CV AT&T Cybersecurity : Sélectionnez rapidement les meilleurs profils

Aperçu d'expériences d'Amine,
freelance AT&T CYBERSECURITY résidant dans les Hauts-de-Seine (92)

• Freelancer as Senior Incident Responder/ Cybersecurity

  Jan 2022 - aujourd'hui

  Analyst Level 3 at Big company that provides access to water and waste services
  in France
  o Handling and response to all cybersecurity incidents
  o Improve and maintain all the steps of handling and responding to an incident.
  o update the standard operation process.
  o Update Incident response guidelines based on React Matrix.
  o challenge the SOC team about detection rules by identifying the gap in detection or logs.
  o Improve the detection by reducing the false positive alerts and giving other logic and ideas to
  improve the rules.
  o Search and improve the tools used to respond to an incident (forensic tools, telemetry for logs that
  help during investigation, artifact collector,)
  o Work with SOAR team by transforming the Incident response Guideline to playbook or workbook
  in SOAR level to reduce incident response time and automate the response process.
  o Threat hunting based on cyber threat intelligence:
   get the detection logic or the pattern behind the new cyber-attack and transform them to use
  cases or rules of detection.
   Retro hunting/post-mortem analysis once we have a hit of an IOC and try to understand the
  root cause and if there was any gap in detection or logs.
   Challenge the EDR by testing new techniques or new patterns of attack and seeing its
  reaction.
  o Cyber threat intelligence:
   Monitoring and check any new fraudulent domain that can be used as a cybersquatting or
  phishing campaign.
   Monitoring any critical services that are exposed without any onboarding in our cyber
  security solution.
   Monitoring any brand abuse (exposed portal, …)

   Technical Environment Splunk/ Phantom SOAR/ Crowdstrike/proofpoint/Microsft defender/ Microsoft MCAS/ Microsoft sentinel/Qualys/Skybox/Zscaler/Intel471/Intrinsec cyberboard CTI/ Forensic (Volatility, UAC,)

• ▪ Mission

  at Luxury Company CSIRT engineer L3/Analyste Soc L3
  Jan 2020 - Jan 2022

  o Handling security incidents
  o Investigate incidents and identify root causes.
  o Update security playbooks
  o Implementation of operating procedures to facilitate research and investigation.
  o Threat hunting: process implementation, IOC collection, investigations.
  o Integration of business applications into Siem (choice of logs, use cases, etc.)
  o Deployment of Mitre Att&ck rules (mapping, log studies, testing, etc.)
  o Deployment of reports & dashboards on Siem
  o Major incident management (DDOS, compromised servers, etc.)
  o Dealing with vulnerabilities
  o Participation in Siem RFP (request of purchase) preparation

  Technical Environment Splunk/Entreprise Security Splunk/Tehtris Proofpoint/Zscaler/intrinsec CTI/ Cybereason EDR/Azure/Bitsight/ Alsid/ ❖

• Analyst/CSIRT engineer L3 consultant

  ▪ Mission at financial institute as Soc
  Jan 2020 - Jan 2020

  o Handling PCI DSS incidents within the Author perimeter (the network that checks if a client can
  pay using his payment card).
  o Implementation and improvement of detection rules.
  o Handle security requests (phishing e-mails, suspicious machines).
  o Monitor vulnerabilities in various infrastructures.
  o Creation of procedures (reflex sheet, incident contextualization procedure) for L1/L2-level soc
  analysts.
  o Monitor technology and propose security solutions to reduce identified risks.

  Technical Environment Splunk/Entreprise Security Splunk/Darktrace/DfirOrc/Fortimail/Ironport/Python/SentinelOne/JoeSandbox/

• ❖ Senior Soc Analyst/Incident Responder consultant

  at SSII France
  Jan 2019 - Jan 2022

• Senior IT Security Engineer

  at an insurance company in Algeria
  Jan 2019 - Jan 2019

  o Improving the design and architecture of MACIRVIE's infrastructure from a security point
  of view, based on the Cyber Kill Chain model.
  o Implementation of Elasticsearch SIEM solution.
  o Audit and remediation of web server and collaboration vulnerabilities.
  o Audit and remediation of firewall configurations.
  o Work on the business continuity plan and recovery plan: set up a backup site; test
  restoration of backups; test failover to another site.
  o Monitor technological developments and propose security solutions to reduce identified
  risks.

