Ahmed Emad Nasr

Limited AvailabilityWeekend response window (Cairo time)

Computer Science student and SOC/IR analyst with 10+ trainings and 200+ simulated alerts. Strong in SIEM/EDR investigations, alert triage, IOC analysis, and incident response.

200+ Alerts Investigated35+ Security SessionsReply within 24h
Live Hire Me Download CV View Projects

Best next step: share your goal and receive a tailored response within 24 hours.

私について About Me

SOC and Incident Response analyst with hands-on experience from 10+ trainings and 200+ simulated alerts. Focused on SIEM/EDR investigations, alert triage, IOC analysis, and faster incident handling.

Languages

  • Arabic: Native
  • English: Professional Working Proficiency (C1)

Core Skills

  • SIEM & EDR: Wazuh, ELK Stack, Splunk, Sysmon, Suricata, pfSense
  • Incident Response & Threat Detection: Alert Triage, IOC Analysis, Threat Hunting, Detection Engineering, Malware Analysis
  • Programming & Automation: Python, Bash, PowerShell, C++, JavaScript, TypeScript

Education

  • Bachelor of Computer Science - Benha University (Oct 2022 - Jul 2026)
  • Major: Information Security and Digital Forensics
  • GPA: 3.7/4.0

Certifications

  • eCIR Preparation (INE)
  • eJPT v2 (INE)
  • Information Security Analyst & Forensics Investigator (DEPI)
  • TryHackMe SOC Analyst Path L1/L2
  • Cisco Junior Cybersecurity Analyst
  • HCIA Cloud & Datacom
  • CCNA 200-301

Achievements

  • Scored 95% in eJPT v2
  • Best Cybersecurity Technical Award at GDG (1st among 200 participants)
  • Ranked 44th out of 400 in ITI/CyberTalents CTF
  • Top 5 out of 360 teams in National University CTF
  • Scored 98% in CCNA
  • Ranked in top 10% of Information Security & Digital Forensics class

Work Preferences

  • Based in Cairo, Egypt
  • Open to relocation and remote collaborations
  • Available for project-based engagements and long-term opportunities
  • Preferred communication: Email, LinkedIn, and WhatsApp

信頼 Trust & Impact

8k+

LinkedIn Followers

200+

Simulated SOC Alerts Investigated

35+

Cybersecurity Sessions Delivered

120+

Learners Trained in Security Topics

10+

SOC / DFIR Trainings & Bootcamps

15+

Validated Vulnerabilities in Labs

4.9/5

Average Training Feedback Score

Top 5/360

National University CTF Ranking

Top 10%

Class Rank (InfoSec & DFIR)

3.7/4.0

Computer Science GPA

95%

eJPT v2 Score

98%

CCNA 200-301 Score

Trusted Stack

WazuhELK StackSplunkSuricataMITRE ATT&CKYARATryHackMeVirusTotalPythonPowerShell

Achievement Highlights

  • Best Cybersecurity Technical Award at GDG (1st among 200 participants)
  • Ranked 44th out of 400 in ITI + CyberTalents CTF
  • Top 5 out of 360 teams in National University CTF (Egypt)
  • Delivered 35+ cybersecurity sessions to 120+ learners with 40% lab score improvement
  • Ranked in the top 10% of Information Security and Digital Forensics class

Certification Spotlight

View
eCIR PreparationeJPT v2SOC Analyst Path L1/L2DEPI Information Security Analyst & Forensics InvestigatorCisco Junior Cybersecurity AnalystHCIA Cloud & DatacomCCNA 200-301

Ahmed helped us reduce noisy detections and made our SOC triage flow much clearer.

Blue Team LeadSOC Alert Tuning Sprint

Sessions were practical and structured. Our team improved lab outcomes in a short time.

Training CoordinatorSecurity Training Program

Strong investigation mindset with clear reporting and actionable recommendations.

Incident Response MentorDFIR Mentorship

経験 Experience

Incident Response Analyst Intern

Digital Egypt Pioneers Initiative (DEPI)

  • Completed a 6-month DEPI training program, performing hands-on Incident Response across the full IR lifecycle (labs and projects).
  • Built and tuned a SIEM environment using ELK, Wazuh, and Suricata, reducing false-positive alerts by 9% and improving alert quality.
Incident ResponseWazuhELKSuricata
3 Months
2026-01-01 - Present
Proof / Credential

Information Security Analyst Intern

Digital Egypt Pioneers Initiative (DEPI)

  • Analyzed and triaged simulated SOC alerts using structured workflows, improving investigation consistency and response speed.
  • Developed a detection lab using Wazuh, Suricata, VirusTotal, and YARA rules, increasing detection coverage by 12%.
SOC TriageYARAVirusTotalDetection Engineering
6 Months
2025-06-01 - 2025-12-01
Proof / Credential

