Open to opportunities

wassim ben guirat

@wassimbenguirat

Message

I’m a Network & System Security Engineer focused on SOC operations and incident response.

Tunisia

Message

What I'm looking for

I’m seeking SOC Analyst, IT Security Manager, or Security Infrastructure Engineer roles where I can run multi-SIEM monitoring, lead incident response, and harden Linux/Windows environments. I want to keep growing in Linux distributed systems and forensics.

I’m a results-driven Network & System Security Engineer with 4+ years of experience in SOC operations, IT infrastructure security, and team leadership. I’m an active member of CERT Tunisia, and I build reliable detection and response workflows that turn security signals into actionable outcomes.

In SOC L1/L2 roles, I monitored and correlated security events across multiple SIEM platforms (Microsoft Sentinel, IBM QRadar, Splunk, LogRhythm, FortiSIEM, OSSIM AlienVault, Security Onion) and tuned correlation rules to reduce false positives. I investigated phishing campaigns, suspicious URLs, unauthorized access attempts, and malware alerts—then executed initial containment like account disabling, host isolation, and firewall rule modifications—while documenting incident timelines, IOCs, and root cause analysis.

I also strengthen threat intelligence and adversary understanding through OSINT and proactive hunting. I performed dark web monitoring with Tor, Ahmia, and Recon-ng, tracked leaked credentials, and delivered weekly intelligence reports to help clients reset compromised credentials and mitigate risks before exploitation. When handling TA505 ransomware, I led post-breach reconstruction, contained the threat within 45 minutes by isolating hosts and blocking C2 domains, and performed reverse engineering with IDA Free, Ghidra, x64dbg, and dnSpy—then documented YARA rules for detection and shared IOCs with CERT Tunisia.

Beyond detection, I secure the environment end-to-end through hardening, governance, and service tooling. As Head of IT Department, I designed backup and disaster recovery strategies using Veeam Backup & Replication and Duplicati, hardened Windows/Linux systems using CIS benchmarks and controls like fail2ban, AppArmor, and iptables, deployed GLPI with RBAC/LDAP and audit logging, managed Microsoft 365 security (Conditional Access, MFA enforcement, Defender for Office 365, and DLP), and improved monitoring with VLAN segmentation and Wazuh XDR (FIM, log analysis, real-time alerts). I bring the same discipline from SOC to infrastructure security: playbooks, SOPs, standardized incident response documentation, and continuous improvement.

Experience

Work history, roles, and key accomplishments

Head of IT Department

Printea Tunis

Jan 2025 - Dec 2025 (11 months)

Designed and managed backup and disaster recovery using Veeam Backup & Replication and Duplicati, implementing a 3-2-1 strategy with automated restore testing to meet RPO/RTO requirements. Hardened Windows Server (2019/2022) and Linux per CIS benchmarks, deployed GLPI with RBAC/LDAP and audit logging, governed Microsoft 365 security (Entra ID, MFA, Defender for Office 365, DLP), and ran phishing s

Veeam Backup & Replication Duplicati Backup And Recovery GLPI ITSM Microsoft Entra ID Microsoft 365 Defender Wazuh

SOC Engineer L1/L2

Keystone Group

May 2024 - Dec 2024 (7 months)

Monitored and correlated security events across multiple SIEMs (Microsoft Sentinel, IBM QRadar, Splunk, and others), performing L1/L2 triage and tuning detections to reduce false positives. Investigated phishing and malware activity, conducted dark web OSINT monitoring with weekly reports, and led TA505 ransomware incident reconstruction, containing the threat within 45 minutes and mapping the att

QRadar Splunk Security Incident Response Threat Hunting OSINT Ahmia Dark Web Monitoring TA505 Ransomware Analysis YARA & IOC Extraction

Service Desk Analyst

HelpLine (Everience)

Jan 2023 - May 2024 (1 year 4 months)

Monitored cloud-based contact center infrastructure for Odigo using Splunk and Netcool, created dashboards and alerts for system health metrics, and reduced MTTD for critical incidents through faster detection. Managed incidents and tickets via Remedy and ServiceNow (ITIL workflows), supported Windows/Linux administration and security hardening, assisted network migration and firewall rule reviews

Splunk Remedy ServiceNow Linux Administration Security Hardening Network Migration & DNS Firewall Rule Review

Customer Service Representative

Concentrix

Aug 2022 - Jan 2023 (5 months)

Handled account management and complaint processing for French customers, managing after-sales service requests and customer support workflows. Coordinated responses to service issues and ensured timely resolution for customer inquiries.

Customer Service Account Management Complaint Handling Ticket Processing

Customer Service Specialist

Teleperformance

Feb 2020 - May 2022 (2 years 3 months)

Provided technical support for Orange business clients, managing and resolving technical issues related to network coverage and connectivity. Contacted technicians during XDSL and Fiber interventions and assisted with incident handling to restore service.

Technical Support Network Coverage Support XDSL Support Fiber Case Management Client Communication