OBJECTIVE

• Obtain a challenging position as a Cyber Incident Responder or Threat Intelligence Analyst with an established company where I can showcase my communication and troubleshooting skills. I am looking to utilize my 7 years of experience to evaluate external threats related to zero day attacks, exploit kits and malware to determine the risk to the organization.

TECHNICAL SKILLS

Languages: Java, C, C++, SQL, PL/SQL, Visual Basic, HTML, FoxPro 6.0, AS/400, RPG and COBOL

Platforms: BluVector, IronPort, McAfee Network Security Manager, McAfee Enterprise Security Manager, PARS, IPAM, McAfee Web Gateway, ePO, FireEye, Skillsoft, Kali - Linux VM, BlueCoat Reporter, WinSCP, WireShark, cURL, Dig and Security Center.

PROFESSIONAL EXPERIENCE

Confidential

Cyber Incident Responder

Responsibilities:

• Provided 24/7 on-call rotation support as scheduled for the Enterprise Cyber Team
• Provide timely, comprehensive and accurate information to the Manager in both written and verbal communications
• Researched Vendors to determine the best Malware detection ratio and utilized those findings to perform Threat Hunting
• Utilize my Threat Hunting finding to create new Watchlist and Signatures for the SIEM
• Create PPT presentations to help new members of our team and the customer to understand our process
• Articulate impact of security incidents to key stakeholders and produce reports to explain the process to our customers.
• Conducts malware analysis and identification of Indicators of Compromise to evaluate incident scope and impact.
• Collaborate with product management & engineering for platform improvements
• Act as lead incident responder, coordinating investigations, obtain logs from our Windows and Linux teams.
• Perform analysis of logs from various security controls, including, firewall, event and system logs, to identify possible threats.
• Obtain actionable information from Vendors and integrated that information into our Threat monitoring activities
• Identify incidents within our environment and determine the need to escalate to the appropriate technical resources,
• Safely acquire and preserve the integrity of data required for incident analysis to determine the scope of the incident
• Collaborate with customers and teammates to determine areas where we can improve our capabilities and processes
• Mentor first level staff and Incident Handlers and serve as a primary escalation point for incidents
• Train, coach, and supervise members of the team on how to utilize our tools to obtain the data required
• Identify cyber risks and threat intelligence that could show evidence of Malicious activity
• Track and document Computer Network Defense hunts and incidents from initial detection through final resolution.
• During meetings with our customer, acts as a technical advisor to offer solutions to technical problems
• Participate in advanced threat hunting activities to detect new and potentially unknown events in our environment.
• Work with customer to determine threats to our environment and utilize countermeasures to prevent those threats
• Lead, conduct and maintain security risk assessments, identify security vulnerabilities, develop recommendations
• Conduct advanced investigation, forensic analysis to include evidence seizure and malware analysis of incidents
• Receive and analyze network alerts from various sources within the enterprise and determine causes of such alerts.
• Ensure timely response to any cyber incident to minimize risk exposure and production down time
• Utilize incident response playbooks to follow established and repeatable processes for triaging and containment
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences

Confidential

Cyber Incident Analyst Responder

Responsibilities:

• Researched Vendors to determine the best Malware detection ratio and utilized those findings to perform Threat Hunting
• Perform Threat Hunting to locate Malicious IP Addresses, URL, Hashes, Email Address and share the information with vendors
• Organized and consolidated information from Threat Hunting sources and fed info into SIEM to automate detection and blocking.
• Integrate data from Vulnerability Update Notification to ensure assets on our network are patched
• Perform Vulnerability Management & Analytics scans on internal assets across the environment
• Provided 24/7 on-call rotation support as scheduled for the Enterprise Cyber Team
• Generated Monthly Threat Reports to communicate the security status of the Commonwealth to our customer.
• Participated in the incident response and investigation process for identified security events.
• Interpreted, analyzed and executed Cyber Security policies, procedures and tactics.
• Provided real-time decision making to diagnose and analyze high severity escalated incidents ensuring remediation
• Developed and maintained documentation of threats and incidents to enhance event monitoring and incident response
• Managed high risk information security incidents across the organization and ensured operations were restored quickly
• Developed strong working relationship with diverse security teams on the program and with the customer.
• Researched and recommended appropriate cybersecurity countermeasures for networks, systems, and applications.
• Created Job Aids for the SOC Analysts, which give step-by-step instructions on how to achieve a specific task.
• Reviewed and updated multiple procedural documents to give management an overview of our process to resolve incidents..
• Utilize tools (e.g., Wireshark, Nmap, PCap, etc.) to identify and map devices on the network
• Stay up to date with current security vulnerabilities, attacks, and countermeasures
• Investigate and provide technical analysis of various security incidents and possible compromise of systems

Confidential

Cyber Incident Analyst DOD Secret Clearance

Responsibilities:

• Apply incident handling process including preparation, identification, containment, eradication, and recovery to protect network
• Responsible for working in a 24 x 7 Security Operations Center (SOC) environment.
• Coordinated with system owners to acquire additional information required to adequately analyze security incidents.
• Monitored information from the SIEM for evidence of unauthorized or malicious activity and notify the appropriate authority.
• Engaged IPS to detect real time attacks. Obtained Peer Review and created tickets to block links, IP addresses or wipe machines.
• Analysis email based communications, headers, transactions, and identification of malicious tactics, techniques, and procedures.
• Detected Phishing emails, blocked Malicious senders and URLs, and perform remediation of compromised accounts
• Captured, analyzed and submitted samples of malicious files, URLs and Hashes to multiple Malware vendors.
• Detected and orchestrated the removal of Malware from Assets on the Network.
• Examined Known Published vulnerabilities to determine if Enterprise assets are vulnerable to specific attacks
• Decoded Encrypted text and source code to determine if strings are Malicious.
• Analyzed traffic using a variety of tools and data sets to identify indicators of malicious activity on the network .
• Utilized packet captures and logs to perform root cause analysis of security incidents.
• Collect, analyze, and report on Malicious software and phishing messages targeting internal assets for indicators of compromise.
• Monitor and analyze signature-based IDS alerts and associated packet (PCAP) data.
• Utilize curl to view source code of HTML website without going to the site and block Malicious links.
• Ensure that all SOC (Security Operations Center) tickets are handled and resolved within SLAs (Service Level Agreements)
• Monitor security alarm activity from remote communications sites to ensure company compliance
• Create and run search queries in SIEM tools to help with identifying and troubleshooting security issues