SUMMARY

• 10 years of experience in Cyber Security, Networking, Security audit, security assessments, Risk Management, Security Awareness and Training, and Information Systems Management.
• 5 years of experience in Penetration Testing for network vulnerability assessment, web application security testing, threat modelling, network penetration testing, red teaming, blue teaming, forensics, security operations and threat hunting.
• Experienced in the creation of reports on Cyber Security events and Vulnerabilities found in vulnerability assessment scans using tools such as (Nessus, OpenVAS, Retina CS).
• Experience with Pen testing Standard tools including Nessus, Nmap, Qualys, Wireshark WebInspect, AppDetective, Hping, Metasploit, Burp Suite Pro, Aircrack - ng, john the ripper and Kismet.
• Advance working knowledge of Mittre attack model and cyber kill chain to detect advanced persistent threat actors tactics, techniques, and procedures (TTP), and emulate these TTP to assess vulnerability, risk and pen testing.
• Investigated and analyzing Cyber Security events found in vulnerability scans and suggest countermeasures to mitigate the threats.
• Penetrated tested systems and networks for vulnerabilities and auditing by performing Footprinting and Scanning using tools such as Nmap, Hping3, Whois lookup, Path Analyzer Pro, OpUtils, Google hacking.
• Skilled in finding Cyber Security vulnerabilities and risks in computer networks and resolve those vulnerabilities by ensuring patch management, security in-depth, policy implementation and updating systems.
• Performed security assessments and audits for compliance with the NIST Risk Management Framework.
• Followed Incident Response Plan to mitigate system breach, document findings, and perform post-incident analysis to update the Incident Response Plan.
• Performed Access Control Identity Management, Penetration Testing, Vulnerability Assessment, SOC Analysis, Incident Response, and Threat Mitigation.
• Experienced in evaluating systems for Cyber Security best-practices and vulnerabilities by performing systems Footprinting and scanning with tools such as Whois Lookup, DNSstuff, Social Engineering Toolkits.
• Experienced in performing log analysis, intrusion detection/prevention, and incident management as SOC Analyst by reviewing alerts from various SIEM tools.
• Hands-on experience in using tools such as IDA Pro, ArcSight, Splunk, LogRhythm, AlienVault, Nessus, Wireshark, Q-Radar, ForgeRock, Tcpdump, and Nmap.
• Skilled in collecting network traffic and perform analysis from network devices such as Firewall, IDS/IPS, Antivirus, Switches, and Router traffic through Log and Event-based on TCP/IP.
• Knowledge with industry standard security and Pen testing tools such as AppScan, Web Inspect, Burp Suite, Nessus, Nmap, Metasploit, Accunetix, Qualys, ZAP
• Experienced with AWS Cloud Security and architectural technology.
• Experienced in monitoring systems for any anomalies, proper updating, and patch management by taken systems baseline.
• Proficient in using encryption and hashing tools such as the MD5 online tool, Hash Calc, and Crypto Demo.
• Experienced in malware analysis including viruses, worms, trojans, botnets, and rootkits by performimg both static and dynamic analysis.
• Good background knowledge on common protocols such as HTTP, FTP, SSH, DNS, DHCP, SNMP, SMB, TLS, SSL.
• Expert in using applications such as Microsoft Office Suite/365 (Word, Excel, PowerPoint).
• Skilled in Networking protocols and packet analysis tools, Computer Networking and TCP/IP stack

TECHNICAL SKILLS

• Wireshark
• NMAP
• Burpsuite
• Email Tracker Pro
• Web-stat
• Whois
• Protocol Analyzer
• Nessus
• Saint
• AirCrack-ng
• Hashcat
• Zenmap
• Netcraft
• Shodan
• Geo IP Lookup tool
• Ettercap
• Hping3
• Splunk
• IBM Qradar
• ArcSight
• LogRhythm
• HIPPA
• NIST 800 SERIES
• SOX
• COBIT
• RMF
• ISO27001
• MyDNSTools
• Volatility
• Path Analyzer Pro
• Maltego
• Recon-ng
• X-Ways
• Colosoft ping tools
• Proxy Switcher
• OpManager
• Netcat
• AirCrack
• John the Ripper
• OpUtils
• Engineer Toolset
• Kismet
• Cain and Abel
• Security Onion
• Linux/Kali
• Mac OS
• Windows Server Desktop Editions
• Snort
• Sourcefire
• TippingPoint
• AlienVault
• Advanced Threat Protection (ATP)
• CrowdStrike
• Carbon Black
• McAfee endpoint
• Sementic Endpoint

