We provide IT Staff Augmentation Services!

Cyber Incident Responder Resume

OBJECTIVE

  • Obtain a challenging position as a Cyber Incident Responder or Threat Intelligence Analyst with an established company where I can showcase my communication and troubleshooting skills. I am looking to utilize my 7 years of experience to evaluate external threats related to zero day attacks, exploit kits and malware to determine the risk to the organization.

TECHNICAL SKILLS

Languages: Java, C, C++, SQL, PL/SQL, Visual Basic, HTML, FoxPro 6.0, AS/400, RPG and COBOL

Platforms: BluVector, IronPort, McAfee Network Security Manager, McAfee Enterprise Security Manager, PARS, IPAM, McAfee Web Gateway, ePO, FireEye, Skillsoft, Kali - Linux VM, BlueCoat Reporter, WinSCP, WireShark, cURL, Dig and Security Center.

PROFESSIONAL EXPERIENCE

Confidential

Cyber Incident Responder

Responsibilities:

  • Provided 24/7 on-call rotation support as scheduled for the Enterprise Cyber Team
  • Provide timely, comprehensive and accurate information to the Manager in both written and verbal communications
  • Researched Vendors to determine the best Malware detection ratio and utilized those findings to perform Threat Hunting
  • Utilize my Threat Hunting finding to create new Watchlist and Signatures for the SIEM
  • Create PPT presentations to help new members of our team and the customer to understand our process
  • Articulate impact of security incidents to key stakeholders and produce reports to explain the process to our customers.
  • Conducts malware analysis and identification of Indicators of Compromise to evaluate incident scope and impact.
  • Collaborate with product management & engineering for platform improvements
  • Act as lead incident responder, coordinating investigations, obtain logs from our Windows and Linux teams.
  • Perform analysis of logs from various security controls, including, firewall, event and system logs, to identify possible threats.
  • Obtain actionable information from Vendors and integrated that information into our Threat monitoring activities
  • Identify incidents within our environment and determine the need to escalate to the appropriate technical resources,
  • Safely acquire and preserve the integrity of data required for incident analysis to determine the scope of the incident
  • Collaborate with customers and teammates to determine areas where we can improve our capabilities and processes
  • Mentor first level staff and Incident Handlers and serve as a primary escalation point for incidents
  • Train, coach, and supervise members of the team on how to utilize our tools to obtain the data required
  • Identify cyber risks and threat intelligence that could show evidence of Malicious activity
  • Track and document Computer Network Defense hunts and incidents from initial detection through final resolution.
  • During meetings with our customer, acts as a technical advisor to offer solutions to technical problems
  • Participate in advanced threat hunting activities to detect new and potentially unknown events in our environment.
  • Work with customer to determine threats to our environment and utilize countermeasures to prevent those threats
  • Lead, conduct and maintain security risk assessments, identify security vulnerabilities, develop recommendations
  • Conduct advanced investigation, forensic analysis to include evidence seizure and malware analysis of incidents
  • Receive and analyze network alerts from various sources within the enterprise and determine causes of such alerts.
  • Ensure timely response to any cyber incident to minimize risk exposure and production down time
  • Utilize incident response playbooks to follow established and repeatable processes for triaging and containment
  • Develop comprehensive and accurate reports and presentations for both technical and executive audiences

Confidential

Cyber Incident Analyst Responder

Responsibilities:

  • Researched Vendors to determine the best Malware detection ratio and utilized those findings to perform Threat Hunting
  • Perform Threat Hunting to locate Malicious IP Addresses, URL, Hashes, Email Address and share the information with vendors
  • Organized and consolidated information from Threat Hunting sources and fed info into SIEM to automate detection and blocking.
  • Integrate data from Vulnerability Update Notification to ensure assets on our network are patched
  • Perform Vulnerability Management & Analytics scans on internal assets across the environment
  • Provided 24/7 on-call rotation support as scheduled for the Enterprise Cyber Team
  • Generated Monthly Threat Reports to communicate the security status of the Commonwealth to our customer.
  • Participated in the incident response and investigation process for identified security events.
  • Interpreted, analyzed and executed Cyber Security policies, procedures and tactics.
  • Provided real-time decision making to diagnose and analyze high severity escalated incidents ensuring remediation
  • Developed and maintained documentation of threats and incidents to enhance event monitoring and incident response
  • Managed high risk information security incidents across the organization and ensured operations were restored quickly
  • Developed strong working relationship with diverse security teams on the program and with the customer.
  • Researched and recommended appropriate cybersecurity countermeasures for networks, systems, and applications.
  • Created Job Aids for the SOC Analysts, which give step-by-step instructions on how to achieve a specific task.
  • Reviewed and updated multiple procedural documents to give management an overview of our process to resolve incidents..
  • Utilize tools (e.g., Wireshark, Nmap, PCap, etc.) to identify and map devices on the network
  • Stay up to date with current security vulnerabilities, attacks, and countermeasures
  • Investigate and provide technical analysis of various security incidents and possible compromise of systems

Confidential

Cyber Incident Analyst DOD Secret Clearance

Responsibilities:

  • Apply incident handling process including preparation, identification, containment, eradication, and recovery to protect network
  • Responsible for working in a 24 x 7 Security Operations Center (SOC) environment.
  • Coordinated with system owners to acquire additional information required to adequately analyze security incidents.
  • Monitored information from the SIEM for evidence of unauthorized or malicious activity and notify the appropriate authority.
  • Engaged IPS to detect real time attacks. Obtained Peer Review and created tickets to block links, IP addresses or wipe machines.
  • Analysis email based communications, headers, transactions, and identification of malicious tactics, techniques, and procedures.
  • Detected Phishing emails, blocked Malicious senders and URLs, and perform remediation of compromised accounts
  • Captured, analyzed and submitted samples of malicious files, URLs and Hashes to multiple Malware vendors.
  • Detected and orchestrated the removal of Malware from Assets on the Network.
  • Examined Known Published vulnerabilities to determine if Enterprise assets are vulnerable to specific attacks
  • Decoded Encrypted text and source code to determine if strings are Malicious.
  • Analyzed traffic using a variety of tools and data sets to identify indicators of malicious activity on the network .
  • Utilized packet captures and logs to perform root cause analysis of security incidents.
  • Collect, analyze, and report on Malicious software and phishing messages targeting internal assets for indicators of compromise.
  • Monitor and analyze signature-based IDS alerts and associated packet (PCAP) data.
  • Utilize curl to view source code of HTML website without going to the site and block Malicious links.
  • Ensure that all SOC (Security Operations Center) tickets are handled and resolved within SLAs (Service Level Agreements)
  • Monitor security alarm activity from remote communications sites to ensure company compliance
  • Create and run search queries in SIEM tools to help with identifying and troubleshooting security issues

Hire Now