We provide IT Staff Augmentation Services!

Security Operation Center (soc) Analyst Resume

SUMMARY

  • I am a Security Operations Center Analyst with an in - depth working experience on network, endpoint security, threat intelligence, forensics, as well as the functioning of specific applications and underlying IT infrastructure.
  • I have identified and stopped intrusions by analyzing IOCS from phishing email headers and by analyzing attachment or links in these emails.
  • I respond to events and act as a first responder to account/system attacks and compromises by determining threat vectors and providing initial remediation.
  • I use a vast number of SIEM tools to monitor and analyze events or incidents and work with stakeholders to resolve these incidents and escalate incidents when necessary following policies and procedures.
  • I do respond and investigate data loss prevention alerts, hunt and blacklist IOCs.
  • Experience and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IDS technologies, proxy technologies, and antivirus, spam and spyware solutions.
  • Experience converting intelligence into actionable mitigation and technical control recommendations.
  • Strong time management and multitasking skills as well as attention to detail.
  • Strong collaborative skills and proven ability to work in a diverse team of security professionals.
  • A passion for research, and uncovering the unknown about internet threats and threat actors
  • Ensure the SOC analyst team is providing excellent customer service and support.
  • Excellent oral and written communications skills.

TECHNICAL SKILLS

Security Technologies: FireEye, IronPort, Sourcefire, McAfee Web Gateway, Splunk, Splunk Express, McAfee DLP, Nessus Security Center, Nmap, Wireshark, IDS/IPS; Log Management, Anti-Virus Tools; (Norton, Symantec).

Operating Systems: Unix-Based Systems (Solaris, Linux); Windows.

Networking: LANs, VPNs, Routers, Firewalls, TCP/IP

Software: MS Office (Word, Excel, Outlook, Access, PowerPoint)

Ticket Systems: Archer, ServiceNow, Remedy & JIRA

Open Source Site Check tools: URLVOID.COM, VirusTotal.com, zscaller.com etc.

PROFESSIONAL EXPERIENCE

Confidential

Security Operation Center (SOC) Analyst

Responsibilities:

  • Continuously improve processes for use across multiple detection sets for more efficient Security Operations.
  • Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed.
  • Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.
  • Provide forensic analysis of network packet captures, DNS, proxy, malware, host-based security and application logs, as well as logs from various types of security sensors.
  • Use Splunk Enterprise Security (ES) to monitor and analyze network traffic, Intrusion Detection Systems (IDS) and security events logs.
  • Use Cisco Sourcefire to monitor network traffic to ensure that malicious network traffic is dropped.
  • Perform incident response to investigate and resolve potential security intrusions
  • Lead and review root cause analysis efforts following incident recovery plans.
  • Compose security alert notifications and other communications.
  • Use McAfee DLP Manager to protect intellectual property and ensure compliance by safeguarding sensitive data such as PII and BII.
  • Process Daily Threat Intel and blocking malicious MD5 hashes, IPs and Domains following standard operating procedure.
  • Process Web Site Review Requests using McAfee Web Gateway GUI to grant temporal Web Access to users within the Company to websites that are being blocked for security.
  • Block malicious domains, Hashes of Files and IPs following company's Standard Operating Procedures.
  • Use Splunk to search and analyze email logs to confirm malicious emails were not delivered or is quarantined and malicious attachment is dropped.
  • Stay up to date with current vulnerabilities, attacks, and countermeasures.
  • Develop follow-up action plans to resolve reportable issues, and communicate with other Analysts to address security threats and incidents.
  • Review and process accidental disclosure requests following standard operating procedures.
  • Regularly develop new use cases for automation and tuning of security tools.
  • Analyze, investigate and process Malicious/Phishing Email alerts from IronPort and FireEye following standard operation procedure.
  • Contribute to security strategy and security posture by identifying security gaps, evaluate and implement enhancements.
  • Prioritize and differentiate between potential intrusion attempts and false alarms.
  • Assist with the development of processes and procedures to improve incident response times, analysis of incident, and overall SOC functions.
  • Provide Incident Response (IR) support when analysis confirms actionable incident.
  • Strong working knowledge of network security monitoring and incident response, as well as superior written and technical communications skills.

