SUMMARY:

• Over 15+ years of experience.
• Willingness to be challenged and has an insatiable appetite to learn new technologies.
• Ability to explain the findings of the analytics process and provide persuasive data in sufficient detail to leadership, key stakeholders, and technical/non - technical personnel.
• Experience with Identifying, assessing, and documenting potential data sources and flows, and analyze existing data warehouses to determine relevance trends to engineering and client needs.
• Familiar with strategies for data collection, establish rational metrics and report findings.
• Experience with a Security Information and Event Monitoring (SIEM) and Big Data Analytics platform performing log collection, analysis, correlation, and alerting.
• Ability to analyze, design, build, test, implement and support ETL solutions for multiple subject areas sourced from disparate data sources.
• Ability to effectively communicate ideas and results with actionable conclusions backed by data.
• Experience with Amazon Web Services (AWS) services and infrastructure. (EC2, VPC, ELB, S3, IAM, Lambda, SaaS, IaaS, PaaS.)
• Threat Models - MITRE ATT&CK, Cyber Kill Chain.
• Threat Intelligence Platforms - MISP, YETI, CRITs
• Familiar with integrating disparate security systems and data feeds via APIs.
• Experience developing and deploying effective countermeasures (Yara, Snort, SIEM Correlation Rules.)

TECHNICAL SKILLS:

Cyber Security Tools: Splunk Enterprise, Elasticsearch, Logstash, Kibana (ELK) ArcSight Enterprise Security Manager (ESM), BluVector Cortex, Cisco FirePOWER Threat Defense (Sourcefire Defense Center), Snort IDS, IBM Proventia/ISS, McAfee Intrushield, Tenable Nessus Vulnerability Scanner, Metasploit, Cisco Advanced Security Appliance (ASA), Symantec Enterprise Protection (SEP), Wireshark, Metasploit, Nmap, Kali Linux, Encase Enterprise, Bluecoat ProxySG, Tcpdump, Solera DeepSee, Einstein (SILK) Netflow Collector, i2 Analyst s Notebook, Moloch, Novetta Cyber Analytics, Zeek (Bro) IDS, Cuckoo Sandbox, Security Onion, OSSEC, Sysmon, Real Intelligence Threat Analytics (RITA).

Programming Languages: SQL, Shell, Regex, Grok

PROFESSIONAL EXPERIENCE:

Confidential

Cyber Security Principal

• Develop rules, filters, signatures, countermeasures and operationally relevant applications and scripts to support analysis and detection efforts.
• Build out graphs and tables that can be used to detect adversary activities and abnormalities .
• Research and track new exploits and cyber threats and interact with the Cyber Security community to obtain technical threat intelligence.
• Track cyber threat actors/campaigns based on technical analysis and open source intelligence.
• Gather requirements and build innovative solutions around open-source and proprietary tools.
• Develop and devise advanced analytical analysis, methods, and tools for design, quality, production, and engineering departments.
• Assist in identifying, prioritizing, and executing programs to help demonstrate and expand analytical capabilities.

Confidential

Senior Cyber Intrusion Analyst

• Blending traditional intelligence analysis, open source research, technical research and analyze a variety of near real-time and historical data sources.
• Conduct threat analysis, threat notifications, threat forecasts, and recommended countermeasures.
• Query NetFlow data and review IDS/IPS alerts for potentially malicious activity associated with Advanced Persistent Threats (APT).
• Collaborate with the intelligence community (IC) partners to share and collect cyber threat data for use in strategic threat assessments.
• Subject Matter Expert (SME) for advanced Tactics, Techniques, and Procedures (TTPs) within designated Area of Responsibilities (AORs) and provide foreign threat assessments identifying capabilities and intentions.
• Brief Senior Level Executives on Cyber Intrusions and develop countermeasures to aid against advanced cyber-attacks.
• Conduct statistical and trend analysis on various data sources.
• Create tailored products and reports for different levels of leadership.
• Support incident escalation, assess probable damages, identify damage control and remediation, and assist in developing courses of action.
• Research and recommend effective vulnerability countermeasures.
• Provide attribution, when possible, on the usage of malware samples.
• Monitor for new malware families being used in espionage using open source and internal collection systems.
• Analyze traffic patterns to determine potential distributed denial of service attacks (DDOS) attacks.

