Incident Response, Malware analysis (Static and Dynamic), Root Cause Analysis, Threat Intelligence, SIEM Rule Correlation Creation , Event triage, environment hunts, Cyber Kill Chain, Kali Linux, Wireshark, host and network forensics, McAfee ePolicy Orchestrator, McAfee Enterprise Security Manager, Nessus, Qualys, Linux administration, IP Tables, Bash shell, TCPdump, netstat, pcap file analysis. Encase Forensics, FTK Imager. Familiar with penetration testing and vulnerability assessment practices.
Cyber Intel Analyst
Confidential, Wilmington, DE
- Performed incident response, malware analysis using static and dynamic methods, created and tuned custom rule correlations using intelligence (internal, external, closed and open source). Performed hunts in environment to search for malicious behavior. Performed forensic analysis on hosts to identify malware, extent of malware, and delivery vector.
- Developed intelligent mitigations to prevent future infection.
- Performed Root Cause Analysis and successfully discovered source of entry that allowed Confidential Ransomware into client environment (using available logs and reports).
- Analyzed all intelligence reports.
- Entered indicators into knowledge management system. Performed analysis on new indicators to detect prior compromise.
- Mitigated new indicators within the SIEM. Kept the analyst team informed of major developments in the attacker landscape.
- Assisted with Incident Response.
- Monitored group mailbox.
- Performed triage and investigation of user - reported emails.
- Assisted level 1 analysts with developing their incident triage and analysis skills.
- Backed up Team Lead.
- Performed team lead duties, conducted daily CIRT tag-up when Lead analyst was unavailable.
- Tracked metrics. Assisted lead analyst with tracking CIRT metrics.
- Performed Quality Assurance.
- Reviewed analysis to ensure that other analysts are conducting thorough and sound investigations.
Cyber Threat Intelligence Analyst
Confidential, Newark, DE
- Performed eyes on glass, real-time monitoring and resolution of security incidents within established customer Service Level Agreements from multiple sources including but not limited to events from Security Information Monitoring tools, network and host based intrusion detection systems, firewall logs, system logs (Unix & Windows).
- Monitored and analyzed attempted efforts to compromise security protocols.
- Reviewed computer logs and messages to identify and report possible violations of security.
- Coordinated, documented, and reported on internal investigations of security violations.