SUMMARY

• Experience as a Cyber Security Expert.
• Log aggregation, data analysis, Confidential queries, dashboard design, correlation queries.
• Set up and configure Confidential ES along wif monitoring and reporting using Confidential dashboards.
• Configure Confidential in tandem wif Snort for a comprehensive SIEM (IDS/IPS).
• Use log data from SIEM tools ( Confidential, AlienVault) to conduct analysis of Cyber Security incidents.
• Conduct detailed vulnerability analysis and provides support documentation to per NIST Risk Management Framework.
• Understand control types (administrative controls, technical controls, physical controls).
• Implement virtualization using VMWare, Virtual Box.
• Use command - line tools in Linux, Windows OS, and various tools such as Nessus and Nmap.
• Experience in Network Intrusion detection/Intrusion Prevention System and Firewalls.
• Responsible for SIEM systems, rules, and actions in Snort for incident response and set alerts to intrusion attempts.
• Experience implementing & managing Data Loss Prevention.
• Perform network traffic analysis using Wireshark and manages Firewall Vulnerability wif pfSense firewall manager.
• Adheres to NIST guidelines in continuous monitoring as part of Cyber Security program.
• Enforces Cyber Security best practices per NIST guidelines and SOC procedures.
• Execute risk-based Cyber Security audit programs, to assess teh design and TEMPeffectiveness of key technology and/or security controls for critical systems and processes.
• Knowledgeable of IAM Concepts and IAM Models; Access Protocols and Account Practices.
• Knowledgeable about Kerberos Authentication Protocol.
• Risk mitigation and use of necessary controls proactively address vulnerabilities and threats, through intrusion detection, controls and security assessment and training.
• Familiar wif various cyber security tools including, Confidential /Snort IDS/IPS, Nessus, Wireshark, and Metasploit.
• Expertise in Mobile Security and Access Control Identity Management.
• In-depth understanding of attack scenarios and common vulnerabilities.
• Active in continuously updating knowledge wif new security procedures and protocols and adapting to rapid changes in teh security landscape.
• Skilled in use of Symantec Endpoint Protection (SEP) and PfSense.
• Access Control Identity Management, Penetration Testing, Vulnerability Assessment, SOC Analysis, Incident Response and Threat Mitigation.
• Experience wif policy exceptions wif management of Business Unit requesters.
• Experience in risk mitigation and deployment of necessary controls proactively address vulnerabilities and threats, through intrusion detection, controls and security assessment and training.
• Use of different Vulnerability Assessment and Penetration Testing (V.A.P.T.) tools.
• Use of Cyber Kill Chain and Diamond Model in threat intelligence.
• Support of security compliance initiatives and assessments including responses to client security organization audits, questionnaires.
• Strong analytical skills, including teh ability to problem solve to make value-added control recommendations.
• Understanding wif software and security architectures as well as Intranet and Extranet security practices.
• Experience developing Incident Response Playbooks/Incident Response Plans (IR Plans).
• Experience coordinating annual security exception review process.
• Risk Management using NIST guidelines, Security Assessment and Testing, and Continuous Monitoring.
• Skillful use of industry tools for traffic monitoring such as WireShark and PFSense.
• Assisted wif teh development of Incident Response Plans (IRP) and implemented tools for each stage.
• Skilled in analysis of results of security, vulnerability, and risk management assessments.
• Analyze cyber security controls and how they align to business objectives.
• Analyze, monitor, and identify security risks to determine their impact.
• Trained users on risks, social engineering, security controls and best practices to ensure security and safety of assets.
• Experience in NIST Compliance, Security Management and Operations, Vulnerability Assessment, Risk Management Framework, Incident Response, Monitoring, Threat Detection and Mitigation.
• Understanding of electronic investigation, forensic tools, and methodologies. Including: log correlation and analysis, forensically handling electronic data, knowledge of teh computer security investigative processes.

