PROFESSIONAL SUMMARY:

• An innovative, highly proficient and detail oriented Cyber Security Analyst, with over 5 years of proven IT Security experience, with advanced skills in interpreting and prioritizing threats using IDS/IPS. With continuous monitoring, I can interpret and prioritize threats using a Security Incident/Event Management (SIEM) tool. I can analyze packets using various security tools and recognize potential, successful, and unsuccessful intrusion attempts and compromises through analysis and review of security events. I can also perform static and dynamic malware analysis in an isolated environment. I have the adaptability to work as a team player or independently to progress vertically through any organization, while having the expertise to grasp technical nuances in support of management analysis and effectively communicate. Authorized to work for any employer in the US. Willing to work in a 24x7 SOC environment within City or remote shift roles out of State.
• Hands on experience in using SIEM monitoring tools (e.g. ArcSight logger6, Alien - Vault and ElasticSearch, Logstash and Kibana ELK). Analyzing real time traffic with Wireshark, RSA Packet Analytics (Netwitness).
• Real time incident handling and Triage following events and incidents from Snort & Suricata Intrusion Detection Systems (IDS). McAfee antivirus Alerts, Proofpoint email gateway threat alerts and Phishing alerts.
• Experience working with ESET antivirus tool, McAfee Advanced Threat Detection (ATD), McAfee EPO, Proofpoint and Symantec email gateway, Websense/Triton Content Filter, Windows, Linux and Unix Operating systems.
• Experience with Pentest tools (Kali Linux, Metasploit, Nmap, Burp suite), Vulnerability Scan tools (Nessus), Nexpose Vulnerability Scanner (Insight), Network monitoring, packet capturing and analysis.
• Knowledge and Experience Conducting investigation using Computer Forensics tools such as Encase, FTK imager and Autopsy.
• Vast knowledge of IT security best practices and current security threats.
• Good working knowledge of active TCP/IP network protocols, ports and OSI model.
• Knowledge working on both OSINT(Open Source Threat Intelligence) and subscribed intelligence community intelligence.
• Working Knowledge of NIST 800- series and Risk Management Framework (RMF) Process.
• Excellent analytical, problem solving skills, and good working/interpersonal relationships with customers, colleagues, and other stakeholders. Excellent written and verbal communication skills.
• Ability to analyze complex problems and develop new solutions using logical thinking skills and analytical problem solving skills. Ability to multi-task, work under pressure and meet multiple deadlines and milestones as required.

PROFESSIONAL EXPERIENCE:

Confidential, Phoenix, AZ

SECURITY OPERATIONS CENTER (SOC) ANALYST/Senior Security Analyst

Responsibilities:

• Threat Hunting and identifying indicators of compromise (IOC).
• Gathering intelligence from both OSINT (Open Source Intelligence) and subscribed Financial intel feeds.
• Analyze attacker tactics, techniques and procedures (TTPs).
• Group email monitoring to identifying all forms of exploitation attempts.
• Monitoring and analyzing network traffic, host-based security application logs and IDS alerts.
• Strong understanding of security incident handling processes and Triage.
• Conducted investigations using Forensics tools such as Encase.
• Vulnerability identification and Remediation by following through with Patch management team.
• Leveraging internal and external resources to research threats, vulnerabilities and intelligence on various attackers and attack infrastructure.
• Good working knowledge of Linux and Windows OS.
• Analyze threats to get the right balance between caution, false positives and Identify areas for tuning use cases or signatures to enhance monitoring value.
• Took part in the Disaster Recovery Testing for nodes within scope.
• Serving as a consult for Patch Management/Vulnerability Team.
• Providing timely Security Metrics.

Confidential, Houston, Texas

INDUSTRIAL CONTROL SYSTEM (ICS)/SCADA SPECIALIST L1

Responsibilities:

• ICS Policies and Procedures: Maintained and enforced ICS-PLC’s security policies and procedures. Developed security-related procedures and standards, Assessed and reviewed ICS security, systems and networks configurations for security vulnerabilities. Analyzed and reviewed firewall logs for any suspicious activity.
• Incident response: Performed periodic administration and maintenance of Cyber Security technologies, incident response investigations, and security testing for new monitoring Technology.
• Supported in the Implementation of Purdue Model around Industrial Control systems, security controls and kept team up to date with ICS security landscape and emerging threats, and recommended measures to assess and mitigate security risk and Vulnerabilities.

Confidential, Houston, TX

CYBER SECURITY/IT ANALYST

Responsibilities:

• Risk Management Framework (RMF) Assessments: Performed risk analysis around risk management framework (RMF) NIST and supported in applicable laws and authorization to operate process in accordance with industry accepted regulations and standards relating to security.
• Controls and Assessment: Performed and validated Security Controls in accordance to industry standards.
• SIEM Monitoring and SOC Operations: Analyzed security event data from the network (IDS/IPS sensors, firewall traffic and routers). Responded to security incident and analyzed full PCAP’s from Security logs.
• Interface with customers to consult with them on best security practices and help them mature their security posture.
• Analyzed events from security sensors to get the right balance between caution and false positives and incidents.