- With continuous monitoring, I can interpret and prioritize threats Security Incident/Event Management (SIEM).
- I can analyze packets using various security tools and recognize potential, successful, and unsuccessful intrusion attempts.
SIEMs: Nitro, FireEye, ArcSight, Splunk, Security Analytics.
Incident Management:: ServiceNow, Various Ticketing Systems.
Anti Virus: SEP, McAfee, Cylance.
NIDS/HIDS: Sourcefire, Snort, Carbon Black.
Cyber Security Analyst
- Packet - level analysis of network traffic to determine malicious events. This involves looking/examining packet details to extract domains, IPs, ports and services involved in a communication and triaging the details of the traffic against known malicious databases to determine anomaly.
- IOC-driven hunts in the SIEM environment. This involves using indicators of compromise from Intel research to parse through network logs for any occurrence of the indicators in the environment and initiating detection/protection protocols against the IOCs.
- With mail being a high threat vector, I have vast experience and have worked to analyze mails for phishing attributes. This involves analyzing mail attachment for hidden malware or links to credential harvesting sites. It also involves analyzing mail headers for spoofing and analyzing embedded links that re-directs to malicious domains.
- Used keywords to search logs (BlueCoat, Splunk) in order to identify users who have visited malicious sites or violated network policy. Also monitoring and analyzing data feeds of event logs like firewall logs.
- SOC Analysis, Log analysis, proactive monitoring and response to network and security incidents
- Analyzed and drilled down on security event data from the network (IDS sensors, firewall traffic and routers) including pcap analysis.
- Analyzed security event data and logs from the network (IDS, firewall).
- Continuous monitoring and interpretation of threats through use of intrusion detection systems, firewalls and other boundary protection devices, and any security incident management products deployed.
- Daily Research on security websites such as virustotal, ipvoid etc., to determine the latest vulnerabilities identified by the security community and to monitor for such activities on the network.
- Assisted and supported Cyber Security Incident or Service Response Teams when necessary.
- Cross checking malicious IPs and domains on virustotal, ipvoid to determine if they have been blacklisted and keeping a daily log of such domains for future analysis.
- Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
- Ensure the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.
- Research new and evolving threats and vulnerabilities with potential to impact the monitored environment.
- Identify suspicious/malicious activities or codes.
- Report malicious activity to client locations with recommendations for remediation
- Worked in a 24x7 Security Operations Center
- Great leadership skill.
- Eager and willing to learn
- Excellent verbal and written communication skills
- Great Troubleshooting and Customer Support Service
- Work efficiently with little or no supervision, and meets deadline
- Strong Analytical skills and background in Computer Architecture
- Extensive working knowledge of Windows Operating System Environment