Security Event Information Manager Resume Profile
Cyber Security Analyst
Over 13 years' experience in IT with 5 years experience in cyber security functions in the defense and finance industry with special skills in analyzing log events, incident response and computer forensics. Currently holds an expired TS/SCI and DOE Q clearances. An intuitive, innovative and logical security analyst, who communicates effectively with both technical and non-technical employees, learns and applies new methods without supervision and solves problems leading to higher productivity. Skills include:
|
|
KEY ACCOMPLISHMENTS
Developed training materials for individuals transitioning employment to the United States Computer Emergency Readiness Team US-CERT increasing efficiency in training and money saved for the organization.
Deployed the McAfee Vulnerability Manager Enterprise-wide that scanned sites from Hawaii to New York and provided the overall vulnerability status for the entire organization.
Defended the network from intruders performing vulnerability scanning and sending phishing e-mails to employees. Collaborated with network and server administrators to block communications from intruders, change compromised user credentials and eliminated dropped files.
PROFESSIONAL EXPERIENCE
Confidential
Security Event Information Manager
- Re-wrote security incident response policy and created an IOC Indicator of Compromise work instruction for importing IOCs into security tools such as ArcSight, Websense and SonicWALL
- Built security lab featuring FRED machines and a reverse engineering station connected to a non-attributable line for anonymous cyber investigations
- Led over 10 incident response cases involving malware and policy violation
Confidential
Security Event Information Manager,
- Managed RSA Security Analytics SIEM for Ally Financial creating rules and content such as alerts and reports for Information Security department
- Coordinated with RSA resources to upgrade and implement newer versions of Security Analytics equipment in data center
Confidential
Armament and Technical Products
Sr. IT Security Analyst,
- Monitored network traffic and logs including SNORT, firewall, Cisco, Symantec Endpoint Protection SEP , IronPort, Bit 9 and Windows Security events utilizing ArcSight SIEM
- Monitored and reported on patch and vulnerability status of the environment by leveraging Tenable's Security Center Nessus
- Leveraged Bluecoat Reporter to monitor acceptable use
- Utilized TripWire Enterprise to monitor file and configuration modifications on servers and network devices and CIS Center for Internet Security standards
Confidential
- Monitored network traffic including SNORT, firewall, Cisco, Symantec Endpoint Protection SEP and Windows Security events utilizing ArcSight SIEM
- Identified and contained rogue and/or infected systems from production network
- Coordinated with Facility Security Officers FSOs in securing suspect and personally owned assets and establishing a chain of custody
- Investigated suspicious e-mails and analyzed their headers to determine existence of targeted spear phishing attacks
- EnCase administrator upgraded and installed EnCase when new versions were released
- Utilized keyword lists to determine existence of proprietary data on personally owned systems
- Analyzed web history to determine motive and eliminate user deniability
- Catalogued evidence of inappropriate use of company asset indicating time theft and resulting in employee termination
Confidential
- Assisted JTF-GNO in providing response to Global Information Grid GIG customers worldwide in resolving incidents involving GIG services
- Utilized SiLK to extract network traffic information from national database
Confidential
SIPRNET Desktop Support Technician
- Provided technical support and assistance to members of the National Nuclear Security Administration
- Performed backups of SIPRNET network servers and equipment
- Upgraded all TACLANEs to new model ensuring security infrastructure is up to date
- Performed daily checks of the network IDS
- Accredited computers for approval based on DoD standards