Muhammad Numair

Experience

• 

  Pakistan Television Corporation Limited

  Jul 2016 - Sept 2016

  Intern

  Software development using C# language and learned Adobe Photoshop tool.

• 

  Pakistan Telecommunication Company Limited

  Feb 2017 - Jul 2017

  Intern

  I manually resolved all the exceptions thrown by RS Database (Nationwide, i.e. all Pakistan) and played a vital role in CRM & RS integration team. I was assigned daily (Nationwide) tasks to smooth the RS Database and CRM operations and facilitated business team.

• 

  Pakistan Navy

  Dec 2018 - Jun 2022

  Assistant Manager Cyber Security

  Installation, Configuration of IBM QRadar with (IBM QRadar Network Insights, IBM QRadar Risk Manager, IBM QRadar Incident Forensics, IBM BigFix, IBM Security Network Protection XGS Appliance, Aruba Clearpass, IBM Resilient, EXSI Servers). Detect, Investigate and Respond to offences as per policy. Automating incident response based on threat levels. Integration and automation of Incident response (IBM Resilient). Parsing custom queries. Automated Asset Discovery and blocking of dormant assets. Vulnerability assessment of web applications and integration of results with SIEM. Developed an application for Automated installation of wincollect agent. Creating and refining rules in IBM QRadar based on event and flow activity. Detailed forensics of windows based machines. Monitoring user behavior and creating rules to generate offenses based on user account. Implemented SOC, trained staff, Created SOPs for Analyst team Patch Management through IBM Bigfix. Configuration of Network Access Control (Aruba Clearpass) on the Network for Mac based authentication and also was the member of CERT Team. Show less

• 

  Government of Pakistan

  Jun 2022 - now

  Digital Forensic Specialist / SOC Analyst L2

  Working as Digital Forensic Specialist and SOC L2. In my Digital forensics Specialist role, I conduct forensic analysis on compromised systems to determine the extent of the breach and identify the root cause. Evidence collection by taking image of infected system using FTK Imager and collection of memory dumps. Examine running processes using Volatility tool to identify the behavior, capabilities and impact of malicious software’s or processes. Do brief analysis from the image of infected system using autopsy tool. Make brief reports while preserving the integrity of the information and maintaining a strict chain of custody for the data. In my SOC Analyst L2 role I monitor logs on open-source Elastic SIEM Solution. Collaborate with L1 analysts to provide guidance and support to resolve their day-to-day issues and alerts, write monthly and weekly reports and discuss it with senior management to analyze security posture. Detect, Investigate and Report triage security incidents from multiple log sources which includes Firewalls, Web Application Firewalls (Public Services), Antiviruses, Windows and Linux based log sources and escalate them with concern teams and to higher management. Create dashboards for real time monitoring and visualization which helps analysts for a holistic overview of the security posture. Working on Assets inventory management tool known as RunZero to maintain the check and balance of inventory of organization and integrate the RunZero with Nessus to analyze the vulnerabilities in the assets. Show less