Soc/ids Analyst Resume
3.00/5 (Submit Your Rating)
SUMMARY:
- Administration of Checkpoint, Cisco PIX Firewalls, configuration and log file analysis
- Hands on experience with Splunk Enterprise Security
- Hands on experience with Metasploit, SQL Map
- Hands - on experience with Confidential, DBprotect and Nmap
- Hands on experience with Linux/UNIX (Kali Linux, CentOS/RedHat)
- Administration of Oracle 8i databases
- Hands-on experience with Network-Based Checkpoint IPS-1, HP s Tipping Point, Confidential s RealSecure, McAfee IntruShield and Host-Based Tripwire Intrusion Detection Systems
- Hands on experience with McAfee ePO
- Hands on experience with FireEye Malware Analysis
- Forensic tools: Netwitness Investigator 9.5, Encase 6.0
- Hands-on experience with ArcSight and NitroView SIEM from Mcafee
- Hands-on experience with Sourcefire Defense Center and SNORT IDS/IPS
- Configured Cisco Catalyst 29xx-36xx series Switches and CiscoWorks
- Mainframe/Mid Range: MVS, TSO, DASD, AS/400
- Administration with Bluecoat SG-810 and AV and Websense TRITON
- Experience with Network Access Control CounterACT
- Experience with Packet Sniffers Wireshark/TCPDump
PROFESSIONAL EXPERIENCE:
Confidential
SOC/IDS Analyst
Responsibilities:
- Worked with SPLUNK Enterprise Security to monitor alerts, research/mitigate threats coming into the network. Performed deep dive packet analysis using Http:Stream to investigate threats and malicious traffic across the network.
- Worked with the DELL SOC in Plano, TX to identify vulnerabilities and threats..
- Request for suspicious IP blocks by scanning and probing the network.
- Compare and research malicious IPs on websites such as IPVOID,CIARMYandSQUIDLIST.
- Monitor and react to insider threats.
- Monitor firewall logs and research problems.
Confidential
Intrusion Detection Analyst
Responsibilities:
- Worked in a 24/7 SOC.
- Monitored incoming intrusion alerts utilizing Sourcefire, SNORT IDS and SPLUNK SIEM.
- Identified malware, botnets, and viruses in the network.
- Worked with FireEye malware analysis to research and remediate.
- Monitored and reported DOS Spikes.
- Investigated incidents and malware attacks on the network.
Confidential
Cyber Security Analyst
Responsibilities:
- Assisted in running network scans with Confidential as well as application/database scans with DbProtect.
- Applied and updated patches.
- Maintained SNORT sensors, made sure they were working correctly and updated rules.
- Worked with Confidential 'S Tivoli/BigFix to monitor and update patch systems.
Confidential
Vulnerability Assessment
Responsibilities:
- Conducted scans using external network.
- Conducted reconnaissance on the network.
- Researched attacks and different exploits using Exploit - DB.
- Ran vulnerability tools such as Confidential against the network.
- Performed client side attacks.
Confidential
Security Analyst
Responsibilities:
- Intense monitoring of network traffic using ArcSight SIEM.
- Worked with and monitored a variety of channels within ArcSight from different security events. Creating Channels and using ArcSight s tools to investigate incidents.
- Correlated events with SPLUNK and Symantec SIM to weed out false positives and identify real threats and intrusions internally as well as externally.
- Worked with the government Watch Officer (WO) to tackle intrusions, virus outbreaks and incidents.
- Wrote up reports on incidents or any harm inflicted upon the Senate s network including malware/spyware.
- Worked with Mcfee EPO to view alerts and correlate events.
Confidential
Network and Host Based Intrusion Detection Consultant
Responsibilities:
- Installation and maintenance of SNORT IDS on Linux Cent OS, monthly rule updates, and worked with SQL database to backup alerts.
- Monitored BASE and its alerts.
- Scrutinized network traffic.
- Took a snapshot of the Confidential three times per week using tcpdump and analyzed the captured packets with Wireshark as well as presented the findings to the customer.
- Looked for any suspicious or malicious traffic internally and externally.
- Made recommendations for the findings, what rules and which ones to be turned on within the IDS.
- Tested the rules to see if they actually worked or triggered alerts in BASE.
- Analyzed data from Host - Based IDS AIDE (Advanced Intrusion Detection Environment).
Confidential
Intrusion Detection/Prevention Engineer
Responsibilities:
- Provided front - line analysis for defending and protecting Department of the Interior BIA(Bureau of Indian Affairs) network.
- Supported the BIA s 24/7 CSIRT/SOC data center.
- Used ArcSight to monitor, read and interpreted Check Point IPS-1 alerts and consoled for suspicious/malicious activities.
- Tuned and filtered out alerts/signatures to further reduce false positives.
- Identified and recognized attack signatures.
- Isolated, identified and contained incidents and prioritized them by the DOI s policies and standard procedures.