SOAR

Highlights

Highlights

With profound expertise in SOAR technologies, particularly in platforms like Demisto XSOAR, Splunk SOAR (Phantom), Exabeam SOAR, and IBM Resilient, I excel as a seasoned SOAR Consultant and Cyber Security Automation Engineer. My focus lies in enhancing automation capabilities, optimizing software and performance, and contributing to comprehensive global security solutions within the dynamic landscape of Security Orchestration, Automation, and Response (SOAR) frameworks.

SOAR
  • Demonstrated expertise in various use case improvements and evaluations within the dynamic field of security automation.
  • Implemented phishing feedback processes, continuously optimizing workflows in Splunk ES and XSOAR indicators’ enrichments.
  • Collaborated with cross-functional teams to assess, design, and implement tailored SOAR solutions.
  • Conducted in-depth analysis of security processes, providing strategic recommendations and contributing to the development of efficient and automated workflows.
  • Played a key role in defining and enforcing best practices for SOAR implementation, ensuring alignment with industry standards and regulatory requirements.
  • Assumed responsibility for the integration of diverse security tools and technologies, streamlining operations and enhancing overall security posture.
  • Developed and implemented sophisticated automation for phishing detection and response, employing advanced techniques to identify and mitigate phishing threats promptly.
  • Led training sessions and knowledge-sharing initiatives to empower teams with advanced SOAR capabilities, fostering a culture of continuous improvement and innovation.
  • Served as a trusted SOAR Subject Matter Expert, leading initiatives such as use case proposals, evaluations, development, testing, and deployments.
  • Owned and maintained the XSOAR platform, ensuring seamless operation and troubleshooting when needed.
  • Led a migration project from Phantom (Splunk SOAR) to Demisto XSOAR, overseeing the end-to-end migration from XSOAR6 to XSOAR8.
  • Actively contributed to the continuous optimization of phishing feedback processes, improving workflows in both Splunk ES and XSOAR indicators’ enrichments.

The developed use cases encompass a range of meticulously designed and built scenarios, each tailored to address specific cybersecurity requirements. These use cases are thoughtfully developed to enhance security measures, utilizing a combination of strategic design and meticulous construction. They are crafted to seamlessly integrate into existing cybersecurity frameworks, contributing to a more robust and proactive security posture.

Incident Response Automation
Streamlined incident response by leveraging SOAR platforms. This involves automating tasks such as data collection, containment actions, and the execution of predefined response playbooks. By doing so, the response to security incidents becomes faster and more coordinated, minimizing the need for manual intervention.
Phishing Response and Remediation
Improved the handling of phishing incidents by automating identification, analysis, and remediation. This involved implementing SOAR workflows to automatically analyze and classify phishing emails, initiate investigations, and execute predefined actions for containment and remediation. This use case minimizes the impact of phishing attacks, ensuring a consistent and timely response throughout the organization.
Search & Destroy
To promptly address phishing threats, the objective was to automate the search and eradication processes. This involved implementing SOAR workflows that automatically scanned for phishing indicators, initiated targeted searches, and executed predefined actions to neutralize and eradicate phishing threats. This use case streamlined the response to phishing incidents, ensuring a proactive and effective approach to identifying and eliminating phishing threats across the organization.
Vulnerability Management and Patching
Automated the identification, prioritization, and resolution of vulnerabilities in the IT infrastructure. This is achieved by integrating vulnerability scanners with SOAR platforms, enabling the automatic processing of scan results. The system then prioritizes vulnerabilities based on criticality and initiates predefined workflows for prompt patching or mitigation. This streamlined use case ensures a proactive and systematic approach to effective vulnerability management. This involved the integration of different technologies and tools including, Splunk, XSOAR, R7, and ServiceNow
Threat Intelligence Integration
Boosted threat detection and response through the automated ingestion and analysis of threat intelligence feeds. This was achieved by integrating SOAR platforms with threat intelligence feeds, enabling automatic correlation of incoming threats with contextual information. Automated workflows were then triggered to adapt security policies, block malicious indicators, and initiate proactive threat-hunting activities. These integrated tools like Proof-Point, Recorded-Futures, Anomali, and others.
Security Tooling
Improved EDR (Endpoint Detection and Response) and security tooling coverage by implementing automated processes. Implementation: Integrated EDR solutions such as CrowdStrike and CarbonBlack, along with ZScaler, to enhance efficiency and effectiveness. Utilized automation through XSOAR, Splunk, SQL, and tray io to achieve comprehensive coverage. Automated workflows facilitated adjustments to security controls, ensuring efficient incident response and threat mitigation.

Get in touch!

My name is Malik Bennabi. I'm a Cyber Security Engineer living in the United Kingdom. I am a polyglot from the Global South speaking several languages. Click on any of the tiles above for more details about my areas of expertise.

Looking for someone to help you and your team? let's connect!

Me!

Email

hello@malikbennabi.com

Phone

Drop me a line and I call you back

Address

United Kingdom