Volunteer Cybersecurity Instructor & Technical Trainer

Google Developer Groups (GDG) and Science in Code (SIC)

  • Developed and delivered 35+ structured cybersecurity sessions to 120+ learners
  • achieving a 4.9/5 rating and raising lab scores by 40%.
Security TrainingCurriculum DesignMentoring
11 Months
2024-10-01 - 2025-10-01
Proof / Credential

Bachelor of Computer Science

Benha University

  • Major: Information Security and Digital Forensics | GPA: 3.7/4.0.
  • Activities: Cybersecurity Technical Member at GDG and participant in university CTF competitions.
DFIRInformation SecurityCTFDigital Forensics
3 Years 8 Months
2022-10-01 - 2026-07-01
Proof / Credential

Cybertalents Penetration Testing Bootcamp

Cybertalents

  • Completed hands-on penetration testing labs using attack simulation and mitigation workflows.
  • Discovered and validated 15+ vulnerabilities across lab environments, improving vulnerability identification efficiency by 30%.
VAPTWeb SecurityExploitationReporting
< 1 mo
2025-11-01 - 2025-12-01
Proof / Credential

ITI Summer Cybersecurity Program

Information Technology Institute

  • Participated in SOC simulations, handling 100+ security alerts and performing incident triage.
  • Reduced false-positive rate by 25% through improved alert analysis and correlation techniques.
SOC SimulationAlert CorrelationIncident Triage
2 Months
2025-09-01 - 2025-11-01
Proof / Credential

Introduction to Cybersecurity Bootcamp

CyberTalents

  • Gained foundational knowledge in networking, cybersecurity principles, and attack vectors.
  • Completed 20+ hands-on labs, improving detection accuracy and reducing analysis time by 20%.
Cybersecurity FundamentalsNetwork SecurityLabs
2 Months
2024-11-01 - 2025-01-01
Proof / Credential

HCIA-Cloud Computing V5.0

Huawei ICT Academy

  • Built cloud network setups and configured services, applying cloud security principles.
  • Deployed and secured 5+ cloud-based services, reducing misconfiguration risks by 20%.
Cloud SecurityCloud NetworkingService Hardening
1 Month
2024-08-01 - 2024-09-01
Proof / Credential

Huawei Routing & Switching Summer Training

Huawei

  • Configured and troubleshooted routers and switches in lab environments.
  • Configured 10+ network devices and reduced lab downtime by 30% through efficient troubleshooting.
RoutingSwitchingNetwork Troubleshooting
1 Month
2023-08-01 - 2023-09-01
Proof / Credential

計画 Projects

GitHub-backed work, grouped by security focus so the right examples are easier to scan.

Loading project data from GitHub...Focused on SOC, DFIR, and automation work.

事例 Case Studies

Real work snapshots with practical outcomes across SOC, DFIR, and training.

SOC Analysis

SOC Alert Tuning Sprint

Problem: Alert overload made daily triage noisy and delayed response to high-priority events.

Action: Mapped noisy detections, tuned correlation logic, and introduced severity-first triage flow.

Result: Reduced false positives by 25% in lab SOC operations and improved investigation focus.

Threat Hunting

Threat Hunting Detection Pack

Problem: Detection coverage had blind spots for stealthy behaviors not captured by baseline rules.

Action: Built hypothesis-driven hunt queries and validated signatures against expected telemetry.

Result: Increased practical detection coverage and improved analyst confidence in hunt outcomes.

DFIR

Malware Analysis Workflow

Problem: Malware investigations took too long due to inconsistent IOC extraction and reporting.

Action: Created a controlled analysis flow with IOC packaging and behavior mapping templates.

Result: Cut investigation time by 20% and improved containment readiness for follow-up actions.

Awareness

Security Training Program

Problem: Teams needed practical security skills beyond theoretical knowledge.

Action: Delivered 35+ structured sessions with guided labs and measurable skill checkpoints.

Result: Reached 120+ learners, average feedback 4.9/5, and improved lab performance by 40%.

Evidence Library

Uploaded case files from LetsDefend and simulation assignments.

13 items shown

PDF ReportSOC127 Incident ReportLetsDefend SimulationPDF ReportSOC205 Incident ReportLetsDefend SimulationPDF ReportSOC257 Incident ReportLetsDefend SimulationPDF ReportSOC274 Incident ReportLetsDefend SimulationPDF ReportSOC282 Incident ReportLetsDefend SimulationPDF ReportSOC326 Incident Response ReportLetsDefend SimulationPDF ReportSOC336 Incident Response ReportLetsDefend SimulationPDF ReportSOC338 Incident ReportLetsDefend SimulationPDF ReportSOC342 Incident ReportLetsDefend SimulationPDF GuideCybersecurity Awareness Best PracticesSecurity TrainingPDF ReportAssessment Write-upSecurity SimulationPDF ReportExploit Analysis AssignmentSecurity SimulationPDF ReportMITRE Mapping AssignmentBlue Team Simulation

質問 FAQ

Clear answers for scope, delivery, and collaboration before we start.

