Cyber Incident Responder Resume
2.00/5 (Submit Your Rating)
OBJECTIVE
- Obtain a challenging position as a Cyber Incident Responder or Threat Intelligence Analyst with an established company where I can showcase my communication and troubleshooting skills. I am looking to utilize my 7 years of experience to evaluate external threats related to zero day attacks, exploit kits and malware to determine the risk to the organization.
TECHNICAL SKILLS
Languages: Java, C, C++, SQL, PL/SQL, Visual Basic, HTML, FoxPro 6.0, AS/400, RPG and COBOL
Platforms: BluVector, IronPort, McAfee Network Security Manager, McAfee Enterprise Security Manager, PARS, IPAM, McAfee Web Gateway, ePO, FireEye, Skillsoft, Kali - Linux VM, BlueCoat Reporter, WinSCP, WireShark, cURL, Dig and Security Center.
PROFESSIONAL EXPERIENCE
Confidential
Cyber Incident Responder
Responsibilities:
- Provided 24/7 on-call rotation support as scheduled for the Enterprise Cyber Team
- Provide timely, comprehensive and accurate information to the Manager in both written and verbal communications
- Researched Vendors to determine the best Malware detection ratio and utilized those findings to perform Threat Hunting
- Utilize my Threat Hunting finding to create new Watchlist and Signatures for the SIEM
- Create PPT presentations to help new members of our team and the customer to understand our process
- Articulate impact of security incidents to key stakeholders and produce reports to explain the process to our customers.
- Conducts malware analysis and identification of Indicators of Compromise to evaluate incident scope and impact.
- Collaborate with product management & engineering for platform improvements
- Act as lead incident responder, coordinating investigations, obtain logs from our Windows and Linux teams.
- Perform analysis of logs from various security controls, including, firewall, event and system logs, to identify possible threats.
- Obtain actionable information from Vendors and integrated that information into our Threat monitoring activities
- Identify incidents within our environment and determine the need to escalate to the appropriate technical resources,
- Safely acquire and preserve the integrity of data required for incident analysis to determine the scope of the incident
- Collaborate with customers and teammates to determine areas where we can improve our capabilities and processes
- Mentor first level staff and Incident Handlers and serve as a primary escalation point for incidents
- Train, coach, and supervise members of the team on how to utilize our tools to obtain the data required
- Identify cyber risks and threat intelligence that could show evidence of Malicious activity
- Track and document Computer Network Defense hunts and incidents from initial detection through final resolution.
- During meetings with our customer, acts as a technical advisor to offer solutions to technical problems
- Participate in advanced threat hunting activities to detect new and potentially unknown events in our environment.
- Work with customer to determine threats to our environment and utilize countermeasures to prevent those threats
- Lead, conduct and maintain security risk assessments, identify security vulnerabilities, develop recommendations
- Conduct advanced investigation, forensic analysis to include evidence seizure and malware analysis of incidents
- Receive and analyze network alerts from various sources within the enterprise and determine causes of such alerts.
- Ensure timely response to any cyber incident to minimize risk exposure and production down time
- Utilize incident response playbooks to follow established and repeatable processes for triaging and containment
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences
Confidential
Cyber Incident Analyst Responder
Responsibilities:
- Researched Vendors to determine the best Malware detection ratio and utilized those findings to perform Threat Hunting
- Perform Threat Hunting to locate Malicious IP Addresses, URL, Hashes, Email Address and share the information with vendors
- Organized and consolidated information from Threat Hunting sources and fed info into SIEM to automate detection and blocking.
- Integrate data from Vulnerability Update Notification to ensure assets on our network are patched
- Perform Vulnerability Management & Analytics scans on internal assets across the environment
- Provided 24/7 on-call rotation support as scheduled for the Enterprise Cyber Team
- Generated Monthly Threat Reports to communicate the security status of the Commonwealth to our customer.
- Participated in the incident response and investigation process for identified security events.
- Interpreted, analyzed and executed Cyber Security policies, procedures and tactics.
- Provided real-time decision making to diagnose and analyze high severity escalated incidents ensuring remediation
- Developed and maintained documentation of threats and incidents to enhance event monitoring and incident response
- Managed high risk information security incidents across the organization and ensured operations were restored quickly
- Developed strong working relationship with diverse security teams on the program and with the customer.
- Researched and recommended appropriate cybersecurity countermeasures for networks, systems, and applications.
- Created Job Aids for the SOC Analysts, which give step-by-step instructions on how to achieve a specific task.
- Reviewed and updated multiple procedural documents to give management an overview of our process to resolve incidents..
- Utilize tools (e.g., Wireshark, Nmap, PCap, etc.) to identify and map devices on the network
- Stay up to date with current security vulnerabilities, attacks, and countermeasures
- Investigate and provide technical analysis of various security incidents and possible compromise of systems
Confidential
Cyber Incident Analyst DOD Secret Clearance
Responsibilities:
- Apply incident handling process including preparation, identification, containment, eradication, and recovery to protect network
- Responsible for working in a 24 x 7 Security Operations Center (SOC) environment.
- Coordinated with system owners to acquire additional information required to adequately analyze security incidents.
- Monitored information from the SIEM for evidence of unauthorized or malicious activity and notify the appropriate authority.
- Engaged IPS to detect real time attacks. Obtained Peer Review and created tickets to block links, IP addresses or wipe machines.
- Analysis email based communications, headers, transactions, and identification of malicious tactics, techniques, and procedures.
- Detected Phishing emails, blocked Malicious senders and URLs, and perform remediation of compromised accounts
- Captured, analyzed and submitted samples of malicious files, URLs and Hashes to multiple Malware vendors.
- Detected and orchestrated the removal of Malware from Assets on the Network.
- Examined Known Published vulnerabilities to determine if Enterprise assets are vulnerable to specific attacks
- Decoded Encrypted text and source code to determine if strings are Malicious.
- Analyzed traffic using a variety of tools and data sets to identify indicators of malicious activity on the network .
- Utilized packet captures and logs to perform root cause analysis of security incidents.
- Collect, analyze, and report on Malicious software and phishing messages targeting internal assets for indicators of compromise.
- Monitor and analyze signature-based IDS alerts and associated packet (PCAP) data.
- Utilize curl to view source code of HTML website without going to the site and block Malicious links.
- Ensure that all SOC (Security Operations Center) tickets are handled and resolved within SLAs (Service Level Agreements)
- Monitor security alarm activity from remote communications sites to ensure company compliance
- Create and run search queries in SIEM tools to help with identifying and troubleshooting security issues