Missions AT&T Cybersecurity : Une multitude d'offres déposées quotidiennement

Exemple d'expériences d'Amine,
freelance AT&T CYBERSECURITY habitant les Hauts-de-Seine (92)

Professional experience

o Since March 2022 Freelancer as Senior Incident Responder/ Cybersecurity
Analyst Level 3 at Big company that provides access to water and waste services
in France
o Handling and response to all cybersecurity incidents
o Improve and maintain all the steps of handling and responding to an incident.
o update the standard operation process.
o Update Incident response guidelines based on React Matrix.
o challenge the SOC team about detection rules by identifying the gap in detection or logs.
o Improve the detection by reducing the false positive alerts and giving other logic and ideas to
improve the rules.
o Search and improve the tools used to respond to an incident (forensic tools, telemetry for logs that
help during investigation, artifact collector,)
o Work with SOAR team by transforming the Incident response Guideline to playbook or workbook
in SOAR level to reduce incident response time and automate the response process.
o Threat hunting based on cyber threat intelligence:
 get the detection logic or the pattern behind the new cyber-attack and transform them to use
cases or rules of detection.
 Retro hunting/post-mortem analysis once we have a hit of an IOC and try to understand the
root cause and if there was any gap in detection or logs.
 Challenge the EDR by testing new techniques or new patterns of attack and seeing its
reaction.
o Cyber threat intelligence:
 Monitoring and check any new fraudulent domain that can be used as a cybersquatting or
phishing campaign.
 Monitoring any critical services that are exposed without any onboarding in our cyber
security solution.
 Monitoring any brand abuse (exposed portal, …)

 Technical Environment
Splunk/ Phantom SOAR/ Crowdstrike/proofpoint/Microsft defender/ Microsoft MCAS/ Microsoft
sentinel/Qualys/Skybox/Zscaler/Intel471/Intrinsec cyberboard CTI/ Forensic (Volatility, UAC,)

❖ Senior Soc Analyst/Incident Responder consultant at SSII France November
2019- March 2022:
▪ Mission at financial institute as Soc Analyst/CSIRT engineer L3 consultant
from January 2020-July 2020:
o Handling PCI DSS incidents within the Author perimeter (the network that checks if a client can
pay using his payment card).
o Implementation and improvement of detection rules.
o Handle security requests (phishing e-mails, suspicious machines).
o Monitor vulnerabilities in various infrastructures.
o Creation of procedures (reflex sheet, incident contextualization procedure) for L1/L2-level soc
analysts.
o Monitor technology and propose security solutions to reduce identified risks.
Technical Environment
Splunk/Entreprise Security Splunk/Darktrace/DfirOrc/Fortimail/Ironport/Python/SentinelOne/JoeSandbox/

▪ Mission at Luxury Company CSIRT engineer L3/Analyste Soc L3 since July
2020-March 2022:
o Handling security incidents
o Investigate incidents and identify root causes.
o Update security playbooks
o Implementation of operating procedures to facilitate research and investigation.
o Threat hunting: process implementation, IOC collection, investigations.
o Integration of business applications into Siem (choice of logs, use cases, etc.)
o Deployment of Mitre Att&ck rules (mapping, log studies, testing, etc.)
o Deployment of reports & dashboards on Siem
o Major incident management (DDOS, compromised servers, etc.)
o Dealing with vulnerabilities
o Participation in Siem RFP (request of purchase) preparation

Technical Environment
Splunk/Entreprise Security Splunk/Tehtris
Proofpoint/Zscaler/intrinsec CTI/ Cybereason EDR/Azure/Bitsight/ Alsid/
❖ Senior IT Security Engineer at an insurance company in Algeria April 2019 -
November 2019:
o Improving the design and architecture of MACIRVIE's infrastructure from a security point
of view, based on the Cyber Kill Chain model.
o Implementation of Elasticsearch SIEM solution.
o Audit and remediation of web server and collaboration vulnerabilities.
o Audit and remediation of firewall configurations.
o Work on the business continuity plan and recovery plan: set up a backup site; test
restoration of backups; test failover to another site.
o Monitor technological developments and propose security solutions to reduce identified
risks.
Technical Environment
Windows server/ Ubuntu server/ Elasticsearch/Fortinet/Burpsuite/Nexpose/ Pingcastle

