Hichem Blagui - IT Security Consultant & Data Engineer / Freelancer

Q: Where is Hichem based?

Hichem is based in Augsburg, Germany .

Q: What languages does Hichem speak?

Hichem speaks the following languages: Arabic (Native), French (Advanced), German (Intermediate), English (Intermediate) .

Q: How many years of experience does Hichem have?

Hichem has at least 4 years of experience. During this time, Hichem has worked in at least 5 different roles and for 5 different companies . The average length of individual experience is 1 year and 10 months . Note that Hichem may not have shared all experience and actually has more experience.

Q: What is Hichem's latest experience?

Hichem's most recent position is IT Security Consultant & Data Engineer / Freelancer at datadefend GmbH .

Q: What companies has Hichem worked for in recent years?

In recent years, Hichem has worked for datadefend GmbH , Riedel Networks , and BRIDGE:COM .

Q: Which industries is Hichem most experienced in?

Hichem is most experienced in industries like Information Technology (IT) , Manufacturing , and Automotive .

Q: Which business areas is Hichem most experienced in?

Hichem is most experienced in business areas like Information Technology (IT) , Operations , and Product Development .

Q: What is Hichem's education?

Hichem holds a Master in Information Systems Management from University of Liverpool and a Bachelor in Electrical Engineering from Aachen University of Applied Sciences .

Q: Does Hichem have any certificates?

Hichem has 7 certificates . Among them, these include: Splunk Enterprise Certified Architect , Cribl Certified Observability Engineer | Admin , and Cribl Certified Observability Engineer | User .

Recommended expert

Augsburg, Germany

Experience

Apr 2025 - Oct 2025

7 months

IT Security Consultant & Data Engineer / Freelancer

datadefend GmbH

Analysis and further development of the security architecture.
Design and development of Splunk apps and technical add-ons (TAs).
Development and implementation of security use cases in the Splunk SIEM.
Creation and maintenance of incident response playbooks in Cortex XSOAR.
Support of technical proof-of-concepts to assess new detection technologies.
Lifecycle management and operational support for Splunk and Cribl systems.
Deployment and scaling of Splunk indexers in hybrid data center environments.
Maintenance, update planning, and optimization of Cribl Stream & Edge for log ingestion and data routing.
Creation of dashboards and reports to visualize security posture and system availability.
Technical analysis to assess network topologies and data flows.
Integration of new data sources via Cribl Stream/Edge and heavy forwarders in cloud and on-prem environments.
Integration of external security components such as Cortex XSOAR (SOAR) and user behavior analytics (UBA).
Implementation of complex correlation rules in Splunk Enterprise Security (ES).
Connection of external ticketing systems via mail gateways and REST APIs.
Automated deployment of use cases, dashboards, and detection rules via Git and Ansible.

Jul 2024 - Oct 2024

4 months

SOC Analyst Level 2, Professional Services

Riedel Networks

Conducting malware analytics and threat detection through systematic analysis of extensive log files to identify and assess suspicious patterns, anomalies, and potential security incidents.
Creating comprehensive weekly reports and performing continuous backlog reviews to increase efficiency in incident management.
Monitoring and optimizing Elasticsearch cluster performance and stability to ensure smooth operations.
Performing alert reviews and threat analyses within the SIEMonster interface to maintain a robust security posture.
Investigating security incidents using various SIEM and EDR solutions to gather solid and actionable insights.
Handling cases in TheHive by analyzing events at the alarm source (mainly in SIEMonster) for effective incident response.
Integrating and managing open-source threat intelligence feeds in MISP to enrich security operations.
Conducting advanced packet analysis with Wireshark for precise detection of network anomalies.
Analyzing host and user activities based on alerts in Cisco Endpoint Detection and Response (EDR) to strengthen endpoint security.

