Add to collection(s) Add to saved
  1. No category
Uploaded by Muneeb Iqbal

Template

advertisement 
arainfarazali@gmail.com
+923153413063
Faraz Ali
linkedin.com/in/farazaliarain
farazaliarain.live/
Senior Officer Security Operations Center
About me
•
With over 3+ years of experience in the IT industry, including.
•
•
•
•
•
Threat hunting
SIEM / SOAR / EDR
DNS Firewalls / Firewalls
Malware Analysis
Web Scrapping / OSINT / Threat Intel
•
•
•
•
•
Incident Response
IDS / IPS / Honeypots
System and network administration
Scripting and automation using Python, etc.
Reverse Engineering
Education
BSCS (Bachelor of Science in Computer Science)
Certifications / Achievements /
Trainings:
Air University - Islamabad
•
2xGold Medalist (bachelor’s degree)
•
Appreciation letter (Dte of CyW - PAF)
•
Microsoft Certified: Security Operations Analyst
09/2017 – 08/2021
CGPA: 3.8/4.0
Relevant Completed Courses:
Associate (SC-200)
•
Computer Communication & Networks
•
Operating Systems
•
Computer Architecture
•
Assembly Language & Computer Organization
•
Data Structures & Algorithms
•
Design & Analysis of Algorithms
•
Data Warehousing & Data Mining
•
Python for Cybersecurity Specialization
•
Data Science
•
ISO/IEC 27001 Information Security Associate™
•
Network Protocols and Architecture
•
Data Communications and Network Services
•
Microsoft Certified: Identity and Access Administrator
Associate (SC-300)
•
Final Year Project:
Certified Associate in Python Programming (PCAP31-03)
•
Microsoft Certified: Security, Compliance, and
Identity Fundamentals (SC-900)
Data Leakage Detection - SIEM
Tools & Technologies
Tools / Technologies:
IBM QRadar, Cisco Secure Network Analytics, IBM SOAR, Carbon Black EDR, Symantec EPP, McAfee
IPS, TrendMicro EDR, TrendMicro DSM, TrendMicro DDAN, Group-IB Threat Intel, Recorded Future,
Fortinet Firewall, Infoblox, Cloudflare, CryptoSim, Unitmon, DNS Sense, DNS Visibility, Suricata, T-Pot,
SiteScope, MS Azure, IDA Pro, Cuckoo, Kali Linux, Nessus, Nmap, Python, C/C++, C#, Shell Scripting.
Allied Bank Limited, Pakistan
▪
▪
▪
Work Experience
Feb 2023 – Present
Senior Officer Security Operations Center
Job Description
o Lead and Manage 24x7 Security Operations Center
o Actively monitoring, containing, and responding to known and unknown security
threats by collecting the TTPs and following the effective models like SANS/CIS and
NIST.
o Continuously monitoring network/host in a 24/7 environment using a diverse set of
continuous monitoring tools, SIEM and EDR.
o Identification, investigation of Logs/Events, and escalation of security incidents.
o Effective & efficient execution of SOC standards and operating procedures
o Threat hunting, use-case creation, SIEM, and IDS rule tuning to detect potential
security incidents.
o Hunting for IOCs employing proprietary and open-source tools.
o Detecting Network/host intrusions and anomalies leveraging threat intelligence from
various sources.
o
o
o
Creating and maintaining an incident response plan (IRP)
Basic Analysis of forensic artifacts acquired from compromised machine/network.
Research on latest threats/attacks and capacity building for improvement of DFIR
skills including Advanced Windows Forensics, incident response, and malware
analysis.
NASTP, Aviation City Pakistan
▪
▪
▪
2.5 months of service (Dec 2022 – Feb 2023)
System Manager (SOC)
•
Promoted from CSOC, PAF, Pakistan to NASTP, ACP
Job Description
o Promoted to System Manager @NASTP, managed by Pakistan Air Force
o Managing Security Operation Centre Activities across the organization
o Primarily responsible for security event monitoring, management, and response
o Ensure compliance with SLA, regulator policies, process adherence, and process
improvisation to achieve operational objectives
o Ensure incident identification, assessment, quantification, reporting, communication,
mitigation, and monitoring
o Revise and develop processes to strengthen the current Security Operations
Framework, review policies, and highlight the challenges in managing SLAs
o Responsible for Team & Vendor management, overall use of resources, and initiation
of corrective action where required for the Security Operations Center
o Perform threat management, and threat modeling, identify threat vectors, and
develop use cases for security monitoring
o Responsible for integration of standard and non-standard logs in SIEM
o Creation of reports, dashboards, metrics for SOC operations and presentation to
CISO
o Coordinating directly with stakeholders, building and maintaining positive working
relationships with them.
