HB

Hassan Banna

available

Last update: 06.09.2022

SIEM/SOC Consultant

Graduation: BE in Electronics and Telecommunication
Hourly-/Daily rates: show
Languages: English (Full Professional)

Keywords

Computer Security Elasticsearch Security Information and Event Management

Attachments

Hassan Ul Banna_Lead Consultant_Level 3__Security Operations Centre_ArcSight Certified_CEH Certified.pdf
Hassan Ul Banna_cover letter.pdf

Skills

Cyber Security, SIEM,  ArcSight,Elastic Search,SOC,Threat Hunting,Threat Intelligence,SIEM Integrations

Project history

02/2018 - Present
Lead Consultant - Cyber Security
Infosys Ltd (Internet and Information Technology, >10.000 employees)

-Managing ArcSight Infrastructure for a retail client.
-Designing and Implementing on boarding of various types log sources into SIEM infrastructure.
-Upgrading, patching all components of ArcSight (ArcMc, Logger, ESM).
-Upgraded ArcMc from 2.61 to 2.81.
-Upgraded logger from 6.4 to 6.61.
-Implemented ADP license across the loggers and ArcMc.
-Monthly back up of ESM.
-Implemented ArcSight HA.
-Designed custom pre filtering for connectors so as to control the ingestion for maintenance of ADP license.
-Created JSON , Regex , Flex connector for integration of unsupported log source.
-Integrated Cloud based application using Rest API flex agent.
-End to end responsibility of integrating any new log source, from designing, hardware and creating use cases for SOC.
-Developed scripts using Python to download Threat Intel feeds for SIEM.
-Integrated TI like Recorded Future/MISP/Kaspersky TI with SIEM.
-Managed projects so as to bring complete data centre into monitoring scope.
-Dealing with stakeholders, discussing resources needs and requirement and aligning the setup with organization cyber security guidelines.
-Managing SOC team content/use cases, preparing documents, training modules and mentoring the SOC team for any new threats/attack vectors.
-Creating use cases in SIEM to meet compliance and servers for threat hunting purpose as well.
-Leverage various open source security frameworks and white papers to reorganize threat hunting and monitoring procedures.
-Organize open forums for suggestions and recommendations for building use cases from multiple internal teams.
-Learning from threat intelligence sources and security vendors’ blogs to automate the incident response so as to minimize the notification and remediation gaps within the incident response approach.
-Organize technical training for analyst teams to understand the latest attacks and breaches and how to correlate the learning and improve the monitoring approach.


09/2017 - 12/2017
ArcSight Consultant
Halian International (Internet and Information Technology, 5000-10.000 employees)

Job Responsibilities:

Worked as ArcSight Consultant for a Telecom client in Riyadh, KSA of Symantec
* Administration and maintenance of ArcSight components (ESM, 8 loggers and 2 ArcMc)
* Integrated Kaspersky Threat Intelligence Feeds with ESM.
* Developed flex connectors for the telecomm application.
* Integrated Exchange Message tracking.
* Developed use cases based on CSIRT recommendations.
* Created high level process for network modelling to be implemented for ArcSight.

12/2015 - 09/2017
Associate - Cyber Security- ArcSight Engineer
Duetsche Bank Group (Banks and financial services, >10.000 employees)

Job Responsibilities:

Worked as Associate - Cyber Security- ArcSight Engineer

* Part of the ArcSight Engineering Team responsible for availability of ArcSight Infrastructure.
* On boarding different technologies to ArcSight Infrastructure.
* Upgraded ArcSight from 6.5 to 6.9.1 c.
* Coordinating with SOC Team for content creation.
* Troubleshooting any issues with ArcSight Managers and connectors.
* Creation on Trends and Report for stakeholders presenting security posture.
* Administration of ArcMC.
* Migration of connectors from 32 bits to 64 bits.
* Created backup procedure for CoRRE.

08/2013 - 11/2015
Consultant L3 Senior Security Analyst
System Plus Technologies (Internet and Information Technology, 5000-10.000 employees)

Job Responsibilities:

Worked as Consultant L3 Senior Security Analyst for the SOC team of one of the retail of U.S.

* Understanding requirements and designing Use Cases.
* Development of ArcSight interface content as needed (Dashboards, Data Monitors, Active Channels,
Rules, Filters, Reports, etc.)
* Managing connector appliances, onboard connectors and software connectors.
* Administration od SIEM Sumo Logic.
* Administration of Tripwire CCM.
* Configuring compliance scans in Tripwire for retail stores as per PCI requirements.
* Configuring compliance scans in Tripwire for discovery of hosts.
* Configuring scans in Tripwire to get asset information such as OS, Registry keys, Hardware etc.
* Configuring various alerts (syslog, email, console ) in Tripwire for property change . compliance scan
completion, system health events.
* Integrating all the alerts in Tripwire with existing SIEM platforms.
* Creating quarterly and annual metrics for management.
* Handling a team of 10 L1 and 2 L2 Team Members in a 24*7 SOC environment.
* Training team members on new threats and remediation.
* Conducting session on multiple security topics in order to enhance the team skill set.

02/2013 - 08/2013
Senior Executive (NOC)
Vodafone India (Telecommunications, >10.000 employees)

Job Responsibilities:

Worked as Senior Executive (NOC) for the security team.

* Taking actions on daily security incidents identified in ArcSight SIEM tool, daily security dashboards and
maintaining of security incident tracker.
* Tuning of raw event to minimize false positive, installation & configurations of Smart Connectors,
connector version up-gradation, addition of new devices in ArcSight, filtration of product type/event
type/vendor at Smart Connector & Logger level.
* Involvement with TACs like Juniper, Fortigate, HP ArcSight for hardware/software issues and taking
corrective actions by up-grading software/platform versions, hardware replacement to maintain
maximum uptime and secure environment.
* Intimation to server, network team for any latest vulnerability identified by CERT-India.

06/2009 - 02/2013
Project Engineer - Senior Security Analyst
Wipro Technologies (Internet and Information Technology, >10.000 employees)

Job Responsibilities:

Worked as Project Engineer - Senior Security Analyst in SOC for Wipro Pune.

* Senior Security Analyst for a retail client U.S.A analyzing Global Security Operations from offshore center in
Pune, Chennai and Bangalore India.
* Participate in the creation of security documents and operation Management.
* Onboarding multiple platforms to ArcSight Infrastructure.
* Creating correlation Rules and filter for the events that are generated in ArcSight Console on the basis of
severity and priority of the events.
* Understanding and applying PCI compliance using FIM tool such as Tripwire for corporate and retail file
integrity management.
* Antivirus Management using McAfee EPO.
* Creating policies on McAfee EPO based on client requirements and preparing compliance report of
Antivirus globally and regionally.
* Managing Microsoft ISA proxy.
* Publishing websites and load balancing of the same on ISA.
* Maintaining and managing configuration on Checkpoint Firewall, SSL VPN etc.

Local Availability

Only available in these countries: India
I'm looking for abroad opportunity as well apart from working as freelancer . But for abroad opportunity would require visa sponsorships
Profileimage by Hassan Banna SIEM/SOC Consultant from SIEM/SOC Consultant
Register