WASEEM MANSOOR

●Investigate deep on security incidents escalated by SOC Team.

●Deploy and manage Microsoft Defender XDR and Crowdstrike.

● Perform proactive threat hunting to identify undetected threats.

● Review customer security infrastructure and Identify gaps in security monitoring and suggest new use cases or security solutions to mitigate the gaps.

● Coordinate with relevant stakeholders to ensure escalated security incidents are actioned based on SLA.

● Suggest new use creation and rule fine tuning in SIEM System as per requirement.

● Work on documentation enhancement related to Incident Management & SOC operation.

• Deploy and manage Microsoft Sentinel and Defender.
• Perform capacity planning, system optimization and high availability configuration of IT Security systems.
• Create and Finetune correlation rules in SIEM.
• Identify and mitigate threats observed from various security solutions such as F5 ASM, Arbor, Fireeye, Microsoft Defender, Carbon Black.
• Develop playbooks for automation for incident response and TI integration.
• Integrate various log sources to Sentinel.
• Review customer security infrastructure and Identify gaps in security monitoring and suggest new use cases or security solutions to mitigate the gaps.
• Coordinate with relevant stakeholders to ensure escalated security incidents are actioned based on SLA.

● Fine tune correlation rules in SIEM System to reduce False positives.

● Coordinate with relevant stakeholders to ensure escalated security incidents are actioned based on SLA.

● Creating Daily, Monthly reports and Ad-hoc reports of various devices as per the requirement.

● Analyze and correlate logs to identify security incidents.

● Investigate deep on incidents escalated from L1,L2 to identify real time threats and attacks.

• Design implement and manage IT Security infrastructure.
• Perform capacity planning, system optimization and high availability configuration of IT Security systems.
• Integrate Network/Endpoint/Application /Security solution logs to SIEM system.
• Deploy and manage Arcsight, Microsoft Sentinel and Defender.

• Worked as a Information security analyst Level 2 on Real time threat management using SIEM tools like Splunk & ArcSight, HIDS/HIPS devices like Fidelis XPS, Carbon Black & NIDS/NIPS devices like Proventia IPS, SourceFire IPS, Mcafee IPS.
• Investigated on the escalated incidents to detect real time threats and attacks from the Logs obtained from different network devices such as Firewalls, IDS, IPS, Operating Systems like Windows, UNIX, Proxy Servers, Windows Servers, System Application, Databases, Web Servers and Networking Devices.
• Correlating alerts obtained from SourceFire IPS, Proventi IPS, Fidelis XPS NIPS, Carbon Black and Falcon Host, HIDS, to identify network attacks and intrusion detections.
• Creating and managing Usecases, dashboards, reports, searches and system administration tasks in Splunk.
• Performs Connector Installation, Case management, Asset and Network modeling, Creating Rules, Active channel, Dashboard, Filters, Reports, Queries etc in ArcSight and to track incidents.
• Fine tune Real time rules in Arcsight & Splunk so as to minimise the number of false positive alerts.
• Creating Daily, Monthly reports and Adhoc reports of various devices for different clients.