Hasbul Hafiz

Experience

• 

  REDtone

  Jan 2010 - Jun 2010

  Practical Trainee

  Configure Router, Switch (ATI & CISCO), Q-Balancer, IP Star Satellite Broadband, and escalated the issue to the next process, investigate the problem at client site. Also update the network diagram, register IP address, Prove of Concept (POC), and configure firewall.

• 

  VADS Berhad

  Nov 2011 - Jul 2016

  RESPONSIBILITIES:• Perform Security event management that includes- Proactively monitoring and analyze of security event from MindStorm system- Proactively monitoring the availability of security devices- Proactively monitoring the subscribed global intelligent system and update the necessary system• Perform security device management that covers- Configuration changes e.g firewall policy, anti-spam blacklist based on customer change control requirement• Performance Monitoring• Maintainance of signature and firmware• IPS action tuning based on the requirement of countermeasure during attack• Router or firewall access-list blocking based on the requirement of countermeasure during attack• Act as part of team providing security incident response ownership for VADS MSS clients• Manage Email filtering systems such as Websense Triton, Iron Port to analyzing email headers for specific related cases• Communicate effectively and provide co-ordinate services to VADS MSS clients; ensure that all Service Level Agreements pertaining to security incident response and management are met.• Prepare monthly management report to selected premier client• Perform problem analysis, resolution and system recovery within committed SLA• Produce monthly report Show less

  • Assistant Manager - Security Analyst

    Jul 2013 - Jul 2016

  • Assistant Manager 1'st Level Technical Support NOC

    May 2012 - Jun 2013

  • Customer Service Executve

    Nov 2011 - Apr 2012
• 

  Mesiniaga Berhad

  Oct 2016 - Jan 2019

  Senior Security Analyst
• 

  GREAT EASTERN

  Jan 2019 - now

  Assistant Manager - Security Analyst

  Monitor, review and responds to security alerts from SIEM, and manage cyber incidents associated to threats, intrusions, compromise, and unusual, unauthorized or illegal activity via CSIRT framework. Maintain and fine-tune the correlation and security rules in SIEM to correlate events and improve detection capability Review threat intelligence from external sources from vendors and regulators and check internal systems and logs for Indicator of Compromise. Assist in recommending, planning and implementing security measures or enhancement to protect computer systems, networks and data. SIEM Asset Control and Management, Security Monitoring, Security Incident Response, Governance, Initiatives/ Improvements Establish threat-hunting processes and develop use cases via appropriate tools Managing the Qradar Rules Review exercise and project implementation How well SOC team are adhering governance to set guidelines, documenting and improving processes. Monitor performance of third party vendor Provide support and perform escalation and investigation arises from security incidents. Ensure incidents are resolved, and lesson learnt to avoid recurrence. SOC response for security monitoring to various alerts, and ensuring these alerts are addressed, escalated timely and monitored to closure Onboarding relevant log sources and proper housekeeping ensures events are automatically processed and exceptions are flagged out for attention. Show less