Sign in

Information Security Engineer

Raleigh, North Carolina, United States
February 04, 2019

Contact this candidate


Ahmed Shareef

C: 919-***-**** ● ●


Accomplished, strategic thinker with 5-plus years in effective problem-solving, and protecting/safeguarding an organization’s security systems and technology. Seeking an Analyst/Engineer level opportunity with an organization that values creativity, integrity and global business acumen.

Professional Summary

A security professional who is knowledgeable about information security alerting, threat trends, security event telemetry, intrusion analysis, malware, and anomalous behavior, in an Industrial Control System Environment (ICS). Possess a deep passion for root cause analysis and equipped with distinct experience and understanding of Industry Control Systems Technologies (ICS) and the traffic within those environments along with attacks targeted at them. Reviewing security alerts and correlating telemetry to discern whether the traffic is malicious and actionable, then quickly resolving alerts through escalation to Information Security Investigators. Advising the owner with remediation recommendations or suppression as false positives.


Bachelor of Science, Information and Computer Technology

East Carolina University – Greenville, NC, USA

Concentration: Information Security

Minor: Business Administration


RHCE Red Hat Certified Engineer – RHEL 7 (2017)

RHCSA Red Hat Certified System Administrator – RHEL 7 (2017)

CCNA Cisco Certified Network Associate (2016)



SOC IDS Engineer SSA (Social Security Administration) October 2017 - Present

Managing and overseeing roughly twenty-five NOC (network operations center) technicians to ensure proper support and maintenance is provided for the client’s infrastructure.

Cultivated growth and development by training junior employees on all operations methodologies.

Designing and developing new systems, applications, and solutions for external customer's enterprise-wide cyber systems and networks.

Ensuring system security needs are established and maintained for operations, development, security requirements definition, security risk assessment, systems analysis, systems design, security testing and evaluation, systems hardening, vulnerability testing and scanning, incident response, and business continuity planning.

Integrating new architectural features into existing infrastructures, providing architectural analysis of cyber security features and relating existing system to future needs and trends.

Endowed with a good working knowledge of SPL (Splunk Processing Language). Efficient in deploying and managing all aspects of Splunk.

Proficient in performing Splunk queries, creating dashboards, pivot tables, graphs etc.

Skillful in creating, managing, and updating firmware on all virtual machines in VMware vSphere.

May interface with entities including internal and external clients. Providing technical consultation to other organizations; interacting with senior customer personnel and internal senior management.

Conducting tests of complex security software systems to enhance performance or investigating and resolving matters of significance.

Acting as the initial contact with vendors on more complex projects to provide required products or services.

Providing leadership and work guidance to less experienced personnel.

Performing comprehensive security assessment of all designs within all enterprise networks, advising senior level executives of network vulnerabilities, and developing procedures and policies to rectify.

Information Security Analyst/Engineer, CISCO Systems Inc, RTP Raleigh, NC

January 2016 - September 2017 (fulfilled contract)

Working in a Security Operations Center (SOC) environment for Cisco ATA (Active Threat Analytics) department, supporting internal networks for external customers subscribing to Cisco Managed Security Services (MSS) subscriptions.

Utilizing network security and encryption tools such as OpenSSH, PuTTY, SSH, GnuPG/PG, OpenSSL, OpenVPN.

A good working knowledge of LAN/WAN protocols such as TCP/IP, IPSEC, SSL, HTTP, RIP, BGIP, and OSPF.

Utilizing Cisco Advanced Malware Protection (AMP) for data loss prevention techniques on email, and web.

Good working knowledge of Network Based Application Recognition Performance Analysis (NBAR). NBAR performs data discovery and classifies data based on Identification of applications and protocols (Layers 4 to 7), and protocol discovery.

Documenting all detailed findings on the customer portal for forensic findings, and remediation techniques.

Aligning information security practices with an ISO/IEC 27000-series standards including securing assets and managing risks.

Implementing security measures to minimize the risk of adverse events with the use of NIST 800 series publications.

Using Splunk 6.4 to filter logs and investigating events for possible intrusions.

Performing full packet analysis, including the identification of malware infection vectors, traversal, and behavior.

Investigating all generated alerts by the IPS, then correlating those events via SIEM tools along with log data, net-flow data, and both known or unknown indicators of compromises (IOC’s).

Although this is not an exhaustive list of investigative and analytics tools being used, but to name a few are SourceFire IDS/IPS, Cisco FireAMP endpoint, Kibana SIEM, Solera PCAP, SiLK (NetFlow), Wireshark, Cisco ThreatGrid Sandbox, and ServiceNow.

Utilizing Cisco Threat Grid Sandbox to analyze telemetry of an attack, its attack vector, callouts of malicious IP’s and domains, and other characteristics of a sample file.

Utilizing Solera Blue Coat for packet capture, assessing metadata, and performing pattern analysis.

Querying logs generated by multiple sources such as Palo Alto Firewalls, Cisco Adaptive Security Appliance (ASA), FireEye, Lancope devices, Bro, ISE, and FireAMP, and Kibana (data visualization plugin).

Conducting a detailed and comprehensive investigation and triaging on a wide variety of security events, then implementing cleanup and remediation processes to further educate the customers.

Investigating on all the latest Cyber security attacks on the customer’s portal for Exploit Kits, Ransomwares, Malwares, Web-based attacks (DDoS), email phishing, click & baiting, and whaling etc.

Performing hunts on the customer network’s perimeter to identify anomalous activities.

A good working knowledge of HP ArcSight for SIEM and log management solutions.

Creating all unknown Snort signature id templates for future usage.

Resolving engineering tickets by retrieving data from SNMP polling servers remotely.

ECU – IT DEPT Linux Engineer September 2013 - December 2015

Installing and updating software packages from a RED HAT network, a remote repository, or a local file system.

Updating the kernel and modifying the bootloader.

Hardening and configuring the firewall using firewall-cmd, firewall-config, and iptables.

Configuring host-based and user-based security for a service.

Configuring custom rich rules, zones to implement packet filtering, and Network Address Translation (NAT).

Diagnosing and addressing routine SELinux policy violations.

Installing RED HAT Enterprise Linux systems as virtual guests, or automatically using kickstart.

Scheduling tasks using the cron command line tool.

Creating and managing Access Control Lists (ACL’s).

Implementing shell scripting to automate system maintenance tasks.

Troubleshooting DNS client issues, DHCP, NFS, and SAMBA.

Configuring IPv4, IPv6 addresses, and perform basic troubleshooting. Routing traffic using static routes.

Configuring a system to use Kerberos authentication.

Configuring remote storage with iSCSI, including a persisting target or an initiator.

Configuring an Apache Web Server, Caching-only name server, and deploying a basic CGI application.

Installing and configuring MariaDB, creating a simple database schema, and performing SQL queries.

Contact this candidate