PROFESSIONAL SUMMARY:

• 10 years of experience in Cyber Security, Networking, Security audit, security assessments, Risk Management, Security Awareness and Training, and Information Systems Management.
• Experienced in the creation of reports on Cyber Security events and Vulnerabilities found in vulnerability assessment scans using tools such as (Nessus, OpenVAS, Retina CS).
• Investigated and analyzing Cyber Security events found in vulnerability scans and suggest countermeasures to mitigate the threats.
• Penetrated tested systems and networks for vulnerabilities and auditing by performing Footprinting and Scanning using tools such as Nmap, Hping3, Whois lookup, Path Analyzer Pro, OpUtils, Google hacking.
• Skilled in finding Cyber Security vulnerabilities and risks in computer networks and resolve those vulnerabilities by ensuring patch management, security in - depth, and updating systems.
• Performed security assessments and audits for compliance with the NIST Risk Management Framework.
• Followed Incident Response Plan to mitigate system breach, document findings, and perform post-incident analysis to update the Incident Response Plan.
• Performed Access Control Identity Management, Penetration Testing, Vulnerability Assessment, SOC Analysis, Incident Response, and Threat Mitigation.
• Experienced in evaluating systems for Cyber Security best-practices and vulnerabilities by performing systems Footprinting and scanning with tools such as Whois Lookup, DNSstuff, Social Engineering Toolkits.
• Experienced in performing log analysis, intrusion detection/prevention, and incident management as SOC Analyst by reviewing alerts from various SIEM tools.
• Hands-on experience in using tools such as IDA Pro, ArcSight, Splunk, LogRhythm, AlienVault, Nessus, Wireshark, ForgeRock, Tcpdump, and Nmap.
• Skilled in collecting network traffic and perform analysis from network devices such as Firewall, IDS/IPS, Antivirus, Switches, and Router traffic through Log and Event-based on TCP/IP.
• Experienced with AWS Cloud Security and architectural technology.
• Experienced in monitoring systems for any anomalies, proper updating, and patch management by taken systems baseline.
• Proficient in using encryption and hashing tools such as the MD5 online tool, Hash Calc, and Crypto Demo.
• Experienced in malware analysis including viruses, worms, trojans, botnets, and rootkits using both static and dynamic analysis.
• Good background knowledge on common protocols such as HTTP, FTP, SSH, DNS, DHCP, SNMP, SMB, TLS, SSL.
• Expert in using applications such as Microsoft Office Suite/365 (Word, Excel, PowerPoint).
• Skilled in Networking protocols and packet analysis tools, Computer Networking and TCP/IP stack

TECHNICAL PROFICIENCIES:

Wireshark

NMAP

Burpsuite

Email Tracker Pro

Web-stat

Whois

Protocol Analyzer

Nessus

Saint

AirCrack-ng

Hashcat

Zenmap

Netcraft

Shodan

Geo IP Lookup tool

Ettercap

Hping3

Splunk

ArcSight

LogRhythm

HIPPA

NIST 800 SERIES

SOX

COBIT

RMF

MyDNSTools

DIG

Path Analyzer Pro

Maltego

Recon-ng

Netscan Tool Pro

Colosoft ping tools

Proxy Switcher

OpManager

Netcat

AirCrack

John the Ripper

OpUtils

Engineer Toolset

Kismet

Cain and Abel

Security Onion

Kali

Mac OS

Windows Server Desktop Editions

Snort

Sourcefire

TippingPoint

AlienVault

Advanced Threat Protection (ATP)

PROFESSIONAL EXPERIENCE:

Confidential, Richmond, VA

SOC Analyst

Responsibilities:

