Cyber Defense Incident Responder

• May 2021 - Present

- Provide specialized expertise to Incident response projects - Proactive and reactive incident response duties - Supervise Incident Response Calls; Manage incidents - Define strategies at security management level, interact with customer enterprise security teams and management. - Analyze data associated to a security incident, perform deep inspection of application, log, OS, disk, network level forensic analysis for troubleshooting and researching events and… Show more - Provide specialized expertise to Incident response projects - Proactive and reactive incident response duties - Supervise Incident Response Calls; Manage incidents - Define strategies at security management level, interact with customer enterprise security teams and management. - Analyze data associated to a security incident, perform deep inspection of application, log, OS, disk, network level forensic analysis for troubleshooting and researching events and alerts, discover and identify its source, purpose, intent, and if malicious or abnormal, then escalate within the incident response procedures - Advise on how to efficiently remediate vulnerabilities, manage IT risks and improve the overall cyber security posture and resiliency of the organization. Show less - Provide specialized expertise to Incident response projects - Proactive and reactive incident response duties - Supervise Incident Response Calls; Manage incidents - Define strategies at security management level, interact with customer enterprise security teams and management. - Analyze data associated to a security incident, perform deep inspection of application, log, OS, disk, network level forensic analysis for troubleshooting and researching events and… Show more - Provide specialized expertise to Incident response projects - Proactive and reactive incident response duties - Supervise Incident Response Calls; Manage incidents - Define strategies at security management level, interact with customer enterprise security teams and management. - Analyze data associated to a security incident, perform deep inspection of application, log, OS, disk, network level forensic analysis for troubleshooting and researching events and alerts, discover and identify its source, purpose, intent, and if malicious or abnormal, then escalate within the incident response procedures - Advise on how to efficiently remediate vulnerabilities, manage IT risks and improve the overall cyber security posture and resiliency of the organization. Show less

Senior Security Services Engineer

• Jan 2021 - May 2021

1. Manage IPP Managed Security Services (MSS) by performing the following during both pre-sales & after-sales phases per customer: • Manage continuously IPP MSS capacity, • Manage both OLAs & SLAs targets achievement, • Develop & review uses cases with SOC teams support, • Contribute in penetration testing activity in areas of expertise. • Contribute in the security awareness delivery, 2. Manage escalations both internally (within IPP) & externally (within customer &… Show more 1. Manage IPP Managed Security Services (MSS) by performing the following during both pre-sales & after-sales phases per customer: • Manage continuously IPP MSS capacity, • Manage both OLAs & SLAs targets achievement, • Develop & review uses cases with SOC teams support, • Contribute in penetration testing activity in areas of expertise. • Contribute in the security awareness delivery, 2. Manage escalations both internally (within IPP) & externally (within customer & vendors). 3. Manage teams' training and its budget both on design & implementation levels 4. Manage employees appraisals including managing their performance, training plan and career plan, 5. Provide business, service, activity productivity & performance reports to management based on agreed periodicity, 6. Attend management, employees and team meetings and ensure management vision and instructions are communicated and cascaded properly to the SS teams. 7. Manage IPSS pool of resources with the support of HR including scouting resources, head-hunting candidates, interviewing and hiring successful candidates. 8. Create & manage presales opportunities for IPSS and act as a Security Services Architect and this include performing the following functions: • Pitching: Contribute in sales pitches on customer side for IPSS portfolio & related products, • Proof Of Concept: Collect POC requirements, contact and coordinate with distributors & vendors to manage POC devices as well supervise POC implementation on customer side. • Request For/Proposals: Develop IPSS proposals or answer the technical part in requests for proposals (RFP) as well as ensuring collection of all technical relevant data (product specification sheets, technical standards, etc…) and inputs (Technical Project Plan, Professional services, etc…) to include it in technical RFP answer. Show less 1. Manage IPP Managed Security Services (MSS) by performing the following during both pre-sales & after-sales phases per customer: • Manage continuously IPP MSS capacity, • Manage both OLAs & SLAs targets achievement, • Develop & review uses cases with SOC teams support, • Contribute in penetration testing activity in areas of expertise. • Contribute in the security awareness delivery, 2. Manage escalations both internally (within IPP) & externally (within customer &… Show more 1. Manage IPP Managed Security Services (MSS) by performing the following during both pre-sales & after-sales phases per customer: • Manage continuously IPP MSS capacity, • Manage both OLAs & SLAs targets achievement, • Develop & review uses cases with SOC teams support, • Contribute in penetration testing activity in areas of expertise. • Contribute in the security awareness delivery, 2. Manage escalations both internally (within IPP) & externally (within customer & vendors). 3. Manage teams' training and its budget both on design & implementation levels 4. Manage employees appraisals including managing their performance, training plan and career plan, 5. Provide business, service, activity productivity & performance reports to management based on agreed periodicity, 6. Attend management, employees and team meetings and ensure management vision and instructions are communicated and cascaded properly to the SS teams. 7. Manage IPSS pool of resources with the support of HR including scouting resources, head-hunting candidates, interviewing and hiring successful candidates. 8. Create & manage presales opportunities for IPSS and act as a Security Services Architect and this include performing the following functions: • Pitching: Contribute in sales pitches on customer side for IPSS portfolio & related products, • Proof Of Concept: Collect POC requirements, contact and coordinate with distributors & vendors to manage POC devices as well supervise POC implementation on customer side. • Request For/Proposals: Develop IPSS proposals or answer the technical part in requests for proposals (RFP) as well as ensuring collection of all technical relevant data (product specification sheets, technical standards, etc…) and inputs (Technical Project Plan, Professional services, etc…) to include it in technical RFP answer. Show less

Security Engineer

• Oct 2020 - Jan 2021

Security Engineer at the Egyptian Root CA which is operated by ITIDA. Security Engineer at the Egyptian Root CA which is operated by ITIDA.

