Fazal Rehman

Duties and Responsibilities

Responsibilities:

• Review and Approve Threat and Incident Reports (Daily and Weekly)
• Perform regular L3 responsibilities.
• Ensure all service requests are addressed on time and Tickets assigned.
• Oversee team operations.
• Drive value proposition meetings and come up with viable solutions to ease off operations.
• Interface with Devops team and lead in resolving product issues.
• Organize and Train all SOC team members.
• Add value to improve efficiency of the security operations.
• Assist SOC Operations along with leadership team.
• Mentor Lead Analyst/senior analysts and specialists.
• During any absence of Team manager, assist in serving clients.
• Act as a technical manager

Primary

• Ensure product updates are completed on time.
• Ensure - Report Fine Tuning- Removal of Unnecessary Reports and reporting optimizations.
• Tracking of License and Support Inputs (Ensure all contract details are monitored and flagged accordingly 2 months prior to expiry)
• Automating the reports and alerts
• Performing the Sanity checks as and when changes made to the Netsurion XDR product
• Optimizing the Reports and Alerts
• Runbook updates for each client
• Tool improvisation Inputs
• Service improvisation inputs
• Presentation and Review of Client Deck
• Providing Technical Trainings
• Integration of New Technology into EventTracker
• Cognizance of Client Environment
• Interaction with client and maintaining healthy relationships with retention
• Internal Team Liaison (Interaction with KP, Engineering, Pre-sales, Deployment Teams)
• Onboarding new clients
• Ensure System Grouping is done for all clients
• Adhering to the policies and procedures defined by NTPL

Secondary

• Ensure asset validation
• Configuration of ET-VAS, ET-IDS and implementing the changes
• Onboarding of L1 and L2 resources
• Training and mentoring of L1 and L2 resources
• Planning Tasks for L2 resources
• Ensuring all the critical observations are logged into Clients Logbook
• Daily Handover
• Daily Roster Updates
• Onboarding of L1 resources
• Planning the tasks for L1 resources and ensure all resources are engaged and spirited always

• Continuous monitoring, analyze security alerts and event information for all approved security feeds to include investigation of incidents using system logs, event correlation between IDS/IPS, firewall and other means of detection
• To monitor the Status & connectivity of 3000+ Devices with SIEM
• Handle escalated tickets and Perform deep-dive incident analysis - Integrating compliance devices with Splunk on frequent basis
• Working with device administrators to configure the devices to enable/send the logs - Design and develop innovative methods of automatic event processing to satisfy compliance and operational requirements
• Maintain and improve the SIEM services to identify emerging threats and meet regulatory compliance
• Assessing the SIEM, Log Baselines implemented and the SOC Procedures, for finding the gaps
• Conducting workshops to discuss Use cases and Log baselines with Clients - Monitoring SIEM logs, Firewall logs, Active Directory logs - Creating and working with IOC dashboards
• Knowledge of Process Explorer and Carbon Black
• Analyzing alerts using Splunk Enterprise Security and Qradar
• Malware Analysis -
• Email Phishing Analysis

• Providing technical and physical support for high security areas, security
• equipment, and security systems in retail chains
  Physical Mobile Device security pre-sales and support
• Duties involved the installation, use, and maintenance of security equipment, from metal detectors to electronic surveillance
• Installation and commissioning of Electronic Article Surveillance (EAS), CCTV,
• Access Control, Networking, Structured cabling
  Handled and completed a ELV projects mainly focusing on Networking systems and cabling installation