Cybersecurity Analyst Soc
Resume:
ADEBOLA KUNRUNMI
adu5p5@r.postjobfree.com 301-***-****
Cybersecurity Analyst
Forward-thinking Cybersecurity Analyst with 4+ years of progressive experience. Adept at applying advanced principles, concepts, and tactics to extend knowledge within the field. Knowledgeable at identifying issues and vulnerabilities associated with the development and implementation of operational programs. Trained in planning, implementing, upgrading, and monitoring security measures for the protection of computer networks and information. Passionate about ensuring appropriate security controls are in place to safeguard digital files and vital electronic infrastructure.
AREAS OF EXPERTISE
Cybersecurity/ IT Cybersecurity Essentials Information Security and Ethics Intrusion Detection Malware Analytics Cloud Shark Computer Forensic Incident Response and Risk Management Intelligence in Cybersecurity Threat Hunting
Vulnerability Assessment / Management File Integrity Monitoring Cybersecurity Analysis
TOOLS
Splunk SQL Firewalls Anti-malware HIDS IDS/IPS Proxy WAF TCP / IP protocols Kibana OSINT Domain Dossier
O365 Defender Operating Systems: Windows Unix/Linux MAC Additional: System Log Information Enterprise Networking Analysis & Trending of Security Log Data Vulnerability Scanning Tools IDS Monitoring & Analysis TheHive Wireshark FortiSIEM
CAREER HIGHLIGHTS
SOC Analyst American Eagle, Maryland, MD January 2019 – Present
Charged with supporting a SOC program in incident response tools and techniques. Successfully monitored and analyzed security events of interest to detect security risks and threats on the customer’s network. Evaluated phishing email by checking the content of the email for anything uncharacteristic of the intended sender.
Key Initiatives:
Act as an escalation point for other Security Operations team members and perform threat hunting by proactively using security log data and other tools to identify undetected threats.
Conducted email header analysis for phishing while checking for headers that were formatted differently than usual company emails.
Efficiently tuned and created rules to identify anomalies within firewall, IDS, and IPS activity to allow the Security Operations Center (SOC) to rapidly recognize and respond to security events.
Developed potential security incidents and escalated them to senior SOC lead analyst for further triage or analysis.
Provided in-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, and incident management.
Charged with working with EDR, Antivirus, SIEM, log management, and vulnerability scanning tools while performing information systems security (ISS) monitoring and event detection.
Developed detailed incident / analysis reports and provided concise summaries for management.
Communicated effectively with stakeholders regarding incident response efforts and continuously recommended and collected various key metrics for reporting to senior management.
Conducted real-time analysis using the SIEM, endpoint and network-based technologies and other security analytics tools with a focus on identifying security events and false positives.
Systemically monitored online open sources and media channels for potential and known threats.
Successfully monitored numerous sources of collected security data including system security event logs, system Internet Protocol (IP) data flows, Intrusion Detection System (IDS) alerts and payload, and system performance monitoring services.
Showcased experience while carrying out investigation on collected indicators of compromise (IOC) based on incident reports with data enrichment from open-source tools (OSINT).
Monitored and compiled incident reports, performed quality assurance activities, and remained up to date on IDS/IPS related technologies.
Successfully document newly discovered vulnerabilities and updates to show accuracy of a turnaround for detection.
Provided diagnosis / possible remediation suggestions and reviewed daily log data gathered from various resources such as sensors, alert logs, firewall logs, and content filtering logs.
Identified possible intrusion attempts or other anomalies and made determinations of the operation impact of a particular threat.
Supported the development and maintenance of documented play-book procedures, knowledge articles, and training material.
Utilized vulnerability databases, threat bulletins and third-party security intelligence sources to conduct research, analysis, and correlation across a wide variety of all source data sets.
Charged with monitoring and analyzing logs and alerts from a variety of cybersecurity technologies across multiple platforms.
Assessed the impact of security alerts and network traffic anomalies on customer systems by gathering all possible IOCs that led to indication of compromise.
Created, tracked, and resolved tickets resulting from investigating and triaging security events.
Analyzed phishing email alerts from Splunk, Fire Eye, and FirePower to ensure phishing emails were quarantined or if attachments were stripped or dropped.
Conducted analysis using a variety of tools and data sets to identify indicators of malicious activity on the network.
Managed / maintained awareness of current cybersecurity events, high profile vulnerabilities and compromises, and emerging technologies.
Conducted research on emerging security threats and their potential impact to clients and monitored / investigated systems network alerts that came in through email and SPLUNK Express.
Successfully monitored and prevented source code leakages, safeguarded intellectual property, and ensured compliance by protecting sensitive data wherever it resided with the use of SIEM tools.
Responded to security threats raised through the correlation and analysis of security events from sources such as firewalls, IDS/IPS devices, packet captures, and security logs to include blocking IP addresses at the perimeter firewalls with near real-time response.
Created an incident ticket using Service Desk and reported the incident to US CERT following Company Standard Operating Procedure.
Utilized ISE to track all devices on the network, block, blacklist, and quarantine rogue and suspicious devices.
CERTIFICATIONS
CompTIA Security+
Splunk Certification of Completion
MITRE ATT&CK Defender Certification by CYBRARY
Contact this candidate