SOC security operations center SIEM Security info event management CIRT computer incident response team

• Providing incident response analysis and support, Identify and remediate any threats and/or vulnerabilities to corporate networks ,Document existing and new processes, mature existing documentation, research, analyze and understand log sources from security and networking devices such as firewalls, routers, anti-virus products, and operating systems. Assist with the tuning ArcSight Content performance and event data quality to maximize system efficiency
• Research and analytical background and an analytical approach, especially with respect to event classification, event correlation, and root cause analysis.
• Using several tools and applications such as ArcSight, McAfee EPO,Wireshark,RTIR,BMC Remedy ITSM , Proofpoint, Linux,Wins 8, SysInternalsSuite, Notepad and several other tools for data analyst
• Proficient with NID implementations, various host isolation methods, packet and log analysis, enterprise anti-virus solutions, virus outbreak management, and the ability to differentiate commodity malware from Advanced Persistent Threats
• Investigating events that are reporting from the SIEM, deep malware infection analyst, IP blocking PHP attacks, Sipvious scanners. Port scanners ect , Proxy blocking domains that have drive-bys or have malicious intent and policy violations. Taking numerous steps in investigations for any security incident that occurs enterprise wide and ensuring resolution from start to finish

C-TNOSC CONUS-Theater Network Operations and Security Center

Security team

• Conducting and performing IT system security audits as required by DOD/Army on all platforms applications, OS, network devices using DoD security checklist.
• Using knowledge of Army approved IA tools Retina, Nessus, BNA for DISA STIGS for task. Implementing of DOD, FISMA and NIST standards.
• Managing IAVA's issuing alerts and task working with SA NM to resolve
• Running SCAP Security Content Automation Protocol benchmarks against all applicable systems for STIG compliance audits
• Trained some in HBSS/ DISA HBSS Admin 201 MR5 course 2013
• Assist with risk analysis and other vulnerability testing, assisting with the new SIEM/ security center ACAS running compliance/vulnerability scans from the centralized ACAS center using Nessus
• System audits using E-Retina Nessus Q-tip tools. Complete network security audits Performing IT system auditing as required by DOD/Army Identification and remediation of security related risks on IT systems Supports certification and accreditation initiative. Review Network changes and perform risk assessments help with mitigation plans
• Conduct systems, network, and Application Audits using applicable DISA Security Technical Implementation Guides STIG and Army Best Business Practices

DOIM

Directorate of Information Management

• Assist in the DOIM effort of Execute and implement Command, Control, Communications, Computers and Information Management policies, standards, architectures, programs. Assist with SMS updating and distributing patches.
• Manage Microsoft Windows Server Update Services, push patches out along with handling admin duties or problems with the server
• Maintain the integrity and security of servers and systems by maintaining configurations and applying patches and updates to maintain network compliance.
• Manage GPO group policy
• Conduct systems analysis and development to keep systems current with changing technology. Install new software, apply patches and updates, perform troubleshooting, grant permissions to applications and train users.

Networthiness

Certification Program

ESTA

Enterprise

System

Technology

Activity

• Information and research. Once complete, the EIA is used as a basis for a CoN recommendation. Analyst includes determining Application functions and capabilities Vendor Information, Application ports and protocols, Funding Plan Computer Hardware Enterprise Solution Software Solutions previously Army Small Computer Program . Availability Fielding Implementation Plan, Bandwidth Utilization, Server Locations, Completed DISA Security Technical Implementation Guideline Checklists Test and Scan Results. Reviewing Commercial-off-the-Shelf software, Government off-the-Shelf and Systems during CoN process.
• Researching security posture on all products submitted

DIACAP scanning certification and accreditation

• Analyze information on the system's functions, diagrams, descriptions, organizational processes, and documentation, review and validate MAC and Confidentiality Levels and validate applicable DoDi 8500.2 IA Controls and AR 25-2 requirements. Evaluate likelihood of successful Certification test based on review of Security Engineering activities and the state of the documentation.
• Penetration methodology, assess vulnerabilities and risks, and develop mitigations
• Work with the Security Engineer if available to assist the PM/SO to implement selected IA Controls or risk mitigations. Coordinate and conduct Risk Assessment Working Group meeting with stakeholders to finalize risk ratings, identify false positives, do so what analysis, and develop mitigations.
• Prepare formal Certification Report Assist the PM/System Owner and Security Engineer in preparing POA Ms if system is still non-compliant with any IA Controls or requirements. Develop, coordinate, and submit Agent of the Certification Authority ACA recommendation IATT, IATO, ATO, and expiration date and documentation package to Certification Authority CA
• Tools used Retina, Appdectective, Nessus, SRR scripts, gold disk, Nmap , SFTP Web IIS Scripts, AppSecInc, AppDetective, CIS Router Assessment Tool, STAT Guardian VMS, Retina Security Scanner, SuperScan ,Sybase Drivers, TCPDump, Tenable ,Nessus , WatchFire ,AppScan,WireShark and LanSurveyer

Network

Events

Analyst

Team

• Evaluated possible attacks on network systems, intrusion prevention detection, network traffic analysis investigated and analyzed scans for denial of service DOS attacks, malware, and other types of malicious behavior.
• Administered IDS / IPS to maximize network security, pushing and updating policies, and analyzing traffic. Troubleshot IDS/IPS output, analyzing events
• Complete tasks in a highly professional manner, monitored outages, security alerts, and network intrusions.
• Experience with Tivoli, secure shell, site protectors, sensors, database servers, Knowledge and troubleshooting skills on PCs and servers. Employed vulnerability management software such as NMaP scanner, DISA STIG, port scanners, NetBus/port detection, Etherreel, rootkit detection, Nessus, Dsniff, Hping, Retina scanner, wireshark