Irfan Ullah

Experienced in security operations and incident response, overseeing event monitoring, detection, and mitigation. Skilled in threat management, risk assessment, and developing security use cases. Ensure compliance through audits and governance best practices. Lead 24x7 multi-tier SOC operations, optimizing workflows and response. Manage tools including Rapid7 IDR, SentinelOne EDR, ProofPoint, and IDS/IPS. Develop SOC dashboards, reports, and playbooks. Support secure AWS cloud monitoring and architecture.

Responsible for conducting security investigations escalated from SOC L1 using VSOC tools. Manage cyber threat advisories and coordinate follow-ups with tech teams. Execute full incident lifecycle, perform RCA, and recommend preventive measures. Mentor analysts on risk management, incident response, and SIEM monitoring. Support evaluation and tuning of security solutions and SIEM optimization. Also experienced with Carbon Black EDR.

Skilled in deploying and configuring QRadar, integrating diverse log sources, writing parsers, and customizing rules, dashboards, and reports. Experienced in building and fine-tuning use cases and offenses. Strong SOC operations background in traffic monitoring, real-time event/log analysis, and incident triage. Perform regular security and vulnerability audits and manage IBM Resilient IRP implementation and configuration.

Proficient in implementing, configuring, and administering LogRhythm SIEM and Trend Micro solutions. Skilled in advanced log analysis across firewalls, IDS, Syslog, DHCP, directory services, and secure email gateways. Experienced in integrating diverse log sources, developing regex for custom reports, designing enterprise use cases, and maintaining SIEM workflows. Provide escalation support and expertise in Fortinet, Kaspersky, Wireshark, TCPdump, Linux/Windows, and malware analysis tools.

Provide online/onsite support for Trend Micro, Kaspersky, Carbon Black, Fortinet. Experienced with endpoint security, whitelisting, blocking, HIPS, AV, DLP. Handle incident process planning, monitoring, reporting, and SLA compliance. Skilled in vulnerability management, security scanning, and incident management. Perform customer health checks, work 24/7 on-call, and collaborate effectively in challenging situation

Skilled in installing and managing Windows Server 2008/2012, applications, and multi-platform environments. Experienced in Active Directory, GPOs, DNS, DHCP, IIS, FTP, and clustering. Proficient in VMware ESX/ESXi, VM management, Blade servers, SAN configuration, zoning, RAID, LUNs, and storage mapping. Strong in LAN/WAN deployment, IP addressing, troubleshooting, routers, switches, backup devices, and disaster recovery.

• Successfully put together and configured new desktop computers for clients. • Successfully installed Windows 7 Professional operating systems on a number of desktop computers as well as downloading and installing software off of department servers. • Provided technical support, including password resets & server backups. Responded to inquiries. • Assisted in Network Connection issues, printer related issues, and Hardware Diagnoses/Repair. • Assisted with technical documentation of systems and processes