Confidential

Senior, Cyber Intel Analyst (FT/PT

• Develop and deliver threat intelligence reports to technical and executive staff.
• Distinguish and track cyber threat groups, particularly their methodology.
• Monitor, detect, and share malicious activity impacting the DoD GIG utilizing COTS and Open Source tools, as well as adversary TTPs and indicators that can be used to detect, monitor, and counter the activity with USCYBERCOM and DoD components.
• Develop and deploy effective countermeasures (Yara, Snort, SIEM Correlation Rules)
• Identify potentially malicious activity impacting the GIG; coordinate with DoD Components for CND actions; present consolidated information for leadership awareness.
• Provide remediation and mitigation strategies based on various Cyber Threats.
• Conduct surface analysis and runtime analysis on malware.
• Review raw log files, correlate the data, and provide analysis to executive staff.
• Analyze and correlate threat activity to stages in an adversary Kill Chain.

Confidential

Manager, Security Operations Center

• Managed contractors and junior to senior level consultants.
• Developed content in ArcSight ESM that allowed analysts to identify threats by monitoring customized channels, dashboards, and established high confidence alert notification.
• Provide the customer with strong executive-level communication, presentations, reports, which entailed the ability to work closely with customers and conduct high-level meetings with senior level clients.
• Researched and analyzed known hacker methodology, system exploits, and vulnerabilities.
• Hands-on ArcSight developing and managing use cases and content (Dashboards, Active Channels, Reports, Rules, Filters, Active Lists.)
• Coordinated technical incident response and remediation activities within the government enterprise environment.
• Delivered against the Statement of Work (SOW), meet customer expectations, and accomplish all goals defined by the engagement.
• Established Service Level Agreements (SLA) is fulfilled in an opportune manner.
• Create and maintain Standard Operating Procedures (SOPs) for the use of team members.

Confidential

Team Lead, Cyber Security Analyst

• Conduct oversight of SOC operations of the enterprise's security solutions through management of the organization's Security Analyst.
• Monitored and analyzed network security events from network intrusion detection systems (NIDS), host intrusion detection systems (HIDS), and log data; opening/updating trouble tickets; and provided call support for DHS component agencies.
• Identified anomalous and malicious activities involving DHS assets, malware, and allegations of misuse and coordinate mitigation procedures with DHS components, file incident reports, and monitor all Internet-facing services for attacks
• Identified and analyzed network traffic against known IDS signatures.
• Collect, analyze, and correlated network flow data using the US-CERT Einstein Program and share computer security information across the federal government agencies to improve our nation's situational awareness.
• Coordinated technical incident response and remediation activities for Customs and Border Protection, and the 10 component agencies of the Department of Homeland Security
• Remediated incidents related to Personally Identifiable Information (PII), classified spillages, financial systems, the allegation of misuse, law enforcement investigations, and malicious logic.
• Tracked and monitored incidents to ensure compliance with government regulations.
• Conduct Surface analysis and Runtime analysis on malware.
• Reviewed and revised security policies/procedures.

Confidential

Program Manager/Senior Engineer

• Implemented and managed remote access virtual private networks (VPN), site to site VPNs, and secure socket layer (SSL) based VPNs on the Cisco Adaptive Security Appliance (ASA) 5520.
• Monitored network traffic using ASDM 6.0 software to research and track vulnerabilities, and define action plans for improvement within the enterprise environment.
• Isolate/troubleshoot layer 3 routing issues within the enterprise network environment.
• Responsible for Active Directory administering objects and deploying policies.
• Deployed security patches to client workstations.
• Created executive-level reports to key stakeholders.

Confidential

Cyber Security Analyst

• Analyzed network traffic and IDS alerts against potential intrusion attempts and false alarms.
• Launched and tracked investigations to resolution and recommend IDS filters to eliminate false positives.
• Create daily shift reports to assess shift activity to provide to management.
• Conduct vulnerability scans for risk assessment and mitigation purposes