Soufian EZ-ZBAKH

• Perform daily monitoring of security events/alerts, generated on the SIEM.
• Investigating EDR alerts and conducting investigations via EDR.
• Proposing and developing new use cases (Detection scenarios).
• Analyzing phishing emails and creating Yara rules to block them on the sandbox.
• Reporting and monthly security bulletins presentation.
• Onboarding of new entities.
• Investigating NDR alerts.
• Log collection optimization and review
• Report security incidents using ServiceNow ticketing system.
• Investigating DDOS attacks targeting web sites and internet published services.

• Finetunning and ameliorating old detection rules

• Participating in the building of the SOC
• Log sources integration and review.
• ELASTIC Deployment.
• Deployment and the integration of MISP platform with ELastic and QRadar SIEM
• Deployment of OpenCVE and SpiderFoot platforms
• Use cases and playbooks implementation
• New Clients Onboarding
• training of L1 analysts and team leading

• Managing L1 Analysts team.
• Handling L1 analysts escalations.
• Audit of SIEM platforms, audit of the quality of the security data collected.
• Implementations of Use Cases (detection rules on SIEM solutions).
• Tunning and optimization of detection rules
• Support for SOC L1 Analysts in their skills development.
• Forensic investigation of infected Windows machines and artifact analysis.

• Surveillance 24h/24 7j/7.
• Follow detailed processes and procedures to analyze, escalate, and assist in the resolution of security incidents.
• Log analysis on IBM QRadar SIEM and ELK Stack.
• Analysis of phishing emails.
• Dynamic malware analysis

Engineering and maintenance of the OCS (Online Charging System).

Internship under the theme: implementation of the SIEM (Siemonster), benchmark of (ossim, siemonster, elastick stack) and functional enrichment of the SIEM ELASTIC STACK Solution for the management of Cyber Security Events and Incidents.