  Technical Environment Windows server/ Ubuntu server/ Elasticsearch/Fortinet/Burpsuite/Nexpose/ Pingcastle

• Senior Network Security Engineer

  at Internet Provider Company
  Jan 2018 - Jan 2019

  Algeria:
  ▪ MSSP project (Managed Service Security Provider) a dedicated customer project:
  o Define the different components of an MSSP:
   Administration of customer dedicated NGFWs
   Vulnerability management
   Cyber Security analysis: identification of gap of detection, coverage of mittre
  Att&ck(log management, covered technique,…)
   Threat hunting and sandboxing
  o Develop POCs and labs for each phase, based on different vendors.
  o Present the results of the various tests and choose the appropriate solution.
  o Prepare project description sheets in collaboration with the marketing department.
  o Train sales staff in the MSSP concept.
  ▪ Implement a SOC service for the company:
  o Define security perimeter and criticality of various services and servers.
  o Realize POCs for each level of security (endpoint, front end, network), with the aim of finding a
  solution that meets the company's budget, infrastructure and security requirements.
  o Vulnerability management and analysis.
  o Draw up remediation plans and work with system administrators to implement them.
  o Ensure backup of data and configurations of various important solutions and services.
  o Deployment of an Alienvault OSSIM SIEM solution.
  
  o Contribution to the definition of a logging policy (types of events to be considered, retention
  times, log standardization/parsing).
  o Creation of use cases and rules of detection.
  o Analyze and handle cyber security incidents.
  o Supervise students on SOC projects:
   Define an incident management process: try to deduce a process based on the Nist 800-
  61 r2 review.
   Test and compare solutions for each part of SOC.
   Vulnerability management: a test between Rapid7 and openvas
   SIEM: a POC for Arcsight, Splunk , Alienvault
   Endpoint: Epo McAfee, Kaspersky
   NGFW: Palo alto, Fortinet
  o cybersecurity Intelligence
  o Monitor and analyze the production network to detect security breaches or intrusions.

  Technical Environment Linux/Fortinet/ Alienvault/ SIEM/ UTM/ Juniper/Windows Server/ DNS BIND/ Pingcastle/Nexpose/Openvas

• ❖ Cybersecurity Consultant

  at Ota Djezzy Veon Algeria
  Jan 2015 - Jan 2018

  o Analysis and processing of security alerts.
  o Studies the security aspects of platforms for various projects.
  o Administer security solutions (NGFW, IPS, IDS, Mcaffe, etc.).
  o Network auditing.
  o Audit systems (Windows, Unix/Linux, etc.).
  o Audit and remediate vulnerabilities in information system components.
  o Integrate security platforms with SIEM to create GSOC (global SOC).
  o Design and deploy DNS solution for 3G/4G users.
  o Ensure security watch and share it with the cyber security group.
  ▪ ARCSIGHT ESM + Arcsight Data Platform SIEM project:
  o Conduct interviews with various technical teams.
  o Log ability study.
  o Define a data collection strategy.
  o Develop and deploy connectors for log collection.
  o Development of use cases to monitor the activities of privileged users (SU administrator).
  o Check incident traceability and ticket entry quality.
  o Formalize and distribute reports and directories.
  o Deploy and monitor security policies, in line with VEON Group security policy.
  o Compliance with Sarbanes-Oxley "SOX IT General Control" standards.
  o Implementation of SOX IT Control at SIEM level: log study, log standardization, use case
  testing.

  Technical Environment Arcsight/Juniper Netscreen/ Huawei/ DNS secure64 / Huawei /Palo Alto/ Fortinet/ oracle/Sql server/Windows server/ Mcaffe EPO

• ❖ IT Security Engineer

  at Quantum Network Security QNS/SSRI
  Jan 2013 - Jan 2014

  o System Engineer Cisco Sourcefire May2014-August2015.
  o Network security consultant for public companies.
  o Perform security audits in public companies.
  o Integration and deployment of Sourcefire solutions (NGFW+IPS+IDS).
  o Network administrator at SSRI.
  o Configuration of security policies.
  o Train engineers on Sourcefire products (acquired by Cisco).

  Technical Environment: Sourcefire: Firepower / FireAmp / Idappcom / Rapid7 / Linux / Windows Server / Cisco

• ❖ End-of-study internship
  Jan 2012 - Jan 2013

  o Use of meta-heuristics for intrusion detection in computer networks, report:
  ********'etudes

  Technical Environment: IDS/IPS: ( Snort,Suricata,…) / JAVA / PostgreSQL / NSL KDD / WEKA 3