Roomina Merali
An experienced Cybersecurity Engineer with extensive experience in deploying and maintaining SIEM infrastructures
Experience
Mar 2022 - Present
3 years 1 monthSplunk Engineer – Analytics and Monitoring – Governance and Compliance
Solsys Corporation (TD Bank Contract)
- Successfully onboarded new data from a variety of different inputs including syslog, HEC, UF, HF, Cloud, various Splunk TA's such as DB Connect and Salesforce, Windows Event Collector Servers, and other database connections
- Created and managed Splunk knowledge objects (field extractions, event types, etc.)
- Consulted with management and Technology Asset Owners to determine and implement Security, Logging and Monitoring Audit requirements
- Responsible for mapping customer data to the Splunk Common Information Model (CIM) for Change and Authentication Audit requirements
- Coordinated and conducted event collection, log management, event management, and compliance automation
May 2021 - Mar 2022
11 monthsPlatform Security Lead
Manulife Bank
- Provided expert guidance regarding the implementation of advanced security use cases
- Developed correlation & detection to support alerting and response capabilities for the SIEM environment
- Designed and implemented a SIEM solution using Splunk, which increased the organization's ability to detect and respond to security incidents
- Worked with security teams to ensure compliance with regulatory requirements such as HIPAA, PCI-DSS, and SOX
- Monitored SIEM systems to detect and respond to security incidents
- Collaborated with internal customers to aid with requests such as Log Source configuration, App installation, Data Parsing, monitoring and alerting
- Installed, configured and supported Devo syslog-ng relays, including parsing of events received
- Created detailed reports, queries, dashboards, alerts, and visualizations as defined by customer requirements
- Worked with the integrations and telemetry teams to onboard Devo events from various common and complex log sources, including AWS and Azure cloud
- Created and maintained standard operating procedures, technical documents, and troubleshooting guidelines, including process improvements as it related to Devo operations
- Conducted System Health Checks on managed technologies and provide recommendations on performance improvements
- Configured Grafana for log analysis and visualization, resulting in improved troubleshooting and performance optimization
- Conducted regular security assessments and vulnerability scans to identify and mitigate potential risks
- Responsible for identifying, investigating, managing and documenting Cyber Security events as part of Incident Management and CSIRT processes
- Accountable for developing devo roles and responsibilities (RACI) document and educating SOC team members in taking over day-to-day Devo support
- Acted as a subject matter expert (SME) while providing leadership, guidance, and mentorship to other security teams on the use of SIEM tools
Jul 2015 - Apr 2021
5 years 10 months Toronto, Canada
Senior Security Specialist
BMOFG
May 2013 - Jul 2015
2 years 3 months Toronto, Canada
Senior Analyst
NTT Data
Nov 2011 - May 2013
1 year 7 months Toronto, Canada
Tivoli Specialist
IBM Canada
Summary
With extensive experience in deploying and maintaining SIEM infrastructures, I am well-versed in various security technologies and methodologies. I possess a strong understanding of IT security concepts and best practices, including risk and vulnerability management, log analysis, security monitoring, and threat detection. I have successfully provided expert guidance and consultation to clients and project teams on technical guidance and troubleshooting complex problems. Additionally, I have mentored team members and possess strong leadership skills.
My technical skills include proficiency in UNIX, Windows, and Linux, as well as scripting languages such as Python, Perl, and Splunk Search Language. I have also worked with various security tools such as CyberArk, IBM Security Identity Manager, RSA, and Qualys. With my experience in data analytics and reporting, I am capable of creating custom dashboards, reports, and alerts that deliver real-time insights into security events and incidents.
Languages
English
Native
Education
Oct 1980 - Jun 1981
Herzing Career College
Diploma · Systems Analysis and Programming
Certifications & licenses
Splunk Enterprise 9.0 System Administration
Splunk
Splunk Certified Power User
Splunk
Splunk Core Certified User
Splunk
Splunk Enterprise Security Administration
Splunk
CyberArk Trustee Certification
CyberArk
ITIL Foundation Certified
Tivoli Professional - Certified IT Specialist
Tivoli
Similar Freelancers
Discover other experts with similar qualifications and experience