Confidential, Fairfax, VA
Network Defense Team Lead
- Utilize Security Information and Event Management (SIEM) tools such as Interrogator to review alerts and monitor team performance.
- Conduct in - depth packet analysis analyzing raw packet data with Tcpdump and Interrogator tools.
- Monitor open source intelligence for threats, vulnerabilities, Confidential and Near Peer/APT activity.
- Assist researchers with product testing as needed.
- Review and provide feedback on new and potential training platforms for the CND analyst.
- Provide weekly and monthly reports.
- Other tools/software include: Windows & Linux OS, Putty, Keberos, Snort, Jira, Confluence and Kabana.
- Conduct interviews for prospective analyst.
Sr. Incident Analyst - Technical Specialist
- Performed as Senior Incident Responder in a 24x7x365 environment delivering support (IAW CJCSM 6510.01B) to the Defence Cyber Operations, Cyber Incident Response Team (DCO CIRT).
- Utilized Security Information and Event Management (SIEM) tools, (HBSS/ESM/NSM) to monitor the NIPRNet/SIPRNet of the Confidential Corps.
- Utilized other incident response tools, both commercial and open-source i.e., IronPort, BlueCoat, Wireshark, FortiAnalizer, IRTK, Remedy etc., to report, analyze, coordinate, and respond to incidents throughout the Confidential Corps networks providing detailed write-ups on each event discovered.
- Responded in a timely matter to unauthorized network activity, alerts and other cyber threats within the DODIN.
- Collaborated with other CYBER teams within the MCCOG and MARFORCYBER on events and incidents affecting the Confidential network.
Confidential, Arlington, VA
Cyber Security Analysis Project Manager
- Reviewed, monitored and approved budget reports, invoices, expense and timesheets.
- Assisted in the hiring process by preparing requisitions, reviewing resumes and coordinating with the client.
- Attended PM training sessions and client operations meetings.
- Prepared monthly reports for Confidential management.
Senior Watch Officer/Incident Manager
- Supported general citizen’s computers are infected/attacked or who have general questions regarding malware, viruses and other security issues with their personal computers, networks or systems.
- Coordinated the Confidential Daily Operations meeting, which provides updates from all groups for situational awareness and reports for the Confidential Director.
- Collaborated with other entities within the Confidential to include the Confidential Duty Officer, ICS-CERT, MS-ISAC, Watch and Warning and Incident Handlers on incidents cyber and otherwise which may affect the critical infrastructure of the United States and its foreign and commercial partners.
- Participated in continuity of operations COOP) at disaster recovery site for exercises and real world events.
- Supported the Incident Response Team as a Vulnerability Analyst at Confidential utilizing the Mandiant Intelligent Response (MIR) appliance and other open source tools to find evidence of compromise within an organization’s network.
- Deployed with appliance and IRT to client site to provide on-site analysis.
- Performed administrative and maintenance on the MIR appliance to include OS installation, configuration, user account creation, patching and deployment preparation. Performed analysis on Indicators of Compromise ( Confidential ) found and processed as necessary for other Confidential groups, (Network Analysis, Digital Analytics/Malware, Cyber Threat Information Sharing) for further analysis and reporting purposes.
- Participated in mitigation meetings at the client site as well as via phone and teleconference.
- Utilize Remedy for reporting and tracking of incidents reported to the Security Operations Centre.
Master, Cyber Security Analysis
- Supported the Cyber Threat Information Sharing group as a Network Security Specialist at Confidential analysing indicators of compromise ( Confidential ) from classified and unclassified sources.
- Performed ongoing collaboration with analyst throughout the Intelligence Community as well as the commercial and private sectors sharing threat analysis on open source and classified items of interest.
- Utilize Confidential tools such as the Cyber Indicator Analysis Platform (CIAP), Remedy and other and indicator sharing, open source tools to research and of indicators of compromise ( Confidential ).
- Provided guidance and leadership to less experienced co-workers.
- Made recommendations to improve procedures.
Confidential, Fort Belvoir, VA
Cyber Systems Engineer
- Supported information assurance compliance of Confidential ’s enterprise operating systems and client systems on the unclassified and classified (NiPRNET and SiPRNET) networks.
