| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateDDCandidate's Name
EMAIL AVAILABLE PHONE NUMBER AVAILABLE Randallstown, MD Street Address
SOC Analyst with over 5 years' experience working to support threat monitoring, detection, event analysis, and incident reporting. I perform Security Incident Management aligned with NIST standards, while achieving deep level investigation and log analysis. A SOC Cyber Defense Analyst with experience in incidence response, endpoint, threat intelligence, forensics, as well as the functioning of specic applications or underlying IT infrastructure. I analyzed phishing emails including email headers, malware, source code, acts as a rst responder to network and system attacks and compromises to determine threat vectors and provide initial remediation. I also have experience in utilizing dierent SIEM tools to monitor and analyze incidents. I work well with stakeholders to resolve incidents and escalates incidents when necessary following policies and procedures. Certications CompTIA Security + Splunk Applications Microsoft Oce Suites Programs (Word, Excel, PowerPoint, Outlook) Microsoft Azure Splunk Archer ArcSight SIEM RSA NetWitness FireEye Sourcere (Snort) Wireshark Bro IDS Fidelis XPS QRadar Alienvault ForeScout NAC TippingPoint Carbon Black Rapid Nmap Nessus Firewall Logs Qualys AWS SNOW Remedy FireEye EX, HX, NX Splunk Trend Micro Technical Skills Vulnerability Assessment Service Level Agreements Ansible, Perl, Shell, REXX Scripting Data Leakage Prevention Cyber Threat Incident Management zOS Tape Backup/Library IT Security Network Security Log Analysis Incident Response Plans Standard Operating Procedures Cyber Kill Chain Mitre ATT & CK Framework Linux and Windows OSOperating Systems Knowledge (Mainframe Skills) -Z/OS, z/VM, TSO/ISPF, ISMF, JCL, SMP/E, Catalogs, CA1, DFSMS, DFHSM, DFDSS, REXX, UtilitiesSupport zOS Team to congures IBMZ machines in acomplex environment of multiple Parallel Sysplex's, maximizing the performance of z/OS systems, EMCDASD, and applications while minimizing risk andexpense.Network Administration: Routing, Switches, Cisco,Software Dened Networks, LAN/WAN, SecuritySolutions.Server/System Administration: Virtualization, Active Directory, Windows, Linux, Hyper convergedInfrastructure, Citrix, Enterprise System Monitoring Mainframe: z/OS, JES2, VTAM, TCPIP, SMPE, HCD, ISPF, REXX, SDSF, DSS, SMS, ISMF, z/VMDatabase: Oracle, DB2 z/OS and LUW, AWSDB Services Middleware: BPM, USS, Data power, IIB, IMQ, MSIIS, WAS, Redis Cache, Storage: Dell EMC Power MAX,VMAX, SRDF, Disaster Recovery, Open System BackupTechnologiesCOLLABERASOC Analyst11/2019 - CurrentMonitor security infrastructure and security alarm devices for indicators of compromise utilizing cybersecurity tools such as rewalls and IDS/IPS systems under 24/7 operationsAnalyzed security event data using Splunk SIEM tool Provide 24/7/365 monitoring and analysis of Security event alerts across the enterprise networkMonitor company systems and daily log events to identify potential security threatsSources include, but not limited to, sensor alert logs, rewall logs, content ltering logs, and Security Event ManagerReview all incoming alerts, and potential security threats, and properly investigate and ticket all identied potential security threats within the SummarySkillsExperienceagency incident response-ticketing platformValidate trac and/or network activity (per alerts/logs) as anomalous in accordance with established Standard Operating Procedures Identify, investigate, and escalate potential security threats to senior technicians in accordance with established Standard Operating Procedures Utilize agency Security Event Manager Software to measure and model trac, while identifying patterns and portsMonitor and analyze data feeds of alerts and logs from rewalls, routers, and other network devices or hosts to watch for security violations and determine vulnerabilitiesConduct initial triage of security events and incidents and document progress throughout the Incident Response Lifecycle Identify potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary informationAssess threat and vulnerability information from all sources (both internal and external), promptly applying applicable mitigation techniques and communicate information to leadershipProvide reporting and metrics around security monitoring by designing dashboards for asset owners and managementEnsure system monitoring for security and uptimeRecommend modications to monitoring tools and identies opportunities to streamline processMonitoring our web applications to make sure our environment is secure Supports enterprise vulnerability scanning, penetration testing, and security complianceConduct malware analysis with the FireEye Malware Analysis system Support and monitor the planning, implementation, and growth of the AWS cloud infrastructureTroubleshoot and analyze rewall logs using Splunk ITSI Experience and ability to analyze information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents/false positivesMonitoring and analyzing events with SPLUNK Enterprise Security Information Event Monitoring (SIEM) systemMonitor/create custom search queries and dashboards in Splunk Identify and detect security incidents and compromises in the organization by daily review and analysis of system and network logs, system congurations, and system behaviorDiscover and analyze all classes of malicious attacks on dierent networks/systems, providing analysis from logs and utilizing tools(automated and manual methods) to provide recommendations for remediationProvide Incident Response (IR) support when analysis conrms actionable incidentWork with the team to understand, mitigate, and respond to threats quickly, restoring operations and limiting impactRecommending tuning and ltering of events and information, creating custom views and content using all a Experience and ability to analyze information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents/false