SUMMARY

• A Diligent Cyber Security Specialist with over 4 years of SOC experience and proficiency in security research planning execution and maintenance.
• Adept at training and educating internal users on relevant cyber security procedures and preventative measures. Specialize in computer Network Defense incident triage and relying on knowledge of the tactics, techniques, and procedures of various Threat Actors to prevent cyber - attacks especially in business and corporate settings by providing immediate investigation and resolution.
• Provides incident response and ownership based on escalation and handoff procedures from junior or mid-career team members.
• Use the Security Incident Event Management (SIEM) platform to perform incident response identification.
• Teams I am/have closely worked with NOC, DLP Engineers, Splunk Engineers, Threat Intel Team, Hunt Team, Forensic Investigators, Scan Team, Red Team, Database Analyst.
• Experience with the following: Unix Shell scripts, Perl, Python, PowerShell, and Java scripts
• I have unique skills in Windows, Linux, and OSX environment
• Function as a focal technical lead on incident events providing technical, hands-on investigation and support.
• Lead the investigative process for network intrusions and other cybersecurity incidents to resolve the cause and extent of the attacks.
• Handle the chain of custody for all evidence collected during incidents, security, and forensic investigations.
• Summarize events and incidents effectively to different constituencies such as legal counsel, executive management, and technical staff, both in written and verbal forms
• Perform sophisticated malware detection and threat analysis.
• Prioritize and differentiate between potential incidents and false alarms.
• Ongoing review of SIEM dashboards, system, application logs, Intrusion Detection Systems (IDS) and custom monitoring tools
• Perform QA, lead and train Tier 1 and Tier 2 incident responders in the steps to take to investigate and resolve computer security incidents while encouraging teamwork and growth.
• Provides technical input into and analysis of strategic and tactical planning to ensure accurate and timely service deployments.

TECHNICAL SKILLS

Strong knowledge of Security Applications or Tools: Splunk Essential Security, Tenable IO, Nessus, Imperva WAF, Pala Alto, Wireshark, McAfee Intrusion Prevention System, Symantec, Nessus, RSA Netwitness, FireEye, Thread Grid, Archer, Sourcefire (Snort), McAfee Endpoint, Cortex XDR, Cortex XSOAR, Microsoft Defender for cloud Apps, Symantec DLP and various Open-Source Intelligence Tools (OSINT)., Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.) - Skill in recognizing and categorizing types of vulnerabilities and associated attacks

Knowledge of system and application: security threats and vulnerabilities (e.g., cross-site scripting, PL/SQL injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code)

Knowledge of Computer: Network Defense policies, procedures, and regulations

PROFESSIONAL EXPERIENCE

Confidential

Lead Information Security Analyst

Responsibilities:

• Served as subject expert at the SOC events and Incident escalation process
• Collaborated and served as subject matter expert on development and implementation of Incident Response Plan with various stakeholders such as EY and Palo Alto Unit 42 retainer
• Assisted in the management of Firewall policies
• Experience creating and updating ATO Artifacts for the system, including SSP
• Referencing and utilizing publications and confidential provided documentation for clients
• Monitored servers, network gears, and applications in Security operation center environment.
• Served as an expert in the management of internal and external certificates provided by CIA such as DigiCert
• Performed incident response management role during major outages and cyber-attacks.
• Documented and tracked the timeline of events that occurred in the process to resolution for each of the incidents managed in support of postmortem/root cause analysis.
• Delegated tasks and projects to team, serving as team lead for over 10 team members
• Assisted with inputting information into Risk Vision system for confidential, to account for various evidence and implementation details
• Running automated scanning tools such as Nessus and remediating risks based on recommendations
• Conducting in-depth technical reviews of new and existing IT systems in order to identify the appropriate mitigation strategies required to bring systems into compliance with established guidelines outlined by NIST, OMB, FISMA, etc.

Confidential, Arlington, VA

SOC Analyst

Responsibilities:

• Monitored servers, network gears, and applications in operation center environment.
• Use Wireshark for troubleshooting and inspecting, packet analyzing.
• Actively participate in large scope high impact cyber breaches and manage Incident Response workflow and activities to support response and remediation.
• Provides incident response and ownership based on escalation and handoff procedures from junior or mid-career team members.
• Identified security issues and risks associated with security events and managed incident response process.
• Use the Security Incident Event Management (SIEM) platform to perform incident response identification.
• Experience in analyzing phish emails when detected, analyze malicious links and attachments, analyze user impact via Splunk, remove/delete phish emails from exchange servers and block unwanted senders.
• Pushed monthly Windows security patch across company wide network for machines to stay compliant.
• Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.
• Performed incident response management role during major outages and cyber-attacks.
• Documented and tracked the timeline of events that occurred in the process to resolution for each of the incidents managed in support of postmortem/root cause analysis.
• Monitored servers, network gears, and applications in operation center environment.
• Use Wireshark for troubleshooting and inspecting, packet analyzing.
• Actively participate in large scope high impact cyber breaches and manage Incident Response workflow and activities to support response and remediation.
• Provides incident response and ownership based on escalation and handoff procedures from junior or mid-career team members.
• Identified security issues and risks associated with security events and managed incident response process.
• Use the Security Incident Event Management (SIEM) platform to perform incident response identification.
• Experience in analyzing phish emails when detected, analyze malicious links and attachments, analyze user impact via Splunk, remove/delete phish emails from exchange servers and block unwanted senders.
• Pushed monthly Windows security patch across company wide network for machines to stay compliant.
• Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.
• Performed incident response management role during major outages and cyber-attacks.
• Documented and tracked the timeline of events that occurred in the process to resolution for each of the incidents managed in support of postmortem/root cause analysis.

Confidential, Fargo, ND

Security Analyst

Responsibilities:

• Successfully lead and participated in Incident Response team in all proactive and incident handling measures for SOC customers including Threat Detection, Response, and Remediation
• Participated in incident commander role, effectively communicated issues, and provided recommendations to come up with resolution.
• Developed timeline during incident occurrence, provided companywide updates, following disaster recovery procedures during major outage.
• Monitored phish emails, investigating malware threats, blocking unwanted senders, and analyzing impact level of malware links via Splunk and Iron port.
• Developed process and procedure for SOC team to follow for disaster recovery procedures, provided monthly testing and training to assure accurate response for real life scenario.
• Conduct security control and risk assessment on the organization and information systems based on security policy and security best practices and guidelines.
• Utilized Carbon Black monitoring daily user activities, restrict access to services after vulnerability and impact level is analyzed.
• Continually monitored, assessed, tested, and implemented new security technologies to help improve network security.
• In this role you will lead due diligence review and risk assessments associated with third-party solutions and services, and communicate the risk assessment results to our internal business partners empowering them to make informed decisions in order to manage the risk in alignment with their business objectives and risk appetite
• Conduct detailed vendor risk assessments, working closely with key partners, to identify and evaluate risks before establishing or continuing operations with third-party vendors
• Develop and maintain high-quality risk assessment documentation covering findings, risk statements, risk ratings, justifications and recommendations in the Splunk GRC tool and risk register
• Provide sufficient information to risk owners and vendors in the development of treatment plans for the effective management of risk
• Monitor the execution of risk treatment(s) and evaluate the residual risk