- Performed UNIX system administration on Solaris 10/Linux, (Sparc/x86) applying patches to global and zones servers.
- Utilized shell and program languages such as Perl and Python.
- Performed incremental and full back-up Confidential ’s SiPR email using Symantec NetBackup. Provide reports upon request using PyDev Eclipse-SDK.
- Used System Directory Service Control Center to manage LDAP accounts, directory and proxy servers.
- Used Integrated Lights Out Manager to troubleshoot and perform remote administration to out-of-band servers.
- Provided rotational on-call support.
- Coordinated with Disaster Recovery site on equipment maintenance and operational support.
Confidential, Arlington, VA
- Provided incident handling and operational support for the 24x7 Confidential Security Operations Center (SOC)/National Cyber Security and Communications Integration Center.
- Briefed the cyber security community on open source news which could directly affect the critical infrastructure and key resources of the United States.
- Identified and resolve issues related to abnormal cyber activity and for both government, foreign and commercial agencies.
- Systematically documented cyber security events/incidents through the Remedy ticketing system and provide analysis through the use of open source tools to be used in the investigation of cybercrimes to include computer hacking, network intrusion and the use of technology to promote terrorist threats.
- Diagnosed and resolve issues in response to customer reported incidents via phone and email.
- Collaborate with other federal, state and local governments, private sector and international communities to provide a continuous flow of cyber security information and support situational awareness.
- Evaluated security events to determine impact and implements corrective actions.
- Escalated incidents when necessary to provide an avenue for further investigation.
- Applied information security/information assurance policies, principles, and practices in the delivery of all IT services provided.
Confidential, Ft. Belvoir, VA
Systems Analyst/Team Lead
- Prepared daily status report for briefing to upper management and Army leadership utilizing Crystal Reports 9 and MS Office Suite.
- Provided network management and monitoring for Army Knowledge Online ( Confidential ) and Defense Knowledge Online (DKO), serving 1.9 million users worldwide facilitating joint communication and collaboration.
- Assisted senior engineers and management by recommending and implementing workable solutions for network issues.
- Utilized networking/LAN/WAN skills to perform upgrades and repairs within data center.
- Utilized PING and trace route to check network connections. Troubleshooter connection issues by restarting servers manually or within Opsware.
- Applied basic configurations changes within routers and switches at the request of network engineers such as activating interfaces, adding users to VLANS and making adjustments to MTUs.
- Serviced minor device issues and performed maintenance in the data center to include cabling, port testing, GBIC, fan, module and blade hotswaps on switches, routers and/blade servers.
- Monitored and reported the status of network devices using Windows Application Monitor (WAM), Netcool, Opsware, Big Brother, Ironport and Crystal Reports.
- Confirmed blocked IP addresses and access list (ACL) for senior engineers, outside organizations and Army leadership utilizing Check Point.
- Assisted mail administration team testing and monitoring applications such as Confidential mail, instant messaging and VIDI Talk Video messaging project. Monitored Ironports SPAM filters and responded to alerts. Made adjustments to user quotas for bulk mail alerts.
- Used Opsware to update Confidential and Army splash pages for outages, maintenance and other minor modifications.
- Utilized Remedy and Right Now trouble ticketing system.
- Performed incident response escalation and notification procedures for the Confidential portal/webmail outages, power outages and other significant events affecting the NIPR and SIPR networks.
- Monitored Confidential facilities and disaster recovery site via closed-circuit video monitoring systems.
- Provided weekly training to team.
Confidential, Stafford, VA
- Applied superior customer support, technical analysis, and troubleshooting skills servicing over 80,000 employees on Department of Homeland Security (DHS) portals: DHSonline, Disasterhelp and ReadyGov websites.
- Prepared tickets within RightNow trouble ticketing software for request received via telephone and email.
- Assisted disaster management personnel and first responders (local, state and federal) with installation and configuration of Disaster Management Interoperability Services (DMIS) software. Assisted user by testing and troubleshooting software, workstation and network connectivity issues.
- Managed accounts in Active Directory Services.
- Processed DHS employee request for VPN account creation, updates and termination.
- Worked with the Network Operation Center to provide joint response for portal/power outage incidents and other issues requiring incident report escalation and notification to senior management via email and phone.