Oct 2021 - Apr 2024

2 years 7 months

Data Analyst / Security Consultant, Big Data / Cyber Security

BRIDGE:COM

Design and implementation of custom use cases within the Splunk Enterprise solution based on business requirements.
Diagnosing and resolving existing issues in Splunk implementations to ensure stable and tailored use.
Creating interconnected workflows in ServiceNow to improve collaboration between departments.
Managing incident handling through ITSM frameworks to increase operational efficiency.
Participating in all project phases—from planning and development to release—to ensure timely delivery.
Deploying and managing configuration files on Splunk hosts using Ansible for efficient configuration management.
Using Git/GitLab for version control and effective collaboration in software configuration management.
Optimizing data onboarding and parsing processes to improve data integration in Splunk.
Building a centralized log management system with Splunk for unified log data analysis and monitoring.
Migrating and optimizing Splunk dashboards to boost performance and user-friendliness.
Troubleshooting and setting up database connections via Splunk DB Connect and custom API integrations to ensure a stable data flow.
Direct customer contact to develop tailored solutions and maintain long-term relationships.
Creating weekly reports and conducting continuous backlog reviews to improve incident management processes.
Operating macOS endpoints with Uberagent for Splunk Forwarder installation.
Converting NIX*-auditd Sigma detection rules into Splunk queries to enhance detection performance and operational efficiency.
Creating comprehensive English documentation for Splunk implementations to ensure transparency and clarity for all stakeholders.
Onboarding data by customizing Splunk technical add-ons (TA) to support seamless integration and processing.
Implementing Sigma rules as correlation searches in Splunk Enterprise Security to strengthen threat detection.
Customizing and deploying logd and UNIX input configurations for macOS hosts to enable efficient logging.
Customizing Splunk data models and creating tags to exclude specific Sysmon EventCode IDs for optimized event processing and analysis.
Monitoring and analyzing alerts in various SIEM and IDS systems to ensure effective threat detection.
Managing and using the Splunk Cyber Defense Dashboard for BMW as well as handling tickets in the internal BMW ticketing system.
Investigating security incidents through TheHive using Splunk, FireEye, and other tools based on alarm source and case requirements.
Analyzing firewall logs (e.g., Bluecoat, Symantec) to monitor and ensure secure network traffic.
Conducting host and user analyses on alerts with Microsoft Defender for Identity, Microsoft Defender for Endpoint, and the BMW CMDB system.
Handling and analyzing requests from the BMW phishing mailbox, including investigating malicious PDFs and links to reduce risk.

Nov 2019 - Apr 2020

6 months

Intern, Advanced Driver Assistance Systems

Bosch

Further development of a Python-based tool for automated analysis and evaluation of object data provided by a radar sensor based on a differential GPS reference system.
Extending functionalities and improving the graphical user interface (GUI) using Tkinter in Python.

Apr 2019 - Nov 2019

8 months

Working Student, Application Development

FRABA Group

Development of a MATLAB-based application for sensor data analysis and visualization.

Industries Experience

See where this freelancer has spent most of their professional time. Longer bars indicate deeper hands-on experience, while shorter ones reflect targeted or project-based work.

Experienced in Information Technology (3.5 years), Automotive (0.5 years), and Manufacturing (0.5 years).

Information Technology

Automotive

Manufacturing

Business Areas Experience

The graph below provides a cumulative view of the freelancer's experience across multiple business areas, calculated from completed and active engagements. It highlights the areas where the freelancer has most frequently contributed to planning, execution, and delivery of business outcomes.

Experienced in Information Technology (4 years), Operations (2.5 years), and Product Development (0.5 years).

Information Technology

Operations

Product Development

Summary

Hichem's professional experience includes collaborating with both medium-sized and large companies across various industries, such as banking, automotive, and telecommunications. He has previously held several consultant roles specializing in SIEM technologies (Security Information and Event Management). He is currently working as a SOC Analyst (Security Operations Center) in a security operations firm.

