SUMMARY:

• An information technology professional with over 18 years of experience in Security Operations and Network Administration.

PROFESSIONAL EXPERIENCE:

Sr Security Operations Analyst

Confidential (Tempe, Arizona)

• Investigated SIEM alerts
• Analyzed Symantec Endpoint Protection daily reports for repeat infections and malware removal failure.
• Investigated and monitor firewall traffic.
• Wrote and maintained technical documentation for internal knowledge base.
• Constantly researched and gathered intel to stay up to date on the latest vulnerabilities, exploits, commodity malware, and targeted attacks. Used gathered intel to perform enterprise wide searches for malicious software and or activity
• Analyzed email for phishing attacks and other malicious intent.
• POC tested of end point solutions (Carbon Black, Crowd Strike, Tanium).

Sr Intrusion Analyst

Confidential

• Proactively monitored the network traffic of the company as well as numerous corporate clients for anomalous activity and indicators of compromise.
• Performed in depth analysis of intrusions in complex client network environments.
• Utilized, and aided in, the tuning of network security tools including, but not limited to, SumoLogic, MetaFlows, and McAfee Enterprise Security Manager.
• Utilized RT work management system for all incident response investigation process. Created tickets to track and remediate events from initial identification all the way through the remediation phase.
• Gathered threat intelligence to gain knowledge and understand targeted cyber threats related to industry and clients.
• Able to quickly identify anomalous traffic patterns compared to normal network and internet flows.
• Ensure incidents are identified, reported and remediated to meet SLA requirements.
• Define, review, and enforce information security policies, standards and guidelines for business operations and technology requirements.

Information Security Intrusion Analyst

Confidential

• Conducts in - depth investigations of security events that occur within the environment through a full ticket life-cycle (network forensics, host analysis, malware analysis, remediation).
• Acts as a first line of defense against commodity and APT related malware, which requires us to be constantly researching and staying up to date on the latest vulnerabilities, exploits, commodity malware, and targeted attacks.
• Utilizing Splunk as a SIEM: Correlate events through analysis of various Splunk log data sources, create searches, and reports.
• Performs Network-based analysis through use of Splunk, Wireshark, and various other network-based tools. Performs basic static and dynamic analysis of commodity and APT malware. Performs basic host forensics utilizing Encase and various other tools.
• Works alongside a CIRT team in order to support them in their Incident Response and Incident Handling duties.

Computer Network Defense / Information Assurance Analyst

Confidential

• Provides technical guidance to the Network Operations Center, Project Engineering group, and the Department of Defense on best security practices.
• Administrates on site equipment, which includes Sidewinder and Cisco ASA firewalls, IBM Proventia IPS/IDS, and Websense Content Filtering.
• Troubleshoot connection issues that involve firewalls as well as content filter.
• Performs network vulnerability scans utilizing ACAS (Nessus) and Retina.
• Event correlation and analysis using Arcsight Webview.
• Investigates events and provides incident response.
• Works under the Direction of Joint Task Force-Bravo Information Assurance Manager (IAM) to plan, develop, implement, and provide training to ensure the confidentiality integrity, and availability of automated systems and networks.

Network Admin

Confidential

• Monitored network availability utilizing tools such as Solarwinds for the Department of Defense.
• Administered Cisco FWSM firewalls, Cisco routers, Cisco switches and General Dynamic’s crypto equipment.
• Analyzed and reported outages and corrective actions to Theater Network Operations Center (TNOSC).
• Other responsibilities included routing, ACL, and firewall changes.
• Designed and documented network changes.
• Coordinate with Information Assurance group regarding policy violations.

Sr. Security Operations Specialist

Confidential - Phoenix, AZ

• Duties and responsibilities included in-depth analysis and investigation of escalated security events within published SLAs.
• Write and maintain technical documentation for internal knowledge base, for the benefit of level 1 and 2 specialists.
• Performed routine to complex changes for customer security devices including Netscreen and Fortigate firewalls, Blue Coat web content filtering and Juniper NSM.
• Mentored level 1 specialists to improve quality and consistency of security information analysis, device troubleshooting, and device management best practices.
• Event correlation and analysis using Arcsight tools.
• Worked with equipment vendors to resolve hardware and software issues.

Network Services Specialist Lead

Confidential - Phoenix, AZ

• Accessed various network devices / systems for trouble isolation in all layers of the OSI model with heavy focus in layers 1 through 4.
• Responsibilities included maintaining and troubleshooting customer's routing, routers and data circuits.
• Customer equipment included Cisco and Juniper routers.
• Troubleshooting existing data issues and using supplied monitoring tools in order to maintain network reliability.
• Work in a WAN/MAN/LAN environment/role, and support domestic and international interface standards. Provides proactive network monitoring to identify potential issues; take corrective action as required.

TECHNICAL SKILLS:

Operating Systems: Windows server, Windows, Linux

Software: FireEye Sandbox, FTK Imager, Wild Fire Sandbox, Volatility, Nessus, Splunk, Arcsight, Wireshark, Encase, Crowd Strike, Carbon Black, Tanium, Symantec Cloud (Email Security)

Security Equipment: Cisco ASA Firewalls, Palo Alto Firewalls, Websense, Netscreen SSG Firewalls, McAfee Sidewinder Firewalls, Juniper VPN Appliance, Blue Coat, McAfee SIEM, Qradar SIEM