We provide IT Staff Augmentation Services!

Security Event Information Manager Resume Profile

Cyber Security Analyst

Over 13 years' experience in IT with 5 years experience in cyber security functions in the defense and finance industry with special skills in analyzing log events, incident response and computer forensics. Currently holds an expired TS/SCI and DOE Q clearances. An intuitive, innovative and logical security analyst, who communicates effectively with both technical and non-technical employees, learns and applies new methods without supervision and solves problems leading to higher productivity. Skills include:

  • FoundStone McAfee Vulnerability Manager
  • ArcSight ESM and Logger
  • EnCase
  • FTK Forensic ToolKit
  • Cisco IOS
  • Tenable SecurityCenter Nessus
  • SiLK
  • Websense
  • Mandiant Incident Response MIR
  • McAfee Network Security Manager
  • FireEye
  • TripWire Enterprise
  • LanCope Stealthwatch Management Console
  • LANDesk
  • Bit9
  • SonicWALL

KEY ACCOMPLISHMENTS

Developed training materials for individuals transitioning employment to the United States Computer Emergency Readiness Team US-CERT increasing efficiency in training and money saved for the organization.

Deployed the McAfee Vulnerability Manager Enterprise-wide that scanned sites from Hawaii to New York and provided the overall vulnerability status for the entire organization.

Defended the network from intruders performing vulnerability scanning and sending phishing e-mails to employees. Collaborated with network and server administrators to block communications from intruders, change compromised user credentials and eliminated dropped files.

PROFESSIONAL EXPERIENCE

Confidential

Security Event Information Manager

  • Re-wrote security incident response policy and created an IOC Indicator of Compromise work instruction for importing IOCs into security tools such as ArcSight, Websense and SonicWALL
  • Built security lab featuring FRED machines and a reverse engineering station connected to a non-attributable line for anonymous cyber investigations
  • Led over 10 incident response cases involving malware and policy violation

Confidential

Security Event Information Manager,

  • Managed RSA Security Analytics SIEM for Ally Financial creating rules and content such as alerts and reports for Information Security department
  • Coordinated with RSA resources to upgrade and implement newer versions of Security Analytics equipment in data center

Confidential

Armament and Technical Products

Sr. IT Security Analyst,

  • Monitored network traffic and logs including SNORT, firewall, Cisco, Symantec Endpoint Protection SEP , IronPort, Bit 9 and Windows Security events utilizing ArcSight SIEM
  • Monitored and reported on patch and vulnerability status of the environment by leveraging Tenable's Security Center Nessus
  • Leveraged Bluecoat Reporter to monitor acceptable use
  • Utilized TripWire Enterprise to monitor file and configuration modifications on servers and network devices and CIS Center for Internet Security standards

Confidential

  • Monitored network traffic including SNORT, firewall, Cisco, Symantec Endpoint Protection SEP and Windows Security events utilizing ArcSight SIEM
  • Identified and contained rogue and/or infected systems from production network
  • Coordinated with Facility Security Officers FSOs in securing suspect and personally owned assets and establishing a chain of custody
  • Investigated suspicious e-mails and analyzed their headers to determine existence of targeted spear phishing attacks
  • EnCase administrator upgraded and installed EnCase when new versions were released
  • Utilized keyword lists to determine existence of proprietary data on personally owned systems
  • Analyzed web history to determine motive and eliminate user deniability
  • Catalogued evidence of inappropriate use of company asset indicating time theft and resulting in employee termination

Confidential

  • Assisted JTF-GNO in providing response to Global Information Grid GIG customers worldwide in resolving incidents involving GIG services
  • Utilized SiLK to extract network traffic information from national database

Confidential

SIPRNET Desktop Support Technician

  • Provided technical support and assistance to members of the National Nuclear Security Administration
  • Performed backups of SIPRNET network servers and equipment
  • Upgraded all TACLANEs to new model ensuring security infrastructure is up to date
  • Performed daily checks of the network IDS
  • Accredited computers for approval based on DoD standards

Hire Now