Bandar Al Ahmadi

Leading Incident Response engagements from scoping and delivery to reporting, closure, and lessons learned.
Leading and supporting triage calls through the XFIR Global Hotline.
Leading proactive service engagements including initiation, scoping, delivery, reporting, closure, and lessons learned.
Globally leading Tabletop Exercise (TTX) services across three regions: NA, APAC, and EMEA.
Developing Incident Response Plans.
Developing Cybersecurity Crisis Management Plans.
Supporting multiple proactive services such as Active Threat Assessments, Cyber Range Experiences, Cyber Wargames, Security First Responder Training.
Acting as the account owner for 10+ clients, acting as the primary point of contact, leading kickoff calls, and conducting quarterly reporting calls, addressing client concerns, managing retainer hours, driving proactive services discussions, and building strong, long-term client relationships.

Lead Incident Response and Proactive Service engagements.

Lead technical investigations, perform root cause analysis, and handle alerts escalated by L1/L2 analysts.
Develop SOC processes and playbooks.
Conduct quality checks and review closing reasons, TTD, TTR, false-positive rates, and other key performance metrics.
Deliver knowledge-sharing sessions and mentor junior analysts to enhance team capability.

Investigate and respond to security incidents across SIEM, EDR, NTD, XDR, SOAR, and other security controls.
Handle alerts escalated by L1 analysts and ensure accurate triage and response.
Communicate with clients regarding security concerns, incident status, and recommendations.
Respond to incidents requiring digital forensics, malware analysis, and reverse engineering.
Actively hunt for adversaries, perform continuous IOC sweeps, and identify emerging threats.
Review threat reports and contribute to rule development and refinement.
Build, tune, and validate EDR detection rules to improve detection quality.

Worked as a security operations analyst at the Managed Detection and Response Center, which delivers premium MDR services to tens of subscribed clients from various sectors.

Investigate and respond to security incidents.
Build, tune, and validate EDR rules.
Utilize SIEM, EDRs, NTD, and SOAR platforms.
Actively hunt for adversaries on the network.
Conduct malware analysis and reverse engineer malware.
Perform digital forensics.

Education for Employment (E4E)
Completed a 9-month intensive Cybersecurity Program that included job training and more than 15 courses and certifications across multiple IT domains, including networking, infrastructure, cybersecurity, SIEM, endpoint detection and response, network threat detection, and cyber threat intelligence.