Qatar
Cyber threat intelligence specialist with 6+ years across SOC operations, threat hunting, and malware reverse engineering. I've built and led a threat intelligence function end to end, and I focus on tracking adversaries, decomposing their tooling, and turning that insight into actionable defence. My background bridges two areas most analysts keep separate. I monitor and hunt across both OT/ICS and IT environments, and I'm GREM-certified in malware reverse engineering — meaning I don't just consume threat intelligence, I can produce it from the ground up by analysing adversary tooling and mapping TTPs to the MITRE ATT&CK framework. As a Threat Intelligence Lead, I established a CTI capability where none formally existed: defining its scope and processes, designing the intelligence platform architecture within Splunk, owning the intelligence flow across Recorded Future, VirusTotal and FS-ISAC, and producing reporting that translated deep technical findings into decisions non-technical stakeholders could act on. I also developed detection rules from threat hunting and intelligence findings, mapping adversary behaviour to ATT&CK to shift defence from reactive to proactive. I grew through five years in the same security ecosystem — from Tier I SOC analyst to Threat Intelligence Lead — and I now work in OT/ICS security for a critical-infrastructure energy environment, while expanding into cloud (Azure, Microsoft Defender). Core focus: Cyber Threat Intelligence · Malware Reverse Engineering · OT/ICS & IT Security · Threat Hunting · Detection Engineering · MITRE ATT&CK · Splunk · Google SecOps (Chronicle) · Incident Response
SOC analyst delivering managed security services to a major national energy operator (Critical National Infrastructure), contracted through Dell Technologies, within a 24/7 OT/IT environment. Focused on OT and IT threat monitoring, deep alert analysis, and threat hunting across industrial and enterprise networks. - Monitor and triage OT/ICS security alerts (Nozomi Networks sensors, engineering workstation telemetry) for a critical-infrastructure energy environment, performing deep-dive analysis and escalating confirmed threats to incident response. - Conduct hypothesis-driven threat hunting across IT and OT environments, proactively surfacing gaps in detection coverage. - Develop and refine detection rules based on threat hunting findings and identified coverage gaps, strengthening the SOC's monitoring capability. - Investigate threat intelligence reports on request — extracting and actioning IOCs to drive blocking and containment. - Operate across the IT–OT boundary, bridging traditional security monitoring with industrial control system environments in a high-criticality sector. - Working daily with Google SecOps (Chronicle), CrowdStrike EDR, Microsoft Defender and Netwrix; expanding into cloud security (Azure, Microsoft Defender).
Promoted to lead the organisation's threat intelligence function, owning the CTI capability end to end and building it from the ground up. - Established the threat intelligence function where none formally existed — defining its scope, processes and structure, and directing a rotating pool of SOC analysts in day-to-day intelligence operations. - Designed and built the threat intelligence platform within Splunk — defining the full logical architecture, correlation logic and intelligence-scoring methodology, with hands-on contribution to the supporting scripting. - Owned the intelligence flow and relationships across external platforms including Recorded Future, VirusTotal and FS-ISAC, managing all communication and intelligence vetting. - Authored threat intelligence reporting and led intelligence tracking during live incidents, feeding real-time context into incident response. - Developed detection rules from threat intelligence and threat hunting findings, mapping adversary TTPs to the MITRE ATT&CK framework to strengthen proactive defence. - Formalised a dedicated threat intelligence team in the final phase of the role, transitioning from ad-hoc analyst support to a structured function.
Cyber Security Analyst focused on threat detection, incident response and security operations across enterprise infrastructure. - Identified and analysed cyber threats across infrastructure, applications and data, conducting risk assessments and developing mitigation strategies. - Responded to and contained security incidents, analysing event logs and forensic data to determine root cause and prevent recurrence. - Worked hands-on with IDS/IPS, firewalls and endpoint security to maintain a secure network environment. - Developed and implemented security policies aligned with industry best practice and regulatory requirements. - Communicated technical risk to non-technical stakeholders, bridging security and business teams.
Senior SOC analyst in a dedicated MSSP team serving Ziraat Teknoloji, maturing detection processes and supporting early threat intelligence operations. - Reviewed and validated escalations from Tier I analysts, maturing investigation processes and improving alert-handling quality. - Built and refined SOAR automation playbooks in IBM Resilient, with hands-on contribution to supporting scripting. - Operated a rotating dual-track role — alternating weeks between Tier II SOC escalations and threat intelligence report analysis, forming the early foundation for my later TI specialism.
Entry-level SOC analyst in a 24/7 dedicated MSSP team serving Ziraat Teknoloji, building core detection and triage fundamentals. - Monitored and triaged security alerts on rotating shifts, investigating and escalating confirmed threats to Tier II. - Developed foundational skills in alert analysis, log review and incident escalation within a high-volume SOC.