SUMMARY:

• Sr. Cybersecurity Analyst with over 10 years of experience in Information Technology with more than 5 years specializing in Security Operation Center (SOC), Network Operation Center (NOC), Vulnerability Assessments, Penetration Testing, Data Loss Prevention, and Malware analysis. Experienced in Managing and Protecting Enterprise Information Systems, Network System and Operational processes through Information Assurance.

TECHNICAL SKILLS:

Systems & Applications: Windows Server Domains, VMWare, Virtual Center, Email Exchange, Storage & Backups, Monitoring (Solarwinds) Orion, Web Server, Apache, Databases (SQL, MySQL).

Network: LAN/WAN, TCP/IP, Cisco ASA, VPN Tunnels, L2/Remote Access, VLANs, Access - Lists, Cisco 3750X/45000/4506E, Cisco Wireless Controllers, Airwatch, BlueCoat Proxy, Cisco Call Manager, Express, and Unity.

Security: DDoS Abor Peakflow, RSA Security Analytics, Q1 Radar, Splunk (SIEM), Fidelis XPS, McAfee NSM, RSA/Symantec Data Loss Prevention (DLP), FireEye (Malware Protection, Endpoint HX, Web MPS), Bit9, McAfee (ePO,IPS), Trend Micro, TippingPoint (IPS), Sophos, Cisco IronPort, RSA Archer GRC, RSA Token ID, eCat, QualysGuard, Pablo Alto, Solarwinds, NetQoS, ForeScout CounterACT.

PROFESSIONAL EXPERIENCE:

Confidential, Alpharetta, GA

Senior Cyber Security Analyst

• Work as Shift Lead responsible for Cyber Security Operations Center (SOC) team of seven analysts.
• Duties include handling escalations and providing first leadership, guidance, and transfer of knowledge to Jr. Security Analysts.
• Analyze, investigate and respond to security events and incidents from IDS/IPS, SIEM, Firewall, Splunk, Log Analysis, DLP, Malware analysis and Forensics tools (FireEye, Bit9, McAfee, Symantec AV, NAC, Fidelis XPS and Wireshark).
• Review and analyze security event logs and security appliance logs. Investigate security events escalated from Level I & II analysts for security risk.
• Monitor and analyze real time Denial of Service (DoS) attacks using tools and techniques (Arbor Peakflow, SolarWinds, and Dynatrace Application Monitoring).
• Monitor the security of critical systems (e-mail, database, web servers, etc.) and change to highly sensitive computer security controls to ensure appropriate system administrative actions.
• Regularly work with the Tier 3 Comouter Incident Response Team (CIRT) to discuss and potentially escalate critical incidents after initial triage.
• Manually investigate alerts and network packet captures to help identify threats and implement defenses against network and application attacks.
• Review and respond to InfoSec incidents and problems to collect metrics, recommend and support implementation of solutions, suggest process improvements and conducts root cause analysis.
• Helped to build, implement and deploy data security solutions using FireEye HX and RSA/McAfee (DLP).

Confidential, Cincinnati, OH

Sr. Security Analyst Consultant

• Worked as Technical Lead responsible for Global Security Operation Center (SOC) team of five analysts.
• Involved in engineering, operations, alerting, report generation and deep network security analysis.
• Performed in-depth systems and network security analysis of intrusions to the network, applications, operating systems, firewalls, proxy servers, malware and intrusion detection/analysis using multiple tools such as McAfee ePO, FireEye HX, RSA Security Analytics (SIEM), Splunk, Data Loss Prevention (DLP), Qualys Scanner etc.
• Executed response and mitigation procedures for a myriad of potential security incidents escalated from U.S. Bank's Tier 1 SOC and create reports to reflect on our detection and mitigation strategies.
• Monitored security threats to the network and responded to major incidents including DDoS, Brute Force and various other types of malware.
• Supported daily triage of incoming incidents (phishing, email spam, malware, exploits) to identify appropriate mechanisms to contain and mitigate risk.
• Upgraded a Symantec/RSA DLP system to the latest version and pushed out new client agents.
• Worked with leadership to develop a security program that follows business objectives and helps meet PCI DSS requirements.
• Monitored, analyzed and reported (DLP) events for Confidential ’s customers and configured (DLP) program to work with RSA Envision, Archer, SIEM, and SharePoint.
• Reviewed and validated security events as positive or false positive and follow an incident response process to log incidents and begin resolution.

Confidential, Merrimack, NH

Network Security Specialist

• Responsible for engineering, operations, alerting, report generation and deep network security analysis.
• Researched, procured and implemented various best of breed network security tools to ensure GT can defend itself against APTs, malware, phishing, and threats against our intellectual property.
• Helped to implement and deploy data security solutions using IBM QRadar SIEM, RSA/McAfee Data Loss Prevention, TrendMicro AV and Bit9.
• Performed vulnerability assessment and penetration tests on internal systems and external network with the use of popular penetration testing tools (Core Impact, Qualys, Nessus, NMAP and Wireshark).
• Reviewed, analyzed and correlate malware, security events and reported and performing data and risk thought various tools IBM QRadar SIEM, Splunk, Fireeye, Carbon Black (Bit9) to identify suspicious and malicious activities.
• Performed monthly server patching using Shavlik and endpoint patching using Microsoft Windows SCCM.
• Managed and configured Blue Coat ProxySG appliance used for web filtering, data loss prevention, inspection, and visibility of SSL-encrypted traffic, content caching, and bandwidth management.

Confidential

IT Systems Administrator

Boxborough, MA

• Responsible for network monitoring, system patching, and reporting of vulnerability remediation efforts, anti-virus definition/infection status and RSA Authentication Manager SecureID.
• Monitored and verified intrusion security logs with Splunk and SolarWinds.
• Provided remote advanced analyzing of network diagnostics and troubleshooting for 500 customers up to date.
• Managed and installed of anti-virus and anti-malware software including Trend Micro WFBS and McAfee.
• Installed and managed RSA TokenID clients for Windows servers and end-users.
• Managed and troubleshoot system backups and recovery using CommVault, and Symantec Backup Exec.

Confidential, Andover, MA

Systems/Server Administrator

• Responsible for the configuration, supports, and maintenance of the HP virtual lab environment and administrate virtual training courses as well as NOC/ Datacenter.
• Provided technical support of corporate LAN/WAN environment as well as escalated technical support issues
• Monitored network and servers with SolarWinds and HP SiteScope and helped address any issues that arose.
• Set up and performed antivirus and malware scanning with McAfee and Norton software for end-users.
• Assisted network engineer with network troubleshoots to isolate and diagnose common network problems.

Confidential, Chelmsford, MA

Desktop Support Technician

• Performed installations, configurations, upgrades, and support for systems and users on Windows OS, Windows Servers, and Mac OS.