Profiles search

Valentin Chichurov

Lead Information Security Engineer – EPAM Systems
Raleigh, NC, United States

Details

Experience: implement SOAR system for one of the biggest game dev company in AWS cloud infrastructure;

process automation for in-house SOC;

develop integrations between different IT systems (Jira, Confluence, and etc.) and IBM Qradar;

maintaining and tuning of SIEM systems (IBM Qradar, Azure Sentinel);

onboarding new log sources to SIEM systems (IBM Qradar, Azure Sentinel);

developing SOC laboratories for Tier 1 security analysts;

develop detection (atomic/correlation) rules for SIEM systems (IBM Qradar, Azure Sentinel) based on best practice methodologies (mitre att&ck, mitre shield, cyber kill chain by Lockheed Martin and etc.) and on my personal experience;

security incident response process participation (L2/L3);

EDR (SentinelOne, CarbonBlack) tuning;

conducting Azure cloud discovery phase and develop roadmap for Azure Sentinel and Azure Security Center tuning and improvement for the customer;

technical interviewing.

2019 : Present

EPAM

Lead Information Security Engineer

monitoring and analyzing security sensor data via multiple sources (SIEM (Qradar), anti-malware, firewall, IDS/IPS ) to detect malicious or problematic activity;

soc process automation;

improvement of correlation rules;

design, testing and implementation of technical solutions and information security systems

monitoring setup for *nix/windows systems;

connection of new log sources to SIEM;

vulnerability scanning;

identifying new types of incidents and developing scenarios for their detection;

development of information enrichment systems for incident response;

development of playbooks for incident response.

2017 : 2019

Центр финансовых технологий (ЦФТ, CFT)

SOC engineer
Company: EPAM
Spoken Language: Английский, Русский

About

Experienced lead security engineer and software developer focused on systems integration and automation.

Key hard skills include:

• development of integrations connectors/tools between security and IT enterprise systems (HR Systems, AD/AAD, Identity Providers, Public Cloud Services, CMDB, Log Management, Key/Secret Vaults)

• process automation, proved by tons of developed scripts for different projects

• Proven hands-on experience in building multiple SOCs, including one of the best in Eastern Europe private inhouse SOC for the financial, technological enterprise, and cloud MSSP SOC.

• deployment and fine-tuning of a wide range of security tools (SIEM, SOAR, TIP, IDS/IPS, EDR, vulnerability scanners, sandbox)

• penetration testing, proved by a couple of successful projects and several CTFs

• security incident investigation and response.