Experience

CyberProof

• United States
• Computer and Network Security
• 200 - 300 Employee

• Use Case Management Team Lead

  • Apr 2023 - Present

  Experience working Content development for SIEM - Qradar, Splunk, Azure Sentinel.Development of scenarios based on Use cases.Defining automation.

• L3 Cyber Expert

  • Feb 2023 - Sep 2023

  Experience as a L 3 Cyber expert in various environments while providing inputs/outputs that include recommendations to improve the security posture.• Experience in providing IR services to many companies.• Creating dedicated security controls based on Hunting query results. (SIEM / EDRs)• Creating Automation workflow while using schedule queries based on EDR Systems/SIEM Systems.• Creating Hunting workflow based on the customer requirements / TTP's and assets.• Flexibility for Prem/Cloud environments.• System Flexibility when using many systems on the part of the client:EDR Systems: Knowledge of many EDR systems such as - Defender ATP, CrowdStrike, Symantec EDR, Cynet, Cortex XDR, Trend Vision One, SentinelOne Deep Visibility, etc.SIEM Systems: IBM Qradar, ArcSight, Azure Sentinel, RSA, McAfee, Splunk, etc.• Experience in providing/teaching Hunting methodologies, learning ideas, and workflow for Blue Teams.Helping Response team that provides services to large/medium/low size companies.• Knowledge and experience in real-life Cyber attack scenarios • Knowledge and flexibility in different cyber security systems.• Knowledge and experience in creating security controls on various systems based on TTP's detected during the Incident• Experience in analyzing artifacts (Static/Dynamic analysis) on various Sandboxes• Versatile and Team player while dealing with pressure• Quick adaptation to the different work environments Show less

• Senior Analyst at CyberProof

  • Feb 2022 - Feb 2023

  Experience working with SIEM - Qradar, Mcafee, RSA, Splunk, ArcSight, Azure Sentinel systems.Knowledge in security and monitoring products: WAF, IPS, NAC, AV, DLP, PROXY, MR, FW, DAM (Of companies: Symantec, Palo Alto, Fortinet, Trend Micro, Forcepoint, McAfee, Imperva, Checkpoint, Etc.)Gathering, analyzing, and processing alerts from many systems of cyber protection, handling cyber events in real-time, providing recommendations for handling events, and writing event reports if necessary.• Experience building response procedures for various cyber events.• Knowledge, understanding, and operating cyber events in real-time.• Knowledge in analyzing and investigating events by querying different EDR systems – Palo Alto XDR, Symantec EDR, McAfee Active Response, Microsoft - ATP, Sentinel One, Carbon Black (Defender / Response), CrowdStrike.• Knowledge and creation of rules in the various SIEM systems while using Regex.• Knowledge and experience in building queries, rules using AQL and SPL (Splunk), KQL.• Stress and rapid thinking during cyber Incidents in real-time.• Quick adaptation to different work environments due to working with many customers and the need for a quick and efficient response.• Experience in gathering Threat Intelligence with various tools - OSINT.• Understanding and knowledge in identifying Tactics, Techniques, Procedures, and methods of attack using the MITRE - TTP model and Kill Chain.• Knowledge in conducting Digital Forensic search on Endpoints in cyber Incidents.• Knowledge in PowerShell while collecting forensic findings in Cyber Incidents.Experience working Show less



TrustNet | Cyber Security

• Israel
• Computer and Network Security
• 100 - 200 Employee

• Senior Analyst

  • Jun 2019 - Mar 2022

  - Experience in working with clients in Israel and abroad- SIEM systems: Qradar, McAfee, Splunk – Creation of rules and Tuning - Working with EDR Systems- Writing Procedures for cyber events- Monitoring of Enterprise Clients - Summarize Intelligence Updates from different sources such as CERT, ClearSky, Insect

• SOC Analyst

  • Jan 2019 - May 2019

  - Everyday work with SIEM systems: Qradar, McAfee, RSA, Splunk, ArcSight.- Handling real-time cyber threats, providing IR recommendations and writing event reports- Analyzing and processing cyber events- Monitoring products, such as WAF, IPS, NAC, AV, DLP, PROXY, MR, FW - Symantec, PaloAlto, Fortinet, Trend Micro, ForcePoint, McAfee, Imperva, CheckPoint



Payoneer

• United States
• Financial Services
• 700 & Above Employee

• Customer Care Associate

  • Apr 2018 - Dec 2018



Bezeq International

• Israel
• IT Services and IT Consulting
• 700 & Above Employee

• Technical Support

  • Jan 2018 - Apr 2018



Intel Corporation

• United States
• Semiconductor Manufacturing
• 700 & Above Employee

• Shift Manager &Project leader

  • Oct 2013 - Nov 2017

  Management of team responsible for site operations and control systems; Project leader; Administration of external contractors on site, and service to campus employees. Instruction and training of external and inter departmental staff.

• Controller & Project leader ,Operations Department, R&D Center

  • Oct 2012 - Oct 2013

  Project leader operations and control systems; Hazardous material monitoring; Instruction and training of controllers.