Arik Day

• Conduct research on product threat detections, detectors, and alerts for XSIAM and XSOAR products, enhancing automated incident response capabilities.
• Analyze the latest attack techniques, incorporating business intelligence (BI) research and data analysis to develop effective automated responses.
• Create and implement incident response workflows using playbooks, Python scripts, and third-party products.
• Collaborate with cross-functional teams to improve automation strategies for threat detection and mitigation across various platforms.

• Leading a global team of 15 employees located in Israel, India, and Spain
• Build & design procedures and methodologies for Managed EDR and Vulnerability management services
• Implementation & Maintaining of EDR and VM solutions for MSP/MDR customers– CrowdStrike Falcon, Cybereason, Microsoft Defender for Endpoint, Carbon Black, SentinelOne, Qualys
• Creation of internal SOAR system playbooks for EDR incidents
• Design and lead a Vulnerability management automate prioritization project along with solution architects
• Design and lead an EDR Plugin project that increase detection & prevention and IR tools improvement for EDR solutions
• Working closely with various operation teams (Security Analysts, Threat hunting, Threat intelligence, DFIR) for improvement and innovation purposes
• Testing EDR products against recent threats and potential bypasses using lab environment, create rules to cover missing detections

• Malware research using sandboxes and analysis tools such as process monitor, process hacker, API monitor, CFF explorer, PEbear, resource hacker and more.
• Basic hands-on experience in static and dynamic reverse engineering using IDA-Pro & WinDbg
• Implement new behavioral analysis in the EDR product for detection & prevention abilities
• Using penetration testing tools to examine the EDR product abilities – Powersploit, Unicorn, Nishang, Pyrootkit and more.
• Analyze and investigate customers network in order to find malwares, creating a detailed reports and action recommendations to the customers.
• Performing active threat hunting on customer’s network using SQL queries on the Big Data that contains all of the raw data that collected from the endpoints.
• Performing POC’s and POV’s to new potential customers including analyze malwares and attacks executed by the customers, using the Cyberbit EDR product
• Build 5 days analysis training to customers that include:

o 2019 Trends

o Cyber kill chain

o Known APT’s and attack methods and techniques

o EDR introduction

o Windows Internal - OS Processes

o Hands-on analysis training using EDR and SQL queries

• Being a part on cyber team in national level network project
• Creating security guidance documents to develop teams and IT teams
• Working with EDR system to monitor the organization endpoints and finding malwares
• Using Volatility memory forensics & Sysinternals tools for further endpoint investigation.
• SOC team collaboration
• Implementing SolarWinds IT system and configurate monitoring for storage arrays, network systems, windows and Linux servers and more