SUMMARY:

• A versatile, result driven team - lead with excellent problem solving skills and the ability to adapt to new technologies and environments.
• Currently focused on transitioning out of the SOC/Incident Response job function with the goal of shifting towards a higher level InfoSec consulting role that aims to improve overall security posture while working with teams from various groups in an organization.

TECHNICAL SKILLS:

Tanium: configuration of system dashboards, authoring sensors/packages, scheduled actions; general use from an IR/hunting perspective.

Resilient IR Platform (IBM): full installation, deployment, administration of system

CyFIR: utilization on live endpoint investigation, evidence collection, IOC identification.

Invincea: behavioral end-point prevention; utilization and identification of threats and remediation

ProofPoint: utilization of both Protection Server and TAPS for email analysis, threat hunting.

Solera (BlueCoat): utilization for network packet capture forensics analysis/IOC identification.

Splunk (Enterprise Security): general utilization for event tracking/use case definitions

FireEye HX: administration/deployment of agents for endpoint IR and IOC identification.

ECAT (RSA): customization and deployment of endpoint agent for IR / IOC detection.

Linux / UNIX: Solid skill set and knowledge of various O/S (FreeBSD, RedHat, Ubuntu, etc.)

Lastline: utilization for file/malware analysis as part of investigations

Incident Response Tools: SIFT, Redline, Volatility, TZWorks, IEF, FTK.

IDS: Tipping Point | McAfee | Snort | Sourcefire

Network Focused Tools: Netwitness, Incapsula, F5 LTM/GTM, BlueCoat

Firewalls: Check Point, A10, Palo Alto, Cisco ASA

SIEM: ArcSight ESM 6.8/6.5/5.2

Other: Symantec DLP 12.5, VMware ESX/ESXi Server, InfoBlox/Secure64, Cisco ACS

PROFESSIONAL EXPERIENCE:

Confidential, Atlanta, GA

Sr. Security Incident Response Consultant

Responsibilities:

• Responsible for developing and documenting Incident Response methods and guidelines for the organization; built out a detailed Incident Response run book of tools, techniques and forensic methods for personnel to utilize during investigations.
• Perform live-endpoint investigation; including the identification and gathering of key forensic artifacts, offline investigation as needed and providing remediation actions as needed.
• Implemented and deployed an Incident Response focused ticketing system to improve incident tracking, remediation and metrics for incidents worked.
• Responsible for working with 3rd party vendors and MSSP’s in order to improve security, efficiency, rule tuning and escalation procedures.
• Responsible for reporting of security metrics related to the Incident Response team.
• Provides mentoring to team members of incident response techniques and methodologies.
• Assisted in the build out and development of the SOC; including process/procedure build out

Sr. Engineer Cyber Incident Response Team

Responsibilities:

• Responsible for being the focal incident response point for all business units within the organization (host/network/cloud/retail). This includes being able to provide initial analysis and identification of IOC’s, escalation to the appropriate business units and post-incident activities.
• Responsible for the build-out of our enterprise SIEM/SOC environment, including identification and onboarding of data feeds, as well as use case development per alignment with the defined security policies.
• Worked on the continued development of CIRT and Machine investigation lifecycles as part of the ongoing process to enhance IR capabilities; also provided significant contribution to the revision of corporate security policies.
• Response for the development of CIRT forensic techniques, including providing guidelines, documented processes, toolsets and tabletop exercises.
• Developing and providing high-level technical reports in response to a forensic investigation.

Sr. Engineer Tier 2 Operations Security

Responsibilities:

• Responsible for supporting a wide number of technologies and being able to proficiently perform advanced troubleshooting on the fly (packet captures, debugs, traffic analysis)
• Provide support on both L2L and Remote access VPN endpoints; this includes tunnel establishment, troubleshooting, captures of interesting traffic and end user support
• Provide support and administration for the company’s core FW NAT components for mobile handset communication.
• Provide support for the company’s core DNS infrastructure, including GEO FQDN’s via GTM, Internal/External authorative zones and mobile handset caching DNS servers.
• Served as a member of a 24x7 operational break-fix team, required to perform complex troubleshoot and driving root cause to resolution.

Sr. Intrusion Protection Specialist

Responsibilities:

• Work on the Intrusion Protection Team at the main SSA Headquarters, with primary responsibilities of analyzing security events/malware, with a focus on the external network segments.
• Responsible for utilizing network threat/intelligence solutions to look for known confirmed malware on the network; in addition to looking at the latest security threats and outbreaks.
• Responsible for writing daily and ad-hoc reports for the SOC analysts in response to the latest security trends and threats
• Responsible for managing and building out VMWare infrastructure.
• Assisted in the engineer and deployment of SIEM, Enterprise Gateway A/V (Bluecoat) and commercialized IDS deployments at the main and secondary data centers for the SSA.

Information Security Engineer

Responsibilities:

• Work on the Information Assurance / Data Network Security group at DIA, helping safeguard the information resources that are vital to airport operations.
• Responsibilities include being the primary administrator for four enterprise firewall clusters, as well as reviewing firewall rulesets and policies.
• Responsible for creating and maintaining both site-to-site and remote access VPN's to third party vendors and support engineers; this includes management of centralized authentication (AAA) and multi-factor authentication (security tokens).
• Designed and implemented all of DIA's Intrusion Detection Systems (IDS) using all open-source snort implementation.
• Responsible for monitoring and evaluating security events via our SIEM and serving as our primary Security Analyst.