We provide IT Staff Augmentation Services!

Cyber Data Pm Security Director Resume

SUMMARY:

ver 17 years of Security Operations leadership experience that includes employing Encase Cyber Security, Network Access Control Net - FTK/Witness Investigator and Informer; ArcSight 6 Console, Logger and Express; Fire Eye Email Protection, Fire Eye Web Protection, En Circle, Jump Server, Blue Coat, Snort, ASA Firewall, SCCM, Splunk, and Sourcefire. Meticulous and dedicated professional with experience abiding by Security Operations Guideline protocols NIST, US Cert, and FISMA Frame Work.

TECHNICAL SKILLS:

NBT Scan

Metasploit

CORE Impact

Cylance

Splunk 6.4

Palo Alto

ASA Firewall

Splunk SIEM

Source Fire

Checkpoint

McAfee

Nessus

Aircrack Retina

HP Logger

EnCase Enterprise

HP ArcSight Console

Fire Eye Web Protection

Fire Eye Email

TCP Dump

Web Sense

Protection

Symantec Endpoint

Protection

Net Witness Investigator FTK

Blue Coat

PROFESSIONAL EXPERIENCE:

Cyber Data PM Security Director

Confidential

  • Prepared, arranged, and tested Splunk/Arc Sight search strings and operational strings.
  • Created and configured management reports and dashboards.
  • Developed, evaluated, and documented specific metrics for management purpose.
  • Trained Splunk security team members for complex search strings and ES modules.
  • Analyzed security-based events, risks, and reporting instances.
  • Utilized Mandiant and FireEye technology to conduct large-scale investigations and examine endpoint and network-based sources of evidence Executed systems programming activities and supported data center activities.
  • Conducted penetration testing on DoD network defense mechanisms externally utilizing various methods and techniques (withheld for operational security). Tools: Metasploit, Armitage, SE Toolkit, MSF console, Nmap, Cobalt Strike, Remote attack, Client-Side Attack, Blind Side Attack, Social Engineering Attack, and Fuzzing Attack/DoS--MITM (Man in the Middle Attacks)
  • Analyzed malware behavior, network infection patterns and security incidents in defense of U.S.
  • Analyzed approximately 10 classified network security intelligence reports daily.
  • Specialized in network centric analysis utilizing a variety of tools and techniques such as Network Security Monitoring, log analysis, and more.
  • Monitored, detected, and analyzed network traffic for malicious activity and provide reports.
  • Used net-witness to analyze PCAPs
  • Identified potential malicious activity from packet captures and analyzing log files.
  • Used Intrusion Detection/Prevention Systems daily
  • Experience with multiple attack vectors such as: Malware, Trojans, Exploit Kits, Ransomware and Phishing, and Botnet.
  • Reviewed logs and vulnerabilities utilizing CIRATS (Compliance Issue Risk and APAR Tracking.
  • Maintained the Intrusion detection system and monitoring all events and traffic
  • Performed Computer Security Incident Response activities for a large organization, coordinates with other government agencies to record and report incidents.
  • Monitored and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation.
  • Utilized digital forensic tools including Guidance EnCase/FTK to execute digital investigations and perform incident response activities
  • Performed hunting for malicious activity across the network and digital assets
  • Managed and executes multi-level responses and addresses reported or detected incidents
  • Performed information security incident response and incident handling based on risk categorization and in accordance with established procedures
  • Worked with a cross-functional team, drive improvements to policies and processes within the law enforcement response team
  • Coordinated with internal partners and external law enforcement agencies to aid people in crisis.
  • Identified incidents and make recommendations to protect the network
  • Assisted in the administration and integration of security tools to include new data/log sources, expanding network visibility and automation.

Sr. Security Director

Confidential

  • Built over 16 Security Ops from ground zero until live.
  • Monitored, detected, scanned, recorded, audited, analyzed, investigated, reported, remedied, coordinated, and tracked security-related "events" such as signs of intrusion, compromise, misuse, and compliance. Utilize provided sensors, systems, tools to monitor networks and systems for signs of intrusion, compromise, misuse, and non-compliance and writing security playbook writing.
  • Managed the team responsible for threat intelligence, incident response, forensics, vulnerability scanning, web application scanning, data loss prevention and malware.
  • Conducted onsite penetration tests from an insider threat perspective.
  • Produced advisory reports regarding 0-day exploits, CVE vulnerabilities, current network
  • Performed network traffic and deploying tools and create dashboard Splunk/Config
  • Used Blue Coat against web threats to intercept all web bound traffic
  • Oversaw 3 locations with 29 members on the team to ensure business is running normal and place out major events at remote locations addition responsible for SLA, Training, Policy, SOP and closing all investigate reports before send to US CERT/ Addition Writing security Play books
  • Responsible for monitoring client networks to detect suspicious and malware and hostile activity that would jeopardize the integrity of information systems. Responsible for reviewing logs/ Vulnerabilities from various security tools
  • Integrated numerous types of cyber security data feeds into Arc Sight HP
  • Configured security tools and writing security play books and many table top
  • Performed threat monitoring - monitor industry resources and observe new technical developments, intruder activities and related trends to help identify threats to the Client systems.
  • Performed patching and vulnerability scanning and network discovery
  • Tracked and resolved security non-compliance issues and patch advisories) (Plain of Action).
  • Provided trend analysis for correlated information sources and network data including event logs, IDS, and network captures.
  • Provided trend analysis for correlated information sources and network data including event logs, IDS, and network captures.
  • Utilized Splunk SIEM/ArcSight daily to upkeep and identify any common threat. Reported to document security incidents that occurred during my shift.

Security SOC Manager

Confidential

  • Implemented Nessus on the network, actively installed/aided in patching, and significantly reduced the number of vulnerabilities on the servers. Lead of weekly vulnerability scans (Nessus & McAfee Found stone.
  • Reviewed logs and vulnerabilities utilizing CIRATS (Compliance Issue Risk and APAR Tracking System-PCI, SOX,) enabled IBM Integrated Technology Delivery to document, track, and resolve security noncompliance issues and patch advisories.
  • Utilized Aruba 802.11ac wireless access points/create rules/SSID
  • Utilized ArcSight, Symantec, Splunk, Net witness, and EnCase Enterprise.
  • Performed regular health checks for ArcSight ESM, Logger and the Connector Appliance.
  • Used major tools and continued to check log files for system errors or down connectors and resolve any issues that affected the performance of the SIEM801.
  • Created and maintained Arc Sight content based on latest threats, suspicious/anomalous traffic, and signatures for anti-virus (AV) or Intrusion Detection System (IDS) solutions.
  • Monitored Arc Sight feeds to discover, analyze, and suggest remediation actions for security threats to the IBM network.

SOC Security Analyst

Confidential

  • Provided trend analysis for correlated information sources and network data such as event logs, IDS, and network captures.
  • Supported the development of incident handling, detection, and threat mitigation procedures.
  • Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.
  • Recognized potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
  • Evaluated firewall change requests and assess organizational risk.
  • Assisted with implementation of counter-measures or mitigating controls.
  • Ensured the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.
  • Performed periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance.
  • Supported eDiscovery and investigative teams by facilitating evidence collection. Act as Operations Sustain Manager for Qualys guard.
  • Led an organization of 160 information security professionals and incident handlers for a $300 million government contract securing the 2nd largest network in the United States government with existing security systems.

Hire Now