Information Security Incident Response
Resume:
Zeeshan Ahmed
****************@*****.***
Professional Summary
6+ years of experience in information security, with a focus on SOC operations, compliance, and identity & access management (IAM).
Proficient in threat detection and incident response using tools like CrowdStrike Falcon, QRadar, Splunk, and OSSEC.
Extensive hands-on experience with Okta, Azure Active Directory, and PowerShell for IAM lifecycle management, SSO, and RBAC enforcement.
Led successful SOC 2 Type I & II compliance efforts; supported ISO 27001, HIPAA, and PCI DSS audits and documentation.
Skilled in conducting risk assessments using the NIST SP 800-53 framework and managing third-party/vendor security evaluations.
Collaborated with privacy and compliance teams to conduct data mapping, vendor reviews, and evidence collection to support CCPA, GDPR, HIPAA, and SOC 2 audits.
Experienced in coordinating cross-functional teams, including IT, Legal, and Audit, to resolve security findings and enforce security best practices
Performed and documented IT General Control (ITGC) testing in support of SOC 2 and ISO 27001 audits, including access controls, change management, and logging.
Technical skills:
Continuous Monitoring: Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance.
Event Management: Qradar, Splunk, CyberArk, NTT Security, LogRhythm.
PenTest Tools: Burp Suit, Metasploit, NMAP, Wireshark and Kali.
Security Software: Nessus, Ethereal, NMap, Metasploit, Snort, BASE.
Frameworks: NIST SP 800-171, ISO 27001/31000, HIPPA, HITRUST CSF, PCI DSS, SOC 1 & 2.
Switches: Cisco Catalyst
Routers: Cisco Routers
Firewalls: Check Point, Palo Alto PA 3000/5000.
Networking: Conversant in LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP
Routing: OSPF, EIGRP, BGP
Operating Systems: Linux, Windows.
CASHét [May’24 2024] – [Present]
Role: Security and Compliance Analyst
Responsibilities:
About CASHét: A fintech firm serving the media and entertainment industry (Netflix, WB, Apple etc.), offering production-focused payment platforms and expense management tools.
Spearheaded organization-wide efforts to achieve SOC 2 Type I and Type II compliance, aligning processe s with the Trust Services Criteria.
Used DRATA to automate evidence collection, monitor control effectiveness, and track real-time compliance across the organization.
Coordinated SOC 2 compliance activities, including scheduling audits, gathering evidence, and facilitating meetings with auditors.
Maintained documentation of SOC 2 controls, assessments, and remediation efforts.
Assisted in the development of SOC 2 compliance strategies and initiatives to improve overall compliance posture.
Maintained and updated security policies, control documentation, and risk assessments, ensuring audit-readiness and regulatory alignment.
Facilitated smooth audits with external firms by preparing and organizing audit evidence, control narratives, and walkthroughs.
Partnered with leadership and stakeholders to address remediation plans for audit findings and enforce long-term control improvements.
Security Operations:
Conducted real-time threat detection, triage, and response using CrowdStrike Falcon, reducing incident response time by over 40%.
Monitored system logs and alerts using OSSEC for intrusion detection and endpoint security enforcement.
Investigated suspicious activities, escalated threats, and coordinated remediation efforts in alignment with security playbooks.
Improved incident response workflows by correlating alerts and logs across tools, enhancing visibility and reducing false positives.
Participated in regular vulnerability assessments and patch management cycles, ensuring security hygiene across internal assets.
Additional Responsibilities:
Supported security awareness training programs, phishing simulations, and internal campaigns to reduce user-related risks.
Played a key role in vendor security assessments and onboarding, ensuring third-party tools complied with internal policies and SOC 2 expectations.
Hyundai Autoeveramerica OCT’2022- Feb’2024
Fountain Valley, CA
Role: Cybersecurity Engineer
Responsibilities:
•Maintained, created, and operated a schedule of vulnerability scanning, including business coordination with IT stakeholders, established vulnerability scanning resolution on the server, AWS cloud, and desktop environments.
•Drove maturity in the vulnerability management area and security in general across the business through remediation for systemic issues and positive engagement.
•Pull reports from Tenable for vulnerability reports on hosts, break down reports to applicable components in the boundary and discuss the finding with server POC.
