Aug 2024 – Present · 1 yr 9 mos · Greater London, England, United Kingdom · Hybrid

• Incident Response: Built IR processes and SOP-driven playbooks for Containment, Eradication, and Recovery; conducted proactive threat hunts to enhance security.
• Threat Detection and Intelligence: Enhanced threat detection by creating and fine-tuning EDR and CSPM rules. Analyzed 30+ intelligence reports, performed IoC/IoA scans, and developed 10+ advanced detection rules.
• System Hardening: Implemented macOS compliance and hardening measures using Jamf and CIS benchmarks.
• Policy Updates: Reviewed and updated password policies in alignment with the latest NIST standards.
• Security Assurance: Conducted Security Control Assurance tests to ensure tool effectiveness, maintaining the security posture.
• Vendor Coordination: Collaborated with MDR providers on service reviews, use case management, and issue remediation.
• Vulnerability Management: Identified and remediated vulnerabilities detected through tools like Wiz and Checkmarx SCA in partnership with developers.

Dec 2021 – Aug 2024 · 2 yrs 8 mos

• Lead a team of 20+, assigning tasks, managing resources, and developing SIEM integration guides & SOPs. Managed SIEM integration projects and SOC migrations, including planning, resource allocation, and skill development. Defined training paths, conducted training sessions, and improved team communication and troubleshooting via mock calls.
• Defined and tracked team KRAs, conducting quarterly performance reviews and providing improvement plans. Took on additional responsibilities, managed operations, and improved ticket queue hygiene. Used OKR tool Perdoo to increase productivity and customer satisfaction, while improving work quality and managing customer call bookings based on skill sets.
• Reduced troubleshooting time by 50% and false positive ticket volume by 70% through process improvements and checklist optimization.
• Integrated critical custom security controls into SIEM. Developed custom connectors using Python, VS Code, and Function Apps. Created lab manuals, KQL queries, and functions to parse raw log data for Azure Sentinel. Configured and deployed Log Analytics agent, and created analytics, automation rules, and playbooks. Fine-tuned scripts for custom log collection integrations.
• Designed a public event collection strategy using CA-signed SSL certificates to collect logs from multiple MSSP customers via HTTP Webhook and TLS Syslog.
• Supported Blue team efforts to reduce Mean Time to Detection (MTTx).

Jul 2019 – Dec 2021 · 2 yrs 5 mos

• Subject matter expert (SME) and Escalation point for the On-boarding Team.
• Established a public event collection strategy using CA Signed SSL certificates.
• Guided customers to identify important security controls and logs needed for successful detection and analysis of threats an helped configure security controls.
• Enabled log collection on MSSP cloud environment through HTTP, Webhook, and TLS Syslog.
• Worked with Various Security product vendors to understand types of logs and methods of integration for log collection and response and developed solution design documents.
• Deployed Event Collectors, Win-Collect and analysed logs and guided customers to set up correct Audit levels and recommended configuration.
• Developed over 50 custom parsers for custom integrations.
• Developed a comprehensive knowledge base for auditing levels essential for threat detection across various security controls.
• Proficiently troubleshooted log collection issues involving protocols such as Syslog, MS-EVEN6, HTTP, TLS Syslog, JDBC, Win-collect, SCP, FTP, SFTP, SNMP, eStreamer, AWS (S3, SQS, CloudWatch), Azure Event Hub, etc., and various scripts.

Jan 2019 – Jun 2019 · 5 mos

• Led Qradar/Logrhythm capacity planning and solution design, demonstrating expertise in EPS estimation, resource calculation, and Python scripting for log integration to SIEM.
• Developed custom queries, parers, and standard use cases.
• Created SOP for responding to incidents. Fine tuning rules to reduce false positives.
• Integrated Critical Security devices to SIEM platform, Troubleshooted log collection issues.

Aug 2017 – Dec 2018 · 1 yr 4 mos

• Successfully built SOC from the ground up for the QNB project (2017-2018), integrating security devices into SIEM solution.
• Developed detection processes, created rules, and implemented a RACI matrix.
• Performed health checks, monitored, and responded to alerts generated by security devices such as Palo Alto UTM, Imperva WAF, F5 ASM, Cisco ESA, Mcafee EPO, Arbor DOS protection along with Carbon Black Response Solution, banned hashes. Sweeping for IoCs and created triage alerts.
• Drove the incident through Incident Response lifecycle, provided RCA and created correlated rules based on the security layers at a place.

Jan 2016 – Aug 2017 · 1 yr 7 mos

• Demonstrated proficiency in GSOC operations with a specialization in Security Information and Event Management (SIEM) platforms such as Logrhythm and NetIQ Sentinel.
• Applied skills in managing and configuring Cisco Intrusion Prevention System (IPS) and Intrusion Detection System (IDS) for comprehensive network security monitoring and threat detection.
• Leveraged expertise in Web Application Firewall (WAF) management to ensure robust protection against web-based attacks and vulnerabilities.
• Proficiently managed firewalls, including PaloAlto, SonicWall, and Fortigate, to secure network infrastructure and enforce access control policies.
• Applied knowledge of Carbon Black Endpoint Detection and Response (EDR) for advanced threat detection and response on endpoints.
• Demonstrated expertise in log management, analysis, and correlation using SIEM solutions to promptly identify and respond to security incidents.
• Played a key role in incident response, collaborating with cross-functional teams to efficiently mitigate and remediate security breaches and vulnerabilities.
• Possessed a strong understanding of network security principles and best practices, implementing proactive measures to safeguard networks from external threats.
• Proficiently analyzed security logs, conducted forensic investigations, and performed vulnerability assessments to identify and address potential risks.
• Executed the creation and fine-tuning of security policies and rulesets for IPS/IDS, WAF, and firewalls, ensuring effective protection.
• Applied knowledge in security incident handling, including incident classification, escalation, and meticulous documentation.
• Stayed well-versed in threat intelligence analysis, leveraging industry reports and feeds to remain updated on emerging threats and vulnerabilities.
• Maintained dedication to continuous learning and professional development, staying abreast of the evolving landscape of cybersecurity technologies and practices.

Jun 2015 – Dec 2015 · 6 mos · Cyber City, Magarpatta. · On-site

• Handled customer calls from various countries as a representative for a bank, providing excellent customer service and addressing their inquiries and concerns.
• Troubleshoot end-user issues related to PC, including connectivity problems such as VPN and LAN connectivity issues.
• Assisted users with user account administration, including password resets, account unlocking, and access permissions.
• Provided application support, guiding users through the usage of banking applications and resolving any related issues they encountered.
• Demonstrated strong troubleshooting skills to identify the root causes of technical problems and implement effective solutions.