Seeking a position to utilize my cyber security skills and abilities in the Information Technology industry that offers professional growth while being a resourceful and innovative asset to my employers.
Security Tools: Snort, FireEye, McAfee ePolicy Orchestrator & Endpoint Protection Products (Virus Scan Enterprise VSE and Host Intrusion Prevention System HIPS ), Wireshark, Access Data’s Forensic Toolkit (FTK) Enterprise, FTK Imager, Password Recovery Toolkit, Network Minner, Net Scout, WinHex, GuardedNet, Splunk, Security Onion, Netcat, TCPdump, Arc Sight, Kali, Checkpoint NG, Solarwinds, Confidential Quest, Nessus, AppDefective, Metasploit, App Scan, Zen map, Fidelis XPS, Einstein, Bluecoat, CO3, NetWitness, Security Analytics, Data Loss Prevention, Source Fire, and McAfee Web Gateway.
Applications/Services: MS Office (Excel, Outlook, Access, PowerPoint, Visio) MS Project, Flash, Dreamweaver, Fireworks, Kaseya, Visual Studio, Quality Center, Siebel, Active Directory, Protocol Analyzers, policies
Programming Languages: HTML, XHTML, PHP, MySQL, Workbench, C, C++, ASP, Visual Basic, SQL, TCP/IP, Cascading Style Sheets
Operating Systems: Windows 2003 Server, Windows 7/8/NT/2000/XP/Vista, Linux, Mac OS, Virtual (vSphere, VMWare, VirtualBox)
PROFFESIONAL s EXPERIENCE:
Sr. SECURITY ENGINEER
Confidential, Manassas, Va
- Monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms.
- Assess network activity and system configuration for anomalous activity to determine system security status.
- Manage FireEye, and Carbon Black
- Provide network security monitoring, reporting, and incident handling use tools such as ArcSight SIEM and Wireshark to examine anomalous network Activity
- Compose security alert notifications.
- Advise incident responders on the steps to take to investigate and resolve computer security incidents. Assist with security related issues.
- Make recommendations for preventive measures as necessary.
- Comply with security systems according to industry best practices to safeguard information systems and databases.
- Provide technical consultation on highly complex tasks; may assist and/or provide direction to lower level technical personnel
- Create and track investigations to resolution.
- Identify and monitor the patching of network vulnerabilities to ensure information is safeguarded against outside parties.
- Provide feedback on network cybersecurity requirements, including network architecture and infrastructure.
- Knowledge of VPN security.
- Propose new technologies or procedures that could be used to advance the ability to detect and mitigate malicious activity.
- Perform network - centric forensic analysis(Network Security Monitoring and related disciplines)
- Perform host-centric analysis (tactical forensicanalysis, memory analysis, malware detonation, and reverse engineering)
- Perform other official duties as assigned.
- Diagnose cybersecurity impacts to network connectivity problems.
- Expand or modify security configurations of network infrastructure to serve new purposes or improve work flow.
- Implement new system design procedures, test procedures, and quality standards that maximizes cybersecurity functionalities of networking components.
- Install, secure, and maintain network infrastructure device operating system software (e.g., IOS, firmware, etc.).
- Monitoring indicators and warnings of threats and potential threats to voice, video, and data networks and associated systems;
- Reports and documents on business use cases, the creation and maintenance ArcSight rule sets, channels, and customized views;
- Short and Long term security event trend analysis performed on a regular basis using Splunk, FireEye, and a dozen other cyber security tools;
- Analyze traffic flows, system logs, etc
- Identify potential IT security incidents, assemble indicators to support conclusions, and work with customers to remediate findings;
- Participate in ongoing cyber security training with other 24x7 team members to promote security awareness and improve operational awareness and efficiency
SOC SHIFT LEAD
Confidential, Leesburg, VA
- Supports monitoring of all Information Assurance Devices (IADs) to identify and document all intrusions and attempted intrusions.
- Reports security incidents and/or network intrusions to Incident Handlers for dissemination to appropriate DOT points of contacts.
- Identifies anomalous and malicious activity.
- Contributes to content creation, prioritize, rank and escalated incidents.
- Provides support in the detection, response, mitigation, and reporting of cyber threats affecting client networks.
- Maintains an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations.
- Assists in producing status reports and briefs to senior leadership; provide analysis for correlated information sources.
