Saeed Hasanzadeh

• Enhanced network security by monitoring systems for potential threats and vulnerabilities.
• Streamlined incident response processes for quicker threat detection and remediation.
• Design and Implementation of Spunk Enterprise in distributed environment.
• Transformed outdated SIEM technology, migrating from ArcSight to Splunk and deploying numerous use cases.
• Monitoring and analyzing the emerging of threats, improved detection rates by 30% through proactive threat hunting techniques.
• Improving Sysmon rules and Auditd policies on hosts and servers resulting a 40% improvements on the digital forensic procedure.
• A long with red teaming techniques on endpoints and servers, resulting in 50% improvements in SIEM rules and alerts.
• Across company zones and appliances, resulting in a 70% improvement in security posture and detection Capabilities.
• Utilized SIEM tools to oversee and assess security events, leading to a 70% increase in threat identification and mitigation.
• Orchestrated the deployment of advanced web application firewalls, intrusion detection and prevention systems, bolstering the organization's security defense; achieved a 50% decrease in successful cyber-attacks and safeguarded sensitive customer data.
• Enhanced incident response effectiveness by 50% through prioritizing and escalating security incidents based on severity, ensuring both timeliness and precision.
• Achieved a remarkable 65% improvement in security monitoring efficiency and incident detection Effectiveness by spearheading the implementation of a plunk Enterprise, ES, Phantom and UBA.
• Implementation of threat intelligence (TI) and threat hunting (TH) methodology and process.
• Conducting forensic analysis, identifying and mitigating security incidents, ensuring minimal impact on operations.

• Enhanced network security by monitoring systems for potential threats and vulnerabilities.
• Performed incident monitoring, analysis, and response using Arcsight and ELK to ensure prompt threat detection and mitigation.
• Utilized Zeek, Snort, and Sysmon to monitor and detect anomalies and threats, conducting in-depth analysis of an average of 25 alerts and incidents per week to identify and respond to potential threats.
• Developed and maintained incident response documentation, including playbook, incident reports, and post-incident analysis summaries, facilitating knowledge sharing and continuous improvement.
• Defined advanced correlation queries, reports, and dashboards, improving threat detection accuracy by 35% and enhancing real-time visibility.
• Conducted regular tabletop exercises and simulated incident scenarios, achieving a 15% improvement in incident response plan effectiveness and identifying areas for improvement.
• Monitored and analyzed diverse logs from IDS/IPS, EDRs, OS, Firewalls, and more, enabling comprehensive threat detection and reducing false negatives.
• Monitored security events via SIEM and feeds, uncovering significant incidents. Processed reports, reducing unexpected network activity by 20%.
• Assisted in vulnerability assessments, utilizing scanning tools and interpreting results to prioritize and track remediation efforts.
• Conducted postmortem RCAs and incident reviews, facilitating continuous improvement of security procedures.
• Collaborated with internal stakeholders and IT teams to investigate and remediate security incidents, ensuring timely resolution and adherence to incident response procedures.
• Participated in regular team knowledge-sharing sessions, suggesting improvements to workflows and contributing to the SOC's evolution.

• Reduced cyber threats by conducting vulnerability assessments and recommending appropriate mitigation strategies.
• Configured and maintained Cisco ASA, Firepower, FortiGate and Juniper SRX Firewalls to mitigating intrusions, reducing external threats by 25%.
• Monitored and maintained BGP and OSPF routing protocols on Cisco routers ASR & ISR, ensuring 99.99% network availability across WAN/LAN and Data Canter environments.
• Supported and configured SSL-VPN and IPsec tunnels, to secure remote Access and enhancing the security of employees' connections.
• Implemented enhanced network security measures on network devices, including AAA, 802.1x, ARP inspection, and hardening features , resulting in a 20% security improvement.
• Configured and managed Fortinet web application firewall to safeguard Critical web applications and APIs against OWASP top threats, reducing potential vulnerabilities by 30%.
• Configured and managed Cisco Nexus switches with VPC, FEX, and VDC, ensuring high availability in the data center

• Optimized network performance through effective monitoring and troubleshooting of security devices.
• Configured and maintained Huawei Eudemons, Cisco ASA, Fortigate and Juniper SRX firewalls.
• Preparing Plan for CS5 modernization project.
• Preparing plan for VAS optimization project.
• Preparing plan for Datacenter and swapping old device whit Nexsus series.
• Preparing plan QOS optimization in the IPBB

Responsible for network performance and capacities.

• Secured wireless networks by deploying advanced encryption protocols and monitoring tools.
• Maintaining, configuring, tuning and troubleshooting all of core and datacenter devices.
• Routers 7200series and switches 6500 and 4500, firewalls like ASA and FWSM and Fortinet.
• Implementation of network security measures on network devices, including AAA, 802.1x, dhcp snooping ,ARP inspection.
• Providing extra security in the all edge firewalls and implementing central log server for all firewalls.
• Implementing emergency SMS and mail for critical issues.
• Working with monitoring applications like Solarwinds PRTG OPManager.
• Implementing EzVPN whit central authentication authorization and accounting in the internet edge.
• Implementing DMVPN and GRE tunnel whit IPSEC for connection of all remot branch to Central branch.