Mohammed Firasat Hussain

• Enhanced overall team performance by providing regular coaching, feedback, and skill development opportunities.
• Established clear performance metrics for the team which helped in tracking progress towards set targets effectively.
• Coached team members in techniques necessary to complete job tasks.
• Trained new team members by relaying information on company procedures and safety requirements.
• Increased customer satisfaction by ensuring timely completion of projects and adherence to high-quality standards.
• Led cross-functional teams for successful project execution while maintaining strong collaboration among team members.
• Analyzed network traffic and system logs to detect malicious activities.

SIEM Expertise:** ArcSight, Splunk, QRadar, McAfee, Azure Sentinel, Elasticsearch, RSA NetWitness.

- **EDR Solutions:** Endgame, Microsoft ATP, Microsoft Defender for Cloud, Microsoft XDR.

- Incident Response and forensic analysis.

- Hands-on experience in vulnerability assessment tools (e.g., Nessus).

- Skilled in threat hunting and threat intelligence.

- Proficient in log source management, custom rule creation, and system health checks.

- Strong communication and interpersonal skills, adaptable to challenging environments.

• Boosted cybersecurity awareness among employees through effective training sessions and workshops.
• Conducted internal audits to identify areas of improvement within the organization''s information security program.

• Ø Responsible for handling the IT and cyber security infrastructure. I've set up the SOC, manage the SIEM, handle the SOC operations, carry out incident response and investigations, write investigation guides and train SOC analysts
• Ø Responsible for creating rules reports and dashboards on Arcsight, Qrdar, ELK, Azure Sentinel, RSA Netwitness and Mcafee ESM.
• Ø Responsible for configuring and managing Qradar, Splunk and Arc sight, RSA Netwitness, Mcafee ESM (Win collect, all-in 1 console, connector, logger, and ESM).
• Ø Threat Hunting, Monitoring & investigation of security incidents using Arcsight Qradar Mcafee RSA Netwiness ELK SIEM tool.
• Ø Assisting in on-boarding new devices into SIEM (Arcsight Qradar Mcafee RSA Netwiness ELK).
• Ø Creating/modifying standard operational procedures & reviewing them.
• Ø Preparing, review & QA of monthly reports.
• Ø Provide expertise in analysis of Logs on Qradar, Splunk and Arc sight from various log sources
• Ø Proactively reviewing and operationalizing threat intelligence to create alerting to detect techniques, tactics, and procedures employed by threat actors
• Ø Provide input to use cases for Qradar, Splunk and Arc sight based on the requirement.
• Ø Provide support to build flex connector/ customized solutions.
• Ø Performing Health check, Log source management and administration of Arc Sight, Qradar, RSA Netwitness, Mcafee, ELK to ensure SIEM functionality and availability.
• Ø Co-ordinate with CERT team and restrict malicious IOCs at all security tools which are reported for involvement in malicious activities.
• Ø Incident Response: Performed SOC monitoring and analysis, worked with SIEM dashboard/data visualization to effectively respond to security incidents, SOC analyst, analyzed SIEM logs, performed investigations and malware hunting on affected devices, taken memory dumps/performed memory forensics with volatility.
• Ø Setup test environment and test alerts before implement on production SIEM solution.
• Ø Mentoring team technically in terms of process development, handling, training.
• Ø Event sources log reviewing regularly & log validation exercise as per developed standards and guideline.
• Ø Build and update Run book for various devices and operations for L1 support Team for various stages of operation and integration.
• Ø Regular interaction with associated customer to update regarding security issues being noted in the customer infrastructure and provide them daily, weekly, and monthly reports
• Ø Worked with SDMs and Tech Experts in analyzing the overall security aspects of customer and involved in providing the suggestion to improve the security during customer's workshop.
• Ø SIEM:
• · Installation and configuration
• · Configuring connectors to collect logs
• · Rule and Use Case development
• · Configuring ad-hoc and schedule reports
• · User account management
• · Detailed troubleshooting
• · Backup and disaster recovery
• Ø Adding the different log sources like ASA firewall, Cisco routers, cisco source fire, infoblox, MacAfee NSM, windows devices, juniper firewall and pulse secure.
• Ø Worked on unparsed events and creating a universal DSM to normalize these events
• Ø Worked on improving the performance of the Qradar by fine tuning and filtering out the events which were making lots of noise and were not useful.
• Ø Also worked on some clients to migrate from Arcsight to Qradar without having any down time.
• Ø Implementing different devices with Arcsight and Qradar
• Ø Implementing Sysmon with Qradar
• Ø Experience in ELK
• Ø Experience in operating Endgame
• Ø Implementing Cuckoo Sanbox in the environment to test the malicious files received from the customer
• Ø Implementing ElasticSearch, logstash and Kibana and installing various files beats, windows beat and forwarding co-relating logs from Arcsight.
• Ø Implementing ENDGAME EDR platform on the customer site and integrating windows and linux devices with it in blocking mode.
• Ø Creating Advance rules and reports both on Arcsight and Qradar.
• Ø Maintaining SIEM tool administration including log review, resource management, access control and health check-up
• Ø Responsible to submit security threat monitoring reports on Daily/Weekly/Monthly basis.
• Ø Configuring new log sources, tune/filter events and integrate with enterprise processes Monitor events generated by endpoint clients, servers, network devices and security devices.

