ASHRAF MOHAMMED

• Monitor user and entity behavior using UEBA tools and techniques to identify anomalous activities and potential security threats. • Identify insider threats and potential malicious activities by monitoring user behaviors, access patterns, and data exfiltration attempts. • Root Cause Analysis (RCA) and remediation to determine the root cause of an incident and remediate accordingly. • Conduct regular vulnerability assessments and penetration tests for both on-premises and cloud environments. • Analyze assessment results, identify vulnerabilities, and recommend and oversee the implementation of appropriate remediation measures. • Develop and maintain IT security policies, standards, and procedures aligned with industry frameworks (e.g., ISO 27001, NIST). • Ensure compliance with relevant regulations and standards, and participate in audits and assessments. • Be responsible for Vulnerability Scheduling, Threat Reporting and technical remediation plans. • Participating in change management process. • Assisting in execution of vulnerability management and patch management process. • Monitor and evaluate the effectiveness of security controls, processes, and policies to ensure continuous compliance with PCI-DSS requirements. • Ensure that proper backups and recovery mechanisms are in place before initiating the upgrade. • Developed cybersecurity awareness content for emerging threats to reduce operational risk to tailored audiences.

Monitor and manage Cisco Firepower security infrastructure to ensure optimal performance and efficiency. • Conduct regular audits and assessments to identify vulnerabilities and implement necessary adjustments. • Respond promptly to security incidents and provide troubleshooting support for Cisco Firepower-related issues. • Collaborate with vendors and support teams to resolve complex technical problems. • Configure and manage the IBM QRadar SIEM platform to collect, analyze, and correlate security event data. • Monitor security events in real-time, analyze logs, and investigate anomalies or suspicious activities. • Conduct regular vulnerability assessments using Nessus to identify security weaknesses in networks, systems, and applications. • Configure and maintain Nessus vulnerability scanning tools to ensure optimal performance and accuracy. • Monitor Darktrace alerts and analyze anomalous activities in real-time to identify potential security incidents. • Investigate and respond to security alerts, collaborating with incident response teams as needed. • Analyze collected threat intelligence data to identify patterns, trends, and potential risks. • Correlate threat intelligence with internal security events to enhance the organization's situational awareness\