Mohammed Awaise Mohiuddin

Client: Saudi Aramco

• Splunk deployment on Saudi Aramco Plants.
• Deployment of splunk instance and Heavy Forwarders, based on Plant architecture.
• Index creation and configuration of index life cycle policy.
• Integrating multiple HF with local Splunk instance.
• Configuration of inputs and outputs for data receiving and forwarding.
• Troubleshooting of Splunk queue & log ingestion errors.
• Perform endpoint configuration and log onboarding on Splunk.
• Installing Apps and Add on’s Splunk HF.
• Installing Splunk License on required components.
• Configuration of syslog on Network endpoints like routers, switches & firewalls.
• Configuration of windows audit policy for windows event forwarding on Domain Controller.
• Creating subscription for collecting window endpoint logs.
• Perform health check of Splunk environment.

Clients: Saudi National Bank & Yasref Oil Refinery

• Monitor and investigate alerts triggered on Cortex XSOAR, Splunk & RSA Netwitness.
• Monitor Security tools like Arbor, Mcafee EPO, Firewalls, IDS etc and take action on triggered alerts.
• Investigate and mitigate the Phishing emails reported by end user.
• Handle alerts triggered by FireEye EX, HX, NX.
• Pull the malicious emails from user inbox using Threat Response Tool.
• Isolate the phishing mails which were delivered to end user.
• Isolate the sender IP, Domains & rDNS which were involved in the activity.
• Perform Sandboximg using Cisco TG, FireEye Malware Analysis.
• Gathering the malicious IOC’s from email gateway’s.
• Checking the sender reputation of the suspicious emails from tools like Anomali, Virus total, AbuseIPDP, Urlscanio, Cisco Talos, Symantec Site viewer etc.
• Analyze and release quarantined emails upon end user request.
• Share daily, weekly & monthly reports with the management which includes Security incidents raised & summary of alerts from security tools.
• Escalation of the incidents crossing SLA.
• Share Saudi Cert, NCA, CISA and other advisories with the different teams to check the applicability of the advisory in the environment.
• Perform Tenable Vulnerability scan and share report with the management.
• Monitor user activity alerts from SIEM and seek justification from user in case of any suspicious activity.
• Monitor SIEM Health and notify management in case of any issues.
• Project: Saudi National Bank(SNB)
• Project: Yanbu Aramco Sinopec Refining (YASREF) Company

Client: BTC, Yamama Cement, Mobily, Emircom

• Deployed Wazuh Opendistro, Elasticsearch SIEM in cluster of multiple nodes.
• Configured multiple components like, Kibana, Elasticsearch, Wazuh manager, Logstash, Filebeat, Winlogbeat etc in HA mode.
• Implemented hot & cold nodes, Index creation, Index roll over, Data Retention using ILM policy.
• Implemented data backup using Snapshot.
• Implement and configure solutions ensuring high availability and other delivery related aspects of SIEM practice.
• User Creation with designated privileges, Custom queries & dashboards Creation, agent configuration.
• Applying uses cases on the Wazuh SIEM.
• Performed security drills for Phishing Attacks, DDOS Attack, Malware attack, Email Bombing, DNS spoofing, Active Directory Attack etc.
• Log Monitoring using SIEM Tools (Wazuh Opendistro, Elasticsearch).
• Creating Reports, Queries, Rules, Filters, Dashboards, Real Time Alerts and Console Resource Operations.
• Managing and controlling information security incidents in all phases like including preparation, notification, and response.
• Reviewing and identifying root causes of security incidents and recommending corrective actions to prevent incidents from reoccurring.
• Co-ordinate with technical teams and bring the issues to closure.
• Manage all support cases via ticketing systems.
• Provide regular updates to end users/requesters and close the incidents once the mitigation has been performed.
• Project: Wazuh Opendistro SIEM, Elasticsearch SIEM

Client: Saudi Aramco

• Configuring endpoints to send logs to Arcsight and Splunk.
• Enable logging on the endpoints.
• Configured Time Tools NTP Device.
• Synced all end points with NTP.
• Configured secure routing for all network devices to send logs to Arcsight server.
• Configured logging on Firewall (Cisco ASA 5500 Series, Juniper SRX240), Routers(Cisco 2900) and Switches (Cisco 2960,3850, C9200) to reach the Arcsight Server.
• Configured NetFlow for cisco routers and switches.
• Configured J-flow for juniper Srx240 firewall.
• Configuring rules on firewall to allow traffic from endpoints to reach Arcsight server with the help of Local Admin.
• Installed ArcSight connectors.
• Verify that the logs reach the local ArcSight server.
• Verify reporting devices from Splunk.
• Project: Saudi Aramco Cyber Security project (Arcsight & Splunk)
• Aramco Consultant ID: 8344248

• Installing and configuring Server 2019, 2016, 2012R2, 2008R2 Active Directory Domain controller, Additional Domain Controller, DNS, DHCP, GPO, DFS, ADFS, and FSMO Roles.
• Creating and Managing Domain users, groups and assigning their policies.
• Designing and managing Active Directory, OU, and Group Policies Infrastructures based on the policies and guidelines provided.
• Worked on Cisco 2900,1900 series routers & Cisco 3850, 3750, 2960 series switches
• Router administration including interface configuration and routing protocols, RIP, EIGRP, IGRP, OSPF, BGP.
• Configuring Access List on the router.
• Configuring VTP server, VTP clients and inter VLAN routing.
• Designing & Implementing VLANs for logical grouping of network Users & Resources.
• Creating VLANS, VTP Server, VTP clients & transparent modes.
• Configuring Access Port, Trunk Port.
• Troubleshooting routing and coordination with ISP for WAN connectivity
• Configuring outlook accounts for users.

• Installation, configuring, maintaining of desktops and troubleshooting hardware\software issues.
• Support for over Workstations, Servers and network peripheral devices.
• Working on active directory and group policy management.
• Creating domain user account on server platform.
• Giving sharing permissions to Users on folder and file levels.
• Manage the configuration and performance of all workstations and servers.
• Updating servers and desktops with latest service packs hot fixes Microsoft Security Patches and McAfee updates.
• Responsible for supporting and installing all applications and software’s
• Troubleshooting most issues using remote clients such as RDP.
• Preparing monthly work status report and updating technology specific documents
• Installing operating systems and other required software’s.
• Configuring Local, network and wireless Printers and Scanners of various printer versions
• Basic implementation and configuration of Linksys-wireless, D-Link access points, Switches
• Accounting package Software Installation and trouble Shooting
• Responsible for all aspects of Local Area Network.
• Maintain Inventory of all computer equipment and create data base to begin tracking warranty periods.