Download PDF

Summary

Experienced Information Security Analyst with a strong background in cybersecurity operations, specializing in security analysis, digital forensics, incident response, and the deployment and integration of security tools and SIEM solutions. Seeking to advance into Cloud Security engineering, with a focus on Application Security and DevSecOps.

Work experience

Numeris - Montreal, QC, Canada

July 2024Present

Information Security Analyst

  • Deployment, configuration, and management of a cloud-based SIEM solution to enhance security monitoring and alerting capabilities.
  • Integration of diverse log sources into the SIEM platform, including multiple Azure Tenants, AWS environments, and on-premise/cloud-based assets.
  • Execution of security analysis and incident response processes to address various security alerts and threats effectively.
  • Performed risk assessment of vendor products and services for compliance with security standards and best practices.
  • Integration of SCA and SAST tool into the SDLC, collaboration with development teams to triage findings, prioritize risks, and prioritize remediation.
  • Vulnerability scanning, assessment, reporting, and coordination with stakeholders to drive remediation efforts.
  • Implementation of security controls alongside conducting phishing simulations and user awareness training programs to strengthen organizational cybersecurity posture.

Malomatia Q.S.C - Doha, Qatar

Mar. 2023June 2024

Senior Security Operations Analyst

  • Researched, developed, implemented, and fine-tuned SIEM use cases, ensuring comprehensive coverage of MITRE ATT&CK TTPs and emerging threats.
  • Conducted digital forensics and incident response activities including collection and analysis of disk, memory and digital forensics artifacts.
  • Proactively performed threat hunting activities based on TTPs, IOCs, and IOAs received through threat intelligence reports.
  • Created detailed incident response and threat hunting reports for clients.
  • Documented methodologies, SOPs, service documents, processes, and procedures, ensuring consistency and standardization in SOC operations.
  • Conducted dynamic malware analysis and email header analysis as per customer requests, providing detailed analysis reports and documentation.
  • Designed playbooks and documented SOC Standard Operating Procedures, streamlining SOC operations and improving response efficiency.

Malomatia Q.S.C - Doha, Qatar

Mar. 2022Mar. 2023

Security Operations Center Analyst

  • Monitored, analyzed, triaged, and responded to security alerts, ensuring timely and effective incident resolution.
  • Leveraged technologies such as SIEM, EDR/XDR, and SOAR to enhance threat detection and response capabilities.
  • Performed shift-lead responsibilities in a 24x7 SOC in an MSSP environments.
  • Conducted threat hunting activities, to proactively identify and react to security threats.
  • Documented all activities conducted during threat hunting, ensuring comprehensive and accurate records for future reference.
  • Ensured comprehensive data and log collection from various sources, enabling thorough analysis and investigation of security incidents.

Public Prosecution - Doha, Qatar

Sept. 2018Feb. 2022

Information Security Analyst

  • Managed and maintained various security tools, including SIEM, EDR, IPS/IDS, and AV, ensuring the organization's information security.
  • Monitored and promptly responded to security alerts raised by the security tools, minimizing potential risks and vulnerabilities.
  • Onboarded various log sources into the SIEM system, including Windows and Linux servers, firewalls, network devices, and antivirus software.
  • Performed vulnerability scanning, assessment, and reporting.
  • Performed network and web application penetration testing activities.
  • Designed and implemented an organization-wide Application Whitelisting project (Application Control).
  • Conducted information security training sessions for the IT team, promoting awareness and best practices to mitigate security risks.
  • Collaborated with different departments to understand their business use cases and implemented appropriate security controls based on identified risks.

Qatar University - IT Dept. - Doha, Qatar

Sept. 2016Aug. 2018

IT Support Specialist

  • Installed, configured, and maintained workstations, laptops, and IT labs.
  • Deployed Windows images using SCCM, Ghost, and other tools, streamlining the setup and configuration process for new devices.
  • Provided technical support to students and faculty, addressing and resolving software problems and MDM mobile configurations.
  • Collaborated with cross-functional teams to troubleshoot and resolve complex IT issues.

Education

Qatar University - College of Engineering

Sept. 2014Jun. 2018

B.Sc. Computer Engineering

  • Graduated with distinction, Dean’s list (2014 – 2018)
  • Degree has been evaluated by the World Education Services (WES) for Canadian equivalency.

Certifications & Courses

  • GCFR: GIAC Cloud Forensics Responder
    • Sep. 2024 - Sep 2028
    • Cred. ID: 1153
  • GCFA: GIAC Certified Forensic Analyst 
    • Sep. 2022 - Sep. 2026
    • Cred. ID: 20223
  • GIAC Advisory Board Member 
  • OSCP: Offensive Security Certified Professional 
    • Mar 2020
    • Cred. ID: 209601
  • eCTHPv2: eLearnSecurity Certified Threat Hunting Professional v2 
    • March 2021
    • Cred. ID: 7488638
  • eCIR: eLearnSecurity Certified Incident
    Responder
    • March 2022
    • Cred. ID: 5258283
  • AWS Certified Cloud Practitioner course
    • Udemy training

Skills

  • Cyber security Analysis and Engineering
  • Threat Hunting, Digital Forensics & Incident Response
  • Detection Engineering / SIEM content development
  • Log management, collection, forwarding
  • Malware & phishing email analysis
  • Scripting: Bash, Python, PowerShell
  • SIEM Query languages: KQL, SPL, EQL
  • MITRE ATT&CK, Cyber Kill Chain
  • Sigma, Yara rules
  • Log parsing, Regular expressions (Regex)
  • APIs and integration
  • ISO 27001, NIST Framework

Tools Experience

SIEM: Microsoft Sentinel, IBM Qradar, Elastic (ELK), Splunk

EDR/XDR: CrowdStrike, Microsoft Defender for Endpoint, Trend

SOAR: Swimlane

Digital Forensics: Autopsy, Volatility, Velociraptor, FTK Imager

Threat Intelligence: Recorded Future, MISP, TI feeds

Penetration testing: Burp suite, Metasploit, NMAP, Wireshark

Vulnerability Assessment: Tenable Nessus, Tenable Security Center.

Application Security: Tenable, GitHub Advanced Security

Others: TrendMicro AV, ForeScout CounterAct, Barracuda WAF, Cisco Email Gateway, CIS CAT

VOLUNTEERING EXPERIENCE

  • Bsides 2020 Cybersecurity event
  • Chapter Leader - OWASP/null - The Open Security Community (2018 – 2021)

LANGUAGES

  • English - Fluent
  • French - Intermediate

ACHIEVEMENTS

  • Published SIGMA detection content on SOC Prime platform
  • White Hat Desert Conference - CTF Winner
  • Threat Hunters CTF Competition National level - Top 3 (2020)
  • Threat Hunters CTF  Competition Regional level - Best Defender Award (2018)