SOC Analyst and consultant
ACCOR.
Keywords
Skills
Splunk, amélioration continue, sensor, SIEM, malware, Cyber security, PCI-DSS, ArcSight, Elasticsearch, AlienVault, Helix, Siemplify, FireEye Security Orchestrator, CISCO SecureX Orchestration, IBM Resilient, EDR/XDR, CrowdStrike, FireEye, Symantec, InsightVM (Rapid7), Qualys, Tenable.sc, Nmap, Wireshark, Metasploit, Nessus, Burp Suite, Volatility, Autopsy, Redline, Snort, MISP, Programming, C, Bash, Python, Web Development, HTML5, CSS3, JavaScript, PHP, WordPress, Django, Flask, Windows et Linux, Cloud : Azure & Office 365
Project history
06/2021
-
12/2021
Tasks: - Digital forensics, incident response and threat hunting
- Incident response procedures and reflex cards creation
- Playbooks development to reduce detection and analysis time
- SIEM solutions evaluation through conducting POCs
- FireEye Endpoint Security MCO (Hosts management, upgrade & policies creation)
- Detection rules implementation and improvement
- Advanced security dashboards and reports building
- Threat intelligence feeds analysis
- Daily meetings conduct and activity reporting
- Incident response procedures and reflex cards creation
- Playbooks development to reduce detection and analysis time
- SIEM solutions evaluation through conducting POCs
- FireEye Endpoint Security MCO (Hosts management, upgrade & policies creation)
- Detection rules implementation and improvement
- Advanced security dashboards and reports building
- Threat intelligence feeds analysis
- Daily meetings conduct and activity reporting
03/2020
-
05/2021
SOC Analyst and consultant
ACG Cybersecurity
Tasks: - Analysis, handling and response to security incidents
- Creation and improvement of incident response procedures
- Forensic investigation and malware analysis
- Log sources onboarding and optimization on Splunk
- Detection rules deployment and update on Splunk
- Advanced dashboards and report building on Splunk
- Vulnerability scan and analysis using Rapid7's InsightVM
- Vulnerability remediation plans creation and follow-up
- Analysis of external security informations flows (Threat Intelligence)
- Security incidents reporting through conducting daily meetings
- Creation and improvement of incident response procedures
- Forensic investigation and malware analysis
- Log sources onboarding and optimization on Splunk
- Detection rules deployment and update on Splunk
- Advanced dashboards and report building on Splunk
- Vulnerability scan and analysis using Rapid7's InsightVM
- Vulnerability remediation plans creation and follow-up
- Analysis of external security informations flows (Threat Intelligence)
- Security incidents reporting through conducting daily meetings
11/2018
-
02/2020
SOC Analyst
AttijariWafa Bank
Tasks: - Real time monitoring of internal and external security events and alerts
- SOC functions improvement through processes and procedures development
- False positives identification and elimination in addition to tuning recommendations
- Collaboration with SOC analysts, MSSP and SecOps teams
- SOAR configuration and playbooks creation
- Containment plans and countermeasures proposal
- Cyber security incidents investigation and root cause analysis
- Incidents reporting for both technical and non-technical staff and stakeholders
- Log sources management (PCI-DSS scope)
- SOC functions improvement through processes and procedures development
- False positives identification and elimination in addition to tuning recommendations
- Collaboration with SOC analysts, MSSP and SecOps teams
- SOAR configuration and playbooks creation
- Containment plans and countermeasures proposal
- Cyber security incidents investigation and root cause analysis
- Incidents reporting for both technical and non-technical staff and stakeholders
- Log sources management (PCI-DSS scope)
Local Availability
Open to travel worldwide
I would like to work fully remote
