Security Analyst Resume Kansas City, Missouri Area - Hire IT People

SUMMARY:

I am a person that enjoys analytic work in the Network Security field. I enjoy that simple elegance in the patterns created from fundamental networking moving through the security devices and sifting down to the factual data.
This knowledge allows the observation of things when they stop following the normal behavior that you would expect. I have enjoyed developing programs based on structured analytic methods that offer a proper way to think about the logs and traffic patterns observed rather than the creation of the over whelming numbers of scenarios that outgrow the ability to maintain. With 8 simple categories that define every attack method that exists and 5 to 10 special cases per category that fall outside the box based on actual methods of exploit.
This is more elegant, lower overhead for, and offers the highest level of quality when new analysts and developing offer - ables for clients. My experience in troubleshooting and support for firewalls and proxies has been invaluable. We helped many clients work through issues with eleven different security products. This experience gave a very clear insight into traffic patterns and what the logs actually say when recreating an event for analysis. This is what I truly love the most about what I do.

PROFESSIONAL EXPERIENCE:

Security Analyst

Confidential, Kansas City, Missouri Area

Responsibilities:

I document process plays and playbooks for events and alarm investigation. We use several IR tools to validate reputation and asses’ potential threats found. I also work events in Rapid7 Insight IDR to determine if the events are actionable alarms or common traffic.
Tickets are developed and other teams are engaged to assist if needed to validate alarms and pull emails from Ironport is they are determined malicious. I continue to improve my skills through available resources by performing required al tasks in available resources.

Malware Analyst

Confidential, Overland Park, Kansas

Responsibilities:

I use deep dive analysis to determine threat and sources of malware threats. This is done in Hex editors, validating hash values, sandboxing files in Cuckoo and other Kali linux tools, and web based research to fill in gaps in the understanding of the threat. I also run simulations to determine where the malware calls back to. I finish by developing my client facing report based on the data retrieved.

MSSP Security Analyst - Shift Lead

Confidential, Overland Park, Kansas Area

Responsibilities:

I assist with day to day triage of events, as well as, developing materials that assist developing higher standards of quality for my team. I perform deeper analytics and escalations of suspicious events. I also make myself available for questions and mentoring at any time. I handle PTO scheduling requests for my team and function as the go between for other teams developing teamwork to accomplish our common goals. Remote access to QRadar, Nitro, Splunk, and various firewall technologies to retrieve log data to assist in deeper analysis.

MSSP Security Analyst

Confidential, Overland Park, Kansas Area

Responsibilities:

Collecting and researching client data collected through Logrythm SIEM. General engineering duties, such as, clearing SCSm.exe issues and restarting the mediator service to regain log flow. Generating tickets for client-side reporting in Service now to assist in remediation of any threat issues found.

Network Security Support Engineer

Confidential, Kansas City, Missouri Area

Responsibilities:

Troubleshoot and support multiple different vendor firewall and security appliances. This includes phone support, customer service, and remote support methods. Placing the customer at ease while gathering and analyzing trouble shooting information to determine the root problem and most expedient solution to remedy the given issue.
The performance of upgrades and recreating traffic patterns and the client issues in a secure lab setting to assist with troubleshooting and remedy actions is also a part of this process to safeguard the client environment. Working with Checkpoint, BlueCoat, Juniper, Fortinet, and Palo Alto technologies.