SUMMARY

• Cyber Security analyst wif 10 years’ experience in Information Technology. Developed strong analytical skills and a broad range of computer expertise.
• me is team oriented wif the ability to develop and execute ideas and initiatives.
• Hands - on experience leading all stages of system development efforts, including requirements definition, design, testing, and support.
• Interested in a company or institution dat offers a consistently positive atmosphere to learn new technologies and implement them.

AREAS OF EXPERTISE

• IT Security
• Security Assessments
• Cybersecurity in Business
• Ethical Hacking
• Risk Management/Assessment
• Policies Development
• Digital Forensics me & II
• Continuous Enhancement
• Security Issues Analysis
• Vulnerability Assessment/Scanning
• Security Policy Implementation
• Source Code Review

TECHNICAL SKILLS

Operating Systems: Windows Operating systems 7, 8 and 10, Mac OS, Basic Unix-Based System (Linux), SharePoint.

Security Technologies: Netscape, BlueCoat ASA, FireEye, HP ArcSight ESM, SourceFire, Fidelis XPS, Microsoft EOP, RSA Security Analytics, RSA Archer, Wireshark, TCPDump, Snort, Splunk, McAfee ePolicy Orchestrator, Imperva Secure Sphere (WAF), Network Access Control CounterACT (NAC) McAfee Web Gateway, Active Trust, Red Seal, Console (MAM), IBM AppScan, Encase and FTK, Tenable Security Centre, Cisco IronPort, MS Exchange, Mail Filtering, NMAP, BurpSuite, Metasploit, Symantec Endpoint Protection, HP WebInspect, Lookinglass Prime, REMnux, IBM BigFix, ServiceNow, Verizon/AT&T MTIPS, ThreatConnect, DomainTools, Anomali ThreatStream

PROFESSIONAL EXPERIENCE

Confidential,Washington, DC

Incident Response Analyst (Team Lead)

Responsibilities:

• Analyzed potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach
• Performed triage and analysis of network traffic and IDS events for malicious intent wif the use of various network defense toolsets like Splunk, Snort/Source-Fire, NetWitness, ArcSight, Netflow / SiLK, ServiceNow
• Performed network incident investigations, determining the cause of the security incident and preserving evidence for potential legal action
• Monitored and correlate security event log information to identify and detect anomalous activity.Interface wif technical personnel and other teams as required
• Initiated escalation procedures to counteract potential threats and/or vulnerabilities
• Documented and conform to processes related to security monitoring, patching and incident response.
• Appropriately informed and advise management on incidents and incident prevention.
• Trained and provided technical guidance to junior analysts and directs efforts to analyze the IDS and remediate security issues found.
• Prepares briefings and reports of analysis using the IDC Kill Chain methodology and results
• Participated in noledge sharing wif other analysts and develop solutions efficiently.
• Upgraded security systems by monitoring security environment; identifying security gaps, evaluating and implementing enhancements via content creation.
• Prepared system security reports by collecting, analyzing and summarizing data trends.
• Enhanced department and organization reputation by delivering quality results and exploring opportunities to increase value and raise awareness of Information Security Program.
• Prioritizing and differentiating between potential intrusion attempts and false alarms.
• Composed security alert notifications and other communications.
• Advised incident responders in the steps to take to investigate and resolve computer security incidents.
• Staying up to date wif current vulnerabilities, attacks, and countermeasures.
• Processed abuse inbox emails (spam, phishing, etc.) and tickets assigned to the DHS ESOC/CSIRT group

Confidential, Washington D.C

Security Operations Analyst (SOC)

Responsibilities:

• Conducted dynamic packet analysis of traffic by using Wireshark and collecting threat intelligence to ensure secure data transmission between classified systems.
• Conducted log analysis using Splunk to collects and indexes log machine data from various source of user’s machine
• Performed malware analysis wifin the Security Operations Center (SOC) environment for Identifying indicators of compromise
• Developed SOC tools to assist analysts wif automation of analysis tasks and tracking of threat actors.
• Adding Source-Fire signatures and tuning requests
• Generated end-of-shift reports for documentation and noledge transfer to subsequent analysts on duty.
• Communicates alerts to agencies regarding intrusions and compromises to their network infrastructure, applications and operating systems.
• Performed preliminary forensic evaluations of internal systems.
• Exploitation of file recovery programs to search for and restore deleted data
• Experience using several tools such as Qualys, McAfee and vulnerability management
• Experience utilizing exploit code and penetration testing tools such as NMAP, BurpSuite, Metasploit
• Tasks other analysts and directs efforts to analyze the IDS and remediate security issues found.
• Evaluated firewall change requests and assess organizational risk.
• Performed periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance.
• Conducted network assessments, traffic analysis utilizing PCAP, IDS and crafted sensor output
• Continuously monitoring and performing real-time incident handling to timely triage alerts
• Generated and utilizes attack signatures, tactics, techniques and procedures to aid in identification of anomaly and zero-day attacks.

Confidential, Rockville, MD

Incident Response/Forensic Engineer

Responsibilities:

• Coordinated remediation actions as necessary and performing initial analysis, identification and documentation of network intrusions.
• Interpreted incoming incident reports, prioritizing them, and relate them to ongoing incidents and trends
• Conducted triage and analyzed threats/vulnerability alerts to determine current impacts effecting the company’s information assets.
• Initiated incident handling procedures to isolate and investigate potential information system compromises.
• Logged incidents into the Information Security Incident Management System and assist in generating weekly reports based on security incidents.
• Identified various events boundaries and assisted in configuration of Splunk toapply custom metadatato incoming events.
• Executed processes wifin all activities wifin the security Incident response lifecycle dat includes detection, triage, analysis, containment, and recovery
• Periodically scans for vulnerabilities using Tenable Security Center tool in accordance wif implemented organizational policy and report findings in accordance wif established procedures.
• Conducted security audit log analysis for Agency systems. Logs from firewalls, Intrusion Detection Systems (IDS), operating systems, RSA Analytics and other security appliances.
• Provided advice for suspected risks as well as recommended mitigating techniques and corrective actions.
• Drafted technical manuals, security operation plans (SOPs), installation manuals, installation progress updates, and incident response plans in order to enhance system security documentation
• Monitored ARCSIGHT Console for events dat are generated due to correlation of the events.

Confidential, Washington D.C

Forensic and Data Analyst

Responsibilities:

• Identified vulnerabilities, recommend corrective measures and ensure the adequacy of existing information security controls.
• Conduct computer forensics examination and analysis techniques by using Encase and FTK in order to properly preserve electronic and digital evidence, so dat it may be presented in a court of law
• Provide custody of equipment used in crimes, including computers, thumb drives, CDs and DVDs, backup tapes, smartphones and digital cameras
• Generate files by using imaging software to copy data and disks
• Exploitation of file recovery programs to search for and restore deleted data
• Maintains the chain of custody for evidence
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Assist wif managing, updating, and identifying business requirements for the applicable tools used in the approval process
• Identified weaknesses in fielded configurations while performing system requirement analysis and design modifications

Confidential, Washington D.C

IT Help Desk Technician

Responsibilities:

• Served as the first point of contact for customers seeking technical assistance over the phone or email
• Performed remote troubleshooting through diagnostic techniques and pertinent questions
• Walked the customer through the problem-solving process
• Directed unresolved issues to the next level of support personnel
• Provided information on IT products or services
• Utilized and maintained the halpdesk tracking software
• Supported wif onboarding of new users
• Ensured each workstation TEMPhas a computer, monitor, keyboard, mouse, hard drive, and any additional specialized equipment
• Installed, tested and configured new workstations, peripheral equipment and software
• Maintain inventory of all equipment, software and software licenses
• Reported issues to the Service Desk for escalation
• Managed PC setup and deployment for new employees using standard hardware, images and software
• Assigned users and computers to proper groups in Active Directory
• Performed timely workstation hardware and software upgrades as required
• Pass on any feedback or suggestions by customers to the appropriate internal team
• Identified and suggested possible improvements on procedures