Skills

Senior Consultant In Cybersecurity
Siem Technologies: Extensive Experience With Siem Products Such As Splunk Enterprise, Splunk Enterprise Security, Siemonster, And Fireeye For Security Monitoring And Incident Response
Security Operations Center (Soc): Experience As A Soc Analyst With Incident Management, Alert Monitoring, And Threat Analysis; Using Elasticsearch, Thehive, Misp, And Cisco Edr For Security Incidents
Data Management & Integration: Data Cleaning, Preprocessing, Data Visualization, Data Governance, Data Modeling
Cyber-security Analyst: Threat Detection Based On Log File Analysis, Cybersecurity Consulting Focused On Data Analysis And Splunk Implementations, Including Use-case Design And Data Integration
Version Control: Git, Github, Gitlab, Bitbucket
Security Operations (Soc): Soc Analyst L2, Incident Response, Threat Hunting (Basic), Soar, Sla
Programming Languages: Python, C/c++, Matlab/simulink, Bash, Powershell, Matlab/simulink, Scripting, Rest Api, Javascript/typescript
Container & Orchestration: Docker/container, Kubernetes (K8s), Helm, Agile, Cluster Components, Rbac (Role-based Access Control), Cka, Cks
Cloud Platforms: Aws (Basics, S3), Microsoft Azure (Basics), Google Cloud Platform (Gcp Basics), Lifecycle Management (Splunk), Servicenow, Aws Security Reports, Azure Security Reports, Azure Policies
Governance, Risk & Compliance (Grc): Grc (Governance, Risk Management, Compliance), Iso 27001, Gdpr/data Protection (Basis), It Baseline Protection, Bsi, Nist 800-61, Nis-2, Mitre Att&ck Matrix, Sans/giac, Itsm
Other Technologies: Thehive, Jira, Confluence, Scrum, Sprints, Kanban, Ticket Management, Linux, Sap, Atlassian Suite, Devsecops, Opensearch, Opensearch Core
Network Protocols & Services: Kerberos, Ntlm, Ldap, Ftp/sftp, Tcp/ip, Udp, Ssh, Firewall, Ips (Intrusion Prevention System), Edr, Xdr, Ndr, Zero Trust, Cisco Security (Training)
Version Control Systems & Automation: Jenkins, Svn, Git, Ansible, Docker, Ci/cd
It Security: Next-generation Firewalls, Intrusion Detection/prevention Systems, Endpoint Detection & Response (Edr) Solutions, Threat Modeling, Risk Assessment, Security Engineering, Sast, Dast And Sbom Management, Iam Solutions, Privileged Access Management (Pam), Multi-factor Authentication
Databases: Relational Databases, Sql, Prometheus, Kibana
Further Development And Optimization Of Data And Security Applications
In-depth Technical And Functional Assessments And Analyses
Requirements Engineering
Advising On Technology Decisions
Consulting On Architecture Designs

Languages

Arabic

Native

French

Advanced

German

Intermediate

English

Intermediate

Education

May 2023 - Mar 2026

University of Liverpool

MSc Information Systems Management, IT Security Management - specialization in strategic implementation · Information Systems Management · Liverpool, United Kingdom

Oct 2016 - Jun 2021

Aachen University of Applied Sciences

Bachelor of Engineering, Electrical Engineering · Electrical Engineering · Aachen, Germany

Oct 2010 - Jun 2014

High School Diploma, Baccalauréat de l’Enseignement Secondaire · Mathematics and Natural Sciences Department

Certifications & licenses

Splunk Enterprise Certified Architect

Cribl Certified Observability Engineer | Admin

Cribl Certified Observability Engineer | User

Splunk Enterprise Security Certified Admin

Splunk Enterprise Certified Admin

Splunk Enterprise Certified Power User

Splunk Enterprise Certified User

Profile

Created

February 2026

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Do you have questions? Here you can find further information.

Where is Hichem based?

Hichem is based in Augsburg, Germany.

What languages does Hichem speak?

Hichem speaks the following languages: Arabic (Native), French (Advanced), German (Intermediate), English (Intermediate).

How many years of experience does Hichem have?

Hichem has at least 4 years of experience. During this time, Hichem has worked in at least 5 different roles and for 5 different companies. The average length of individual experience is 1 year and 10 months. Note that Hichem may not have shared all experience and actually has more experience.

What roles would Hichem be best suited for?

Based on recent experience, Hichem would be well-suited for roles such as: IT Security Consultant & Data Engineer / Freelancer, SOC Analyst Level 2, Professional Services, Data Analyst / Security Consultant, Big Data / Cyber Security.

What is Hichem's latest experience?

Hichem's most recent position is IT Security Consultant & Data Engineer / Freelancer at datadefend GmbH.

What companies has Hichem worked for in recent years?

In recent years, Hichem has worked for datadefend GmbH, Riedel Networks, and BRIDGE:COM.

Which industries is Hichem most experienced in?

Hichem is most experienced in industries like Information Technology (IT), Manufacturing, and Automotive.

Which business areas is Hichem most experienced in?

Hichem is most experienced in business areas like Information Technology (IT), Operations, and Product Development.

What is Hichem's education?

Hichem holds a Master in Information Systems Management from University of Liverpool and a Bachelor in Electrical Engineering from Aachen University of Applied Sciences.

Does Hichem have any certificates?

Hichem has 7 certificates. Among them, these include: Splunk Enterprise Certified Architect, Cribl Certified Observability Engineer | Admin, and Cribl Certified Observability Engineer | User.

What is the availability of Hichem?

Hichem is immediately available for suitable projects.

What is the rate of Hichem?

Hichem's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.