Security Operations Center Technician Resume
SUMMARY:
Over 30 years working in IT Networking environment and performing testing, analysis, database and implementation activities
TECHNICAL SKILLS:
Experienced in Splunk UBA & Ent., ForeScout, RSA Archer, Windows NT & 2000,2003,2008, Cisco router, Switches, Hubs, Microsoft Office 2007,Microsoft Exchange Server 2000, 2003, 2007,2010, Outlook 2007, Dell, HP, DFS, FRS, Remedy, Heat, HP Openview, Oracle, SQL server, Internet, Lotus Notes, Netscape Navigator, Belarc, Zenworks 3.x & 4.x, BackupExec for NT/2000 v7.3, 8.x, Compaq DLT Autoloader Library, Brightstor Arcserve for Windows v9 & 2000, Windows 2008 Active Directory Services, SunSolaris 8, NETIQ, ManageWise 2.6, Netsight Element Manager, VirusScanners(Norton), Citrix Metaframe, eTrust, Quest, Aelita, Legato, Hyena, Veritas NetBackup 6.x, 7.x, Mcafee EPO Orchestrator 5.x., Cuckoo, AppsDynamic, Tanium,Trend Micro, Infoblox, Moloch PCAP, Solarwinds
PROFESSIONAL EXPERIENCE:
SECURITY OPERATIONS CENTER TECHNICIAN
Confidential
Responsibilities:
- Work with alerts from the Tier 1 SOC Analysts, to perform in depth analysis and triage of network security threat activity based on computer and media forensics, malicious code analysis, and protocol analysis.
- Assist with the development of incident response plans, workflows, and SOPs, Deploy and maintain security sensors and tools, Monitor security sensors and review logs to identify intrusions.
- Think critically and creatively while analyzing security events, network traffic, and logs to engineer new detection methods, Work directly with cyber threat intelligence analysts to convert intelligence into useful detection, Collaborate with incident response team to rapidly build detection rules and signatures as needed.
- Develop and implement detection use cases, Develop and implement IDS signatures, Assist with incident response efforts, Create and brief customer reports.
- Participate in on - call rotation for after-hours security and/or engineering issues, Perform customer security assessments, Develop and run table top exercises. Identify incident root cause and take proactive mitigation steps, Perform lessons learned activities, Mentor junior analysts and run brown bag training sessions, Review vulnerabilities and track resolution, Review and process threat intel reports and sources
CDM Tools Engineer
Confidential, Fairfax, VA
Responsibilities:
- Participates as needed in all phases of software development with emphasis on the planning, analysis, testing, integration, documentation, and presentation phases.
- Applies principles, methods and knowledge of the functional area of capability to specific task order requirements, advanced mathematical principles and methods to exceptionally difficult and narrowly defined technical problems in engineering and other scientific applications to arrive at automated solutions.
- Utilize SIEM Monitoring tools: Forescout, Confidential BigFix, Tenable Security Center, RES Workspace, McAfee Application Control for Continuous Diagnostics Mitigation
McAfee/ Systems Engineer
Confidential, Bowie, MD
Responsibilities:
- Build & Setup business or Office IT Networks
- Install, Configure & Upgrade Operating systems, Software, hardware, and Applications
- Perform, Build as well as maintenance tasks on Laptops, Servers, Desktop PC, Printers, e.t.c.
- Troubleshoot & Repair all Computer Equipment
- Provide Anti-Virus Install e.g. McAfee, Upgrade and Cleanup, e.t.c.
Cyber Security Operations Engineer
Confidential, Reston, VA
Responsibilities:
- Experience with CDM dashboard or Security Information Event Management (SIEM) systems, including ingest of third-party data for rendering within the dashboard or SIEM.
- Provide initial configuration and troubleshooting for McAfee and ForeScout products supporting network monitoring, device detection, endpoint software inventory, configuration compliance assessments, and vulnerability detection in SOC.
- Familiarity with basic IPv4 local area networking concepts like subnets, masking, switches, routers, gateways. Familiarity with the NIST 800 publications governing the FISMA Act
- Operate and provide Tier 2 and Tier 3 CDM support for Splunk, Vulnerability Manager, ForeScout CounterAct, RSA Archer, e.t.c. Performed Vulnerability Scanning on Retina servers to determine Microsoft patches needed.
- Subject Matter Expert in McAfee ePO, McAfee Policy Auditor, McAfee Application Control.
