Sr.DFIR Consultant
Confidential -Government
Total years of experience :9 years, 11 Months
Serve as subject matter expert in incident response and digital forensics.
• Perform complex incident response technical analysis and develop technical conclusions based on analysis of evidence; review analysis and conclusions of other consultants.
• Document findings, develop incident response remediation recommendations, and present both orally and in written reports to management.
• Conduct in-house assessments to respond to incidents, including designing and delivering incident response exercises to test in-house incident response plans; review the assessments of other consultants
• Design and deliver incident response exercises to test In-house incident response plans; oversee the delivery of exercises by other consultants
• Mentor junior staff
Serve as subject matter expert in incident response and digital forensics.
Perform complex incident response technical analysis and develop
technical conclusions based on analysis of evidence; review analysis and
conclusions of other consultants.
Document findings, develop incident response remediation
recommendations, and present both orally and in written reports to
management.
Conduct in-house assessments to respond to incidents, including
designing and delivering incident response exercises to test in-house
incident response plans; review the assessments of other consultants
Design and deliver incident response exercises to test In-house incident
response plans; oversee the delivery of exercises by other consultants
Mentor junior staf
Provide support in the detection, response, mitigation, and reporting of cyber threats
affecting client networks
▪ Maintain an understanding of the current vulnerabilities, response, and mitigation
strategies used in cyber security operations
▪ Produce reports and briefs to provide an accurate depiction of the current threat landscape
and associated risk. This is accomplished through the use of customer, community, and
open-source reporting
▪ Provide analysis of correlated information sources
▪ Facilitate the customer's posturing itself to aggressively investigate cyber activity targeting
customer and client information and its information infrastructure
▪ Assist the customer training department in the education of staff on the cyber threat
▪ Liaison with other agency cyber threat analysis entities, such as intra-agency and interagency Cyber Threat Working Groups
▪ Maintaining proficiency in the use and production of visualization charts, link analysis
diagrams, and database queries
▪ Analyze and report cyber threats as well as assist in deterring, identifying, monitoring,
investigating and analyzing computer network intrusions.
▪ Additional duties may include providing intrusion support to high-technology investigations
in the form of computer evidence seizure, computer forensic analysis, data recovery, and
network assessments by providing support to the malware, forensics, and mitigation
teams.
Sr.SOC Analyst in Qatar National bank as Resident Engineer from SI Cyber
RESPONSIBILITIES
Perform Forensics Investigations on different clients.
Threat hunting proactive /Post-Active by using Recorded future and Carbon black threat feeds.
Develop SOPs after incident response handling and mitigating risk.
Familiarity with forensic artifacts typically found on Windows and Linux operating systems
Knowledge of proper forensic investigation techniques when working with compromised system images or files
Global mind-set for working with different cultures and backgrounds
Strong knowledge of policies and procedures regarding chain of custody practice
Investigate events on L3 level on daily basis.
Reporting SOC activities on Daily, weekly, Monthly basis to clients.
Incidents Response investigations on day to day tasks.
Use cases development and fine-tune SIEM rules accordingly.
Threat hunting by performing deep level analysis by correlating different feeds.
Risk Assessment on infrastructure and take steps to minimize risk factor.
Malware Analysis dynamic as well as static.
Achievements:
- Performed successful Digital Forensics and Incident Response on Various bank clients and created Forensics reports.
- Created Taxonomy for SIEM co relation Rules.
- Perform IR Activities on compromise systems to mitigate infection.
Oct 2018 to Date
- Created threat advisories by reverse engineering malware samples and find IOCs and kill switchs.
Management of Operations staff, including resourcing, mentoring, and
career development.
- Actively involve in DFIR engagement for local KSA clients and international
clients.
- Actively involve clients directly to understand the infrastructure and
provide the best security posture and recommendations.
- Supervise multiple projects. DFIR LAB, SOAR, Advance Threat hunting
service, VAPT activities. New clients POCs.
- Responsible for interviewing, selecting, and developing Associates
- Threat hunting by performing deep-level analysis by correlating different
feeds.
Monitor, triage, and prioritize events, alerts using EDR. Investigate events, alerts, and tips to determine if an incident has occurred Investigate network traffic for potential security incidents using Sensor data, Packet captures (occasional) Coordinate the response for confirmed security incidents, to include efforts to contain, remediate, recover, and prevent Escalate to Enterprise Network Defense Analysts for more complex, deep, or lengthy investigations. Maintain situational awareness and keep current with cybersecurity news and threat actor Tactics, Techniques, and Procedures (TTPs) Document investigations using tickets, incident reports, etc. Support the production of effective situational awareness products with relevant metrics and visualizations for key constituents and leadership
RESPONSIBILITIES
Conduct POC’s and deployment of Alien Vault SIEM solutions for clients
Administer, develop, and troubleshoot in-house SIEM solution
Perform security event monitoring and log analysis
Perform incident response for clients
Develop process and procedures
Achievements: Performed IR activity and actively looking for the infected machines on the Shamoon, WannaCry Ransomware outbreak. Root analysis has been performed and found kill switches and Created watch-lists and rules for Shamoon, WannaCry and Petya Ransomware for multiple clients. Contained and performed IR with DFIR team.
Performed Incident Response Activates on multiple Clients as per requirement.
Conduct POC’s and deployment of Alien Vault SIEM solutions for clients
Administer, develop, and troubleshoot in-house SIEM solution
Perform security event monitoring and log analysis
Perform incident response for clients
Develop process and procedures
Achievements: Performed IR activity and actively looking for the infected machines on the Shamoon, WannaCry Ransomware outbreak. Root analysis has been performed and found kill switches and Created watch-lists and rules for Shamoon, WannaCry and Petya Ransomware for multiple clients. Contained and performed IR with DFIR team.
Performed Incident Response Activates on multiple Clients as per requirement.
Saudi Aramco Project:
Incident Response Analyst at KAPSARC Saudi Armco, Riyadh KSA April, 2017 - Oct 2018
RESPONSIBILITIES
Security events monitoring using SIEM
Performed Incident response activities.
Log analysis of OS, network, applications and security technologies
Participate in Incident response activities
Perform vulnerability assessment of servers and applications
Perform basic malware analysis
Develop monitoring and IR documentation
Achievements:
Performed root cause malware analysis on various incidents.
Performed vulnerability assessment and Red teaming activity to identify various security loopholes in Infra.
Identified Non reporting devices and updated with latest version of SIEM agents.
RESPONSIBILITIES
Penetration of web applications for various clients
Develop reports and present findings to clients
Technical documentation
Detecting Network Intrusions and anomalies leveraging Intel Threats from various sources.
Writing Bro scripts & task automation using Python.
Reviewing security configurations and conducting vulnerability assessments.
Forensics, Incidence Response and Malware Analysis.
Vulnerability assessment of network, servers, and applications
Penetration testing
Develop scripts to automate tasks
PCI SCADA Security testing.
Wireless Hacking.
War Driving
RED Teaming Activities
Worked on a customized honeypot project
Penetration testing of in-house developed applications
Bachelors in Computer Science
URL removed due to policy violation. Please contact support for further information.