Mohamed Achref Ben Boubaker

Cybersecurity technical referent, main point of contact with the SOC in a co-managed model. Piloting Build (design, deployment) and Run (operation, continuous improvement) phases of security solutions. Active participation in defining and implementing company security policies. Establishment of the co-managed SOC: definition of use cases, escalation processes, operational relationship management. Global deployment of Trend Micro EDR for endpoint detection and response. Integration of Proofpoint Email Security with advanced modules (Sandboxing, DLP). Deployment of DDI probes (DNS, DHCP, IPAM) to enhance network visibility. Deployment of Qualys for vulnerability management (scans, analysis, remediation). Deployment of Netskope (secure cloud proxy) for web and SaaS access control.

Conducting and supervising security investigations in close collaboration with the SOC. Technical analysis of alerts, post-incident investigations, writing detailed technical reports. Threat Detection. Advanced operation of Chronicle SIEM: creation of detection rules, multi-source log correlation, dashboard creation. Continuous optimization of tools to reduce false positives and improve detection coverage.

Participation in projects impacting network security: Deployment and operation of IPS probes Cisco Firepower PaloAlto Fortinet and Vectra. Design and update security and operation procedures for the tools used by the team. Administration of IPS probe security policies: signature updates, optimization and tuning of rules based on the protected environment. Performing changes with impact assessment. Handling security and production incidents within the team's scope. Participation in technical workshops with project managers and security architects. Contribution to network troubleshooting diagnostics, in collaboration with telecom, business, and other teams... Run: Analysis of intrusion events detected by various solutions across all perimeters. Identification of IPS probe detection needs to be implemented in the SIEM (Weekly meeting). Participation in fine-tuning use cases implemented in the SIEM. Definition of logging policies for IPS logs collected in the SIEM and Splunk. Monitoring new attacks and related defenses and their implementation. Analysis of phishing campaigns, and implementation of Yararules.