• Ø Responsible for analyzing a large volume of security event data from a variety of sources with the goal of identifying suspicious and malicious activity; perform in-depth event/ incident analysis.
• Ø Responsible for monitoring and analyzing information security events (unauthorized use or access, fraudulent activities, data leakage, etc.) and initiating information security incident tickets (third level activity)
• Ø Monitoring and managing Symantec Email gateways, Symantec Endpoint Protection manager, NEX think, Palo Alto Firewall and McAfee ESM.
• Ø Interacting with internal groups, assisting in the identification of root causes of problems.
• Ø Clearly document investigative steps undertaken during threat analysis for audit and internal knowledge base.
• Ø Preparing daily reports, trends, notifications and Security advisory for customer devices
• Ø Creating custom ArcSight content (dashboards, channels & alerts)
• Ø Configuring new log sources, tune/filter events and integrate with enterprise processes Monitor events generated by endpoint clients, servers, network devices and security devices.
• Ø Serving as a contributing member of the Computer Security Incident Response Team (CSIRT).
• Ø Performing security event monitoring and incident response for events generated by endpoint clients, servers, network devices and security devices across the environment
• Ø Creating Daily, Monthly reports and Adhoc reports of various devices.
• Ø Developing filters to assist in the identification of significant events.
• Ø Generating required reports and dashboards.
• Ø Providing recommendations and implement changes to optimize ArcSight, and for performance tuning.
• Ø Working with .Net Developers and Flash Developers in creation of Idashboard for SOC.
• Ø Developing and refining detective controls (e.g., event sinks, filtering rules), partially based on input from Information Security Investigation Coordinators (investigation results and trends)
• Ø Working on the Arcsight ESM, providing operations support at the Security Operations Center.

• Ø managing various security devices with SIEM tool.
• Ø Designing and Implementation of various security devices and applications into SIEM tool [ArcSight]
• Ø SIEM tool administration including resource management, access control, log review, incident management and health checkup etc.
• Ø Proficient with ArcSight centralized log management, correlation and incident management using SIEM tool.
• Ø Played vital role in Auditing with internal audit team.
• Ø Played vital role in use case validation implemented in SIEM tool during the startup security operation projects.
• Ø Coordinating and managing review calls periodically [quarterly/monthly/weekly] with clients/onsite resources to enhance the process in place for proactive service.
• Ø Understanding the client requirements prior to implementation, classify devices based on severity levels and perform log review post implementation to find out the best use cases for the organization.
• Ø Participated in Designing, Testing, and implementing automation application using a portal which was beneficial for the Customer as acting as a single place to login and analyze all reports and alerts.
• Ø As a result of creating this portal, the overhead on each engineer at Security operation center reduced substantially. Hence, they could spend more time on analyzing.
• Participation in creation of Security Documents and SOP docs.

• Participated in tabletop exercises simulating cyberattacks, leading to better preparedness for real-world incidents.

Ø Managed security incident response and log analysis using ArcSight SIEM, enhancing organizational threat detection and prevention capabilities.

Ø Conducted consolidated log analysis from operating systems, databases, networks, and security devices to identify intrusion attempts.

Ø Implemented and configured security devices, servers, databases, and applications within ArcSight SIEM.

Ø Reviewed logs and developed customized security reports and alerts based on client requirements.

Ø Troubleshot discrepancies in log flow and monitored log integrity to ensure effective security monitoring.

Ø Analyzed and managed incidents, refining use cases and criteria to reduce false positives and improve incident management efficiency.

Ø Oversaw 24/7 Security Operations Center (SOC) operations, focusing on real-time event monitoring, incident detection, tracking, and reporting.

Ø Experienced in identifying and analyzing phishing sites, collaborating with ISPs and vendors for takedown efforts.

Ø Identified custom reporting needs and translated them into SIEM technical specifications for implementation.

Conducted daily and monthly trend analyses, recommending improvements to enhance overall security posture.