- Provides liaison to other agency cyber threat analysis entities such as intra-agency and inter-agency Cyber Threat Working Groups.
- Monitors health of security tools like Sourcfire, Arcsight, and McAfee suite
- Monitoring and analyzing network traffic, Intrusion Detection Systems (IDS), SIEM, security events and logs
- Maintaining proficiency in the use and production of visualization charts, link analysis diagrams, and database queries.
- Analyzes and report cyber threats as well as assist in deterring, identifying, and analyzing computer network intrusions.
- Document of evidence of system security compromise, generate of trend reports, and collect evidence of malicious or anomalous activity.
- Provides recommendations based on best practice and experience to develop processes that will enhance efficiencies in client environment
- Populate and maintain an intrusions database, and provide data analysis support; analyze data from sensors, network security devices and applications using the security information event management systems, log servers, application interfaces and device consoles provided.
LEAD SECURITY ENGINEER/ SR. CONSULTANT
Confidential, Herndon, VA
- Keep upper management updated on the latest traffic and provide feedback on what actions should be taken to better protect from future attacks on different computerized systems.
- Tests for compliance with security policies and procedure
- Review open and closed source information for new and future threat indicators
- Monitor health of security tools like Sourcfire, Security Analytics, FireEye, Splunk, and McAfee suite
- Write up critical weekly reports for upper management
- Supervised operation of Incident Response team and served as focal point for U.S. Cert and Upper Management.
- Perform advanced forensics collection techniques in an enterprise environment.
- Perform data analysis by using Splunk, Security Analytics RSA and other security tools
- Work with project managers, business analysts and contractors on security solutions to address customer security requirements.
- Doing weekly and monthly metrics.
- Leading ddmi meeting to walk thru client about the incident.
- Review and apply incident management plans to work being performed by the team.
- Monitoring and analyzing network traffic, Intrusion Detection Systems (IDS), security events and logs;
- Prioritizing and differentiating between potential intrusion attempts and false alarms.
- Creating and tracking security investigations to resolution.
- Helping the client to build up a 24*7 SOC and take care of engineering work as well.
- Advising incident responders in the steps to take to investigate and resolve computer security incidents.
- Staying up to date with current vulnerabilities, attacks, and countermeasures.
CYBER SECURITY ENGINEER
Confidential, Arlington, VA
- Analyzed and assessed vulnerabilities in the infrastructure
- Investigated available tools and counter measured to remedy the detected vulnerabilities, and recommends solutions and best practices
- Analyzed and assessed damage to the data/infrastructure as a result of security incidents, examined available recovery tools and processed, and recommended solutions
- Tested for compliance with security policies and procedure
- Performed security monitoring on data/logs analysis
- Performed forensic analysis, to detect security incidents, and mounts incident response.
- Monitored networks, computers, and applications at NSF
- Determined the damage caused by detected intrusions, identified how an intrusion occurred, and recommended safeguards against similar intrusions.
- Prepared for and mounts rapid response to security threats and attacks such as viruses and denial-of-service attacks
- Scans, identified and assessed vulnerabilities in NSF systems including computers, networks, software systems, information systems, and applications software.
- Monitored and maintained physical and logical security and access to systems
- Risk assessment of NSF network, and presented options to management for the enhancement of DNS, firewall, modernization of firewalls, and inbound e-mail security and robustness
- Established computer and terminal physical security by developing standards, policies, and procedures; coordinating with facilities security; recommending improvements.
- Ensured authorized access by investigating improper access; revoking access; reporting violations; and monitored information requests by Siebel and Confidential Quest.
- Analyzed information security systems and applications and recommended and developed security measures to protect information against unauthorized modification or loss.
- Identified distributed systems security issues as they arise and coordinated with the security architect to ensure that issues are addressed and resolved in a timely basis
- Daily triage management of systems, analyzed event data and ensured the proper escalation process is followed
- Supporting day-to-day task related to IT security
- Worked with NSF to develop network security strategies to reduce the network threats.
- Installation, configuration, monitored and responded to security system
- Performed Network Scans on Weekly basis for finding potential risks
- Monthly Vulnerability scanning on entire NSF network
- Assisted in IT security incident response and documentation
- Assisted System Administrator and Help Desk personnel in patch remediation
- Intrusion Detection monitored.