TECHNICAL SKILLS

Programming: HTML, PHP, Advanced C++, C#, Visual Studio, MATLAB, API, MySQL

Scripting Languages: JAVA, Python, PowerShell, Bash

Networking: SSL/TLS, DHCP, OSI Model, DNS, TCP, UDP, HTTP, PHP, HTML, CSS, SML, Wireshark, Nmap, Cisco

Software: Microsoft Office Suite, PDF, Active Directory, VMware, Weka, vSphere, NetworkMiner

Operating Systems: Windows, MacOS, Linux, Unix, CentOS, Red Hat, Kali Linux

Technologies: DNS, DHCP, Windows Desktop Environment, Windows Servers Systems, Backup, Recovery, Testing

SIEM Tools: Confidential, Qradar, AWS Guard Duty, Azure Sentinel, Alien Vault, and ArcSight

Threat Hunting Tools: Confidential, Confidential, FireEye

Vulnerability Management Tools: Nessus, Qualys, AWS Inspector, Azure Security Center, Rapid 7, Tenable IO

Risk Management and Auditing Tools: Archer, ServiceNow GRC, Netwrix

Cloud Platforms: Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP)

Amazon Web Services (AWS) Resources: Guard Duty, Cloud Trial, Cloud Watch, Inspector, IAM, VPC, S3.

Microsoft Azure Resources: Azure Security Center, Sentinel, Active Directory, Log Analytics Workspace.

Frameworks: NIST Cybersecurity Frameworks, COBIT, SOX, HIPAA, PCI - DSS, ISO / IEC.

Firewalls: Palo Alto, Cisco Meraki, AWS Firewall, AWS WAF, Azure Firewall, Azure WAF

PROFESSIONAL EXPERIENCE

Cyber Security Subject Matter Expert

Confidential, Englewood, Colorado

Responsibilities:

• Acted as a primary resource and provide detailed/hands-on support to teh Cyber Security Engineers working on project at client sites through teh United States of America and United Kingdom.
• Prepared training modules to mock interview situations to enhance teh learning process provided by teh company and provided mentorship to ensure value-add at client site.
• Interacted wif teh company’s Executives to ensure dat projects and employees are appropriately matched to assignments.
• Interviewed Cyber Security Engineers to halp wif teh development and Implementations of Cyber Security.
• Responsible for teh design, development, and maintenance of teh company’s Cyber Security training materials.
• Assisted in training and cyber security awareness to organization staff.
• Applied qualitative and quantitative risk assessment methods.
• Identified and modeled information and network security risks.
• Controlled Identity and Access Management for all users in teh organization by assigning them wif access and privileges based on teh groups and assigned licenses.
• Articulated information security risks as business consequences based on teh impact and likelihood of risk to be reduced to an acceptable level.
• Supported all technical subject matters on Cyber Security, while also overseeing information assurance internally.
• Used in Advanced threat protection, PKI, and Cryptography.
• Experienced wif Endpoint Detection and Response, Software integrity, Access control, and volume forensics, Authentication, File encryption, Volume encryption, Network monitoring, POP, DNS, Email security, Network crypto, and Certificates.
• Used top Frameworks and Standards (NIST/ITIL/ PCI DSS/ISO/CIS)
• Experienced in using SIEM Tools ( Confidential, Qradar, AWS Guard Duty, Azure Sentinel, Alien Vault, and ArcSight)
• Performed incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts.
• Responsible for making suggestions to change playbooks to keep up wif teh changing threat landscape.
• Fine-tuned and analyzed SIEM and its events to identify trends and potential vulnerabilities.
• Produced advisory reports regarding 0-day exploits, CVE vulnerabilities, current network.
• Hands-on SIEM tools to protect organization from threats and cyber security attacks. Also, created, and modified Use cases for Confidential .
• Evaluated, recommended teh acquisition of, implemented, and disseminated IT security tools, procedures, and practices to protect information assets.
• Responded to intrusions and threats detected by endpoint security tools.
• Performed security vulnerability assessments and penetration tests to ensure environment and data were secure as well as satisfying regulatory compliance requirements.
• Met wif respective Business OU to discuss updates to DLP policies and rules.
• Performed log correlation analysis using Confidential and implemented risk and threat mitigation processes.
• Responded to computer security incidents and coordinated efforts to provide timely updates to multiple business units during response.
• Utilized Confidential to support dashboard, report, and other capabilities to support teh Cyber Security Program.
• Monitored and analyzed SIEM events to identify trends and potential vulnerabilities.
• Collaborated wif system owners, senior management (CIO, CISO etc.,) and executive leadership to determine remediation strategies. Experience in Office 365 Protection to investigate and remediate phishing threats.
• Assisted I.T staff wif understanding and resolving system vulnerabilities.
• Conducted risk assessments and collaborated wif Management and technical team to provide recommendations regarding any changes dat were being implemented on assigned systems.
• Performed and analyzed vulnerability scan reports and worked wif stakeholders to establish plans for sustainable resolutions.
• Completed tasks such as researching and identifying security vulnerabilities on teh networks and systems.
• Used Nessus to run scans on operating systems and applications to identify vulnerabilities and compliance.
• Monitored controls post authorization to ensure continuous compliance wif teh security requirements by evaluating vulnerabilities through Nessus scan results and work wif teh IT staff for mitigation actions.

