Muhammad Saadain Asdi

Working on a Multi-Tenant National-Level SOC Project for a Government Entity. My job responsibilities include:

• Managing IBM QRadar components, ensuring system health, and applying patches and upgrades
• Designing and configuring custom dashboards for real-time security monitoring, ensuring proper log ingestion into the event pipeline, and identifying issues across its components to troubleshoot log reception and data flow disruptions
• Configuring and integrating log sources, troubleshooting ingestion issues, and ensuring optimal parsing
• Monitoring log source health checks, and optimizing log collection to prevent gaps in monitoring
• Collaborating with system owners to onboard new log sources and assess the need for re-onboarding to maintain seamless data ingestion
• Creating and fine-tuning detection rules, offenses, and custom use cases for threat detection
• Monitoring system performance, fine-tuning event processing, and managing storage to prevent data loss
• Administering user roles and permissions, ensuring privileges as per requirement
• Managing and updating the network hierarchy to reflect infrastructure changes and optimize log source categorization
• Preparing and sharing daily and weekly comprehensive reports on log sources, offenses, use cases, and tuning requests to relevant teams and management

• Performed log reviews and continuous security monitoring to detect anomalies and potential threats
• Analyzed critical threats and security incidents for proactive threat mitigation
• Utilized machine learning-based detection for pre-execution and runtime threat analysis
• Identified and mitigated advanced threats, including malware, social engineering attacks, lateral movements, command & control (C&C) activities, and ransomware
• Enhanced detection, investigation, and response capabilities across multiple security layers
• Proactively conducted threat hunting, telemetry data for Indicators of Attack (IoA) and Indicators of Compromise (IoC) determining attacker intent and access the impact of targeted attacks in real-time
• Monitored anti-malware, web reputation, and ransomware protection mechanisms to ensure effective threat detection and prevention
• Performed file integrity monitoring (FIM), log inspection, and application control for policy enforcement
• Identified and addressed policy violations and risky user behavior to prevent data loss
• Detection and prevention of unauthorized data exfiltration through real-time blocking, quarantining, and automated response actions
• Correlating and analyzing threat intelligence data (IPs, URLs, hashes, domains) from multiple sources in real time
• Assisted in proactive defense strategies through intelligence-driven security operations
• Performed system maintenance, performance tuning, and ensuring optimal SIEM operation
• Managed log backups, retention policies, and log source parsing and administration
• Developed and fine-tuned correlation rules, offense management, and custom use cases

Worked as a SOC Analyst Level -1 and IBM QRadar Admin for multiple US based clients and my job responsibilities include:

• Conducted monitoring of offenses, logs, and network flows across various devices, including servers, applications, routers, and firewalls, to detect anomalies and unauthorized activities
• Performed initial triage and incident analysis, identifying security events, and escalating confirmed threats to senior analysts for further investigation
• Conducted QRadar health monitoring, ensuring system stability by tracking FPS/EPS limits, GUI/CLI availability, disk space utilization, and memory consumption
• Developed and fine-tuned correlation rules to enhance threat detection and reduce false positives
• Executed SIEM administration tasks, including daily data backups, system upgrades and patches, reference set management, and network hierarchy maintenance
• Onboarded log sources by integrating operating system and application logs using various protocols
• Deployed and managed WinCollect agents for Windows log collection, ensuring seamless integration with SIEM
• Created custom event properties using regular expressions to extract relevant security insights
• Installed and worked on SIEM applications and extensions, such as UBA, Watson, QDI, Vulnerability Insight, QVM, Resilient, WannaCry Content Pack, Threat Intelligence, and Sysmon Content Extensions
• Generated compliance reports (PCI-DSS & HIPAA) to meet client requirements
• Performed vulnerability assessments using Nessus and QRadar Vulnerability Manager to identify and mitigate security risks
• Worked on patch management and system hardening using IBM BigFix Patch Management to enhance security posture
• Managed user access and performed health monitoring of IBM Guardium that includes S-TAP status, and disk availability for database security
• Handled weekly offense review meetings with clients, discussing findings, and insured the implementing agreed-upon action items

• Deployed different Networking Templates including SSLi, SLB, IPSec, HTTPS
• Created the test cases for different networking templates
• Configured Microsoft Exchange Server 2016, ensuring proper email communication
• Configured and managed OpenVPN GUI, enabling secure remote access and encrypted communications
• Optimized network performance by monitoring, troubleshooting outages, scheduling upgrades, and collaborating with network architects on infrastructure improvements