SOC Analyst (Level-III) (5290326)

Other

SOC Analyst (Level-III)

$25/hr Starting at $25

Working as a Team Lead for overall operationalization of Security Operations Centre (SOC). Capability enhancement of SOC to detect threat and initiate swift CERT response for threat mitigation. Utilizes industry standard frameworks such as NIST, MITRE ATT&CK, Cyber Kill Chain for developing strategic and tactical methodologies for pro-active containment and remediation of real-time cyber threats. Adopting industry best practices for deployment of cyber security solutions (SIEM, SOAR, Threat Intelligent, EDR, XDR, DNS Security, IPD, SSL Off-loader etc). More than 15 years of experience in IT domain (Cyber Security, Network & System administration). Expertise with IBM Q-Radar, Crypttech, Wazuh and other top of the line SIEM solutions. Experience with SOAR, Threat Intel, EDR, XDR, IPS, Firewalls, Log source parsing, analysis and integration, Use case creation and fine tuning of correlation rules.

Utilizes industry standards and frameworks such as NIST, MITRE ATT&CK and the Lockheed Martin’s - Cyber Kill Chain for developing strategic and tactical methodologies for pro-active containment and remediation of real-time cyber threats.

Successfully deployed SIEM in a complex network architecture environment spanning to multi-vendors network / security devices, OS and apps. Integration of more than 100,000+ endpoints, 5000+ network devices, 1000+ security devices including Firewalls, IDS / IPS, SSL Off-loader with SIEM. End point and devices span over 60+ distant locations. Defined log filtration policy. Creating custom parsers to extract meaningful information.
Integration of other solutions like TrendMicro / Kasper EDR, Deep Security Manager (DSM), Appex Central, SSL Off-loaders, IPS with SIEM to develop comprehensive centralized threat picture .
Defining cyber threat levels based on historical quantum of detected threats, IOCs, IOAs and adopting proactive / preventive measures for containment.
Creating custom correlation rules in-line with organizations cyber security policy. Fine tuning of existing correlation rules to minimize false positives.
Integration of SIEM with Open Source threat intelligence platform like OpenCTI, MISP etc. Proactively monitoring the activities of cyber criminal (Sidewinders etc.) through active threat feeds. Updating threat library for IOCs, signatures, hashes, Web reputation, blacklisted IPS and malicious domains for proactive detection of threats in cyber landscape.
Assisting top management in procurement of new security solutions, conducting & arrangement of POCs for capability assessment, license renewal, seminars, workshops and VVIP foreign multinational delegation visits.
Creating custom SOAR playbooks and workflows for swift incident response. Adopting industry best practices for deployed SIEM / SOAR solutions.
Formulating Organizations IS Policy, CERT methodology, disaster recovery, security hardening, Log retention policy, HR & training policies etc.

About

$25/hr Ongoing

Download Resume

Working as a Team Lead for overall operationalization of Security Operations Centre (SOC). Capability enhancement of SOC to detect threat and initiate swift CERT response for threat mitigation. Utilizes industry standard frameworks such as NIST, MITRE ATT&CK, Cyber Kill Chain for developing strategic and tactical methodologies for pro-active containment and remediation of real-time cyber threats. Adopting industry best practices for deployment of cyber security solutions (SIEM, SOAR, Threat Intelligent, EDR, XDR, DNS Security, IPD, SSL Off-loader etc). More than 15 years of experience in IT domain (Cyber Security, Network & System administration). Expertise with IBM Q-Radar, Crypttech, Wazuh and other top of the line SIEM solutions. Experience with SOAR, Threat Intel, EDR, XDR, IPS, Firewalls, Log source parsing, analysis and integration, Use case creation and fine tuning of correlation rules.

Utilizes industry standards and frameworks such as NIST, MITRE ATT&CK and the Lockheed Martin’s - Cyber Kill Chain for developing strategic and tactical methodologies for pro-active containment and remediation of real-time cyber threats.

Successfully deployed SIEM in a complex network architecture environment spanning to multi-vendors network / security devices, OS and apps. Integration of more than 100,000+ endpoints, 5000+ network devices, 1000+ security devices including Firewalls, IDS / IPS, SSL Off-loader with SIEM. End point and devices span over 60+ distant locations. Defined log filtration policy. Creating custom parsers to extract meaningful information.
Integration of other solutions like TrendMicro / Kasper EDR, Deep Security Manager (DSM), Appex Central, SSL Off-loaders, IPS with SIEM to develop comprehensive centralized threat picture .
Defining cyber threat levels based on historical quantum of detected threats, IOCs, IOAs and adopting proactive / preventive measures for containment.
Creating custom correlation rules in-line with organizations cyber security policy. Fine tuning of existing correlation rules to minimize false positives.
Integration of SIEM with Open Source threat intelligence platform like OpenCTI, MISP etc. Proactively monitoring the activities of cyber criminal (Sidewinders etc.) through active threat feeds. Updating threat library for IOCs, signatures, hashes, Web reputation, blacklisted IPS and malicious domains for proactive detection of threats in cyber landscape.
Assisting top management in procurement of new security solutions, conducting & arrangement of POCs for capability assessment, license renewal, seminars, workshops and VVIP foreign multinational delegation visits.
Creating custom SOAR playbooks and workflows for swift incident response. Adopting industry best practices for deployed SIEM / SOAR solutions.
Formulating Organizations IS Policy, CERT methodology, disaster recovery, security hardening, Log retention policy, HR & training policies etc.

Skills & Expertise

AnalyticsCyber SecurityDNSFirewallsLinuxNetworkingTechnical Writing

Kashif Mansoor