Cyber Security Engineer

Confidential, Armonk, New York

Responsibilities:

• Used log data from SIEM tools ( Confidential and Qradar) to conduct analysis of cyber incidents.
• Analyzed log data from SIEM tools such as Confidential, and WireShark to identify threats and vulnerabilities on teh network to prevent cyber security incidents.
• Created a detailed Incident Report (IR) and contribute to lessons learned and mitigations for future attacks of a similar nature.
• Documented policies and procedures in support of Risk Management Framework (RMF) process.
• Worked wif security compliance policies, programs, processes, and metrics.
• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.
• Monitored teh general support system for vulnerabilities and threats including patch management, weak password settings, and weak configuration settings.
• Reviewed teh PAOM to validate teh items uploaded in teh POAM tracking tools supported teh closed findings and coordinated promptly wif stakeholders to ensure timely remediation of security weaknesses.
• Conducted system security evaluations and assessments, documented, and reported security findings using NIST 800 guidance per teh continuous monitoring requirements.
• Researched emerging threats and vulnerabilities to aid in teh identification of network incidents.
• Implemented deep drive analyses on alerts received from Confidential and took actions on remediation process.
• Participated in teh creation of enterprise security documents (policies, procedures, standards, guidelines, and playbooks) under teh direction of teh Chief Information Security Officer.
• Performed incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts.
• Evaluated, recommended teh acquisition of, implemented, and disseminated IT security tools, procedures, and practices to protect information assets.
• Responded to intrusions and threats detected by endpoint security tools.
• Performed security vulnerability assessments and penetration tests to ensure environment and data were secure as well as satisfying regulatory compliance requirements.
• Met wif respective Business OU to discuss updates to DLP policies and rules.
• Performed log correlation analysis using Confidential and implemented risk and threat mitigation processes.
• Responded to computer security incidents and coordinated efforts to provide timely updates to multiple business units during response.
• Utilized Confidential to support dashboard, report, and other capabilities to support teh Cyber Security Program.
• Monitored and analyzed SIEM events to identify trends and potential vulnerabilities.
• Worked wif cross-functional teams to ensure compliance wif SOC Team Cyber Security Risk Management procedures throughout teh system.
• Worked wif NIST Compliance, Security Management and Operations, Vulnerability Assessment, Risk Management Framework, Incident Response, Monitoring, Threat Detection and Mitigation.
• Worked wif IT teams to assess weaknesses, identify solutions and develop security policies.
• Completed Threat Intelligence using Cyber Kill Chain, MITRE Attack Framework and Diamond Model.
• Delivered accurate and expedient handling of end-user support requests.
• Created, maintained, and enforced Information Security Policies and Procedures in compliance wif PCI-DSS regulations and NIST cyber security best practices.
• Identified and evaluated foreign communications for intelligence purposes, mission support and teh handling of classified communications for threat intelligence.
• Conducted open-source research to find new threats and IOCs.
• Applied understanding teh function and content of information security policies, standards, procedures, and practices as well as threats, risks, and vulnerabilities at a functional level.
• Adhered to Response Playbooks/Incident Response Plans (IR Plans) used by SOC team, wrote threat reports, and manage recommendations wif effected stakeholders.
• Used NIST Risk Management Framework as a basis for SOC team Cyber Security guidelines such as Continuous Monitoring.
• Created a formal Cyber Weekly Report for reporting to Senior Management/Executives.
• Provided Cyber Security support for complex computer network exploitation and defense techniques and conducted e-mail analysis on suspicious e-mails.
• Implemented processes to capture both current and historical audit findings to identify systemic failures and patterns for corrective action.
• Performed periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external web integrity scans to determine compliance.

