Cyber Security Specialist

ShahidKhan

SOC Lead ยท Threat Hunter ยท Security Architect

nshahidkhan93@gmail.com
+971 547 135 356
Abu Dhabi, UAE
LinkedIn
Shahid Khan
11+ Years
๐Ÿ“ UAE Based
"Cyber Security Specialist with 11+ years of experience. Holds a degree in Computer Science & System Management with deep expertise in security tools, technologies, and industry best practices. Proven track record leading global SOC operations, incident response, threat intelligence, and enterprise-level security platform management across government, oil & gas, telecom, and financial sectors.
Experience
SOC Lead & Senior Associate โ€“ Cybersecurity
Aug 2023 โ€“ Present
ADQ ยท Abu Dhabi Developmental Holding Company
๐Ÿ“ Abu Dhabi, UAE
  • Lead and manage end-to-end SOC operations overseeing enterprise platforms: SIEM, M365, VM, EDR, PAM, DLP, CASB, Web Proxy, MDM and NAC.
  • Established and scaled Global Security Operations (GSOC) with centralized monitoring across ADQ portfolio entities.
  • Drove threat intelligence and proactive threat hunting using advanced analytics to identify and mitigate emerging threats.
  • Led incident response and deep-dive investigations for critical security incidents in collaboration with portfolio companies.
  • Implemented and optimized Microsoft E5 security stack: Entra ID, MDE, MDI, MDO, and Defender for Cloud Apps.
  • Administered SOAR platform end-to-end with automated incident response workflows.
  • Deployed and managed Aruba ClearPass NAC and Zscaler ZIA with end-to-end policy enforcement.
  • Managed Microsoft Purview portal for data classification, labelling, and DLP policies.
  • Designed SOC playbooks, incident response procedures, and security policies to standardize operational readiness.
  • Managed cybersecurity budgets, vendor engagements, and resource allocation.
  • Maintained comprehensive, audit-ready documentation for security configurations, procedures, and infrastructure.
Senior Engineer โ€“ SIEM | SOC
Dec 2020 โ€“ Aug 2023
CPX (formerly Digital14)
๐Ÿ“ Abu Dhabi, UAE
  • Set up SOC for government entities including threat intelligence, SIEM, EDR, VM & ITSM solutions.
  • Deputed as SOC lead for CPX clients โ€” managed on-site teams and optimized SOC maturity with continuous improvement drives.
  • Integrated SIEM, SOAR & ITSM solutions for efficient incident monitoring and response.
  • Developed parsers, use cases, and rules on SIEM; conducted log validation proactively.
  • Authored timely, comprehensive threat intelligence reports for key stakeholders.
  • Administered vulnerability management tools; performed scans, dashboards, and patching tracking.
  • Mentored new hires through KT sessions and IR/SOC process onboarding.
Senior Security Analyst โ€“ Incident Handler
Jan 2020 โ€“ Dec 2020
ENOC โ€“ SecurityHQ (Emirates National Oil Company)
๐Ÿ“ Dubai, UAE
  • Worked in Cyber Intelligence Center performing incident response for DDOS, APT, Forensics, and Malware incidents on OT/IT and HO sites.
  • Operationalized IOCs from intelligence feeds through MITRE ATT&CK framework in SIEM and threat intel solutions.
  • Analysed network and host-based security logs (Firewalls, IPS, HIPS, Proxy) to determine remediation actions.
  • Performed Memory Forensics on incidents to identify root cause.
  • Created rules, use cases, and playbooks for OT and HO sites.
SOC Engineer
Jul 2018 โ€“ Jan 2020
Etisalat (Emirates Telecommunication Group PJSC)
๐Ÿ“ Dubai, UAE
  • Worked in eCIRT team performing end-to-end incident investigations to identify root cause, execute remediation and containment.
  • Developed use cases, rules, playbooks, and automated workflows in QRadar, Archer, and CyberSponse (SOAR).
  • Detected and mitigated Application layer and DDoS attacks using Arbor Peakflow.
  • Conducted malware analysis on sandbox platforms to create reusable IOCs deployed in security controls.
  • Administered MISP platform for advisories, threat intelligence, and IOC maintenance.
  • Performed VM scans using Tenable; coordinated with infrastructure for vulnerability patching.
Cyber Security Consultant โ€“ Incident Handler
Jun 2015 โ€“ Jun 2018
Mercedes-Benz R&D India / Daimler AG
๐Ÿ“ Bengaluru, India & Stuttgart, Germany
  • Security operations, incident management, intrusion detection, and security event analysis through SIEM (ArcSight, Splunk) in 24ร—7 operations.
  • On-site working experience at Mercedes-Benz HQ in Stuttgart, Germany.
  • Prepared SOPs and baselines for SIEM activities; managed dashboards, reports, and connectors in ArcSight.
  • Conducted malware analysis in Cuckoo Sandbox; created SPLs, data models, alerts in Splunk.
  • Handled CyberArk Enterprise Password Vault administration and operations.
  • Actively hunted industry and region-specific IOCs and threat actors.