TECHNICAL SKILLS:

TOOLS: FireEye Security Appliances, Palo Alto Network Firewalls, Snort, Splunk, McAfee Network Security Manager, MacAfee Web Gateway, ArcSight, Wireshark, EnCase, SANS Investigative Forensic Toolkit (SIFT) Kit Suite of Tools, VMware Fusion, Windows Powershell, VBScript, Tableau, Nessus, Git/Github, Metasploit, tcpdump, nmap

PROFESSIONAL EXPERIENCE:

Confidential

Cyber Security Consultant

Responsibilities:

• Technical Security Consultant that provided technical policy guidance and consultation to HQ and country offices. Established and validated system security requirements and reviewed/approved system security plans for enterprise - wide and mission specific architectures. Collaborated with business stakeholders to identify and control risk from potential procedural or technological changes.
• Coordinated incident response activities. Project manager of all projects in SSDLC and ensured security controls were in place throughout the lifecycle. Gained experience with project management, security architecture, AWS, and Azure. Managed internal IT controls initiatives including GDPR, COBIT, NIST, ISO Standards, integrating new asset into the environment per scope.

Confidential, Springfield, VA

Cyber Security Engineer

Responsibilities:

• Information Security Engineer providing incident response, compromise assessment, and information security advisement services to various clients. Performed endpoint forensics, and network monitoring on client systems and networks. Participated in cyber hunt activities to detect unknown artifacts of compromise.
• Created custom IOCs (indicators of compromise) and network signatures from identified attacker artifacts during incident response engagements. Lead compromise assessment and incident response engagements, and provided engagement status updates and reports to clients. Provided recommendations for remediation and security posture improvement to clients.
• Analyzed suspicious files for malicious traits and activity. Gained experience with FireEye security appliances, MIR, EnCase, Cobalt Strike, Kali Linux, incident response, endpoint forensics, network monitoring, malware analysis, social engineering, and penetration testing

Confidential, Quantico, VA

Cyber Security Incident Responder

Responsibilities:

• Cyber Security Incident Responder in 24x7x365 Security Operations Center (SOC). Provided high level analysis on security data to identify significant activity. Participated in incident response activities and ensured incidents were addressed in a timely, efficient, and logical manner. Collaborated with security staff from other government organizations.
• Ensured security systems, including Intrusion Detection Systems (IDS) and Firewalls had updated and relevant signature sets. Performed high level trending on current activity and provided recommendations to detect and mitigate threats. Reviewed, assessed, and trend innovative new technologies. Analyzed suspicious files for malicious traits and activity.
• Maintained security and incident response SOPs. Created reports on cyber threats for management and partner agencies. Assisted in new SOC staff.

Confidential, Rosslyn, VA

SOC Analyst

Responsibilities:

• Reviewed Intel reports (daily) pertaining to different Actor groups and determining TTPs, attribution and different tools used by the groups. This was used to create detection artifacts and Content to identify such activities directed at the organization.
• Extensive Phishing Email Campaign analysis to determine if they were targeted and the group behind the campaign. Working in Splunk to determine recipients and take appropriate actions as necessary. Hunting for anomalous traffic using
• Splunk Enterprise Security to detect malicious traffic and initiate remediation procedures. Packet level analysis of triggered alerts (log analysis, port and protocol analysis, Hex pattern matching analysis, Source and Destination IP address analysis) to more accurately determine an intrusion or hacking attempt and to distinguish false positives from true positives.
• Indicator - driven hunting and searching for malicious events. Using IOCs obtained from OSINT and proprietary INTEL sources, performing log searches to determine if these indicators match (have been seen in) traffic logs. Using MITREs ATT&CK framework to map behaviors of threat groups and malware and drive detection based on these behaviors.

Confidential, Washington, D.C

Support Analyst

Responsibilities:

• Using ARCSIGHT as the main Events SIEM in which all events data from fed into, monitoring traffic and events data on self - created channels using self-created filters to determine malicious traffic and patterns.
• Performed Incident Response tasks by triaging events, creating tickets, performing remediation duties and writing technical reports and lessons learned reports to be delivered to external clients.
• Extensive knowledge of SPLUNK Enterprise Security Setup, Alerts and Reports and using SPLUNK as the main Log Analysis and search tool to correlate events across multiple Sourcetypes.

Confidential, Washington, D.C

Support Analyst

Responsibilities:

• Provided tier 1 and 2 support for Help Desk issues. Setup and managed user accounts and permissions with Active Directory. Setup and managed mailboxes with Microsoft Exchange Management Console. Maintained permissions and quotas to shared network storage. Imaged and patched client systems. Maintained compliance for systems. Maintained asset inventory.
• Lead Microsoft Windows 7 deployment. Maintained server backups with Symantec Backup Exec. Trained new Help Desk staff and supervised temporary contractors. Gained experience with Windows Server 2003/2008, Microsoft Exchange Server 2007, Microsoft SCCM, TrueCrypt, and Nessus.