positives Monitoring and analyzing events with SPLUNK Enterprise Security Information Event Monitoring (SIEM) systemMonitor/create custom search queries and dashboards in Splunk Discover and analyze all classes of malicious attacks on dierent networks/systems, providing analysis from logs and utilizing tools(automated and manual methods) to provide recommendations for remediationProvide Incident Response (IR) support when analysis conrms actionable incidentStrong working knowledge of network and security architecture principles such as defense-in-depthInvestigate, document, and report on information security issues and emerging trendsAnalyze security events/logs and report on threats and incidents across various platforms and environmentsWork with the team to understand, mitigate, and respond to threats quickly, restoring operations and limiting impactRecommending tuning and ltering of events and information, creating custom views and content using all available tools following an approved methodology and with approval and concurrence from management Provide Incident Response (IR) support when analysis conrms actionable incidentWork with the team to understand, mitigate, and respond to threats quickly, restoring operations and limiting impact available tools following an approved methodology and with approval and concurrence from managementProvide Incident Response (IR) support when analysis conrms actionable incidentWork with the team to understand, mitigate, and respond to threats quickly, restoring operations and limiting impactCapable of cultivating robust relationship and training bank branch personnel to become valuable referral partnerProvide information regarding intrusion events, security incidents, and other threat indications and warning to the client Provided detailed status updates on existing cyber security incidents daily to include follow up with client/customer to ensure satisfactory resolution Assess incident severity and escalate to next level as needed to begin remediationContributed to the investigation and resolution of security incidents, develop incident reports, and aggregate a monthly incident status report. CYBER VERGESOC Analyst02/2017 - 10/2019Monitor security infrastructure and security alarm devices for indicators of compromise utilizing cybersecurity tools such as rewalls and IDS/IPS systems under 24/7 operations. Analyzed security event data using Splunk SEIM tool.Provide 24/7/365 monitoring and analysis of Security event alerts across the enterprise network.Monitor company systems and daily log events to identify potential security threats. Sources include, but not limited to, sensor alert logs, rewall logs, content ltering logs, and Security Event Manager. Review all incoming alerts, and potential security threats, and properly investigate and ticket all identied potential security threats within the agency incident response-ticketing platform.Validate trac and/or network activity (per alerts/logs)as anomalous in accordance with established Standard Operating Procedures. Identify, investigate and escalate potential security threats to senior technicians in accordance with Standard Operating Procedures. Conduct initial triage of security events and incidents, document progress throughout the Incident Response Lifecycle.Conduct malware analysis with FireEye Malware Analysis systems. ZINMADENOC Analyst07/2014 - 11/2016Monitoring, design, installation, conguration, administration, and troubleshooting of LAN/WAN infrastructure using Cisco routers, Riverbed WAN Optimization, and SwitchesWorked with Lotus, Novell Netware, and Red Hat Linux Palo Alto/Panorama, Cisco ASA 5505, Meraki Switches, ISE and Provide Excellent Customer ServiceKnowledge of network troubleshooting, traceroutes, pings, Find host, TCP/IP, and TracertPerform network diagnostics to re-mediate detected/reported network incidentsPerform monitoring and rst-level troubleshooting of the Bank's Local Area Network (LAN) and Global Communications networks Both MPLS and VSAT troubleshootingUse monitoring tools to monitor the health of a network Monitoring tools include Smarts, HP Open View, SolarWinds, and EM7 PRTG, Prime, Splunk, AMS, Nagios, Smoke Ping, Net Cricket Initiate and performing changes on production systems and proactively escalate any issues that cannot be resolved within the established timeframesActing as a point of contact for the Country Oce Information Technology sta, in case of network and communication link problems Send out a Notication and escalate during a major outage to concerned Team using (MIR3)Taking follow-up action to make sure problems are resolved in a prompt, professional manner, and managing the escalation process to resolve problems and be sure of accurate response to all alerts Producing and publishing various reports on a regular basis (per shift, day, week, month), after data and status have been collected, in order to inform clients and the management teams on status and availability Also, create a report for NOC weekly meetingRoot cause analysis to isolate and determine problems or potential issues Provides technical analysis to all customers to isolate issues and develops strategies to restore or activate servicesRegularly participates in the Shift Handover process with previous and incoming shift teams to help sync and transfer any ongoing issues or outagesProvide Local & Wide Area Network and Network Security Support Monitors network performance and implement performance tuning using Splunk when necessaryWorking with vendors and management teams on change request ticket and to resolve problem ticketsMonitor security infrastructure and security alarm devices for indicators of compromise utilizing cybersecurity tools such as rewalls and IDS/IPS systems under 24/7 operationsAnalyzed security event data using Splunk SIEM tool. Education and TrainingMorgan State UniversityBachelors of Science, FinanceUniversity of BaltimoreMasters, Cyber Security |
