OBJECTIVE:

• Technical-oriented IT support with over 10 years of specialized experience in the
• ITindustry. Experience includes Network security using ArcSight, Wireshark, Sidewinder, SourceFire and BlueCoat. I possess excellent problem solving, analyze, interpersonal, and follow-through skills. Also, I am detail oriented, multi-tasking with strong organizational abilities and able to work with all level of staff and clients.

EXPERIENCE:

Confidential

Intrusion Detection and Threat Analyst

• Assess information network threats such as computer viruses, exploits, and malicious attacks
• Determines true threats, false positives and network system mis-configurations AND provide solutions to issues detected in a timely manner.
• Monitor for potential compromise, intrusion, deficiency, significant event or threat to the security posture and security baseline
• Analyze Packet captures using wireshark and Netscout.
• Monitor Arc Sight and Sourcefire to annotate event.
• Review and research IC reports and update database for malicious indicators.
• Familiar with Tactics, Techniques and Procedures TTP .

Confidential

Intrusion Detection/SOC Analyst

• Analyze IDS alerts.
• Determine the purpose and/or outcome of security events as they are being
• observed in the logs.
• Monitoring Arc Sight, Sourcefire, splunk, McAfee Epo etc.
• Analyze Packet Captures
• Identify malware and suspicious activity patterns in firewall logs when an IPS has
• not detected the activity.
• Review IPS event activities.

Confidential

Cyber Seurity Network and Threat Analyst

• Analyze network traffic PCAP and Tcpdump with wireshark.
• Gathering and reporting within a federal enterprise environment.
• Analyze indicators by tactics, techniques and procedures TTP
• Provide intelligence and threat analysis and production support.
• Analyzing,collecting and leveraging indicators cyber threat intelligence activity using Intelligence Community.
• Review and research IC reports daily.
• Anlayze and update mailcious indicators, warnings.
• Detect suspicious traffic from sourcefire and evaluate malicious string.
• Conducting research on emerging security threats and vulnerability scanning.
• Monitor intrusion detection and prevention systems and other security event data sources.
• Correlate data from intrusion detection, prevention systems and SIEM tool ArcSight .
• Narrow down anomaly traffic with wireshark for hostile string or Domain.
• Performing IDS signatures and analyze traffic.
• Report cyber threat or incident from government agency.
• Generate or update security events within the process framework of the client
• Using available workflow management document management and collaborative
• Assist in the development of Standard Operating Procedures.
• Pull up the suspicious traffic from Einstein based on unix/Linux command.
• Performing technical security tasks in support of ongoing security operations.
• Perform in depth network security analysis and conducting incident response, event analysis for client.
• Working in part of SOC CERT.

Confidential

Intrusion Detection Analyst

• Conduct Networking Monitoring and Intrusion Detection Analysis
• Using various CND tools, such as IDS/IPS, Firewalls, Host Based security systems
• Correlate network activity across unclassified and classified networks to
• Identification of network incidents.
• Work as part of CIRT Team.
• Research emerging threats and vulnerabilities to aid in the identification of
• Network incidents.
• Provide network subscribers with incident response support, including mitigating actions to contain the activity and forensics analysis when necessary.
• Collaborate with counterpart CND organizations on possible threats and to exchange analysis or other information on suspicious activity.
• Perform vulnerability scans using the DoD recognized tool to validate Information Assurance Vulnerability Alert compliance at network subscriber sites.

Confidential

Security Analyst

• IDS event monitoring and analysis, security incident reporting and threat analysis.
• Maintain incident logs.
• Investigate, analyze, remedy, and report on security events.
• Support information services firewall rule sets.
• Monitoring Sidewinder, Stonegate and Blue Coat Firewall logs and report incident to senior management.
• Monitoring F5 LTM hourly basis.
• Maintain routers and switches.
• Maintain filtering packets, access control lists and backup firewall configuration daily.
• Excellent knowledge of WAN connectivity, protocols and TCP/IP.
• Planning and implementation network performance upgrade.
• Install and maintain security patches for firewall and servers up to date.
• Manage user's workstation and laptops include VPN client software and personal firewall.
• Support public DMZ servers such as outlook web mail, IIS servers and Linux servers.
• Support user's issue calls and troubleshooting the issue on Remedy system.
• Monitoring logging activity, suspicious log activity and cluster load balance on hourly basis.
• Support Network support and troubleshooting of firewall. DNS and connectivity outages affecting production network.

Confidential

Security Project Administrator

• Monitor and maintain Secure Computing SIDEWINDER Firewalls.
• Conduct site survey and design network architecture for customer site
• Testing Network connectivity and performance.
• Network assessment and vulnerability test using ISS Scanner.
• Support user's problem calls and install applications.
• Install and configure Gateway / Windows NT server.
• Perform network and server administration services on user, switch, file, disk and print server
• Perform backup and restore enterprise level data center
• Install new software releases and upgrade.
• Implement system upgrade from Windows 2000 to Windows 2003.