About the Candidate
Profile:
Dynamic and highly motivated SOC Team Lead with a strong foundation in cybersecurity operations, threat hunting, incident response, and SIEM administration. Adept at leading teams, optimizing security monitoring, and aligning cybersecurity practices with business goals. Known for reducing false positives, improving detection efficacy, and mentoring junior analysts to elevate SOC performance.
Professional Experience:
SOC Team Lead
IP Protocol INC | May 2023 – Present
Lead and mentor SOC analysts, enhancing capabilities in threat detection and response.
Oversee 24/7 SOC operations, triage, and escalation processes.
Develop and fine-tune SOC procedures, reducing false positives and boosting response accuracy.
Perform proactive threat hunting using SIEM, EDR, TIP, and threat intelligence feeds.
Administer and maintain QRadar SIEM platform for scalability and uptime.
Troubleshoot log source issues to ensure data flow and visibility.
Integrate threat intelligence into workflows, improving detection quality.
Provide executive leadership with security reports and strategic insights.
SOC Analyst Tier 2
IP Protocol INC | Sep 2022 – May 2023
Analyzed alerts, conducted investigations, and escalated threats efficiently.
Created and optimized detection rules in QRadar to enhance threat identification.
Integrated new log sources into SIEM, ensuring accurate parsing and normalization.
Participated in Purple Team exercises to evaluate and refine detection capabilities.
Documented response playbooks and shared knowledge for continuous team improvement.
SOC Analyst Tier 1
IP Protocol INC | Jun 2021 – Sep 2022
Monitored alerts and identified threats using QRadar SIEM.
Investigated incidents by analyzing logs and correlating events.
Delivered reports on incidents, trends, and SOC performance.
Conducted threat intel activities and managed IOCs.
Built SIEM dashboards to provide better operational visibility.
Education
B.Sc. in Communication and Computer Engineering
Faculty of Engineering, Helwan University | 2015 – 2020
Graduation Project: Monitoring and Analyzing System for Cardiac Data Using ECG Signals
Web Development Intern
Udacity Nanodegree Program
Certifications
eCDFP – Digital Forensics Professional (eLearn Security)
eCTHP – Threat Hunting Professional (eLearn Security)
eCIR – Incident Responder (eLearn Security)
Splunk Fundamentals 1 – Splunk
Technical Skills
SIEM Platforms: QRadar, Splunk, ELK
EDR Tools: FireEye Hx, Fidelis, SentinelOne
Threat Intelligence: SOCRadar, ThreatQ
Scripting Languages: Python, PowerShell, C, C++, Java
Vulnerability Management: Tenable
Network Security: Forcepoint, FortiGate, Palo Alto, SonicWall, F5
SIEM Administration: QRadar
Languages
Arabic: Native
English: Fluent
Education
Experience
Job responsibility:
•Lead and mentor a team of SOC analysts, enhancing their technical expertise in threat detection, incident response, and threat hunting.
•Manage daily SOC operations, ensuring 24/7 security monitoring, incident triage, and escalation to mitigate potential threats efficiently.
•Developed and optimized SOC procedures, reducing false positives and enhancing incident response effectiveness.
•Conduct proactive threat hunting, leveraging SIEM, EDR, TIP and intelligence feeds to identify and neutralize advanced persistent threats (APTs).
•Administer and maintain the SIEM platform, ensuring optimal performance, scalability, and uptime.
•Troubleshoot log sources issues, ensuring seamless data flow and visibility for SOC analysts.
•Integrated threat intelligence into SOC workflows, improving detection accuracy and response
•Collaborated with IT and security teams to align security strategies with business objectives.
•Prepared and delivered security reports to executive leadership, providing actionable insights into emerging threats and security trends.
Job responsibility:
•Responded to security incidents by analyzing alerts, investigating threats, and escalating critical issues to minimize impact.
•Created, fine-tuned, and assessed detection rules in QRadar SIEM, improving threat detection accuracy and reducing false positives.
•Assessed log sources to ensure proper data ingestion, correlation, and visibility across network, endpoint, and cloud environments.
•Integrated new log sources into QRadar, configuring log ingestion, parsing, and normalization to enhance security event detection.
•Performed Purple Team exercises, collaborating with offensive security teams to test and improve detection capabilities against real-world attack scenarios.
•Documented incident response processes, ensuring knowledge transfer and continuous improvement within the SOC team.
Job responsibility:
•Monitored security events and alerts using SIEM QRadar to detect potential threats and suspicious activities.
•Investigated security incidents, analyzing logs, correlating events, and escalating critical threats to senior analysts for further action.
•Generated and delivered operational reports on security trends, incident findings, and SOC performance metrics.
•Conducted threat intelligence activities, gathering, analyzing, and integrating Indicators of Compromise (IOCs) into SOC workflows.
•Created custom dashboards in SIEM platforms, providing enhanced visibility into security events, threat trends, and operational performance.
•Documented security incidents and investigation findings, contributing to SOC knowledge sharing and continuous improvement.
Share
Facebook
X
LinkedIn
Telegram
Tumblr
Whatsapp
VK
Mail