PERSONAL SUMMARY:

Cybersecurity Strategist who adapts fast and manages diverse changes to environment. Enthusiastic professional has a strong sense of purpose. Result and outcome driven, with the ability to develop and enrich partner workflow while navigating spontaneous challenges. Dedicated leader with exceptional standards maintains continuity among improvement objectives, organizational security and functionality. A leader who is agile in articulation across diverse teams and drives high standards to complete objectives. Reliable administrator is resourceful, industrious and uses progressive thought to resolve difficult problems. Organized and effective conceptualist who can function at majority implementation levels.

INFOSEC TOOLS AND OTHER APPLICATIONS:

• ADDS
• Archer/GRC/Ticket
• AS400 Log and Code Identification
• BIT9 Carbon Black
• Burp Suite
• Caspida/Review/POC
• Darktrace
• DLP/Symantec/McAfee
• EnCase
• Emerging Threat
• FireEye Suite/HELIX
• Firewall logs ASA/PIX/Palo Alto
• IBM VSOC/Alerting Systems Monitoring Application
• IDS/IPS/FireEye/Symantec/McAfee etc.
• IMPERVA/WAFs Monitoring Application
• IRON KEY
• Linux/intermediate/defense/offense environments/
• MAC OS/Desktop/Mobile/
• Mandiant MIR
• Mainframe Log Identification
• Maltego
• McAfee ePO/VSE/AV etc.
• Confidential Business Suite
• Confidential 360
• Observer
• Other Sys Log Identification/Registry/Console
• PEStudio
• PowerShell/capable light query automation
• Proxy/BLUECOAT/IRONPORT log correlations
• Python/intermediate/ping loops etc.
• Qualys
• Rapid7
• Rekall
• Redline HX
• Resolution1/Now Fidelis
• REMnux
• RSA eCAT/Netwitness
• Savvis Century Link/LogLogics/
• Securonix
• (SEP) Symantec Endpoint Protection
• (SEP/MSSP) Managed Security Services Provider
• SIEM (Security Information and Event Management): ArcSight, ELK, Splunk, MetaFlows
• SIFT
• SpiderFoot HX
• Splunk/Monitoring /Analytics/Detection
• TCPdump
• Tenable/Nessus
• Traps
• Tripwire
• Websense/Triton Enterprise
• Wireshark
• Ticket System/Frontrange/SPARC/HPSM
• Visual Studio
• Vectra
• Volatility

RELEVANT EXPERIENCE:

Confidential, Bellevue, WA

Sr. Cybersecurity Engineer

Responsibilities:

• Engaged all IR (Incident Response) stages. Actively Hunt, conduct Memory Forensics Analytics and create Rules for our current detections platforms to include SIEM, NSM and EDR. My primary objectives are to remediate any escalations pushed to my queue and any incidental investigations discovered within our network.
• A percentage of my focus involves evaluating detections, detection improvements and assisting vendor tool enrichments.

Tools: Notable toolset instrumental to achieving my goals are the following: SIFT/Kali (Defense/Offense), ArcSight, Splunk, Darktrace, SpiderFoot HX, SYSi., Suite, Redline HX, and raw logs to drive investigation output. I use McAfee, Symantec, Emerging Threats, FireEye and RSA Netwitness for cross referencing intelligence.

Confidential, Redmond, WA

Sr. Security Analyst

Responsibilities:

• Detection and Monitoring support as part of an MSSP assignment. My primary objectives were to evaluate ArcSight Detection capability of over 367
• Use Cases and scale down for qualitative functionality. Monitored 3 Hunt Environments within Windows Devices Group now Azure Security Group. Two of these groups to note were XBOX and CORE.
• My day to day was segmented between team members offering insight to Data Science, Operations and Detection Capabilities.

Tools: Primary toolset was ArcSight, Wireshark, COSMOS, Sourcefire, Tripwire, Resolution 1 now Fidelis EDR, Criticalstack, SIFT. Internal Proprietary Detection Capabilities/Data Science Lead out of COSMOS.

Confidential, Monterey Park, CA

Sr. Information Security Analyst

Responsibilities:

• Briefed CISO (Chief Information Security Officer) pertaining to justifications and recommendations in relationship to information event management, content, scope and nature of undertaking of SPLUNK/ArcSight integration.
• Customized reports to augment outdated systems applications and processes.
• Oversaw identification and detection revision.
• Created gap analysis metrics for multiple platforms including but not limited to: AS400, Mainframe, Unix, Windows, ePO, Global Payment Processing Systems keeping in line with PCI DSS Standards (Payment Card Industry/Data Security), PA DSS (Payment Application), PTS (Pin Transaction Security), SOX, FRB testing compliance, governance, audit and regulatory documentation.
• Produced SOX audits to ensure critical systems were cleared to evaluate high to medium risk level Alerts.
• Shaped the detections review, revision and content updates to include modification.
• Directed TPA audits and assured monthly metrics were in place for the SOX and FRB testing.

Tools: ArcSight, IBM, McAfee, Savvis CenturyLink (Imperva), Splunk, and FireEye/Mandiant.

Confidential, Foster City, CA

Information Security Analyst (SOC)

Responsibilities:

• Provide Tier2 security monitoring. Support management with SOC build.
• Monitor escalations queue remediate and document workflow.
• Develop processes to support SOC functionality.
• Instrumental in the identification of malicious/adversarial behavior on the local and remote systems.
• Administered forensic analysis and stage remediation. Oversaw remedy process and velocity reporting to Tier 1 and remediation teams.
• Lead for service desk On Call remediation, host scans and reimaging systems.

Tools: Bit9(Carbon Black), ArcSight, Symantec, FireEye/Mandiant, Virus Total operations.

Confidential, Redlands, CA

Information Security Analyst/Contract/Consultant

Responsibilities:

• Deliver supplemental Security Support. Conduct triage, remediation, research mitigation applications, audit workflow, policy, procedure, controls and security practices.
• Evaluate technology and deliver metrics from outputs like automated reports generated. Analyze and filter for specific client needs and or business needs for each engagement.
• Support NetSEC Teams, SOC, Operational Engineers, GRC and Management Teams for any security related issue.

Tools: Various tools listed below.