Hamza Saeed

• Provided SOC and Cloud Security services to different client globally. • Perform advanced investigation of complex and sophisticated incidents in SIEM/EDR platforms escalated by L1/L2. • Creating detection usecases in SIEM/EDR platforms to detect adversary based on suspicious/anonymous behaviors in organization. • Using MITRE ATT&CK TTPs to track adversary activities and APTs groups which targeting organization critical assets and infrastructure. • Creating incident management automation’s in SOAR platform and using scripting languages (BASH, Python) to deal with Cyber incidents and for efficient SOC operations. • Perform Threat Intelligence using different threat intelligence platforms and feeds, identify IOCs, analyze emerging Cyber threats to identify potential risk and vulnerabilities in organization. • Collecting and analyzing data from various sources to identify potential threats, emerging trends, and vulnerabilities. This includes monitoring open-source intelligence, dark web forums, threat feeds, security research reports, and internal logs. • Perform forensic and advanced hunting on end-user systems and servers to find any possible malicious traces, indicators of compromise and attack. • Utilizing YARA rules to investigate adversary behavior in system memory. • Creating WAF rules and security policies to restrict access in organization environment. • Maintain security tools (SIEM/SOAR/EDR/Firewall) to improve SOC efficiency and incident response process. • Perform integration’s of different log sources into SIEM solutions. Creating playbooks and dashboards to analyze the overall security posture of organization. • Incident response planning and development of incident response procedures, including incident detection, containment, eradication, and recovery processes. • Stay current with emerging threats, vulnerabilities, and security technologies in the cloud computing space, and proactively recommend security enhancements and improvements. • Engage with clients on a daily basis to provide in-depth analysis, guidance on security incidents, and strategic recommendations tailored to their specific environment and security posture. Additionally, collaborate closely with clients to understand their evolving security needs, provide proactive threat intelligence, and ensure alignment with industry best practices and compliance requirements

• Perform investigation on different SIEM/SOAR and EDR security solutions which includes Azure Sentinel, Microsoft defender 365, ELK, WAZUH, QRADAR, ProofPoint, Cloudflare, Palo Alto, Prisma Cloud, AWS Guard Duty, AWS Cloud Watch, AWS inspector, AWS security Hub, ZSCALER, GCP Monitoring, Crowdstrike, Trendmicro, LogRhythm, Sentinel-One, Lacework, Proof Point (For Email Security) • Perform correlation between different events to identify potential threat in organization. • Build SOC for different clients and secure their infrastructure on cloud platforms (AWS, GCP, Azure) and on-prem environment • Analyzing gathered information to understand the tactics, techniques, and procedures (TTPs) employed by threat actors, their motivations, and the potential impact on the organization. This involves identifying indicators of compromise (IOCs) and creating profiles or reports on specific threats. • Cyber Threat Hunting and build detection rules on different SIEM/SOAR Solutions to detect and prevent advanced cyber threats.. • Build automations for SIEMS solutions for efficient SOC operations. • Perform automations and configurations to take action immediately if incident occurs. • Deployment and ingestion of logs from different SIEM/SOAR/EDR/IPS/IDS/FW security solutions to secure organization. • Hunting for IOCs and performed IOC sweeping to detect and prevent from cyber threats. • Detecting Network/host Intrusions and anomalies leveraging Threats Intels • Remediation of incidents and Recommend the changes and suitable actionable after security incidents. • Analysis of forensic artifacts acquired from compromised machines/Networks. • Coordinate and participate in vulnerability scanning and risk assessments. • Research on latest Threats/Attacks and capacity building for improvement of DFIR skills including Incidence Response, and Malware Analysis. • Phishing email and Malware analysis including Static and Dynamic Analysis. • Stay update-to-date with the latest attacks and vulnerabilities to identify attacks and implement mitigation’s. • Communication with team and clients for getting tasks/changes done. • Worked on monthly/weekly/quarterly threat report to get deep insights of current and new emerging threats to organizations.

• Investigate alerts/incidents on different Monitoring tools includes AWS Guardduty, AWS inspector, AWS security HUB, AWS cloud watch, QRADAR, Microsoft sentinel, ELK and many more technologies to secure infrastructure. • Identification, investigation of Logs/Events, and escalation of security incidents. • Using Mitre Att&ck to understand the offenses and techniques used by APTs. • Perform correlation between events to identify threats in organization. • Perform Threat Hunting Threat Intelligence and make detection usecases and incident response playbooks against threats. • Develop and secure implementation of AWS services (IAM, Cloudtrail, SCP, WAF/Shield, Security Hub, Inspector, Detective, Guard Duty, Config, CloudWatch, KMS, EKS, ECS, VPC, NG, ACL, Pivate Link, VPC Endpoints, EC2, RDS, S3, System Manager, SQS, SNS, Secrets Manager, Lambda) • Develop and secure implementation of Azure services (Azure AD, PIM, Azure Identity Protection, Conditional Access Policy, Azure Policy, Security Center, Azure Defender, Virtual networks, Firewall, Service Endpoint, Private Endpoint, Application Gateway, key vaults, AKS, Azure VM, Logic apps, Azure Databases, Azure functions) • Perform Vulnerability Assessment using tools (WIZ,Metasploit Framework, Nessus, Wireshark, Burp Suite, Scapy, Nmap, SQLMap, Sysinternal tools) • Build automations using different scripting languages(Python, BASH)