SUMMARY

• A Diligent Cyber Security Specialist with over 7years of experience and proficiency in security research planning execution and maintenance.
• Adept at and educating internal users on relevant cybersecurity procedures and preventative measures. Specialize in computer Network Defense incident triage and rely on knowledge of the tactics, techniques, and procedures of various
• Threat Actors to prevent cyber - attacks, especially in business and corporate settings by providing immediate investigation and resolution.
• Also, excellent reputation with conducting Hands-on analysis using variety of tools and methodologies to help identify, respond, mitigate, and protect against threats. Able to resolve security incidents quickly and efficiently at scale to reduce the impact of security events and incidents, including investigation, containment, and eradication.
• Provides incident response and ownership based on escalation and handoff procedures from junior or mid-career team members.
• Excellent knowledge of industry-standard frameworks (e.g., MITRE ATTACK and its evaluation Process).
• Use the Security Incident Event Management (SIEM) platform to perform incident response identification.
• Teams I am/have closely worked with NOC, DLP Engineers, Splunk Engineers, Threat Intel Team, Hunt Team, Forensic Investigators, Scan Team, Red Team, Database Analyst.
• Experience with the following: Unix Shell scripts, Perl, Python, PowerShell, and Java scripts
• I have unique skills in Windows, Linux, and OSX environment
• Function as a focal technical lead on incident events providing technical, hands-on investigation and support.
• Lead the investigative process for network intrusions and other cybersecurity incidents to resolve the cause and extent of the attacks.
• Handle the chain of custody for all evidence collected during incidents, security, and forensic investigations.
• Summarize events and incidents effectively to different constituencies such as legal counsel, executive management, and technical staff, both in written and verbal forms
• Perform sophisticated malware detection and threat analysis.
• Prioritize and differentiate between potential incidents and false alarms.
• Ongoing review of SIEM dashboards, system, application logs, Intrusion Detection Systems (IDS), and custom monitoring tools
• Perform QA, lead, and train Tier 1 and Tier 2 incident responders in the steps to take to investigate and resolve computer security incidents while encouraging teamwork and growth.
• Provides technical input into and analysis of strategic and tactical planning to ensure accurate and timely service deployments.

TECHNICAL SKILLS

Strong knowledge of Security Applications or Tools: Splunk Essential Security, QRader SIEM, Nessus, Imperva WAF, Pala Alto, Wireshark, McAfee Intrusion Prevention System, Symantec, Nessus, RSA Netwitness, FireEye, Thread GridSourcefire (Snort), McAfee Endpoint, Symantec DLP, and various Open-Source Intelligence Tools (OSINT).

Security Tools: Log Management, Anti-Virus Tools, FireEye, IronPort, Sourcefire, McAfee Web Gateway, Splunk, Qradar, Qualys, McAfee DLP, Wireshark; (Norton, Symantec). ASA/ESA/Firepower from Cisco.

OSINT / Online tools: VirusTotal, Zscaller, Active Trust, Looking Glass, IPVOID, MXTOOLBOX,URLVOID.COM, URLscan.

Networking: TCP/IP, LANs, VPNs, routers, and firewalls.

PROFESSIONAL EXPERIENCE

Confidential

Senior SOC Analyst

Responsibilities:

