Yazan Hawash

• Management of security projects (NDR, SBXs, IDS/IPS) and operational monitoring.

• Supervision of 8 cybersecurity solutions (IPS/IDS, NDR, mail and web Sandboxes, etc.).

• Critical challenge of technical architectures proposed by IT teams and security recommendations.

• Redesign of the IPS architecture on Fortinet.

• Operational monitoring of IT/GRC projects in conjunction with business and technical teams.

• Leading strategic meetings and monitoring team objectives.

• Development and implementation of cybersecurity strategies and risk management in line with IT governance (GRC).

• Manage the monitoring of IDS/IPS inspection coverage at the interconnection points of intra-Inter Datacenter networks.

• Implement security policies on managed solutions.

• Perform changes with impact assessment.

• Investigate security incidents reported by the PDIS SOC.

• Ensure on-call duty outside of business hours.

• Write activity reports.

Technical Environment: Microsoft Defender O365, PaloAlto, Fortinet, Cisco, Vectra, McAfee Trellix, gatewatcher, Entrust

• Management of 7 security solutions:

• Implementation, supervision, and optimization of IT infrastructure protection tools, including DarkTrace, Cyberwatch, DLP, IAM, IPS/IDS, and Sandboxes.

• Risk Management and Compliance (GRC): Ensure application of security policies (PSSI, ISO 27002, GDPR, ISO 27001), monitor security audits, system compliance, implement SI security procedures in case of crisis, conduct penetration tests to exploit vulnerabilities, write observation reports, and propose relevant recommendations.

• Incident Supervision and Cyberattack Response: Coordinate security incident management in collaboration with operational teams and SOC.

• Development of Cybersecurity Strategies: Develop continuous improvement plans, manage authorizations and access (privileged accounts), define an access request procedure, implement Key Performance Indicators (KPIs), and monitor corrective actions.

• Team Awareness and Training: Implement awareness programs to improve cybersecurity culture within the company.

• Collaboration with Management: Regular reporting to the CISO and coordination with IT and business teams to align cybersecurity with the company's strategic objectives.

• Support IT teams in remediating detected vulnerabilities.

Technical Environment: Darktrace, Cyberwatch, Office 365, SentinelOne

Advanced Security Incident Management: Supervision of critical cybersecurity incidents (phishing, account compromise, ransomware, APT threats), coordination of responses, and monitoring of corrective actions.

- Optimization of Detection Systems: Management of detection scenario improvements (SIEM, IPS/IDS, NDR, Proxy, Antivirus, firewall) to reduce false positives and improve threat detection speed.

- Advanced Threat Investigation: In-depth analysis of logs and Indicators of Compromise (IOCs), implementation of Yara rules and IPS signatures to block new threats.

- Fine-tuning existing use cases to improve detection performance.

- Vulnerability Management and Remediation: Definition of correction plans and monitoring of patch application in collaboration with IT teams.

- Development and Automation of SOC GRC Processes: Implementation of quick reference guides, incident procedures (Confluence, Playbooks) to improve response speed and SOC efficiency.

- Watch and Threat Intelligence (CTI): Qualification of Cyber Threat Intelligence (CTI) and implementation of new detection rules to anticipate emerging threats.

- Training and Awareness: Coaching and skill development for SOC analysts, organization of internal workshops on cybersecurity best practices and forensic analysis.