Jihane Harazi

• - Integration of new log sources (onboarding, normalization, validation)

• - Design and implementation of log parsing rules

• - Data modeling for advanced analysis

• - Creation and customization of security reports

• - Development of custom integrations (connectors, APIs, automations)

• - Design and implementation of SOAR playbooks

• - Troubleshooting and optimization of existing playbooks

• - Continuous improvement of security incident detection use cases and automated incident response

• - Design and formalization of a procedure for handling phishing and brute-force incidents (SOC operational documentation)

• - Implementation of integration with Microsoft 365 for collecting and processing events related to phishing emails

• - Development of a playbook for automating the processing of phishing emails on the Logpoint platform

• - Integration of Threat Intelligence tools by leveraging their REST APIs for static and dynamic analysis of artifacts automatically extracted from suspicious emails

• - Integration with SentinelOne via REST API for automating detection and remediation actions (launching scans of the target machine, isolating the infected machine, deleting malicious emails)

• - Centralization and orchestration of incident processing via Logpoint, reducing the need for manual intervention across multiple tools

Technical Environment: Qradar, Windows, Linux, Network Equipment: HUAWEI, Cisco, Nokia, F5 Load Balancer Firewall, Trellix ePO, Kafka, Veeam, Visual Studio, Git, Syslog, Wincollect, Python

• - Functional management of over 100 SIEM integration scopes within the framework of projects led by the Cyber Defense Center (CCD)

• - Coordination of multi-stakeholder meetings (engineers, operations managers, network experts, etc.) to define, validate, and implement cyberattack detection rules (brute force, illegitimate remote connection, malware detection, log deletion, unexpected restart, syslog/TACACS manipulation, illegitimate configuration manipulation, etc.)

• - Drafting and communication of requirements specifications for each scope

• - Supervision of technical integration:

◦ • Validation of log reception on Qradar (via Wincollect, syslog, etc.)

◦ • Troubleshooting sessions with the technical teams and Qradar lead (troubleshooting of filtering, connectivity, configuration, etc.)

◦ • Parsing and mapping of events and creation of DSMs in the event of a new type of Logs

◦ • Active tuning phase to reduce false positives before production deployment

• - Drafting of technical procedures

• - Streamlining the assignment of source logs to the correct groups in Qradar via an optimized Python script

• - Structured skills transfer to the new employee: drafting of clear procedures, operational support, and ongoing technical assistance.

• - Daily collaboration with the Qradar technical lead, recognized for my reliability, technical expertise, and ability to drive projects forward under pressure.

Technical Environment: Qradar, Windows, Linux, Network equipment: HUAWEI, Cisco, Nokia, F5 Load Balancer, Firewall, Trellix ePO, Kafka, Veeam, Visual Studio, Git, Syslog, Wincollect, Python