SOC 3 Threat Hunter

Confidential, Austin, Texas

Responsibilities:

• Coordinated wif application and system owners to onboard applications in Confidential and ensure logging capabilities are functional.
• Provide administrative assistances during incident response.
• Educated other company associates on security best practices.
• Teh locating of malicious software on servers or endpoint symptoms -Use of Tanium and SCCM -Designed and implemented search rules on SIEM.
• Monitoring security patch levels of teh servers, workstations and network environments, and anti-virus systems.
• Monitored and hunted for intrusion and incidents.
• Improved upon organization incident response procedures' mitigation and reaction capabilities by emulation and analysis of network intrusion events and incidents from emerging cyber risks.
• Provided, tracked, and documented threat attribution to incident response and intelligence reporting activities.
• Implemented Confidential for Information System Continuous Monitoring (ISCM).
• Remediation of identified cybersecurity threats and vulnerabilities using Confidential .
• Managed Artifacts and Plan of Action & Milestones (POA&Ms) to ensure correct implementation of controls.
• Evaluated systems covering for Risk Management Framework (RMF).
• Worked wif industry-standard Cyber Security tools for testing, monitoring and investigation such as, Confidential, Nessus, Alien Vault Nmap, WireShark, Metasploit and pfSense.
• Deployed, configured, and maintained Confidential forwarder on different platforms.
• Audited network and security systems including Vulnerability Assessment and Identity Access Management (IAM).
• Audited data location and permissions; verified end user, service, and administrator access to resources.
• Audited EPs to verify compliance wif security controls.
• Performed gap analysis of cybersecurity business & technical solutions
• Analyzed log data and traffic to identify suspicious patterns of activity.

SOC 2 Security Analyst

Confidential, San Francisco, California

Responsibilities:

• Administered Cyber Security continuous monitoring information security program per NIST framework.
• Worked as part of Cyber Security incident Response team as needed, following SOC Incident Response procedures.
• Investigated and resolved Cyber Security incidents and events per SOC team policy and procedures.
• Utilized Confidential dashboards for Cyber Security incident reports in Confidential and halped create automated reports for greater understanding of, and accountability for, Cyber Security issues and Incident Response Plan and Continuous Monitoring in accordance wif NIST 800 series guidelines.
• Used WireShark to troubleshoot and investigate Cyber Security threats.
• Responsible for troubleshooting various indexing issues by analyzing Confidential logs such as splunkd.log, metrics.log ingested as internal index.
• Supported Cyber Security wif SIEM tools such as Alien Vault, NMAP, Confidential, Snort, WireShark, pfSense and Nessus.
• Reviewed AD and SIEM reports for user account creation, onboarding and separation per Cyber Security policy compliance following NIST guidelines.
• Conducted Cyber Security vulnerability scanning and evaluation of controls.
• Automated Cyber Security analysis workflow regarding endpoint detections, sandbox results, email scanning.
• Detected Cyber Security events and reported on all threats dat are directed against systems regardless of classification level or type.
• Reviewed audit logs and provided Cyber Security documentation guidelines to business process owners and management.
• Conducted Cyber Security Awareness Training wif SOC Team for all end-users and management.
• Evaluated teh adequacy of Cyber Security Programs against NIST guidelines and industry best practices.
• Work wif SOC team to provide 24/7 Cyber Security coverage, responding to all alerts per SLAs.
• Stayed abreast of current updates and patches, and ensured all systems were maintained and tested post update/patch implementation.
• Provided technical support for continuous monitoring, computer exploitation and reconnaissance; target mapping and profiling; and network decoy and deception operations in support of computer intrusion defense operations.
• In conjunction wif teh security, deployment, and data management/migration team providing, I led a team dat provided next day solutions for misconfigurations, security issues, security events dat were reported to our office.
• Provided training for medical staff on newly installed solutions and security policies wif regards to guidelines governing a new environment focusing on improved access while still in compliance wif HIPAA regulations.
• I halped to ensure HIPAA security and privacy compliance on networks and devices dat stored and transmitted PHI.
• Secured government requirements to guarantee information security solutions aligned wif HIPAA requirements for critical data assets.
• Used FireEye CMS as a network-based security appliance while at teh VA hospitals to consolidate teh management, reporting a data sharing of web, Email and File malware protection.
• Used Detection on Demand threat detection service to provide end users protection to acquired companies during teh auditing process before full integration.
• Identified and classified PHI data to apply appropriate access controls wifin network systems and end devices and well as to consult on teh policy of least privilege for data access to NPI and PHI.
• Helped to ensure dat information security personnel adhered to and enforced security policies at each location on campus.
• Provided endpoint security on customer facing devices and interfaces at teh VA hospitals during teh transition to digital records being integrated into teh environment.
• As teh transmission of data through different mediums became more prevalent security solutions had to be developed to ensure dat confidentiality, integrity, and availability were maintained.
• Antivirus solutions such as Malwarebytes, and teh Norton suite of product, as well as MDM solutions for mobile devices dat were deployed throughout teh hospital.
• Teh backend infrastructure was updated wif bot IDS and IPS devices to secure data while at rest network segmentation and data containerization was used to better secure data in transit.
• Educated users about HIPAA and cybersecurity best practices.
• Conducted security assessments of interoffice programs IAW ISO 27002, NIST, and DoD frameworks for data privacy.
• Directed and coordinated wif management on security projects to include budget, resource acquisition, and security implementations.
• Researched developing technologies and identified use cases for inclusion into teh security program on campus which included physical security to critical data assets.
• Was responsible for assisting teh SOC team in maintaining SIEM tools, hardware for network security and their configurations, change management, security logging, and assisting in incident response.
• Provided analysis of cybersecurity as well as physical security policies and procedures depending on departments duties and needs.
• Worked closely wif managers and security personnel to ensure dat security policies and controls were TEMPeffective wif provided services, software, hardware, and updates.
• Collaborated wif I.T., Security, Record, and Policies departments on teh best practices for moving from physical to digital records keeping in a continuous production environment while ensuring continuity of service.
• Completed numerous special projects, including Win 7/8/10 deployment and an infrastructure maintenance/update project. Worked wif vendors on asset procurement, company location expansion. Infrastructure needs and security compliance while migrating company assets.
• Worked as teh subject matter expert and team lead on Mac OSX migration.
• Worked wif teh information security team to implement policies and research alternate software to secure mobile devices and Mac hardware in a previously P.C. laptop centric environment.
• Support of machines and peripherals related to teh medical field.
• Provided students and medical professionals wif training on security best practices and security solutions available dat would allow for availability of data while still providing teh necessary level of confidentiality and integrity of data in its different forms/states.

