email-based attacks • Generated and managed incident tickets, validating security events, ensuring accurate documentation, and driving resolution through active coordination with internal teams • Assisted in root cause analysis (RCA) for security incidents, working with subject matter experts (SMEs) to implement lasting solutions and prevent recurrence of issues • Supported the SOC team lead in generating detailed weekly reports, providing insights into incident trends, performance metrics, and areas for improvement.
• Provided comprehensive end-user support for technical issues across Windows, Mac, and Linux platforms • Managed incident tickets through ServiceNow and TSRM, prioritizing, tracking, and resolving technical issues to meet service-level agreements • Configured and supported IBM Wireless, Mobility Client (VPN), and Cisco AnyConnect, enabling secure and seamless remote access for users across the organization • Installed and managed the MaaS360 MDM solution, ensuring mobile devices were secure and compliant with corporate policies • Delivered on-site technical support to digital investigators during forensic investigations • Provided dedicated IT support to senior executives, addressing their unique technology needs promptly and effectively • Trained new employees on IBM standard applications, ensuring they were well-versed in company tools and processes, promoting smooth onboarding and productivity • Coordinated with external vendors for hardware replacement and upgrades, managing hardware lifecycle and ensuring timely resolution of hardware issues.
• Provided expert technical support to internal users, troubleshooting and resolving hardware, software, and network-related issues • Managed and deployed security patches, ensuring all workstations remained up to date with the latest security updates and compliance with organizational security standards • Collaborated with the security team to investigate and resolve virus and malware incidents, mitigating potential threats and enhancing the organization's cybersecurity posture • Installed and configured critical applications.