- Ensure Active Monitoring of Network and Endpoint Inventory in SOC.
- Able to manipulate data in order to conduct sound and accurate analysis regarding output.
- Able to learn and assist in managing CDM DHS-specific Compliance dashboards and applications. Mentor Junior Cyber Security Operation Engineer.
- Support data collection from McAfee and ForeScout by a Splunk repository. Reconcile information aggregated within Splunk with native databases of McAfee ePO and ForeScout CounterAct.
- Conduct appropriate analysis and ensure calls that are unable to be resolved are appropriately forwarded to next level support services, both internal engineering and product vendors.Support the following: Provide initial problem resolution where possible, Generate, monitor, and track incidents through resolution, Provide software support, Maintain frequently asked questions and their resolutions, Obtain customer feedback and conduct surveys, Contribute technical input to CDM CMaaS User and Operator Training in Security Operation Center.
- Experience using McAfee Host Intrusion Prevention System Configuration, McAfee Host Intrusion Prevention System Management, McAfee Application Control, McAfee Policy Auditor, McAfee
- Install, Operate and perform administrative tasks on Linux Redhat 6.x.
- Risk Advisor, Splunk, RSA Archer, Security Content Automation Protocol (SCAP), Asset Summary Reporting Format (ASR) in Security Operation Center.
- Develop effective written procedures and SOPs to guide & IA/scanning team on daily operations, Work with the other IT support teams in troubleshooting and remediating outstanding Vulnerabilities. Make sure software configurations achieve a high level of security for systems and applications. Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
- Operate and maintain a suite of vulnerability scanning tools, including Retina, Nessus, Assist in research, analyze, design, test, and implement new or vendor-supplied security software solutions. Provide up- to-date documentation and procedures on security software product administration. Analyze scan results, prioritize, identify solutions and make recommendations based on the analysis. Utilize Wireshark for troubleshooting network issues.
- Examine data from multiple disparate sources with the goal of providing new insight. Design and implement custom algorithms, flow processes for data sets used for modeling, data mining, and research purposes. Perform penetration tests, identify exposure and risks, and recommend appropriate security solutions.
- Make recommendations regarding the selection of cost-effective compensating security controls based on NIST 800-37 to mitigate risk. Stay up to date with current vulnerabilities, attacks, and countermeasures
McAfee/ Systems Engineer
Confidential, Bowie, MD
Responsibilities:
- Build & Setup business or Office IT Networks
- Install, Configure & Upgrade Operating systems, Software, hardware, and Applications
- Perform, Build as well as maintenance tasks on Laptops, Servers, Desktop PC, Printers, e.t.c.
- Troubleshoot & Repair all Computer Equipment
- Provide Anti-Virus Install e.g. McAfee, Upgrade and Cleanup, e.t.c.
Systems Administrator
Confidential, Millersville, MD
Responsibilities:
- Extensive experience in implementing security, web and database security assessment tools, static/dynamic testing tools & boundary defense technologies i.e. Confidential BigFix, Tripwire, Rapid7, Confidential Appscan, Fortify, Checkmarx, and QRadar for data collection just like Splunk.
- Performed analytics examination of logs and Snort based IDS events as well as web server log
- Performed Information Assurance Vulnerability Management to improve IA posture and ensure government compliance using SAINT, McAfee Vulnerability Manager.
- Performed and evaluated vulnerability scans within a multi-platform, large enterprise environment. Reacted to and initiated corrective action regarding security violations and attempt to gain unauthorized access, virus infections that may affect the network or other event affecting security. Identified various security risks, threats, and vulnerabilities of networks, systems, and new technology initiatives. Installed firewalls, intrusion prevention and detection systems, enterprise anti-virus systems and software deployment tools.
- Provided complex engineering analysis and support for firewalls, routers, networks, and operating systems. Performed security risk assessments, developed security risk mitigation recommendations, and identified security controls for systems, applications, and networks.
- Assessed, implemented, and documented security requirements for Federal information systems and ensured compliance with Computer Network Directives. Participated in the security definition, design review, integration, and testing during system / software development. Conducted network security reviews that include validation of current network security policy, requirements, design, comparative analysis, and assessment of the information assurance architecture.