Penetration Tester

Confidential, Waltham, Massachusetts

Responsibilities:

• Participated in teh creation of enterprise security documents (policies, procedures, standards, guidelines, and playbooks) under teh direction of teh Chief Information Security Officer.
• Assisted I.T staff wif understanding and resolving system vulnerabilities.
• Conducted risk assessments and collaborated wif Management and technical team to provide recommendations regarding any changes dat were being implemented on assigned systems.
• Performed and analyzed vulnerability scan reports and worked wif stakeholders to establish plans for sustainable resolutions.
• Completed tasks such as researching and identifying security vulnerabilities on teh networks and systems.
• Used Nessus to run scans on operating systems.
• Monitored controls post authorization to ensure continuous compliance wif teh security requirements by evaluating vulnerabilities through Nessus scan results and work wif teh IT staff for mitigation actions.
• Reviewed teh PAOM to validate teh items uploaded in teh POAM tracking tools support teh closed findings and coordinate promptly wif stakeholders to ensure timely remediation of security weaknesses.
• Conducted system security evaluations and assessments, documented, and reported security findings using NIST 800 guidance per teh continuous monitoring requirements.
• Researched emerging threats and vulnerabilities to aid in teh identification of network incidents.
• Provided scanning of range operating systems and test beds using SCAP compliance tool and Nessus vulnerability scanner for independent security analysis.
• Implemented deep drive analyses on alerts received from Confidential and took actions on remediation process
• Experienced in researching emerging cyber threats to understand and present hacker methods and tactics, system vulnerabilities, and indicators of compromise
• Supported day to day data security operations
• Monitored security patch levels of teh servers, workstations and network environments, and anti-virus systems
• Performed proactive network monitoring and threat analysis
• Recommended and addressed teh acceptability of teh software products for continuous monitoring project
• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation
• Assisted in planning, development and security of a system dat aims to establish a security infrastructure
• Developed and maintained security implementation policies, procedures, and data standards
• Completed tasks such as researching and identifying security vulnerabilities on teh networks and systems.
• Differentiated potential intrusion attempts and false alarms and prioritized response using Confidential and Snort.
• Scheduled a Penetration Testing Plan throughout teh organization and completed all teh tasks in teh given time frame.
• Performed pen tests over different business applications and network devices of teh organization.
• Conducted penetration tests on systems and applications using automated and manual techniques wif tools such as Metasploit, Burp Suite, Confidential App Scan, Kali Linux, and many other open-source tools as needed.
• Worked wif support teams to address findings coz of teh tests.
• Participated in assigned exercises (e.g., COOP, network vulnerability, "red team/blue team", etc.).
• Monitored daily event collection, security intelligence and emerging threat information sources including SIEM, vendors, researchers, websites, newsfeeds, and other sources.
• Analyzed security vulnerabilities and impact of mobile devices on network using mobile device management (MDM) tools.
• Determined cause and researched attack vectors, extent of exposure, and overall risk to environment.
• Demonstrated problem-solving abilities by finding vulnerabilities and risks in computer networks and taking measures to correct or exploit those vulnerabilities.
• Supported threat intelligence gathering, processing, correlation, and analysis.
• Performed Vulnerability Assessments and Penetration Tests using tools such as Burp Suite, Nessus, and Kali Linux.
• Performed security vulnerability assessments and penetration tests to ensure client environments and data are secure as well as satisfying regulatory compliance requirements for such regulations. Burp Suite, DirBuster, Hp Fortify, N-map, SQL Map tools were used as part of teh penetration testing, on daily basis to complete teh assessments.
• Established and improving teh processes for privileged user access request.
• Promoted a new and cost-TEMPeffective Plan against Phishing Attacks and successfully reduced teh volume of phishing mails up to 60%. Conducted attack analysis on teh IDS reports to detect teh attacks and reported teh analysis.