•Responded to critical security incidents, performed root cause analysis, and executed containment and recovery processes across hybrid infrastructure.
•Participated in Disaster Recovery plan validation and Business Continuity testing exercises.
•Identified OWASP top 10 common vulnerabilities like Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Server-Side Request Forgery (SSRF) and SQL Injection (SQLi) using Burp suit pro.
•Used standards such as CVSS (Common Vulnerability Scoring System), CVE, and DREAD approaches to provide the criticality (Critical, High, medium, Low) rating to the vulnerability identified.
•Configured CICD pipelines in Gitlab (12.0) for SAST and DAST automation, whenever there is a new code pushed into the repository.
•Supported compliance and due diligence activities related to internal audits and regulatory requirements ISO27001.
•Coordinated ISO 27001 audit activities, ensuring compliance with established information security management system (ISMS) standards.
•Conducted thorough assessments of organizational policies, procedures, and controls to verify alignment with ISO 27001 requirements.
•Collaborated with cross-functional teams to identify and address gaps in information security practices, recommending and implementing corrective actions as necessary.
•Developed and maintained audit documentation, including audit plans, checklists, and reports, to track findings and ensure timely resolution of identified issues.
•Conducted routine audits such as user access and permissions.
Rivian Automotive Oct 2021 to Sep 2022
Irvine, CA
Role: SOC Analyst
Responsibilities:
●Utilize Security Information and Event Management (SIEM) tool IBM Qradar to monitor security alerts and events in real-time.
●Successfully investigated and responded to security incidents, including malware infections, network intrusions, and phishing attacks, ensuring swift containment and mitigation to minimize impact and restore normal operations.
●Analyze network traffic and log data using packet capture tools like Wireshark to identify potential security incidents and anomalies.
●Utilized EDR tool Microsoft Defender for Endpoint to monitor and respond to security threats on endpoints, including malware infections and suspicious activities.
●Develop content for IBM Qradar like correlation rules, dashboards, reports and filters, Active lists, and Session list.
●Collaborated with cross functional team to establish CSMS (Cyber Security management systems)
●Performed security analysis and vulnerability assessments with Nessus.
●Participating in monthly customer review meetings to discuss various networking equipment performance.
●Created user groups and applied security roles to provide access and or implement restrictions in ServiceNow GRC
●Managed the vendor management process, reviewed vendor attestation and questionnaire based on UNECE R 155 recommendations such as keeping Vehicle software up to date, requirement for over the air software updates.
●Implemented the best practices recommended by ISO 27001 in areas such as security design, product development, product maintenance, risk detection and hazard mitigation.
●Assisted in all key steps involved in the internal audit Scope definition, Risk management, Risk treatment, Documentation of information security policies etc.
Fairbit. LLC Feb’2020- Aug’2021
Role: Jr SOC Analyst
Lake Forest, CA
Responsibilities:
●Used case management and ticketing technologies to document security monitoring and incident response activities.
●Managed SIEM tuning and alert response to reduce false positives and enhance real-time detection capabilities.
●Conducted static and dynamic analysis of suspicious binaries using sandbox environments and malware analysis tools.
●Configured direct alerts and correlated alerts based on the devices in the client's network.
●Monitored security events in Azure sentinel SIEM and other security feeds and communications (email, phone, chat, and other communications).
●Prepared, executed, and reported on an audit of a subset of NIST SP 800-53 cybersecurity controls by conducting interviews, document reviews, and system testing to support compliance audit activities.
●Worked with the Human Resources department on any onboarding and offboarding needs related to HIPAA privacy and security in the organization.
●Maintained all documentation supporting HIPAA compliance, including the Privacy and Security Manual, Risk Management Plan, and Incident Response Plan.
●Conducted privacy impact and other risk assessments to identify potential privacy risks and recommended solutions to mitigate such risks and achieve business goals.
●Analyzed and reported on the company's risk environment, system of controls, health, maturity, residual risk, and remediation status, ensuring comprehensive understanding and effective risk management.
●Analyzed network traffic using monitoring/detecting, research, and forensics to identify malicious activity.
●Reported security incidents to provide management oversight to the incident process.
●Triaged security alerts and events.
Educational Summary:
Master of Science in Information security- University of Cumberlands, Kentucky – 2019
Certification:
Security+
Preparing for CISSP
Contact this candidate