❖ Senior Network Security Engineer at Internet Provider Company April 2018
- January 2019 Algeria:
▪ MSSP project (Managed Service Security Provider) a dedicated customer project:
o Define the different components of an MSSP:
 Administration of customer dedicated NGFWs
 Vulnerability management
 Cyber Security analysis: identification of gap of detection, coverage of mittre
Att&ck(log management, covered technique,…)
 Threat hunting and sandboxing
o Develop POCs and labs for each phase, based on different vendors.
o Present the results of the various tests and choose the appropriate solution.
o Prepare project description sheets in collaboration with the marketing department.
o Train sales staff in the MSSP concept.
▪ Implement a SOC service for the company:
o Define security perimeter and criticality of various services and servers.
o Realize POCs for each level of security (endpoint, front end, network), with the aim of finding a
solution that meets the company's budget, infrastructure and security requirements.
o Vulnerability management and analysis.
o Draw up remediation plans and work with system administrators to implement them.
o Ensure backup of data and configurations of various important solutions and services.
o Deployment of an Alienvault OSSIM SIEM solution.

o Contribution to the definition of a logging policy (types of events to be considered, retention
times, log standardization/parsing).
o Creation of use cases and rules of detection.
o Analyze and handle cyber security incidents.
o Supervise students on SOC projects:
 Define an incident management process: try to deduce a process based on the Nist 800-
61 r2 review.
 Test and compare solutions for each part of SOC.
 Vulnerability management: a test between Rapid7 and openvas
 SIEM: a POC for Arcsight, Splunk , Alienvault
 Endpoint: Epo McAfee, Kaspersky
 NGFW: Palo alto, Fortinet
o cybersecurity Intelligence
o Monitor and analyze the production network to detect security breaches or intrusions.
Technical Environment
Linux/Fortinet/ Alienvault/ SIEM/ UTM/ Juniper/Windows Server/ DNS BIND/
Pingcastle/Nexpose/Openvas

❖ Cybersecurity Consultant at Ota Djezzy Veon Algeria October 2015 to
March 2018:
o Analysis and processing of security alerts.
o Studies the security aspects of platforms for various projects.
o Administer security solutions (NGFW, IPS, IDS, Mcaffe, etc.).
o Network auditing.
o Audit systems (Windows, Unix/Linux, etc.).
o Audit and remediate vulnerabilities in information system components.
o Integrate security platforms with SIEM to create GSOC (global SOC).
o Design and deploy DNS solution for 3G/4G users.
o Ensure security watch and share it with the cyber security group.
▪ ARCSIGHT ESM + Arcsight Data Platform SIEM project:
o Conduct interviews with various technical teams.
o Log ability study.
o Define a data collection strategy.
o Develop and deploy connectors for log collection.
o Development of use cases to monitor the activities of privileged users (SU administrator).
o Check incident traceability and ticket entry quality.
o Formalize and distribute reports and directories.
o Deploy and monitor security policies, in line with VEON Group security policy.
o Compliance with Sarbanes-Oxley "SOX IT General Control" standards.
o Implementation of SOX IT Control at SIEM level: log study, log standardization, use case
testing.
Technical Environment
Arcsight/Juniper Netscreen/ Huawei/ DNS secure64 / Huawei /Palo Alto/ Fortinet/ oracle/Sql
server/Windows server/ Mcaffe EPO

❖ IT Security Engineer at Quantum Network Security QNS/SSRI October 2013
to August 2014
o System Engineer Cisco Sourcefire May2014-August2015.
o Network security consultant for public companies.
o Perform security audits in public companies.
o Integration and deployment of Sourcefire solutions (NGFW+IPS+IDS).
o Network administrator at SSRI.
o Configuration of security policies.
o Train engineers on Sourcefire products (acquired by Cisco).
Technical Environment:
Sourcefire: Firepower / FireAmp / Idappcom / Rapid7 / Linux / Windows Server / Cisco

❖ End-of-study internship From September 2012 to July 2013
o Use of meta-heuristics for intrusion detection in computer networks, report:
********'etudes
Technical Environment:
IDS/IPS: ( Snort,Suricata,…) / JAVA / PostgreSQL / NSL KDD / WEKA 3