• Duties include monitoring alerts and network activity across the company’s computing infrastructure. Implement policy, encourage awareness, and deliver guidance to reduce risk and exposure.
• Monitored network traffic for security events and perform triage analysis to identify security incidents with respect to Confidentiality, Integrity, and Availability.
• Responsible for detecting successful and unsuccessful intrusion attempts through analysis of relevant event logs and supporting data sources by utilizing SIEM tools such as Qradar and Splunk Enterprise.
• Experienced in working with AWS cloud security.
• Installed and configured of network security devices such as Firewall Palo Alto (Suite), Routers, Switches, IDS/IPS using McAfee Endpoint, Symantec Endpoint, Carbon Black, and Servers.
• Monitored, analyzed, and interpreted network traffic alerts using SIEM tools
• Skilled in how to collect security logs, application logs, system logs and monitors privileged users to mitigate threats
• Monitored network traffic for suspicious activity by continuous monitoring with various security tools (e.g., Wireshark, Tcpdump, Splunk, ArcSight) to identify potential incidents, network intrusions, and malware events.
• Monitored systems, identifying, studying, and resolving all instances/events reported by various SIEMs alerts (SourceFire, Tipping Point).
• I analyzed and researched large sets of logs on end devices to detect potential malicious activities.
• Conducted system security evaluations and assessments, documented and reported security findings using NIST 800 guidance per the continuous monitoring requirements.
• Provided scanning of range operating systems and test beds using SCAP compliance tool and Nessus vulnerability scanner for independent security analysis.
• Monitored systems, detecting, analyzing, and resolving all incidents/events reported by various SIEM tools.
• Performed security control assessment of all assigned systems, developed test plans and assessment reports in support of information security policy.
• Streamlined the phishing analysis to an almost analyst-free experience.
• Applied understanding the function and content of information security policies, standards, procedures, and practices as well as threats, risks and vulnerabilities at a functional level.
• Experienced in working with Azure cloud.
• Responded to computer security incidents by collecting, analyzing, providing detailed evidence (network log files), and ensure that incidents are recorded and tracked in accordance with its guideline and requirements.
• Participated in the creation of enterprise security documents (policies, procedures, standards, guidelines, and playbooks) under the direction of the Chief Information Security Officer.
• Assisted I.T staff with understanding and resolving system vulnerabilities.
• Conducted risk assessments and collaborated with Management and technical team to provide recommendations regarding any changes that were being implemented on assigned systems.
• Performed and analyzed vulnerability scan reports and worked with stakeholders to establish plans for sustainable resolutions.
• Completed tasks such as researching and identifying security vulnerabilities on the networks and systems.
• Used vulnerability analysis tools such as Nessus to run scans on operating systems.
• Monitored controls post authorization to ensure continuous compliance with the security requirements by evaluating vulnerabilities through Nessus scan results and work with the IT staff for mitigation actions.
• Reviewed the PAOM in order to validate the items uploaded in the POAM tracking tools support the closed findings and coordinate promptly with stakeholders to ensure timely remediation of security weaknesses.
• Researched emerging threats and vulnerabilities to aid in the identification of network incidents.
• Implemented deep drive analyses on alerts received from Splunk and took actions on remediation process.

Confidential, Virginia Beach, VA

Information Security Analyst

Responsibilities:

• Responsibilities consisted of leveraging security best practices, applications and controls for the system and network security to protect against threats and vulnerabilities
• Conducted risk assessments and collaborated with Management and technical team to provide recommendations regarding any changes that were being implemented on assigned systems.
• Performed and analyzed vulnerability scan reports and worked with stakeholders to establish plans for sustainable resolutions.
• Completed tasks such as researching and identifying security vulnerabilities on the networks and systems.
• Used Nessus to run scans on operating systems.
• Monitored controls post authorization to ensure continuous compliance with the security requirements by evaluating vulnerabilities through Nessus scan results and work with the IT staff for mitigation actions.
• Performed threat and vulnerability analysis and providing warnings of anticipated exploitation.
• Executed security monitoring and reporting, analyzing security alerts, and escalate security alerts to local support teams.
• Monitored and tracked security vulnerabilities to ensure affected systems are patched.
• Monitored servers, network gears, and applications in the operation center environment.
• Experienced in analyzing phishing emails when detected, analyze malicious links and attachments, analyze user impact via Splunk, remove phishing emails from exchange servers and block unwanted URL/IP Address.
• Managed development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.
• Perform Vulnerabilities Testing and Risk Assessment to prioritize risks and suggest actions.
• Used Wireshark as sniffer tool for troubleshooting and inspecting packet.
• Evaluated a range of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to ascertain the correct remediation actions and escalation paths for each incident.
• Developed, implemented, and enforced network security procedures consistent with security policies.
• Worked on different networking concepts and routing protocols like OSPF, RIP, BGP, DHCP, DNS, and other LAN/WAN technologies.
• Analyzed expanding network, ran fiber, and implemented wireless communication networks such as 802.11a, 802.11b, 802.11g, 802.11n and 802.11ac.
• Maintained and managed devices using monitoring tools like Nagios, SNMPv3, and resolving issues effectively.
• Resolved all IP network issues to reduce waste and downtime using ICMP tools such as Ping, IP Config, Nbtstat, Netstat, Tracert, etc
• Performed Ethical Hacking on company network for vulnerabilities, auditing, verifying security controls, exploitation, and generating reports.
• Performed security testing and analysis to identify vulnerabilities and violations of information security.
• Monitored and analyzed Intrusion Detection Systems (IDS) alerts to identify security issues for remediation.
• Used a safe browser to browse the internet intelligently and safely without executing malicious files or content.
• Assessed security patch implementation according to the patch management program on servers, workstations, and network environments for adequacy and efficiency.
• Handled updates for anti-virus software on systems.
• Worked as a key member on exclusive teams within a SOC that was committed to resolving complex threats, and security issues, where I specialized in network-based solutions for preventing attacks.