Cyber Security Engineer

• Dec 2019 - Oct 2020

● SIEM Solutions Administration (AT&T AlienVault and IBM Qradar), SIEM tuning, developing parsers ● Build use cases and create, edit, and manage network directives and rules on specialized cyber defense systems (e.g., firewalls and intrusion prevention systems). ● Participate in Incident investigation activities to provide containment and remediation recommendations and map the incident feedback to a newly deployed directives and rules. ● Perform customer environment assessment for… Show more ● SIEM Solutions Administration (AT&T AlienVault and IBM Qradar), SIEM tuning, developing parsers ● Build use cases and create, edit, and manage network directives and rules on specialized cyber defense systems (e.g., firewalls and intrusion prevention systems). ● Participate in Incident investigation activities to provide containment and remediation recommendations and map the incident feedback to a newly deployed directives and rules. ● Perform customer environment assessment for PCI compliance, develop reports and use cases for the PCI scope ● Cooperate with customers’ Network and System Administrators for Security hardening, deploying several monitoring tools, log collecting, and log sources management. ● Perform vulnerability and risk management using tools such as Nessus Professional to make asset inventories, classify network assets, vulnerability assessment, cooperate in the eradication/mitigation and updating network security policies. ● Improving SOC operation processes and procedures and develop report templates (executives/technical) to be used internally or shared with customers Show less ● SIEM Solutions Administration (AT&T AlienVault and IBM Qradar), SIEM tuning, developing parsers ● Build use cases and create, edit, and manage network directives and rules on specialized cyber defense systems (e.g., firewalls and intrusion prevention systems). ● Participate in Incident investigation activities to provide containment and remediation recommendations and map the incident feedback to a newly deployed directives and rules. ● Perform customer environment assessment for… Show more ● SIEM Solutions Administration (AT&T AlienVault and IBM Qradar), SIEM tuning, developing parsers ● Build use cases and create, edit, and manage network directives and rules on specialized cyber defense systems (e.g., firewalls and intrusion prevention systems). ● Participate in Incident investigation activities to provide containment and remediation recommendations and map the incident feedback to a newly deployed directives and rules. ● Perform customer environment assessment for PCI compliance, develop reports and use cases for the PCI scope ● Cooperate with customers’ Network and System Administrators for Security hardening, deploying several monitoring tools, log collecting, and log sources management. ● Perform vulnerability and risk management using tools such as Nessus Professional to make asset inventories, classify network assets, vulnerability assessment, cooperate in the eradication/mitigation and updating network security policies. ● Improving SOC operation processes and procedures and develop report templates (executives/technical) to be used internally or shared with customers Show less

Reserve Officer

• Apr 2017 - Oct 2019

Head of the IT PRO division (Student Activity)

• 2013 - 2016

1. Working on WINDOWS SERVER 2012 R2 2. Manage and monitor windows server's roles, Features and Security. 3. Working on Microsoft system center 2012 R2 as a cloud OS. 4. Train students on how to use different solutions provided by Microsoft to achieve the agile and flexible infrastructures, which considered as a must for modern enterprises 1. Working on WINDOWS SERVER 2012 R2 2. Manage and monitor windows server's roles, Features and Security. 3. Working on Microsoft system center 2012 R2 as a cloud OS. 4. Train students on how to use different solutions provided by Microsoft to achieve the agile and flexible infrastructures, which considered as a must for modern enterprises

MSP Microsoft Student Partner (Student Activity)

• Aug 2014 - Oct 2015

Working in IT-PRO vertical at system center cycle Using System center along side with windows server 2012 R2 to deliver cloud solutions (private , hybrid and public ). Delivering sessions about Microsoft system center and Microsoft cloud computing solutions in many Universities in Egypt. Deploying the different system center services along with windows server to achieve the main goals of a robust , modern, economical data centers. Working in IT-PRO vertical at system center cycle Using System center along side with windows server 2012 R2 to deliver cloud solutions (private , hybrid and public ). Delivering sessions about Microsoft system center and Microsoft cloud computing solutions in many Universities in Egypt. Deploying the different system center services along with windows server to achieve the main goals of a robust , modern, economical data centers.

Summer Trainee

• Aug 2013 - Sep 2013

troubleshooting and fixing issues related to the PSTN and the telephone cabinets . installation and implementation of fiber cables in both telephone and data networks . Installing Dslams for the DSL service provider troubleshooting and fixing issues related to the PSTN and the telephone cabinets . installation and implementation of fiber cables in both telephone and data networks . Installing Dslams for the DSL service provider