PROFESSIONAL EXPERIENCE

Confidential, Atlanta, GA

Cyber Security Engineer / Pen Tester

Responsibilities:

• Monitored network traffic for security events and perform triage analysis to identify security incidents with respect to Confidentiality, Integrity, and Availability.
• Responsible for detecting successful and unsuccessful intrusion attempts through analysis of relevant event logs and supporting data sources by utilizing SIEM tools such as Qradar and Splunk Enterprise.
• Experienced in using Splunk phantom as a Security Orchestration, Automation and Response (SOAR) tool for effective and efficient response to incident.
• Installed and configured of network security devices such as Firewall Palo Alto (Suite), Routers, Switches, IDS/IPS using McAfee Endpoint, Symantec Endpoint, Carbon Black, and Servers.
• Monitored, fine-tuned, creating dashboard, asset inventory and visibility of events using SIEM tools
• Skilled in how to collect security logs, application logs, system logs and monitors privileged users to mitigate threats
• Monitored systems, identifying, studying, and resolving all instances/events reported by various SIEMs alerts (SourceFire, Tipping Point).
• I analyzed and researched large sets of logs on end devices to detect potential malicious activities.
• Conducted system security evaluations and assessments, documented and reported security findings using NIST 800 guidance per the continuous monitoring requirements.
• Experienced in threat hunting and Advanced Persisted Threat detection using Mitre Attack framework and Cyber kill chain
• Monitored systems, detecting, analyzing, and resolving all incidents/events reported by various SIEM tools.
• Performed security control assessment of all assigned systems, developed test plans and assessment reports in support of information security policy.
• Use Proofpoint email gateway in addition with DMARC, SPF and DKIM to prevent senders and receivers of emails from spam, spoofing, spyware, and phishing.
• Applied understanding the function and content of information security policies, standards, procedures, and practices as well as threats, risk and vulnerabilities at a functional level.
• Experienced in using Identity and Access Management (IAM) tools to manage groups, users, and applications to enforce access control, policies, compliance, and least privilege to protect confidentiality, integrity.
• Responded to computer security incidents by collecting, analyzing, providing detailed evidence (network log files), and ensure that incidents are recorded and tracked in accordance with its guideline and requirements.
• Participated in the creation of enterprise security documents (policies, procedures, standards, guidelines, and playbooks) under the direction of the Chief Information Security Officer.
• Experienced in Identity and Access Management (IAM) tools such as AWS IAM, Azure Active directory services, okta, ServiceNow
• Configuring, administer and deploying of Palo Alto Next Generation Firewalls, SIEM tools, Endpoint Detection and Recovery(EDR) tools for quick response to incidents and ensures defense indepth.
• Implemented Palo Alto Firewall security policies and access controls like IP filtering, URL filtering, domain filtering. User-ID, Content-ID. App-ID for both ingress and egress traffic.
• Conducted vulnerability and risk assessments on cloud resources using Qualys cloud tool and integrate results to SIEM tools for analysis.
• Experienced in using SQL, Powershell and Python scripting for automation of task.
• Experienced in managing and hardening several company servers such as database, syslog, web, radius, and TACACS for remote authentications.
• Performed penetration testing on AWS and Azure cloud environment to check secure configuration, cryptography, validate security controls and assess vulnerabilities.
• Perform pen testing and compliance audit using industry standard tools particularly Metasploit, nmap, QualysGuard, IBM Q-radar, Splunk, among other tools use to conduct security assessment.
• Monitored controls post authorization to ensure continuous compliance with the security requirements by evaluating vulnerabilities through Nessus scan results and work with the IT staff for mitigation actions.
• Proficiencies in cloud resource deployment and cloud security monitoring for IaaS, PaaS, SaaS in AWS and Azure Cloud environment.
• Implemented deep drive analyses on alerts received from Splunk and took actions on remediation process.

