Home About
About
Cancel

About

Mohamed Atef

Senior Cyber Defense Engineer

with proven experience in leading Security Operations, conducting EDR assessments, and developing SOC processes, use cases, playbooks, detection rules, and automation workflows.

As a Cyber Defense Engineer, my professional passion encompasses whatever is related to blue team capabilities like threat detection, incident response, and threat hunting and my skills extend to SIEM Administration, implementing and managing SOAR solutions, integrating SOCs with automation tools, and proficient scripting.

Currently, I hold a professional certificate in Threat Hunting (ecthpv2) and I’m willing to solidify my practical capabilities with other blue/purple team certificates in the future. My core belief is that you can’t protect what you don’t understand, that’s why I’m eager to stay well-informed and up-to-date with the latest trends and advancements in the dynamic field of cybersecurity.

Email / Website / LinkedIn / GitHub / Twitter

Experience

Sr. Cyber Defense Engineer

  • Administered and optimized SOC platforms—including SIEM, SOAR, EDR, and NDR—ensuring robust security monitoring and efficient response capabilities.
  • Implemented and integrated security solutions across SOC platforms, emphasizing automation and process efficiency.
  • Managed Digital Risk Protection (DRP) and Threat Intelligence Platforms (TIP) cases, ensuring prompt and effective responses to security incidents.
  • Authored and escalated Incident Response reports to top management, aligning security strategies and lessons learned with business objectives.
  • Collaborated with the GRC team on PCI DSS log simulation and supported other governance, risk, and compliance functions related to SOC.
  • Enhanced threat detection, monitoring, and response capabilities, driving continuous improvements in SOC operations.
  • Automated SOC processes, boosting operational efficiency and reducing response times.
  • Assessed security products and contributed to the POC process for various security solutions (EDR, Mail Gateway, TIP, and SOAR) to ensure their effectiveness.

Cyber Defense Engineer

  • Managed SOAR platform “The Hive” for incident response.
  • Automated SOC processes to improve efficiency.
  • Performed EDR assessments.
  • Supported the SOC team with complex security incidents
  • Integrate with the GRC team in any GRC functionalities related to SOC.
  • SIEM Administration

Sr. SOC Analyst.

  • Establish SOC team for the first online bank in Egypt. “Misr Digital Innovation”
  • Implementation of SOAR solution “TheHive”.
  • Integrate with GRC and other operational teams to implement the SIEM and develop customized use cases, rules and playbooks to MDI daily business operations.
  • Develop and enhance threat detection, monitoring, and response capabilities in MDI.
  • Audit on L1 Analysts and assist in defining SOC team and process gaps.
  • Mentor L1 analysts to develop their learnings and recommend needed trainings to empower their capabilities.
  • Assist in administration of SIEM & SOAR.
  • Monitor of cybersecurity trends and IOCs by reviewing TIP/Daily security feeds to ensure proactive security.

Sr. SOC & IR Engineer.

  • Develop and enhance threat detection, monitoring, and response capabilities by engaging in purple team activity.
  • Design automation workflow to facilitate threats investigation and analysis process.
  • Integrate different SOC solutions with SIEM.
  • Implementation of SOAR solution “TheHive”.
  • Develop (process, use cases, playbooks).
  • Conduct deep investigation and analysis upon escalated cases from L1 analysts.
  • Dark Web platforms monitoring to detect compromised business accounts or data breaches, followed by promptly taking appropriate actions.
  • Research/conduct threat-hunting operations using known adversary tactics, techniques, and procedures to detect advanced threats.
  • Hunt for Both IOCs Shared by Central Bank of Egypt Incidents reports and other Threat Intelligence platforms.
  • Establish SOC Process and continuously monitor and review process efficiency.
  • Audit on L1 Analyst, assist to Define Their Gab and Recommend Training When needed.
  • Develop incident response reports.
  • Integrate with GRC team in PCI logs simulation and other GRC functionalities related to SOC.

L1 SOC Analyst.

  • Monitor 24x7 alerts generated by multiple security appliances.
  • Analyze the alerts, eliminate false positives, and raise alerts to designated personnel to respond to identified incidents.
  • Monitor security intelligence feeds and alert the responsible team to new and emerging threats that may impact their environment.
  • Provide ongoing recommendations to tune detective controls and minimize false positives.
  • Produce periodic reports on SOC operations, attacks detected, incidents opened, etc.
  • Apply threat hunting for critical systems and log sources to check for any abnormal activity or misconfiguration.
  • Handle alerts that come from EG-FinCert or CBE and hunt for IOC that sends from both of them.
  • Handle brand protection alerts that send from our threat intel and take down fake (social media pages, profiles, websites, and mobile applications).

Training & Certificate

  • eCTHPv2 - eLearnSecurity
  • Threat Intelligence Analyst - Group-IB
  • IBM Qradar - Pluralsight
  • Foundations of Operationalizing MITRE ATT&CK - AttackIQ
  • Foundations of Purple Teaming - AttackIQ
  • Cyber Defense path - TryHackMe
  • Become an Incident Handler - Cybrary
  • Become a SOC Analyst - Level 2 - Cybrary
  • n8n Course Level 1,2 - n8n

Nothing Is Better Than A Quiet Night, Cup Of Coffee & Dark Mode IDE

Trending Tags
Integrations
Trending Tags
Integrations