As a Senior IT Security manager, I am responsible for the implementation of a project on network infrastructure security and endpoint protection based on Palo Alto Networks solutions (Cortex XDR/NGFW):

work with vendor, pilot project implementation, implementation in production; maintenance of the implemented solution (troubleshooting, configuring and update); preparation of reports and recommendations on information security.

I am working on:

Security audit (analyzing firewall configurations, RBAC, network segmentation (L4/L7), security compliance).IT security documentation (policies, procedures, standards and guidelines).Conducting vulnerability scans.Conducting IT security awareness trainings with the company employees.Scanning of the company's network and production infrastructure. Interaction with vulnerability remediation teams.Implementing hardening standards based on Center for Internet Security (CIS) Benchmarks.Investigation of security incidents (phishing, malware etc.).

General responsibilities:

Evaluating internal security architecture including design assessment, risk assessment and threat modeling.Maintaining a comprehensive set of tools for cyber security monitoring and vulnerability scanning of network, systems and applications.Leading the information security team in effectively utilizing security systems to support the cyber security infrastructure, ensure network architecture compliance.Providing technical leadership regarding cyber security protocol related to desktop applications, web applications.Monitoring and contributing to the tracking, prioritizing and resolution of security incidents, issues and vulnerabilities.Conducting vulnerability assessment of applications, OS and networks.Researching and evaluating cyber security threats and perform root cause analysis.Responding immediately to cyber security-related incidents and provide a thorough post-event analysis.Investigating intrusion incidents and conduct forensic investigations.Conducting security research regarding threats, troubleshooting issues and manage upgrades on security platforms.Advising on data security issues, compliance and privacy requirements.

Practical use:

Tenable Nessus scanner, Open VAS, Kali Linux, OWASP ZAP, Palo Alto NGFW/Cortex XDR, Manage Engine Log Analyzer, Wazuh, Phishinsight Trendmicro;AWS WAF; Google workspace security.

As a SecOps, I monitored and supported security operations for malicious activity. I was responsible for determining appropriate response action(s) to an incident, following the agency standard techniques, tactics and procedures. In this role also responsible for the analysis and reporting of cyber threats as well as assist in deterring, identifying, monitoring, investigating and analyzing computer network intrusions, conducting vulnerability scans.

General responsibilities:

Frequently communicating with IT Ops, IT engineering, DBA, Network teams, SOC organizations.Monitoring and analyzing Security Information and Event Management SIEM to identify security issues for remediation.Triage IDS alerts, collecting related data from various network analysis systems, reviewing available open and closed source information on related threats & vulnerabilities, diagnosing observed activity for likelihood of system infection, compromise or unintended/high-risk exposure.Analyzing large volumes of network flow data for specific patterns/characteristics or general anomalies, to trend network activity and to correlate flow data with other types of data or reporting regarding enterprise-wide network activity.

Practical use: Palo Alto NGFW (security policies and profiles management), Palo Alto Cortex XDR, SIEM Exabeam UBA/AA.