CSOC, PAF, Pakistan
▪
▪
▪
1.2 years of service (Oct 2021 – Nov 2022)
SOC Analyst L2
Job Description
o Managing Security Operation Centre Activities across the organization
o Validating findings reported by L1-Analysts
o Taking ownership of cases escalated by SIEM Analysts
o Sharing and documenting my knowledge with SOC & IT team, and guiding them in
the resolution of complex technical problems
o Lead the deployment of on-prem and cloud-based solutions for DNS-related threats
o Identification and mitigation of DNS-related threats across the organizational
networks. Using tools like DNS Sense, and Infoblox
o Created various organization-specific use cases on SIEM to identify and mitigate
emerging threats
o Continuously worked on defining & tuning use cases in SIEM
o Worked with SOAR for the creation and implementation of playbooks against threats
and offenses captured
o Excellent Scripting skills in python, C++, C#, Shell, and Various other programming
languages
o Create Reports on detected malware, identified attack paths identified loopholes, and
recommended patches for mitigation
o Integrated threat intelligence services like MISP, IBM X-Force, Alien Vault OTX,
intelOwl, and Group-IB
o Hands-on experience in writing API integration codes for various threat intel platforms
and integrated with SIEM and SOAR solutions
o Written various automation scripts in python and C++ to automate repetitive tasks like
blocking IPs/Domains, URLs, Hashes, etc, and data scrapping to enrich the incident
data
o Hands-on experience in vulnerability management solutions i.e., QVM, Scheduled
and run non-intrusive Vulnerability scanning over the networks and recommended
patches to mitigate those vulnerabilities
o Created Dashboards for both technical and non-technical entities to overview the
security of the organization
o Develop and manage a robust documentation lifecycle
o Develop, document, and manage identification, containment, and remediation
strategies
o Actively led and participated in Blue and purple teams during cybersecurity exercises
o Coordinating with other departments
Logic Valley Pvt Ltd, Pakistan
▪
▪
▪
2 years of service (Sept 2019 – Sept 2021)
Associate SOC Analyst
Job Description
o Worked as shift lead in 24/7 managed security services soc operations
o Managed, administered, and deployed various SIEM solutions like IBM QRadar, and
Cryptosim for a financial organization
o Plan and Lead Log source onboarding for SIEM
o Managed and administered IPS solutions and created IPS policies to detect and
prevent Malware Shell code execution, various APT Groups, Ransomware, etc.
o Managed and administered Fortinet firewall, created policies on Fortinet to block
unauthorized VPN usage inside the network, DOT (DNS over TLS), DOH (DNS over
HTTPS), and DNSSEC communications
o Hands-on Experience with Fortinet modules i.e., Firewall policies, DNS filter, Web
filter, Antivirus, IPS, ZTNA, External Connectors, etc.
o Deployed managed and administered various EDR solutions, Created organization
defined policies like DLP, Web Access monitoring, and Malware detection
o Ensure a complete, accurate, and valid inventory of all systems, infrastructure, and
applications that should be logged by (SIEM)
National Center for Cyber Security, Pakistan
▪
▪
▪
3 months of service (Jun 2019 - Aug 2019)
Reverse Engineer & Malware Analyst
Job Description
o Exploit development using Python, C++, C#, Shell i.e., keyloggers, drive walkers,
ransomware, password stealers, etc., and then used PsExec to execute the malware
on other systems over the network
o Modified files using Reverse Engineering tools & techniques i.e., patched exe,
modified UI, etc.
o Decompiled APK files using Apktool and Apk-deguard & then Analyzed the APK file
in JADx
o Analysis of network activity by analyzing packets in Wireshark, tcpdump, etc.
o Malware Analysis (Static, Dynamic & Automated Analysis)
Related documents
PCCET Dumps Free Updated Demo
PCCET Dumps Free Updated Demo
MendixRapidDeveloper-29488
MendixRapidDeveloper-29488
Use Python IDLE to find the outputs to the following
Use Python IDLE to find the outputs to the following
Download
advertisement