- SOC/NOC Analyst with experienced in monitoring, investigating, reporting, and responding to security threats and network issues, providing real time solutions across enterprise network infrastructure.
SIEM: Splunk, ArcSight, Nitro, SolarWinds, AlienVault
Operating Systems: Windows 7/XP, Cisco IOS, Unix/Linux
Network Security: Cisco ASA Firewall & Firepower IPS, TACACS+, RAIUS, Websense
Network Monitoring: RedSeal, ForeScout, Splunk, NetScaler, Netflow, SolarWinds, PRTG, Wireshark
Networking: Cisco Routers/ Switches, ASA 5500 series, LAN/WAN.
Network Protocols: EIGRP, OSPF, RIPv2, ACLs, NAT/PAT, DNS, VPN, VLAN, TCP/IP, IPv4/IPv6
Servers: Windows 2008/2003, Database/Application Server, VMwareStorage components: SAN/NAS, REMOTE BACKUP
- Monitor and analyze network traffic and alerts, investigate intrusion attempts and perform in - depth analysis of exploits and conduct proactive threat research.
- Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident, review security events that are populated in a SIEM system and follow procedures to contain analyze and eradicate malicious activity.
- Analyze variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.
- Provide information regarding intrusion events, security incidents, and other threat indications and warning information to the client, track trends, statistics, and key figured for each assigned client.
- Document all activities during an incident and provide leadership with status updates during the life cycle of the incident, backup of firewall, security appliances and other security devices, perform incident management, response and reporting.
- Assist with the development of processes and procedures to improve incident response times, analysis of incident, and overall SOC functions, Security status reports and incident reports.
Confidential, McLean, VA
- Monitoring indicators and warnings of threats and potential threats to networks and associated systems, detect vulnerabilities and attack traffic patterns, and evaluate security violations.
- Short and Long-term security event trend analysis performed on a regular basis using Splunk, and other cyber security tools, analyze traffic flows, system logs.
- Identify potential IT security incidents, assemble indicators to support conclusions, working with customers to remediate findings.
- Reports and documents on business use cases, the creation and maintenance ArcSight rule sets, channels, and customized views.
- Participate in ongoing cyber security training with other 24x7 team members to promote security awareness and improve operational awareness and efficiency
Confidential, Woodlawn, MD
- Monitoring and maintaining the network, servers and services 24/7/365 environment, runs applicable jobs without error, in accordance with established instructions, maintains all applicable logs, journals and provides thorough review and hand-off to following shift Analysts.
- Troubleshooting of network routers and switches to isolate the trouble and take appropriate action for resolution, answers helpdesk calls and provides Tier 1 end user support such as, but not limited to, password resets, access issue resolution, end point device issues, and ticket creation.
- Provide support for hardware, software and applications to diagnose and resolve basic to intermediate technical issues within required response time, quality and productivity standards.
- Interact with end users and teams, utilizing communication and collaboration of best practices of network and system administration, hardware, software applications, and operating systems, and maintains internal (NOC) documentation per process and procedures.
Confidential, Fairfax, VA
- Provide primary monitoring support for all network issues and customer complaints, monitoring the progress of events and supplying the client, partner or vendor with updates, and working directly with customers to resolve technical issues and questions.
- Monitor all of the global network, applications, devices and connections along with customer traffic, using specific custom-built tools, work with the systems and network teams to resolve issues.
- Perform basic network troubleshooting and management, coordinate with other teams to assist in resolving trouble tickets when necessary, research of customer issues and report to escalation teams prior to escalation, update on ongoing trouble tickets and provide full report of issues.
- Provided technical support and information processing and responded to various types of mission critical network events in accordance with established NOC procedures.