Omar A.

Incident response and security alert handling (RUN)

- Proactive monitoring and threat detection: Taking into account and in-depth analysis

of alerts generated by security equipment (Cloud / On-premises).

- Advanced investigation and real-time response: Incident analysis using

specialized tools (SIEM, EDR, IDS/IPS, WAF, firewall) to identify attack vectors and

potential impacts.

- Optimization of detection rules to refine alert accuracy.

- Preparation of detailed reports on security incidents,

including investigation findings, corrective actions, and

recommendations to strengthen the security posture.

-Advanced Detection: Analyzing needs and designing new detection rules to

improve threat monitoring and detection.

- Rule Optimization: Adjusting detection

rules to refine alert relevance and enhance responsiveness to emerging threats.

-Development of incident response playbooks: Contribution to the development of playbooks detailing

incident response steps, best practices, and appropriate corrective actions.

- Planning and execution of vulnerability scans: Deployment and monitoring of monthly

scans (WAS and VMDR) across all entities in different countries.

to various attack scenarios.

Projects:

o Security supervision and management: Creation and management of supervision dashboards on

Azure Sentinel and CrowdStrike, enabling real-time visualization of security events

and rapid decision-making.

o Deployment and optimization of Falcon Identity Protection (CrowdStrike): Implementation and

adjustment of the solution to detect and block in real-time identity compromise attempts

in a hybrid cloud environment, thereby strengthening resilience against threats.

Security alert and incident management

Threat monitoring and detection: Analysis, qualification, and handling of security incidents reported by defense equipment (SIEM, EDR, IDS/IPS, WAF, firewall), in both Cloud and On-premises environments.

Incident response & escalation: In-depth investigation, identification of attack vectors and their potential impacts, with escalation to clients if necessary.

Cybersecurity watch: Regular monitoring of vulnerabilities, emerging threats, and new attack techniques, to anticipate risks and adjust defense measures.

Process optimization: Reduction of false positives by adjusting detection rules.

Recommendations and remediation: Development of corrective measures adapted to detected incidents, and client support in their implementation, including post-remediation follow-up.

Malware analysis

In-depth malware study: Static and dynamic analysis of malware detected in monitored environments or received from clients.

Threat identification: Determination of capabilities, objectives, obfuscation techniques, and infection vectors, to define concrete countermeasures.

Continuous improvement: Use of analysis results to enrich detection rules and develop new protection strategies adapted to the context.

Threat watch and analysis

Monitoring of cyber trends, ongoing attack campaigns, and critical vulnerabilities, to adapt SOC defenses in real-time.

Project:

Development of a Purple Team infrastructure: Design and deployment of a platform for testing SOC security tools through realistic attack simulations. Objective: evaluate the effectiveness of detection mechanisms and continuously improve response capabilities through new use cases.

Security alert management & Incident Response

- Continuous monitoring: Handling and analysis of security alerts reported by

defense equipment (SIEM, EDR, IDS/IPS), with rapid assessment of impacts and

risks.

- In-depth investigation: Threat identification, incident classification, and implementation

of appropriate remediation measures.

- Detection optimization: Adjustment of rules and refinement of configurations to

reduce noise and improve alert relevance.

Advanced malware analysis

- Static and dynamic malware examination: Behavioral analysis of malware

detected in monitored perimeters, allowing identification of indicators of compromise (IOC).

- Threat detection and neutralization: Study of infection vectors, persistence mechanisms,

and evasion capabilities in order to propose effective countermeasures.

Project

o Study and deployment of Cuckoo Sandbox: Design and implementation of an automated

malware analysis environment using Cuckoo Sandbox, allowing simulation of threat execution

in a controlled environment to better understand their behavior and refine defense strategies.