- Configured firewalls (Cisco 5500 series, Palo Performed log and event management with the use of ArcSight SIEM, Splunk. Alto firewall, SonicWALL), intrusion detection systems (OSSEC, Snort) and other network security devices. Install, Operate and perform administrative tasks on Linux Redhat 6.x. Utilize Metasploit, WIreshark, NMAP for troubleshooting network and Pen Test.
- Implement, Configure, Troubleshoot, Monitor System performance in a Windows Server operating systems for 2003/2008/2008 R2 Standard and Enterprise editions. Work with the customer to request new Windows Server hardware and/or resources.
- Responsible for system configuration, system backup, software installation and maintenance, software license maintenance, utilization, and system performance for servers supporting a variety of software application systems. Make recommendations to management concerning hardware/software upgrades for more effective system use. Install, Configure and Administer ESXi 5.5 and Vcenter into a virtual environment
- Provide primary administration and support for the DFS/FRS, DNS, IIS 6/7, SSL certificates, .Net, Active Directory/LDAP environment which includes Perform assessments on Active Directory environments and implement remediation to assure the stability, security, and scalability of AD environments. Assist with overseeing all high level Active Directory needs. Design and Implement Active Directory plans for new integrations. Build servers for local and remote sites. Define processes, policies and nomenclature to be used by Directory Services administrators throughout the organization. Delegate access to directory for IT administrators as needed.
- Provide SQL server 2003 and 2008 administration support(mirroring, replication, store procedures, triggers and scripts). Administer and Manage Big F5,Coyote Equalizer Load
- Balancers. Provide Sharepoint 2007 and 2010 administration support, PKI experience, VMware, HL7, Perl, T-SQL and Microsoft Maps API experience.
- Provide analysis support toward problem resolution for the client in software and system performance of production processing and system throughput. Make recommendations and/ or develops new procedures for problem resolution. Perform security audits on designed computer systems to ensure compliance with established client policies.
- Makes recommendations and/ or develop procedures to reach compliance. This includes a contingency plan for recovery following a catastrophic system failure.
- Formed a Migration Plan for relocating all network hardware, servers from one location to another
- Utilize Microsoft Visio to create network diagrams for all servers in the racks. Perform detailed inventory of all network equipment, servers in the racks.
- Maintain and support production, test, and development environments and servers. Work with the customer to ensure proper resource allocation (i.e., RAM, SAN Disk, CPU) to support systems and applications.
McAfee/ Systems Engineer
Confidential, Bowie, MD
Responsibilities:
- Build & Setup business or Office IT Networks
- Install, Configure & Upgrade Operating systems, Software, hardware, and Applications
- Perform, Build as well as maintenance tasks on Laptops, Servers, Desktop PC, Printers, e.t.c.
- Troubleshoot & Repair all Computer Equipment
- Provide Anti-Virus Install e.g. McAfee, Upgrade and Cleanup, e.t.c.
Sr. Windows Engineer
Confidential, Rockville, MD
Responsibilities:
- Reviews and analyzes daily reports and prepares periodic reports for network status and baseline performance; researches, identifies, and analyzes trends of utilization and errors, use Remedy to document trouble tickets and keep track of issues and resolutions.
- Provide and support level 3 for Microsoft 2000, 2003, 2008 Infrastructure as well as diagnose, troubleshoot and resolve all hardware, software and operating systems problems.
- Provide monthly maintenance on all hardware and software issues.
- Build, Install, and configure applications as well as investigating and applying OS patches and service packs to servers and workstations using WSUS, Shavlik, Belarc
- Maintain tape backup systems including creating and updating backup policies.
- Strong understanding of configuring and supporting Microsoft Windows OS technology including
- AD Forests, Domains, Trusts, LDAP Directories, DHCP, DNS, WINS, Group Policy, DFS, TCPIP, and Registry keys.
- Perform Day-to-Day Systems administration and also assist users with connectivity and access problems. Manage, Operate and Upgrade McAfee EPO Orchestrator 3, 4.x. and other security tools
- Strong task management skills including planning, implementing various task like EPO Orchestrator Upgrades, IE7 upgrade, Veritas NetBackup upgrades, Vista Upgrades, etc.
- Work directly with various vendors to resolve network issues.
- In-Charge of the NOC. Responsible for creating and updating inventory for hardware and software for the Network Operations Center in Excel spreasheets as well as in remedy.
