Mohamed Atef
Cyber Defense Lead
Cyber Defense Lead With proven experience in leading Security Operations, Conducting Product assessments (EDR, Mail Gateway, TIP, ASM, Dark Web Monitoring, DRP, and SOAR), and developing SOC Processes, Use Cases, Playbooks, Detection Rules, and Automation Workflows.
As a Cyber Defense Engineer, my professional passion encompasses whatever is related to blue team capabilities like threat detection, incident response, and threat hunting and my skills extend to SIEM Administration, implementing and managing SOAR solutions, integrating SOCs with automation tools, and proficient scripting.
I hold a professional certificate in Threat Hunting (ecthpv2) and am willing to solidify my practical capabilities with other blue/purple team certificates in the future. My core belief is that you can’t protect what you don’t understand, so I’m eager to stay well-informed and up-to-date with the latest trends and advancements in the dynamic field of cybersecurity.
Email / Website / LinkedIn / GitHub / Twitter
Experience
Sr. Cyber Defense Engineer
- Administered and optimized SOC platforms—including SIEM, SOAR, EDR, and NDR—ensuring robust security monitoring and efficient response capabilities.
- Implemented and integrated security solutions across SOC platforms, emphasizing automation and process efficiency.
- Managed Digital Risk Protection (DRP), Attack Surface Management (ASM), and Threat Intelligence Platforms (TIP) cases, ensuring prompt and effective responses to security incidents.
- Authored and escalated Incident Response reports to top management, aligning security strategies and lessons learned with business objectives.
- Collaborated with the GRC team on PCI DSS log simulation and supported other governance, risk, and compliance functions related to SOC.
- Enhanced threat detection, monitoring, and response capabilities, driving continuous improvements in SOC operations.
- Automated SOC processes, boosting operational efficiency and reducing response times.
- Assessed security products and contributed to the POC process for various security solutions (EDR, Mail Gateway, TIP, ASM, Dark Web Monitoring, DRP, and SOAR) to ensure their effectiveness.
- Implement Threat Detection Program Leveraging Detection-as-a-code with test driven detection
- Implement a Cyber Threat Intelligence Program leveraging MISP, TIP, Open Source Intelligence to provide an actionable intelligence
- MITRE Assessment for both technology and detection rules and provide MITRE heat map for management
Cyber Defense Engineer
- Managed SOAR platform “The Hive” for incident response.
- Automated SOC processes to improve efficiency.
- Performed EDR assessments.
- Supported the SOC team with complex security incidents
- Integrate with the GRC team in any GRC functionalities related to SOC.
- SIEM Administration
Sr. SOC Analyst
- Establish SOC team for the first online bank in Egypt. “Misr Digital Innovation”
- Implementation of SOAR solution “TheHive”.
- Integrate with GRC and other operational teams to implement the SIEM and develop customized use cases, rules and playbooks to MDI daily business operations.
- Develop and enhance threat detection, monitoring, and response capabilities in MDI.
- Audit on L1 Analysts and assist in defining SOC team and process gaps.
- Mentor L1 analysts to develop their learnings and recommend needed trainings to empower their capabilities.
- Assist in administration of SIEM & SOAR.
- Monitor of cybersecurity trends and IOCs by reviewing TIP/Daily security feeds to ensure proactive security.
Sr. SOC & IR Engineer
- Develop and enhance threat detection, monitoring, and response capabilities by engaging in purple team activity.
- Design automation workflow to facilitate threats investigation and analysis process.
- Integrate different SOC solutions with SIEM.
- Implementation of SOAR solution “TheHive”.
- Develop (process, use cases, playbooks).
- Conduct deep investigation and analysis upon escalated cases from L1 analysts.
- Dark Web platforms monitoring to detect compromised business accounts or data breaches, followed by promptly taking appropriate actions.
- Research/conduct threat-hunting operations using known adversary tactics, techniques, and procedures to detect advanced threats.
- Hunt for Both IOCs Shared by Central Bank of Egypt Incidents reports and other Threat Intelligence platforms.
- Establish SOC Process and continuously monitor and review process efficiency.
- Audit on L1 Analyst, assist to Define Their Gab and Recommend Training When needed.
- Develop incident response reports.
- Integrate with GRC team in PCI logs simulation and other GRC functionalities related to SOC.
SOC Analyst
- Monitor 24x7 alerts generated by multiple security appliances.
- Analyze the alerts, eliminate false positives, and raise alerts to designated personnel to respond to identified incidents.
- Monitor security intelligence feeds and alert the responsible team to new and emerging threats that may impact their environment.
- Provide ongoing recommendations to tune detective controls and minimize false positives.
- Produce periodic reports on SOC operations, attacks detected, incidents opened, etc.
- Apply threat hunting for critical systems and log sources to check for any abnormal activity or misconfiguration.
- Handle alerts that come from EG-FinCert or CBE and hunt for IOC that sends from both of them.
- Handle brand protection alerts that send from our threat intel and take down fake (social media pages, profiles, websites, and mobile applications).
Certificate
- eCTHPv2 - eLearnSecurity
- Threat Intelligence Analyst - Group-IB
Training
- CCNA (Cisco Networking Academy)
- CCNA Security (Cisco Networking Academy)
- Cyber-Ops Associate (Cisco Networking Academy)
- Certified Ethical Hacker (EC-council)
- Foundations of Operationalizing MITRE ATT&CK (Attack IQ Academy)
- Cyber Defense (TryHackMe)
- Practical Malware Analysis & Triage (TCM security)
- SOC Analyst - Level 2 (Cybrary)
- Incident Handler Path (Cybrary)
- N8N Workflow Automation Level 1, 2
- IBM Qradar (Pluralsight)
- Foundations of Purple Teaming (Attack IQ Academy)
- Fundamentals of SIEM Alert Rule Development (Purple Academy by Picus)
- CLF-C02: AWS Cloud Practitioner (kodekloud)
- AZ900: Microsoft Azure Fundamentals (kodekloud)
- PCAP - Python Certification Course (kodekloud)
- Jenkins (KodeKloud)
Hands on Experience
- SIEM (Qrader, Splunk, ELK)
- SOAR (The Hive, IBM Resilient)
- EDR (Trillex, Fidelis, Group-IB” XDR”)
- NDR (IBM QNI)
- Workflow Automation (N8N, Shuffle)
- Python
- TIP (GIB, Threat-Q, MISP, Dark Atlas)
- Dark Web Monitoring (GIB, Dark Atlas)
- ASM (GIB, Dark Atlas, Cynerv)
- DRP (GIB, Dark Atlas)
- C2 Frameworks (Covenant, Havoc)
- Adversary Emulation (Caldera)
- Middleware integrations
- Git (GitHub)
- GitHub Action
Security Projects Overview
- TheHive: Open Source SOAR
- MISP: Malware Information Sharing Platform
- BookStack: Documentation Platform
- EDR Assessment
- ELK: Elasticsearch, Logstash, Kibana
- C2 Frameworks
- Attack Simulation
- How to Send Logs From an API to QRadar SIEM Through Syslog Middleware
⚡ Nothing Is Better Than A Quiet Night, Cup Of Coffee & Dark Mode IDE