Sergio Arranz

Senior Cybersecurity Consultant - Monitoring & MDR at Entelgy Innotec Security
  • Claim this Profile
Contact Information
us****@****om
(386) 825-5501
Location
Greater Madrid Metropolitan Area, ES
Languages
  • Español Native or bilingual proficiency
  • Inglés Full professional proficiency

Topline Score

Topline score feature will be out soon.

Bio

Generated by
Topline AI

5.0

/5.0
/ Based on 2 ratings
  • (2)
  • (0)
  • (0)
  • (0)
  • (0)

Filter reviews by:

Mario Ruiz Fraile

Sergio es una persona trabajadora, atenta y capacitada, con empeño siempre en dar lo mejor de sí mismo y responsable en la resolución de tareas. Siempre está aprendiendo nuevos datos sobre su trabajo, el cual desempeña con pasión. En el plano personal es agradable y siempre dispuesto a ayudar con una sonrisa. Crea un buen ambiente de trabajo, esencial en el funcionamiento de cualquier proyecto. ¡Es un placer trabajar contigo Sergio! Y espero que coincidamos muchas veces en los mismos servicios.

Diego Ortiz Casanova

Sergio ha estado en mi equipo durante varios años y puedo decir que es una persona constante, proactiva y que no tiene ningún problema en cumplir con las reglas que se puedan marcar en cada momento.

You need to have a working account to view this content.
Join now
You need to have a working account to view this content.
Join now

Credentials

  • Splunk 7.x Fundamentals Part 1 Splunk
    Splunk
    May, 2021
    - Oct, 2024
  • Splunk 8.1 Fundamentals Part 2
    Splunk
    May, 2021
    - Oct, 2024
  • ThreatSpace
    Mandiant
    Mar, 2021
    - Oct, 2024
  • AWS Business Essentials
    Amazon Web Services (AWS)
    Feb, 2021
    - Oct, 2024
  • Fundamentals of Cyber Security Training
    Mandiant
    Nov, 2020
    - Oct, 2024

Experience

  • Entelgy Innotec Security
    • Spain
    • IT Services and IT Consulting
    • 300 - 400 Employee
    • Senior Cybersecurity Consultant - Monitoring & MDR
      • Apr 2022 - Present

      Provide professional Cybersecurity consultancy services for multiple customers (24x7 service). • Monitoring, in-depth investigation and mitigation of security incidents using SIEM, EDR, WAF, FW, IPS/IDS, AV, Proxy and Email gateways. Create reports and assist internal teams and stakeholders with further steps. • Threat hunting and researching of new malware/phishing campaigns, actors and vulnerabilities to asses the impact in the infrastructure. • On-demand analysis of IOCs and Phishing emails providing specific mitigation and recommendation steps based on the investigation. • Document standard operation procedures for the daily operation and for SIEM use cases following MITRE ATT&CK framework. • Lead, support and train L1 operators to properly triage, escalate/close security events and ensure SLA compliance. Review and asses alerts escalated by them and perform routine controls to evaluate the quality of their alerts. • Coordinate with SIEM Engineers on fine tuning process to reduce volumetry of alerts, improve the performance and the detection rate. Daily used technologies: - ElasticSearch SIEM - Microsoft Sentinel SIEM - IBM QRadar SIEM - Cortex XDR - Microsoft Defender for Endpoint EDR - Vision One TrendMicro XDR - Falcon CrowdStrike EDR Show less

  • Santander
    • Spain
    • Banking
    • 700 & Above Employee
    • Cybersecurity Analyst II - Global SOC
      • Sep 2018 - Apr 2022

      Internal employee working at Global SOC Santander bank team providing 24x7 service and on-call rotation to all entities worldwide with the following main tasks: • Perform monitoring, in-depth investigation and mitigation of security incidents with SIEM, SOAR, EDR, WAF, FW, IPS/IDS, AV, Proxy and Email gateways. Create reports and assist internal teams and stakeholders with further steps. • Analysis of malware with sandboxes and packet capture analysis with sniffers. • Monitor critical bank SWIFT assets, standard operation procedures and playbooks and on-demand analysis of complex investigations, malware/spear-phishing campaigns, IOCs researching and blocking, Threat intelligence and third-party incidents. • Fraud: manage and mitigate Phishings, suspicious emails received by VIP directors, compromised credit cards, mule accounts, stolen corporate devices, data leaks, fake profiles in social media, repositories, apps in unofficial markets. Daily used technologies: - Splunk SIEM - Microsoft Sentinel - Microsoft MDI - Falcon CrowdStrike EDR - McAfee IPS, ePo and ATD - Checkpoint Firewall/IPS - TrendMicro Deep Security IPS - SourceFire IPS - FireEye (manual analysis of emails) - Trendmicro Deep Security - Akamai WAF - Imperva WAF - Cisco Umbrella - Cisco Ironport, Office365 email gateways - Symantec Blue Coat, Cisco Talos - GSC Remedy, ITSM ServiceNow - Cloud (AWS, CloudTrail, GuardDuty, etc) - Cisco ThreatGrid, Falcon Sandbox - IBM Resilient - Phantom SOAR - Wandera - Arbor - Dynatrace - Wireshark (analysis of packet captures) Show less

  • Deloitte
    • Business Consulting and Services
    • 700 & Above Employee
    • Cybersecurity L1 Operator - Risk Advisory IT-ERS CyberSOC
      • Jul 2018 - Sep 2018

      Multi-customer, multi-service security incident first response team. • First analysis using multiple technologies: - SIEM: ArcSight, Qradar and Splunk - IPS: Sourcefire and FireEye - Orchestrator: McAfee ePO - Proxy: Blue Coat • 24x7 Services: DLP, Managed Security Service Provider, Social Media Vigilance • Cyber Security Incident Response Multi-customer, multi-service security incident first response team. • First analysis using multiple technologies: - SIEM: ArcSight, Qradar and Splunk - IPS: Sourcefire and FireEye - Orchestrator: McAfee ePO - Proxy: Blue Coat • 24x7 Services: DLP, Managed Security Service Provider, Social Media Vigilance • Cyber Security Incident Response

Education

  • U-tad
    Superior degree in Multiplatform Applications Development, IT Programming
    2016 - 2018
  • Centro de estudios González Cañadas
    Medium degree in Microinformatic systems and networks, Administración/Administrador de redes y sistemas
    2014 - 2016

Community

You need to have a working account to view this content. Click here to join now