Confidential, Herndon, VA
- Interacted with executive-level customers and management in resolving technical I.T and Security problems
- Monitored networks for security breaches and investigate a violation when one occurs
- Administrated all duties in accordance with established policies, procedures and standards.
- Helped computer users when they need to install or learn about new security products and procedures
- Provided quality support to end users with a high degree of customer satisfaction, technical knowledge, and timeliness either by resolving the issue or by delegating and coordinating efforts with senior staff members
- Found intelligent solutions and/or workarounds for issues found by end users to help resolve their issues
- Evaluated workflow processes, identifies solutions and resolves issues.
- Ensured that major technical, system or application issues are appropriately addressed and communicated
- Recorded problems/concerns established acuity level and performs follow-up as necessary on reported incidents.
- Installed and used software, such as data encryption programs, to protect sensitive information
- Supported with Virus/Spyware Removal/Detection, Hardware Problems, Computer Upgrades, Networking Setup/Diagnoses, Software Problems, PC specific Issues/Troubleshooting
- Supported up to 250-300 users.
- Research the latest information technology (IT) security trends
- Ensured technical security and maintenance to proved user access to electronic mail, applications, and user data
DATA CENTER TECHNICIAN
Confidential, Ashburn, VA
- Provided onsite technical support for new provisioning deployments, break-fix for production systems and change management support within all data centers in Ashburn and Dulles facilities
- Provided onsite professional services support to deploy new systems and service existing systems through racking/cabling/troubleshooting of servers, net devices, etc.
- Provided hands on support to remote teams and customers, support shipping and receiving of hardware, asset audits and other data center support needs as they are assigned.
- Proficiently used of ticketing program, to monitor Service Request, Change, Incident and Problem activity.
- Performed routine media management activities including incoming and outgoing inventory of offsite media.
- Handled Incidents for restoration of systems via tape restoration processes.
- Provided disaster recovery testing support.
Confidential, Dulles, VA
- Monitored and analyzed network traffic and alerts triggered by security
- Investigate intrusion attempts and perform in-depth analysis of exploits
- Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident
- Conduct proactive threat research and review security events that are populated in a Security Information and Event Management (SIEM) system
- Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident
- Independently follow procedures to contain analyze and eradicate malicious activity
- Document all activities during an incident and provide leadership with status updates during the life cycle of the incident
- Incident management, response and reporting
- Provide information regarding intrusion events, security incidents, and other threat indications and warning information to the client
- Track trends, statistics, and key figured for MWAA
- Assist with the development of processes and procedures to improve incident response times, analysis of incident, and overall SOC functions
- Provide Reporting, Daily Shift change report, Incident reports, Security status reports and Client-facing security meetings
JR. CYBER SECURITY ANALYST
Confidential, Herndon, VA
- Evaluate and ensure security efficiency and assist in installation of antivirus to fortify security system.
- Coordinate with various departments, evaluate and ensure accuracy to all incidents.
- Manage and implement all network security processes and maintain proper reports for same.
- Documents and provide upgrade to all information security policies and processes.
- Used Microsoft Office proficiently for data gathering, data analysis to ensure customer requests are met and proper services are given
- Provide on-call support to 24x7 security monitoring
- Perform log-centric analysis (application logs, operating system events, authentication data, etc.)
- Engage in cyber threat hunting activities
- Managed inbound and outbound calls, voice messages, and emails.
- Conducts vulnerability assessments.
- Documents, tracks, and monitors problems to ensure timely resolution.
- Performs vulnerability and risk analyses of computer systems and applications during all phases of the SDLC.
Confidential, Dulles, VA
- Received, documented, and reported cyber security events on Confidential network.
- Categorized incidents and implement corresponding escalation procedures.
- Communicated and coordinated incident response efforts.
- Conducted daily operational update meetings for SOC staff and unscheduled situational update briefings for FAA leaders.
- Analyzed reports to understand threat campaign(s) techniques, lateral movements and extract indicators of compromise (IOCs).
- Provided telephone, e-mail and ticket service to customers.
- Reference applicable departmental and operating administration policies in work products
- Responsible for leading the response to low and medium severity incidents and participating in the response to high severity incidents.
- Any other duties as requested by the Contracting Officer Representative and SOC management.
- Provided incident response, analysis, and management support to identify, contain, and remediate incidents on an enterprise network.