Confidential, Virginia Beach, VA

Information Security Analyst

Responsibilities:

• Conducted risk assessments and collaborated with Management and technical team to provide recommendations regarding any changes that were being implemented on assigned systems.
• Performed and analyzed vulnerability scan reports and worked with stakeholders to establish plans for sustainable resolutions.
• Completed tasks such as researching and identifying security vulnerabilities on the networks and systems.
• Proficiency in using cyber kill chain and Mitre attack framework to determine techniques, tactics and procedures use by attackers and quickly response to attacks
• Performed threat and vulnerability analysis and providing warnings of anticipated exploitation.
• Executed security monitoring and reporting, analyzing security alerts, and escalate security alerts to local support teams.
• Monitored and tracked security vulnerabilities to ensure affected systems are patched.
• Monitored servers, network gears, and applications in the operation center environment.
• Experienced in analyzing phishing emails when detected, analyze malicious links and attachments, analyze user impact via Splunk, remove phishing emails from exchange servers and block unwanted URL/IP Address.
• Managed development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.
• Perform Vulnerabilities Testing and Risk Assessment to prioritize risks and suggest actions.
• Used Wireshark as sniffer tool for troubleshooting and inspecting packet.
• Evaluated a range of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to ascertain the correct remediation actions and escalation paths for each incident.
• Developed, implemented, and enforced network security procedures consistent with security policies.
• Worked on different networking concepts and routing protocols like OSPF, RIP, BGP, DHCP, DNS, and other LAN/WAN technologies.
• Analyzed expanding network, ran fiber, and implemented wireless communication networks such as 802.11a, 802.11b, 802.11g, 802.11n and 802.11ac.
• Perform pen testing and compliance audit using industry standard tools particularly Metasploit, nmap, QualysGuard, IBM Q-radar, Splunk, among other tools use to conduct Security assessment.
• Resolved all IP network issues to reduce error and downtime using ICMP tools such as Ping, IP Config, Nbtstat, Netstat, Tracert, etc
• Performed Ethical Hacking on company network for vulnerabilities, auditing, verifying security controls, exploitation, and generating reports.
• Performed security testing and analysis to identify vulnerabilities and violations of information security.
• Monitored and deployed Intrusion Detection Systems (IDS)/IPS, fine tune alerts for efficiency and reduce alerts fatigue.
• Performed business intelligence data analytics, manipulation and creating dashboards for management decision making using tools such SQL, Power BI and Tableuo
• Worked as a key member on exclusive teams within a SOC that was committed to resolving complex threats, and security issues, where I specialized in network-based solutions for preventing attacks.
• Used Splunk to create dashboards, integrate use cases, generate reports, net flows and automation of real time alerts, log aggregation, correlation and enforce security policies.

Confidential, Los Angeles, CA

Security Operations Analyst

Responsibilities:

• Supported day to day data security operations.
• Monitoring security patch levels of the servers, workstations and network environments, and anti-virus systems.
• Performed proactive network monitoring and threat analysis.
• Recommended and addressed the acceptability of the software products for continuous monitoring project.
• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.
• Assisted in planning, development and security of a system that aims to establish a security infrastructure.
• Developed and maintained security Implementation policies, procedures and data standards.
• Executed security data management plans for the design and implementation of data collection, scheduling and review clarification and reporting systems.
• Experience investigating, capturing, and analyzing events related to cyber incidents
• Documented and logged technical incident detail for future reference.
• Experience researching emerging cyber threats to understand and present hacker methods and tactics, system vulnerabilities, and indicators of compromise
• Analyzed log data from SIEM tools such as Splunk, and WireShark to identify threats and vulnerabilities on the network to prevent cyber security incidents.
• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.