Confidential

Database security DBA

Responsibilities:

  • Provided physical and logical database support as needed for all the Applications specified by Client.
  • Performed Database Audits to identify and evaluate design considerations, propose design best practices, perform database code reviews and propose performance changes.
  • Led database issues until resolution. Serve as a liaison between the applicable third-party vendor technical support team and Client if a problem case is submitted to the third-party vendor.
  • Coordinated with Application teams or other teams to resolve database issues even though the issues are not directly related to the databases.
  • Performed database housekeeping designed to ensure that the databases are functioning optimally and securely.
  • Maintained compliance with Client Standards and Client Rules, including those related to the databases (e.g. access management, direct grant, db links, etc.).
  • Performed performance tuning and/or stress testing in the non-production environment for application releases as necessary to ensure database infrastructure is configured optimally.
  • Provided after business hours and weekend support in Client's production and contingency environments in accordance with the applicable Application release schedules. In addition, provide on-demand support for the lower environments as requested by Client.
  • Maintained the databases to meet performance standards, maximize efficiency, and minimize outages.
  • Monitored database usage, transaction volumes, response times, and concurrency levels, and measure and report its performance against the applicable Service Levels.
  • Generated reports based on the data in the databases and reports related to the performance and integrity of the databases.
  • Developed/maintained/enhanced database monitoring scripts designed to ensure the stability, security, and performance of the database queries.
  • Identified, reported and managed data security issues. Provided audit trails and forensics to Client or its designee when necessary.
  • Developed and documented all database processes, structures, changes, issues and solutions for future reference.
  • Supported Database, Systems and Application audit to meet SCA and STIG compliance requirements.

Confidential

Database Administrator ( DBA)

Environment: RHEL 5.X, 6.X; HPUX, AIX, Windows X; Oracle 10g, 11g, OEM 11g/12c, RAC, DATAGUARD, Goldengate etc. More than 50 servers with more than 400databases)

Responsibilities:

  • Automated hourly, daily, weekly system health reporting using Crontab, and Oem cloud control
  • Performed Hot Backups, Cold Backups, as well as incremental backups using Recovery Manager(RMAN)
  • .Managed recovery catalog related tasks: synching targets, configuring rman backup configurations;.
  • Over saw DR testing operations (as a backup strategy) on numerous Data Guards, physical/logical
  • Standby configurations. Resolved archivelog gaps and other related problems. Affected switchover manually and using DMGDGR
  • Used Data Pump for export and import to support deployment efforts and projects.
  • Reviewed and modified generic backup scripts for Backup of databases, maintenance archive logs for databases
  • Database Refreshing / Replication from production to testing using Expdkp/Impdp.
  • Resolved alerts in a timely manner as required by our SLA
  • Extensively performed performance tuning of the database instances - SQL Tuning, Used Tuning utilities like EXPLAIN PLAN, AWR, ADDM, Sql Tuning tools and Tuning of SGA, distribution of disk I/O
  • Used cloud Control extensively. Configuring and troubleshooting of agent related issues, set up Rules for alert notification and schedule RMAN backups with Failure notification
  • Installation of the Oracle software using both GUI and silent feature and also manual database creation
  • Patch numerous rac environments, applied the latest PSUand upgraded as required
  • Supported & maintained the Production/Test/Development databases on various servers
  • Extensive troubleshooting and resolution of Databases backup related issues; space consumption and deletion policy implementation
  • Monitored different databases and application servers using Oracle Enterprise Manager (OEM) 12cGrid Control.
  • Upgrade and pushed out the cloud control agents to the various targets
  • Performed Schema refreshes as well as whole database refresh
  • Managing and creating User accounts, profiles, roles etc
  • Provided support to my team. Handling of team escalation and On-calls
  • Performed team mentoring and administrative duties, daily, weekly and monthly reporting
  • Troubleshoot performance issues using AWR, and ADDM reports

Hire Now