| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Phone #: PHONE NUMBER AVAILABLE, Email: EMAIL AVAILABLEQualification SummaryClearance Level: PUBLIC TRUSTWork Authorization: CITIZENA cybersecurity professional with over 6 years of experience, unwavering devotedness, and proficiency in implementing and maintaining security research plans. Proficient in training and educating internal users on cybersecurity procedures and related preventative measures. Specializes in triaging computer network protection incidents and relies on knowledge of the tactics, techniques and procedures of various threat actors to prevent cyber attacks, especially in environments commerce and business, by providing immediate investigation and resolution. Furthermore, my skills include threat hunting, penetration testing, SIEM management, and complex forensic analysis. Additionally, has an excellent reputation for conducting hands-on analysis using a variety of tools and methods to help identify, respond to, mitigate and protect against threats. Ability to resolve security incidents quickly and effectively at scale to reduce the impact of security events and incidents, including investigation, containment, and elimination.Professional SummaryProvides incident response and ownership based on escalation and handoff procedures from junior or mid-career team members.Excellent knowledge of industry-standard frameworks (e.g., MITRE ATTACK and its evaluation Process).Use the Security Incident Event Management (SIEM) platform to perform incident response identification.Teams I am/have closely worked with NOC, DLP Engineers, Splunk Engineers, Threat Intel Team, Hunt Team, Forensic Investigators, Scan Team, Red Team, Database Analyst.Experience with the following: Unix Shell scripts, Perl, Python, PowerShell, and Java scripts.I have unique skills in Windows, Linux, and OSX environment.Function as a focal technical lead on incident events providing technical, hands-on investigation and support.Lead the investigative process for network intrusions and other cybersecurity incidents to resolve the cause and extent of the attacks.Handle the chain of custody for all evidence collected during incidents, security, and forensic investigations.Summarize events and incidents effectively to different constituencies such as legal counsel, executive management, and technical staff, both in written and verbal forms.Perform sophisticated malware detection and threat analysis.Prioritize and differentiate between potential incidents and false alarms.Ongoing review of SIEM dashboards, system, application logs, Intrusion Detection Systems (IDS), and custom monitoring tools.Perform QA, lead, and train Tier 1&2 incident responders in the steps to take to investigate and resolve computer security incidents while encouraging teamwork and growth.Provides technical input into and analysis of strategic and tactical planning to ensure accurate and timely service deployments.TECHNICAL SKILLStrong knowledge of Security Applications or Tools: Splunk Essential Security, Sysmon Guid, Splunk PCI, Locate Data, QRader, Log Rhythm, Elasticsearch, Nessus, Imperva WAF, Pala Alto, Wireshark, McAfee Intrusion Prevention System, Symantec, Nessus, FireEye, DDAN, Thread Grid.Knowledge of general attack stages (e.g. foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.) - Skill in recognizing and categorizing types of vulnerabilities and associated attacks.Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site forging and scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code).Operating systems: Windows, Linux, Mac, and Unix-based systems.Ticketing Systems: ServiceNow (SNOW), Remedy. Bmc HelixProgramming languages: Python, C#.NET, Java, Node.js, and otherNetworking: TCP/IP, LANs, VPNs, Routers, and Firewalls, Palo Alto, IDS/IPS Tools, etc.Security Tools: Log Management, Anti-Virus Tools, FireEye, IronPort, Sourcefire, McAfee Web Gateway, Splunk, Qradar, Qualys, McAfee DLP, Wireshark; (Norton, Symantec). ASA/ESA/Firepower from Cisco, MSFT Defender, Tanium, SESC,OSINT / Online tools: VirusTotal, Talos, IBM X-FORCE, UrlScan, Cyber Gordon, IPVOID, URLVOID, Cyber Chef, AnyRun, MXTOOLBOX, URLVOID.COM. Geolocation, etc.Knowledge of Computer Network Defense Policies, Procedures, and Regulations as well as TTP.EducationBachelor of Science in Administration University of Ghana ( Legon)ITME Solutions LLC- VirginiaCertificationsNetwork +CASP+Work HistoryFOXHOLE TECHNOLOGY INC. MAY, 2023 - PresentSOC Analyst (Tier 3 Incident Handler & Response)Experience in analyzing phish emails when detected, analyzing malicious links and attachments, analyze user impact via Splunk, removing/deleting phish emails from exchange servers, and blocking unwanted senders.Pushed monthly Windows security patch across company-wide network for machines to stay compliant.Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.Performed incident response management role during major outages and cyber-attacks.Documented and tracked the timeline of events that occurred in the process to resolution for each of the incidents managed in support of postmortem/root cause analysis.Monitored servers, network gears, and applications in operation center environment.Use Wireshark for troubleshooting and inspecting, packet analyzing.Actively participate in large scope high impact cyber breaches and manage Incident Response workflow and activities to support response and remediation.Provides incident response and ownership based on escalation and handoff procedures from junior or mid-career team members.Conduct in-depth computer crime investigations by establishing digital media and logs related to network intrusion events.Analyze digital evidence and investigate computer security incidents to derive useful information in support of system/network vulnerability mitigation.Coordinate and collaborate with peer technical teams in a multi-vendor environment for the investigation, remediation, and implementation of preventative measures for cybersecurity events and incidents.Utilize advanced threat hunting techniques, tools, and procedures to identify risks to the environment.Log security incidents in the IT ticketing system.Manage security incidents throughout their lifecycle to closure.Support ad-hoc data and investigation requests.Research emerging threats and vulnerabilities to aid in the identification of incidents.Identified security issues and risks associated with security events and managed incident response process.Use the Security Incident Event Management (SIEM) platform to perform incident response identification.BOZZUTO ASSOCIATES NOV. 2014 MAY, 2023SOC Analyst ( Tier 3 Incident handler and Response)Coordinate and collaborate with peer technical teams in multi-vendor environments to investigate, remediate, and implement preventative measures for cybersecurity events and incidents.Updated information on current cyber threats, attack methods and detection techniques.Provide technical leadership during incident command activities by directing technical and non-technical teams to perform activities associated with containment and restoration of system(s) during a security breach.Experience with identifying and responding to advanced threats and threat actor TTPs (using tools such as ThreatConnect, HSIN, CISA, FS-ISAC, FBI Cyber, Mandiant, DFIR etc.)Provide intermediate event analysis, incident detection, and escalate as needed to Level 3 Analyst with documented procedures.Remain current on cyber security trends and intelligence (open source and commercial) in order to guide the security analysis & identification capabilities of the SOC team.Work with threat intelligence and threat intelligence teamsStay informed about threat intelligence sources.Responsible for identifying training needs for the junior analystsProvide incident response support to customers, including mitigation measures to contain activity.Correlate network, cloud, and endpoint activity across environments to identify attacks and unauthorized use.Coordinate with Forensics Team for analysis of malware samples, obtain IOCs and implement necessary preventive measures.Work with Security Information and Event Management (SIEM) to correlate events and identify threat activity indicators.Perform network monitoring and intrusion detection analysis using a variety of computer network protection tools, such as intrusion detection/prevention systems, firewalls, and web-based security systems host.Present to different audiences and adjust accordingly. (Business, technical and management) either structured presentations or ad-hoc.Establish and maintain business relationships with individual contributors as well as management.Conduct network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection/prevention systems, firewalls, and host-based security systems.Work with security information and event management (SIEM) to correlate events and identify indicators of threat activity.Ghana Education Office Sept. 2009 APRIL, 2014Information Security AnalystEffectively lead and taken an interest within the Occurrence Reaction group in all proactive and occurrence dealing with measures for SOC clients counting Risk Discovery, Reaction, and RemediationTaken an interest in occurrence commander part, successfully communicated issues, and given proposals to come up with determination.Created timeline amid occurrence event, given companywide overhauls, taking after catastrophe recuperation methods amid major blackout.Checked phish emails, examining malware dangers, blocking undesirable senders, and analyzing affect level of malware joins by means of Splunk and Press harbour.Created prepare and strategy for SOC group to take after for fiasco recuperation methods, given monthly testing and preparing to guarantee exact reaction for genuine life situation.Conduct security control and chance appraisal on the organization and data frameworks based on security arrangement and security best hones and rules.Extricate and analyze day by day reports through NORSE SIEM instrument and Netcool checking framework for potential dangers inside venture framework.Utilized Carbon Dark checking day by day client exercises, limit get to to administrations after helplessness and affect level is analyzed.Persistently monitored, assessed, tried, and executed modern security innovations to assist move forward organize security.Provide customers with incident response support, including mitigating actions to contain activity.Conduct log-based and endpoint-based danger discovery to identify and ensure against dangers coming from different sources. |
