We provide IT Staff Augmentation Services!

Cyber Technology & Risk - Incident Responder Resume

Cincinnati, OhiO

SUMMARY:

An Information Security professional with a wide range of IT experience, highly effective at network security monitoring, intrusion detection systems, and remediation. An affable and team - oriented analyst, with proven strengths in verbal and written communication, and thinking outside of the box. Additional skills in IBM OS/390 and Z/OS Mainframe monitoring, software, and tape library management.

SKILLS:

  • Ubuntu/Arch Linux desktops Snort/Suricata - Intrusion detection systems (IDS)
  • McAfee ePO Snort GUI interface - Sguil / SplunkES
  • Splunk Fireeye and Cuckoo malware analysis sandbox
  • RT (Request Tracker) PFSense / OPNSense - Open source router firmware
  • Service Now Wireshark
  • OS/390 and Z/OS StorageTek and IBM tape systems
  • CA1/RMM Candle Omegamon

EXPERIENCE:

Confidential, Cincinnati, Ohio

Cyber Technology & Risk - Incident Responder

Responsibilities:

  • Created a small shell script that automated the pulling of email, attachments, and sandbox analysis, which significantly reduced the time needed to process phishing attempts.
  • Made recommendations for and assisted with the Implementation of a secure, open source, and locally hosted chat solution for team based collaboration. Evaluated an instance at home, and through combined efforts with another team member, was able to roll out a production instance in only a couple hours, much to the satisfaction of our analysts.
  • Instrumental in efforts to develop new-hire documentation, such as ticketing examples, procedures, malware analysis, and intrusion detection system overview. The documentation reduced the amount of time for new team members to begin their analyst role
  • Achieved an overall average of 90% or greater for the 30-minute SLA given for the analysis of Critical alerts.
  • Established continuity among Cincinnati contractors by establishing a regular weekly meet-up at a central location. Analysts could discuss concerns, analysis techniques, policy and procedural changes, and exchange ideas, to further develop our roll as analysts.
  • As part of the Phantom project, contributed knowledge of technical procedures, and giving insight for the automation of tasks such as Phish analysis and removal, host quarantine, file collection for analysis, and automated ticket creation.

IT Risk

Incident Coordinator

Responsibilities:

  • Reduced the amount of unhandled tickets by 40% during the first two weeks of the role, by developing a rapport with the business teams, and regularly pulsing them for updates.
  • Trained analysts in user-submitted spam and phish response procedures, and developed a strategy that ensured timely and accurate analysis of samples.
  • Utilizing training gained during the migration from Kintana to the Service now ticket system, was able to provide training and documentation to the team. This enabled a quick transition to the new system with little to no delay in processing and handling of requests and incidents.

Operations Support Specialist

Confidential

Responsibilities:

  • Reduced the time needed to engage the customer and support teams, by creating a checklist of first steps, management escalation contacts, support team on-call schedules, and vendor engagement procedures.
  • Provided after-hours support for the GE Capital server migration from SAN to internal disk, estimated to take several months to complete. Worked with support teams to remove and replace hardware components, reducing migration time from months to just under six weeks.
  • Built a temporary server to provide an environment for a data recovery service to recover data on multiple disks containing a large database that had been accidentally wiped. Data recovery was successful, and rather than shipping the disks to the recovery technicians, recovery was able to be done onsite, bringing the customer back into production in less than 16 hours.
  • Assisted with establishing an offsite backup of the command center, mirroring the hardware and resources of the primary command center. During a severe datacenter outage, operations can be resumed at the alternate site, preventing significant delays in service to customers.

Lead Operator

Confidential

Responsibilities:

  • Created and maintained a spreadsheet with a layout of all tape libraries and StorageTek silos, as well as tape drive serial numbers enabling faster response to system tape requests and aiding vendors with locating hardware.
  • Was a key member of the documentation team, creating technical documentation guide operators in troubleshooting system problems, performing server maintenance, and engaging vendor support for diagnostics and hardware replacement.
  • Created a backup solution for the team, using a spare PC and external storage, backing up disaster recovery documents, technical documents, and our CD-Media library database. In case of an outage in the building, the team would be able to remove the external drive and take the backups to be used at another location.
  • Worked closely with vendors, to became familiar with HP and Dell server hardware and diagnostic tools. During server outages, would be an onsite hands-and-eyes support for the vendor, troubleshooting while they were in transit. Being able to perform these tasks, would reduce outages from several hours to an hour or less in many cases.
  • Prevented an outage where a mainframe LPAR had high CPU utilization, impacting other LPARS in the sysplex. Unable use the master console due to it being unavailable, was able to issue commands from another system in the sysplex, releasing resources and returning the system to a normal state.

Hire Now