Syed Salman Gaffar

Key Responsibilities:

• Managing endpoint security using CrowdStrike Falcon across the entire device landscape.
• Using ServiceNow for incident, RITM, and change request management, and Jira for task tracking and coordination.
• Extracting and validating inventory data from various teams, and remediating non-compliant devices by deploying CrowdStrike agents.
• Identifying and reporting EOL/EOS systems, and collaborating with respective owners for resolution.
• Handling unmanaged assets, initiating remediation efforts to onboard them into CrowdStrike.
• Performing CrowdStrike sensor upgrades to ensure systems remain updated with the latest patches and policies.
• Coordinating with SCCM, Jamf, and Chef teams to distribute updated sensor packages, and make them primary.
• Managing and configuring sensor update policies, including enabling Uninstall Protection.
• Administering USB Device Control: providing or removing access based on requests, configuring device, and drive exclusions.
• Handling SOC tickets: analyzing detection/quarantine logs, and initiating on-demand scans.
• Working on hash blocking, SVE, machine learning (ML), and IOA exclusions based on security incidents or business requirements.
• Implementing and maintaining the On-Demand Scan module, and reviewing scheduled scan reports.
• Configuring and monitoring File Integrity Monitoring (FIM) rules, and investigating false positives.
• Analyzing firewall logs, managing block and allow lists, as part of the Firewall Module.
• Ensuring that prevention policies are aligned with vendor recommendations to retain support and warranty coverage.
• Created Standard Operating Procedures (SOPs) for all recurring security tasks.
• Preparing and presenting weekly, monthly, and quarterly service reports for clients and stakeholders.
• Trained and mentored three new joiners, ensuring a smooth onboarding into the security operations process.

• Validation and troubleshooting of the CS sensor on the Windows platform.
• Whitelisting of in-house applications, based on the detection criteria (Application/Software exclusions).
• Managing sensor upgrades on all managed servers, workstations, and their policies.
• Group creation, policy creation, and exceptional policies management.
• Configuring different modes of USB device policies/exclusions depending on the requirements.
• Identifying and diagnosing low-level issues, and escalating priority issues.