Services

How quickly can a SOC or IR engagement start?

Most scopes can start within 24-48 hours after confirming access, goals, and communication flow.

Services

Do you work with existing SIEM/EDR deployments?

Yes. I can tune and optimize existing Wazuh, ELK, and Splunk setups without requiring a full rebuild.

Delivery

Is remote collaboration supported?

Yes. Delivery is remote-first with structured updates, clear milestones, and documented outcomes.

Pricing

How is pricing structured?

Each service has a starting price, and final scope is based on complexity, timeline, and expected deliverables.

Process

What do clients receive at the end of an engagement?

You receive a concise report, prioritized action items, and practical technical outputs that your team can use immediately.

Support

Do you provide follow-up after delivery?

Yes. Follow-up guidance is available to help with implementation, tuning, and clarification.

事業 • Services

Clear service paths, measurable outcomes, and direct next steps.

Security Operations Center (SOC) Analysis

  • Advanced alert triage, threat detection, and security event analysis
  • Utilize Wazuh, ELK Stack, and Splunk for real-time monitoring
  • Implement MITRE ATT&CK framework for threat classification and improve detection accuracy
Deliverable: Prioritized alert report and investigation notes within 24hFrom $300Typical: 2-4 business days
SIEM & EDR ImplementationIncident Response (IR) & Handling
View Service Details

Incident Response (IR) & Handling

  • End-to-end incident response lifecycle management
  • Perform threat hunting, containment, eradication, and recovery
  • Execute incident response playbooks using best practices and frameworks
Deliverable: Actionable response plan and incident timelineFrom $450Typical: 3-6 business days
Security Operations Center (SOC) AnalysisThreat Hunting & Detection Engineering
View Service Details

Threat Hunting & Detection Engineering

  • Proactive threat hunting using YARA rules, Suricata IDS/IPS, and behavioral analysis
  • Create custom detection signatures, reduce false positive alerts, and strengthen security posture
Deliverable: Custom detection rules and tuning packageFrom $400Typical: 3-5 business days
Security Operations Center (SOC) AnalysisMalware Analysis & Prevention
View Service Details

SIEM & EDR Implementation

  • Deploy and configure enterprise-grade SIEM solutions including ELK Stack and Splunk
  • Implement EDR tools like Wazuh for endpoint detection and response capabilities
Deliverable: Monitored pipeline with validated detectionsFrom $600Typical: 5-10 business days
Security Operations Center (SOC) AnalysisThreat Hunting & Detection Engineering
View Service Details

Log Analysis & Digital Forensics

  • Comprehensive log analysis, IOC extraction, and digital forensics investigations
  • Perform memory forensics, malware behavioral analysis, and evidence collection for incident investigations
Deliverable: Forensic findings with IOC packageFrom $500Typical: 4-7 business days
Incident Response (IR) & HandlingMalware Analysis & Prevention
View Service Details

Vulnerability Assessment & Penetration Testing

  • Identify security weaknesses through systematic vulnerability assessments
  • Conduct authorized penetration testing, create detailed reports, and recommend remediation strategies
Deliverable: Remediation roadmap with severity rankingFrom $700Typical: 5-9 business days
Log Analysis & Digital ForensicsIncident Response (IR) & Handling
View Service Details

Cybersecurity Training & Awareness

  • Deliver comprehensive cybersecurity training programs to technical and non-technical audiences
  • Build security awareness, improve incident response skills, and foster security culture
Deliverable: Workshop deck, labs, and attendance reportFrom $250Typical: 1-3 business days
Security Operations Center (SOC) AnalysisThreat Hunting & Detection Engineering
View Service Details

Malware Analysis & Prevention

  • Perform static and dynamic malware analysis in isolated environments
  • Extract indicators of compromise (IOCs), develop detection signatures, and implement prevention strategies using YARA rules
Deliverable: Malware behavior report and detection artifactsFrom $450Typical: 3-6 business days
Log Analysis & Digital ForensicsThreat Hunting & Detection Engineering
View Service Details

連絡先 Contact Me

Let's Connect

  • Whether you have a question about cybersecurity
  • a project proposal
  • or just want to say hi
  • my inbox is always open!

Email

ahmed.em.nasr@gmail.com

Phone / WhatsApp

+20 101 816 6445

Location

Cairo, Egypt

Book a Call

Need a faster start? Use quick contact and share details later.

Quick Quote on WhatsAppEmail Directly

Typical response window: within 24 hours. Simple scopes can start quickly.

Add optional project details

Typical response time: within 24 hours.

Book a Call
Book CallOpen CV