- Build, Engineer, Perform Citrix 4.0/4.5, Xenapp systems administration, connectivity, troubleshooting tasks
- Responsible for running GFI scan on all subnets at the bank and also responsible for fixing any related vulnerabilities and open ports issues.
- Responsible for Managing, operating, upgrading and checking the NETIQ operator’s console for any servers related issues and fixing the issues as they arise.
AD/EXCHANGE Engineer
Confidential, Vienna, VA
Responsibilities:
- Installs, Configures, updates, and maintain MS Windows servers in a large complex environment. Functions as a subject matter for Windows Operating Systems in a server-based environment. Provide Level 3 and Level 4 expert engineering and support for Exchange 2003 Infrastructure. Document the operational processes for ongoing maintenance of the
- Exchange 2003 infrastructure. Provide Tier III HelpDesk support to IT support personnel on Exchange 2003 infrastructure.
- Leads/Implements complex hardware deployments, software upgrades, and significant projects
- Reviews and analyzes daily reports and prepares periodic reports for network status and baseline performance; researches, identifies, and analyzes trends of utilization and errors, use Perregrine to document trouble tickets and keep track of issues and resolutions.
- Plan, Design and implement Windows/Exchange 2003 Cluster.
- Experience configuring, using and translating system monitoring and management technologies
- That use SNMP, Network Monitoring, and Performance monitoring.
- Troubleshoot LAN/WAN problems, implement corrective actions and recommend operational improvements. Lead the engineering team for Exchange 2003 to deploy new services and automate existing functions.
- Ensures systems and applications are compliant with applicable standards specified in task orders. Evaluates and recommends commercial-off-the-shelf (COTS) applications, products, and methodologies that can provide interoperable, portable, and scaleable information technology solutions. Strong understanding of SAN technologies & VERITAS NetBackup tool.
- Plan, Install, and Implement SQL 2000 & MIIS 2003 in Development lab and provide support in the test and production environment.
AD/Exchange Engineer
Confidential, Washington, DC
Responsibilities:
- Providing technical expertise during design, development, test, and implementation of Active Directory and on all matters related to active directory administration and information system design, development and administration.
- Providing feedback and briefings to the information technology (IT) community on activities involving all aspects of systems administration and information system design and development of the active directory network.
- Helping the support center in determining hardware, software, and data communication configurations based on the review and analysis of functional requirements for the support center.
- Coordination with other offices to achieve integrated systems administration for information system design and development, project management and mentor junior engineers.
- Providing extended active directory support and training to local site system administrators.
- Maintain, Manage, Support, and implement AD/Exchange 2003 in an EMC ADIC iscalar 500 Robotic tape environment.
Network Engineer
Confidential, Rockville, MD
Responsibilities:
- Responsible for the design, development, implementation, integration, and management of a
- Capacity planning, operational redundancy, contingency planning, integration, and operations of
- All components-hardware, and software in the AD architecture.
- Manage, Implement, Administer, and Troubleshoot enterprise infrastructure, network services to include WINS, DHCP, DNS and Domains to include File, Print, domain authentication servers and agency specific DNS and DHCP servers.
- System design and consultation, patch management, system monitoring, and virus detection and eradication, mentor junior engineers and project management.
- Experience providing Disaster Recovery, upgrade VMware 2.x to 3.x, managing, supporting, and implementing Exchange 2003.
AD/EXCHANGE Engineer
Confidential, Reston, VA
Responsibilities:
- Experience configuring, using and translating system monitoring and management technologies
- That use SNMP, Network Monitoring, and Performance monitoring.
- Strong understanding of configuring and supporting Microsoft Windows OS technology including
- Microsoft DDNS, WINS, Group Policy, and Security policies; knowledge of Microsoft Active Directory Architecture and Microsoft Windows 2000/2003 Server Operating Systems.
- Have strong understanding and experience implementing Microsoft security concepts in a multi-forest Active Directory infrastructure.
- Strong understanding of SAN/NAS technologies & VERITAS NetBackup tool.
- Perform Day-to-Day top level maintenance, administration duties & migration from Domino Lotus to exchange outlook 2000/2003 environment with over 100,000 users.
- Utilize Peregrine ticket tracking tool for resolving network problems.
- Plan, install, and maintain hardware equipment in a win 2000/2003 environment.
- Manage file, Print, exchange clusters in a windows 2000 & 2003.
- Manage NETIQ, Altiris, Antigen servers in windows 2000 & 2003.