Download PDF

Summary

Experienced Information Security Analyst with a solid background in cybersecurity operations, specializing in security analysis, digital forensics, incident response, and the deployment and integration of security tools and SIEM solutions. Currently seeking to transition into a dedicated Incident Response role with a focus on cloud security.

Work experience

Numeris - Montreal, QC, Canada

July 2024Present

Information Security Analyst

  • Deployment, configuration, and management of a cloud-based SIEM solution to enhance security monitoring and alerting capabilities.
  • Integration of diverse log sources into the SIEM platform, including multiple Azure Tenants, AWS environments, and on-premise/cloud-based assets.
  • Execution of security analysis and incident response processes to address various security alerts and threats effectively.
  • Performed risk assessment of vendor products and services for compliance with security standards and best practices.
  • Integration of SCA and SAST tool into the SDLC, collaboration with development teams to triage findings, prioritize risks, and prioritize remediation.
  • Vulnerability scanning, assessment, reporting, and coordination with stakeholders to drive remediation efforts.
  • Implementation of security controls alongside conducting phishing simulations and user awareness training programs to strengthen organizational cybersecurity posture.

Malomatia Q.S.C - Doha, Qatar

Mar. 2023June 2024

Senior Security Operations Analyst

  • Researched, developed, implemented, and fine-tuned SIEM use cases, ensuring comprehensive coverage of MITRE ATT&CK TTPs and emerging threats.
  • Conducted digital forensics and incident response activities including collection and analysis of disk, memory and digital forensics artifacts.
  • Proactively performed threat hunting activities based on TTPs, IOCs, and IOAs received through threat intelligence reports.
  • Created detailed incident response and threat hunting reports for clients.
  • Documented methodologies, SOPs, service documents, processes, and procedures, ensuring consistency and standardization in SOC operations.
  • Conducted dynamic malware analysis and email header analysis as per customer requests, providing detailed analysis reports and documentation.
  • Designed playbooks and documented SOC Standard Operating Procedures, streamlining SOC operations and improving response efficiency.

Malomatia Q.S.C - Doha, Qatar

Mar. 2022Mar. 2023

Security Operations Center Analyst

  • Monitored, analyzed, triaged, and responded to security alerts, ensuring timely and effective incident resolution.
  • Leveraged technologies such as SIEM, EDR/XDR, and SOAR to enhance threat detection and response capabilities.
  • Performed shift-lead responsibilities in a 24x7 SOC in an MSSP environments.
  • Conducted threat hunting activities, to proactively identify and react to security threats.
  • Documented all activities conducted during threat hunting, ensuring comprehensive and accurate records for future reference.
  • Ensured comprehensive data and log collection from various sources, enabling thorough analysis and investigation of security incidents.

Public Prosecution - Doha, Qatar

Sept. 2018Feb. 2022

Information Security Analyst

  • Managed and maintained various security tools, including SIEM, EDR, IPS/IDS, and AV, ensuring the organization's information security.
  • Monitored and promptly responded to security alerts raised by the security tools, minimizing potential risks and vulnerabilities.
  • Onboarded various log sources into the SIEM system, including Windows and Linux servers, firewalls, network devices, and antivirus software.
  • Performed vulnerability scanning, assessment, and reporting.
  • Performed network and web application penetration testing activities.
  • Designed and implemented an organization-wide Application Whitelisting project (Application Control).
  • Conducted information security training sessions for the IT team, promoting awareness and best practices to mitigate security risks.
  • Collaborated with different departments to understand their business use cases and implemented appropriate security controls based on identified risks.

Qatar University - IT Dept. - Doha, Qatar

Sept. 2016Aug. 2018

IT Support Specialist

  • Installed, configured, and maintained workstations, laptops, and IT labs.
  • Deployed Windows images using SCCM, Ghost, and other tools, streamlining the setup and configuration process for new devices.
  • Provided technical support to students and faculty, addressing and resolving software problems and MDM mobile configurations.
  • Collaborated with cross-functional teams to troubleshoot and resolve complex IT issues.

Education

Toronto Metropolitan University

May 2025Current

Rogers Cybersecure Catalyst

  • Advanced Cyber Education (ACE) training program
  • Cloud Security Pathway
  • SANS SEC510: Cloud Security Controls and Mitigations

Qatar University - College of Engineering

Sept. 2014Jun. 2018

B.Sc. Computer Engineering

  • Graduated with distinction, Dean’s list (2014 – 2018)
  • Degree has been evaluated by the World Education Services (WES) for Canadian equivalency.

Certifications & Courses

  • GPCS: GIAC Public Cloud Security
    • In progress
  • GCFR: GIAC Cloud Forensics Responder
    • Sep. 2024 - Sep 2028
    • Cred. ID: 1153
  • GCFA: GIAC Certified Forensic Analyst 
    • Sep. 2022 - Sep. 2026
    • Cred. ID: 20223
  • GIAC Advisory Board Member 
  • OSCP: Offensive Security Certified Professional 
    • Mar 2020
    • Cred. ID: 209601
  • eCTHPv2: eLearnSecurity Certified Threat Hunting Professional v2 
    • March 2021
  • eCIR: eLearnSecurity Certified Incident
    Responder
    • March 2022
  • AWS Certified Cloud Practitioner course
    • Udemy training

Skills

  • Cyber security Analysis and Engineering
  • Threat Hunting, Digital Forensics & Incident Response
  • Detection Engineering / SIEM content development
  • Log management, collection, forwarding
  • Malware & phishing email analysis
  • Scripting: Bash, Python, PowerShell
  • SIEM Query languages: KQL, SPL, EQL
  • MITRE ATT&CK, Cyber Kill Chain
  • Sigma, Yara rules
  • Log parsing, Regular expressions (Regex)
  • APIs and integration
  • ISO 27001, NIST Framework

Tools Experience

SIEM: Microsoft Sentinel, IBM Qradar, Elastic (ELK), Splunk

EDR/XDR: CrowdStrike, Microsoft Defender for Endpoint, Trend

SOAR: Swimlane

Digital Forensics: Autopsy, Volatility, Velociraptor, FTK Imager

Threat Intelligence: Recorded Future, MISP, TI feeds

Penetration testing: Burp suite, Metasploit, NMAP, Wireshark

Vulnerability Assessment: Tenable Nessus, Tenable Security Center.

Application Security: Tenable, GitHub Advanced Security

Others: TrendMicro AV, ForeScout CounterAct, Barracuda WAF, Cisco Email Gateway, CIS CAT

VOLUNTEERING EXPERIENCE

  • Bsides Doha 2020 Cybersecurity event
  • Chapter Leader - OWASP/null - The Open Security Community Doha, Qatar (2018 – 2021)

ACHIEVEMENTS

  • Published SIGMA detection content on SOC Prime platform
  • White Hat Desert Conference - CTF Winner
  • Threat Hunters CTF Competition National level - Top 3 (2020)
  • Threat Hunters CTF  Competition Regional level - Best Defender Award (2018)