Rached Salah

Experience

• 

  AlphaNumerix

  Jun 2021 - Feb 2022

  Siem Specialist

  ●Setting up Qradar and Splunk SIEM for different clientsConducting internall team on use case factory ( Use case development , treatment , deployment optimization and preparing use case card for each rule based on security domain services ( SDS) ).●Collection of logs from different sources, creation of rules, processing of use cases●Firewall installation and configuration (Sophos/pfsense)●Definition of Best Practices for Custom Parsing and Custom●Rules Implementation●Review and customization of unkown events عرض أقل

• 

  VINCI Energies

  Feb 2022 - Nov 2022

  SOC Analyst L1

  ●Installation Qradar SIEM-Integration of different technologies●WinRM Collect Implementation●Definition of Best Practices for Custom Parsing and Custom Rules Implementation●Treatment and deployment of use cases in a Pre-Prod platform●Investigation and response on security alerts●Creation of rules on Qradar SIEM●Development of incident response playbooks●CTI activities ( Cyber Threat Intelligence)●Threat hunting activities●Internal forensics activities●Perform scans at all levels: Windows/Linux/Mac OS, database, application.●Create and manage weekly and monthly reports based on scan results عرض أقل

• 

  Up Coop

  Nov 2022 - Oct 2023

  SOC Analyst L2 | Incident Responder

  ●Administration of security solutions●Response to incidents reported by ( Cortex , Splunk , Microsoft Defender andazure sentinel )●Creation of workbooks and rules on azure sentinel●Handling data leak incidents with Netskope DLP●CASB administration●Setting up phishing campaigns with Terranova (Security Awareness)●Creating procedures ( prioritization , escalation ,..),●Monitoring and Investigation activities on O365 apps ( Riskysign-In ..)●Ensuring GDPR compliance best practices عرض أقل

• 

  Sodexo

  Oct 2023 - Apr 2024

  Secops Tech Lead

  ●Audit and Healthcheck of Distributed SIEM Deployments (QRADAR)●Upgrade and Disaster Recovery●Integration and Tuning for sensitive perimeters (PDIS)●OS Hardening , Web Browsers Hardening ●Best Practice of Usage for Analysts and Integration teams●Review of Supervision Strategy and Alerting Strategy●Review and customization of unkown events●Support entities / BU in their use of security solutions●Troubleshooting and tuning of SIEM problems●Interact with vendor support teams and monitor entities' tickets resolution●Keep security solutions in operational and security condition●Monitoring (system & application)●Plan and deploy updates / upgrades (both OS and application)●Maintain documentation up to date●Perform a watch on upcoming changes in order to identify new features to be implemented●Report periodically on security KPIs for various security committees●Assist SOC investigations●Proofpoint administration ●Developping Email protection quarantine policies عرض أقل

• 

  Vocalcom

  Apr 2024 - now

  MCO | Project Manager