Confidential, Los Angeles, CA

Security Operations Analyst

Responsibilities:

• Supported day to day data security operations.
• Monitoring security patch levels of the servers, workstations and network environments, and anti-virus systems.
• Performed proactive network monitoring and threat analysis.
• Recommended and addressed the acceptability of the software products for continuous monitoring project.
• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.
• Assisted in planning, development and security of a system that aims to establish a security infrastructure.
• Developed and maintained security Implementation policies, procedures and data standards.
• Executed security data management plans for the design and implementation of data collection, scheduling and review clarification and reporting systems.
• Experience investigating, capturing, and analyzing events related to cyber incidents
• Documented and logged technical incident detail for future reference.
• Developed and implemented a complete restructure of security groups to more effectively manage domain permissions to resources.
• Assessed business process to identify potential risks.
• Experience researching emerging cyber threats to understand and present hacker methods and tactics, system vulnerabilities, and indicators of compromise
• Analyzed log data from SIEM tools such as Splunk, and WireShark to identify threats and vulnerabilities on the network to prevent cyber security incidents.
• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.
• Monitored the general support system for vulnerabilities and threats including patch management, weak password settings, and weak configuration settings.
• Managed Security Assessment and Authorization (SA&A) process to support continuous monitoring activities in accordance with NIST and FISMA requirements and guidelines.
• Reviewed and analyzing log files to report any unusual or suspect activities.
• Worked with system data including but not limited to security event logs, system logs, proxy and firewall logs.
• Assisted in deploying network monitoring and threat analysis.
• Monitored the TCP / UDP / IP traffic and turned off ICMP protocol on servers that contained confidential business data.
• Reviewed cybersecurity controls to determine if the controls were implemented correctly.
• Trained users with Cloud migration, Acceptable use policy, Systems Updating, Patch Management, Social Engineering awareness and training, Password best practices, Handle Emails, Endpoint protection, Encryption, Hashing, Network Defends, etc.
• Distributed weekly security status reports to executives.
• Executed incident response within the incident response development (detection, triage, analysis, mitigation, reporting, and documentation).
• Responsible for change management procedures by auditing and evaluating change management logs for accountability.
• Organized application teams to implement encryption and tokenization solutions for level six processes on the OSI model.
• Experienced knowledge of network devices (Cisco routers and checkpoint security solutions).
• Assisted in Incident Response and systems recovery to mitigate threats
• Monitored traffic for anomalies based on alerts received from various sources, triggers, and tickets generated by internal government staff and endpoint devices.
• Assessed and analyzed log files to report any unusual or suspect activities.
• Designed and continuously upgraded standard operational processes used by the SOC.
• Identified and assessed applicable risks, determining appropriate mitigating actions, developing a Cyber Supply Chain Risk Management (C-SCRM) Plan to document selected policies and mitigating actions, and monitoring performance against the Plan.
• Focused on increasing visibility and control over the organization, partners, suppliers, and customers.
• Ensured Supply chain security by applying end-to-end process encryption across the entire supply chain and providing enhanced systems assurance and safe working environment.
• Tracked and traced programs through established sources of all parts, components, and systems.
• Ensured that Security requirements are included in every Request for Proposals (RFP) and contract documents.
• Managed selected vendors in the formal supply chain, are educated and address any vulnerabilities and security gaps
• Implemented security policies and controls with respect to vendor products that are either counterfeit or do not match specifications