SUMMARY:

• Experienced Security Operation (SOC) Analyst with experience in investigating network, application, endpoint alerts. I have good knowledge in analyzing phishing emails including email headers, malware, and acts as a first responder to security incidents and events. I investigated compromised systems to determine threat vectors and provide initial remediation. I also have experience in performing tasks using different SIEM tools to monitor and analyze incidents, and work with different teams to resolve incidents. I am fluent in English and French, have great communication skills and a fantastic team player.

TECHNICAL SKILLS:

Security Technologies: FireEye ETP, EX, NX, AX, Intel, HX, IronPort, Sourcefire, McAfee Web Gateway, Splunk, Splunk Express, McAfee DLP, Google DLP, Google Admin, Google Vault, AirWatch, Tenable, Wireshark, IDS/IPS; Anti - Virus Tools; (Norton, Symantec) & Cylance.

Ticket Systems: ServiceNow, Remedy & JIRA

Open: Source Site Check tools (OSINT): URLVOID.COM, VirusTotal.com, zscaller.com, IBM-XFORCE, Looking Glass, URLSCAN etc.

PROFESSIONAL EXPERIENCE:

Confidential

Security Operation Center (SOC) Analyst

Responsibilities:

• Perform security event/alert monitoring and analysis. Remediate incidents and escalate as required.
• Perform daily monitoring and analysis of suspicious email and web traffic.
• Work closely with the Network Operations Center and Helpdesk to analyze suspicious events, develop security awareness, and remediate incidents.
• Monitor information security industry news and blog posts for internal and external threats.
• Monitor and identify security risks to the Company and the relevant technology or behaviors requiring change to mitigate those risks.
• Respond to and, where appropriate, resolve or escalate reported security incidents.
• Monitor system logs and network traffic for unusual or suspicious activity. Interpret such activity and make recommendations for resolution.
• Research threats and vulnerabilities and, where appropriate, take action to mitigate threats and remediate vulnerabilities.
• Responsible for security monitoring of networks, web sites, applications, databases, servers, data centers and other infrastructures to protect them from cyber threats.
• Provide 24/7/365 real-time monitoring of security tools, dashboards, and email alerts.
• Report security incidents using ServiceNow ticketing system for events that signal an incident and require Tier 3 Incident Response review.
• Perform triage on alerts by determining their criticality and scope of impact.
• Investigate, analyze, and process endpoint alerts using SIEM tools; FireEye HX, McAfee Antivirus, Cylance, Splunk Enterprise Security (Splunk ES) and OSINT tools.
• Review and collect asset data; indicators of compromise, logs, configurations and running processes, on these systems for further investigation and reporting.
• Involve in planning and implementing preventative security measures and in building incident response and disaster recovery plans.
• Investigate, analyze, and process phishing email alerts from IronPort and FireEye following standard operating procedures.
• Evaluate and process Web Site Review Requests from internal users to access blocked websites using OSINT tools.
• Perform proactive hunting for threats that may have escaped the monitoring system.
• Analyze and resolve DLP alerts from McAfee DLP Manager and Splunk Enterprise Security (Splunk ES) and escalate cyber privacy incidents to the Privacy Team.
• Work incidents from initial assignment to final resolution.
• Investigate, interpret, and responds to complex security incidents.
• Fully document assigned tickets to show all work performed.
• Perform Root Cause Analysis (RCA) and make preventative recommendations.
• Conduct forensics and investigations as needed using security tools such as Splunk, FireEye, Cisco IPS, OSINT, etc.
• Recognize potential, successful, and unsuccessful intrusion attempts and compromises through reviews and analysis of security tools
• Investigate, interpret, and responds to complex security incidents
• Create, track, and work to resolution Normal and Standard job-related Change Requests
• Develop and conduct weekly targeting for the SOC team
• Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting-edge security technologies
• Assist with the creation of the daily SOC report and brief customer as necessary
• Participate in daily security meetings with other contractor and customer teams

Confidential

IT Helpdesk Support Anal st

Responsibilities:

• Provide prompt and appropriate response to phone and e-ticket inquiries and requests for assistance with the associated computer systems; Perform initial problem analysis, triage, identify, troubleshoot customer issues, provide advice and assistance and appropriately refer technical issues to the network team or subject matter experts when appropriate.
• Provide direct assistance to customers via telephone and email.
• Coordinate efforts with staff associates and subject matter experts to resolve problems; maintain liaison with network users and technical staff to communicate the status of problem resolution; assist with monitoring network management systems.
• Log and track each request and appropriate demographic data related to each request.
• Assist with compiling data and prepare reports setting forth progress, adverse trends, and appropriate recommendations based on information from the Call Management Tracking System.
• Assist with compiling and regularly maintaining a log of Frequently Asked Questions (FAQ) originating with all categories of customers.
• Assist with providing and managing official answers to all FAQs and distribute same to all interested stakeholders.
• Contribute to the preparation of procedure manuals and documentation for help desk use; conduct periodic customer satisfaction surveys and track customer problem trends; make recommendations for improvements to customer experience and create reports based on information provided from customer surveys and trend analyses.
• Assist in the development of a comprehensive help desk plan; assist in personnel who provide backup coverage and in users related to the operation and maintenance of systems.
• Perform other related duties including unlocking user accounts and helping with password reset support.