Muhammad Sheraz

• Enhanced threat detection efficiency by implementing IBM QRadar 7.0 SIEM, reducing false positives by 30% and improving compliance reporting for healthcare clients.
• Led the deployment and fine-tuning of SIEM and other security tools.
• Led the deployment and fine-tuning of SIEM and other security tools to improve threat visibility and response capabilities.
• Configured and managed SOAR platforms to automate workflows, enhancing the efficiency and accuracy of threat detection and incident response.
• Led the design, deployment and management of threat intelligence platforms, including MISP, OpenCTI, and Vectr.io to enhance organizational cybersecurity posture.
• Designed Python and PowerShell automation scripts to streamline threat intelligence ingestion, enrichment, and analysis, saving 20+ hours of manual effort weekly.
• Enhanced the effectiveness of the threat intelligence team by automating data-driven decisions with PowerShell-based threat scoring systems.
• Configured and managed SOAR platforms to automate incident response workflows, enhancing the efficiency and accuracy of security operations.
• Leveraged ELK Stack (Elasticsearch, Logstash, Kibana) for aggregating and analyzing large sets of security event logs, improving the organization's ability to detect threats and mitigate risks.
• Implemented ThreatConnect for centralized threat intelligence management, integrating data from internal and external sources to enhance threat detection and response efforts.
• Utilized MISP (Malware Information Sharing Platform) for sharing and collaborating on threat intelligence data, enabling faster identification and response to emerging cyber threats.
• Monitored, analyzed, and correlated logs from EDR/XDR and SIEM systems to identify and mitigate potential security threats across enterprise environments.
• Integrated threat intelligence solutions with ServiceNow for streamlined incident response, enabling efficient data-driven decision-making and ticket management.
• Automated the process of generating threat intelligence reports using Python, saving several hours per week in manual report preparation.
• Automated the extraction of actionable insights from large volumes of threat data using PowerShell, decreasing time spent on manual data analysis.
• Lead an effort to create a new process in filtering and manage IPS events by automating the process and streamline Security Operation Center (SOC) triage efforts.
• Used Splunk Securities Essentials for validating data against the MITRE ATT&CK framework.
• Developed and matured Security Operations Center (SOC) for organizations with integration of threat-intelligence and vulnerability management model to increase effectiveness of security monitoring and developing strategy/roadmap for maturity.
• Assisted with design of a new cyber fusion center operating model to integrate traditionally disparate capabilities including Security Operations, Threat Intelligence and Enterprise Vulnerability Management.
• Conducted regular threat hunting exercises and red/blue team simulations to test and improve the organization’s security posture.

• Reduced cyber attack incidents by developing and enforcing robust security policies and procedures.
• Conducted thorough risk assessments, addressing identified weaknesses in a timely manner to maintain optimal protection levels.
• Led cross-functional teams in identifying potential vulnerabilities and implementing proactive safeguards to mitigate risks.
• Mitigated the risk of data breaches by establishing strict access controls and encryption mechanisms.
• Developed contingency plans, fostering resilience against various types of cyber attacks or system failures.
• Implemented multi-factor authentication methods to strengthen account access control across all user profiles.
• Streamlined incident response processes for faster containment and mitigation of threats.
• Implemented necessary controls and procedures to protect information system assets from intentional or inadvertent modification, disclosure or destruction.

• Worked on Information Security Attacks, Threat Management and Systems/Applications Vulnerabilities, Cyber Security Forensic (malware analysis/ identifying intelligence related activity)
• Coordinated disaster recovery efforts and incident response plans to ensure business continuity and rapid recovery from security incidents.
• Used ELK Stack to identify patterns of malicious activity in network traffic, providing early warnings for potential breaches and vulnerabilities.
• Worked with Anomali to integrate threat intelligence feeds with security operations tools, enabling real-time detection and mitigation of advanced persistent threats (APTs).
• Enhanced security incident triage by correlating EDR/XDR logs with threat intelligence data to identify high-priority threats and initiate appropriate response actions.
• Collaborated with SOC teams to leverage SOAR automation for reducing manual intervention during incident handling, increasing response time efficiency.
• Led the development of threat hunting methodologies, combining data from MISP, OpenCTI, and internal intelligence sources to proactively search for advanced persistent threats (APT).
• Conducted in-depth threat analysis using TIPs to identify emerging threats and provide actionable intelligence to inform security posture adjustments.
• Applied threat intelligence feeds to enrich security monitoring tools, enabling the identification of potential IOCs and TTPs (Tactics, Techniques, and Procedures) used by threat actors.
• Created Python-based tools for parsing and analyzing large-scale network traffic logs, enabling quicker identification of potential threats.
• Utilized PowerShell scripts to automate incident response tasks, improving response times and reducing human error in threat mitigation procedures.
• Developed Python scripts to automate the collection and analysis of threat intelligence data from multiple open-source and commercial feeds.
• Assisted the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.

• Optimized firewall configurations to minimize potential attack vectors while maintaining system performance.

• Managed the incident response process from initial detection through remediation, minimizing business impact and ensuring comprehensive recovery.
• Utilized general forensic toolsets to analyze and reconstruct security incidents, providing critical insights and evidence for remediation and prevention strategies.
• Conducted regular assessments of CrowdStrike policies and configurations to ensure alignment with security best practices and organizational requirements.
• Provided mentorship and training to junior analysts, enhancing the overall skill set and effectiveness of the SOC team.
• Used frameworks such as MITRE Att&ck and Cyber Kill Chain framework to classify incidents, identify gaps, and prioritize efforts.
• Worked on Information Security Attacks, Threat Management and Systems/Applications Vulnerabilities, Cyber Security Forensic (malware analysis/ identifying intelligence related activity)
• Provided leadership in architecture and implementing security solutions towards Qualys and SIEM tools like QRadar, Splunk.
• Performed incident response & Investigations based on RSA Envision SIEM use cases
• Integrated Chronicle SIEM with other security tools and technologies for comprehensive threat intelligence.
• Assisted in the daily monitoring of security events and provided initial triage for detected threats.
• Participated in incident response efforts, including evidence collection and forensic analysis.
• Documented incident response activities and prepared reports for senior management.
• Managed Solar winds SIEM tool for user activity logs and event alerts Incident response and threat detection using Tanium.
• Conducted threat intelligence analysis on key areas of the Enterprise Defense in depth analytics, incident statistics and other relevant information in the creation of periodic threat intelligence reports.
• Conducted root cause analysis on security incidents, providing detailed reports and recommendations to prevent future occurrences.

• Conducted proactive threat hunting activities to identify and mitigate potential security threats before they could impact organizational assets.
• Partnered with cross-functional teams to assess infrastructure risks, manage security operations, and implement effective risk management practices.
• Experienced with multiple SIEM technologies (ArcSight, Splunk, QRadar, DLP, LogRhythm) and EDR solutions (Carbon Black).
• Served as Tier 1 support in area of network intrusion prevention and detection in CSOC under SMT.
• Worked with Cyber Security Operations Centre (CSOC) to fine-tune the False-Positives from the existing SIEM Rules.

• Reduced risk of cyber attacks by conducting regular vulnerability assessments and penetration testing.
• Optimized security monitoring processes by implementing automated tools for real-time threat detection and analysis.