• Monitored servers, network gears, and applications in operation center environment.
• Use Wireshark for troubleshooting and inspecting, packet analyzing.
• Actively participate in large scope high impact cyber breaches and manage Incident Response workflow and activities to support response and remediation.
• Provides incident response and ownership based on escalation and handoff procedures from junior or mid-career team members.
• Conduct deep-dive investigations on computer-based crimes establishing digital media and logs associated with cyber intrusion events.
• Analyze digital evidence and investigate computer security incidents to derive useful information in support of system/network vulnerability mitigation.
• Coordinate and collaborate with peer technical teams in a multi-vendor environment for the investigation, remediation, and implementation of preventative measures for cybersecurity events and incidents.
• Utilize advanced threat hunting techniques, tools, and procedures to identify risks to the environment.
• Log security incidents in the IT ticketing system.
• Manage security incidents throughout their lifecycle to closure.
• Support ad-hoc data and investigation requests.
• Research emerging threats and vulnerabilities to aid in the identification of incidents.
• Identified security issues and risks associated with security events and managed incident response process.
• Use the Security Incident Event Management (SIEM) platform to perform incident response identification.
• Experience in analyzing phish emails when detected, analyzing malicious links and attachments, analyze user impact via Splunk, removing/deleting phish emails from exchange servers, and blocking unwanted senders.
• Pushed monthly Windows security patch across company-wide network for machines to stay compliant.
• Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.
• Performed incident response management role during major outages and cyber-attacks.
• Documented and tracked the timeline of events that occurred in the process to resolution for each of the incidents managed in support of postmortem/root cause analysis.

Confidential

SOC Analyst TIER 3

Responsibilities:

• Provide technical leadership during incident command activities by directing technical and non-technical teams to perform activities associated with containment and restoration of system(s) during a security breach.
• Experience with identifying and responding to advanced threats and threat actor TTPs (using tools such as ThreatConnect, HSIN, CISA, FS-ISAC, etc).
• Successfully lead and participated in Incident Response team in all proactive and incident handling measures for SOC customers including: Threat Detection, Response, and Remediation.
• Monitored phish emails, investigating malware threats, blocking unwanted senders, and analyzing impact level of malware links via Splunk and Iron port.
• Use data collected from a variety of cyber defense tools to analyze events that occur within the environment, ultimately to mitigate, contain, and respond to threats.
• Investigate, analyze, and respond to cyber incidents within the environment.
• Analyze data from one or more sources to conduct preparation of the environment, respond to requests for information, and submit intelligence collection and production requirements in support of planning and operations.
• Conduct deep-dive investigations on computer-based crimes establishing digital media and logs associated with cyber intrusion events.
• Analyze digital evidence and investigate computer security incidents to derive useful information in support of system/network vulnerability mitigation.
• Coordinate and collaborate with peer technical teams in a multi-vendor environment for the investigation, remediation, and implementation of preventative measures for cybersecurity events and incidents.
• Utilize advanced threat hunting techniques, tools, and procedures to identify risks to the environment.
• Log security incidents in the IT ticketing system.
• Manage security incidents throughout their lifecycle to closure.
• Support ad-hoc data and investigation requests.
• Research emerging threats and vulnerabilities to aid in the identification of incidents.

Confidential

Information Security Analyst

Responsibilities:

• Successfully lead and participated in the Incident Response team in all proactive and incident handling measures for SOC customers including Threat Detection, Response, and Remediation
• Participated in incident commander role, effectively communicated issues, and provided recommendations to come up with resolution.
• Developed timeline during incident occurrence, provided companywide updates, following disaster recovery procedures during major outage.
• Monitored phish emails, investigating malware threats, blocking unwanted senders, and analyzing impact level of malware links via Splunk and Iron port.
• Developed process and procedure for SOC team to follow for disaster recovery procedures, provided monthly testing and to assure accurate response for real life scenario.
• Conduct security control and risk assessment on the organization and information systems based on security policy and security best practices and guidelines.
• Extract and analyze daily reports through NORSE SIEM tool and Netcool monitoring system for potential threats within enterprise system.
• Utilized Carbon Black monitoring daily user activities, restrict access to services after vulnerability and impact level is analyzed.
• Continually monitored, assessed, tested, and implemented new security technologies to help improve network security.
• Provide customers with incident response support, including mitigating actions to contain activity.
• Work with security information and event management (SIEM) to correlate events and identify indicators of threat activity.
• Work with Security Information and Event Management (SIEM) to correlate events and identify indicators of threat activity.
• Conduct log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources.