Abdullah Amir

Fairfax, VA *****

Phone: 703-***-**** • Email: ac4627@r.postjobfree.com

Cyber Threat Intelligence CSIRT Analyst

Providing hands-on cyber threat and vulnerability expertise to counter threat posed by foreign cyber actors against US information systems, critical infrastructure and cyber-related interests

Penetration Testing Network Security SME Forensic Investigation Incident Response Analysis & Remediation

» TS/SCI Clearance in Progress

Education

Master of Science, Cyber and Information Security, Capital Technology University – Expected 12/2019

Bachelor of Science, Cyber Security, University of Maryland University College – 12/2016

Professional Certifications

Certified Ethical Hacker (CEH) Cisco Certified Network Administrator (CCNA)

CompTIA Security + CompTIA A+

Professional Experience

Cyber Threat Intelligence Analyst, Hilton Worldwide, Mclean, VA 07/2017 – Present (Temp Project)

Review and analyze open-source and subscription based cyber threat intelligence to protect Hilton Worldwide’s assets and reputation. Serve as a key contributor to reports, charts, presentations, and briefings to update company leadership on the changing cyber threat landscape and impact to Hilton's security posture. Perform thorough research and analysis leveraged to update security event monitoring and sharpen defenses across the global information security program.

Additional Duties

Cyber Threat Hunting using OSINT information and IOCs to run in the environment

Utilizing Threat Intel LookingGlass tool for Domain, Phishing and Malware Alerts

Threat Hunting internally utilizing security tools such as CrowdStrike, Splunk and phishing emails

Computer Security Incident Response Analyst (CSIRT), Kearney & Company, Alexandria, VA, 11/2015 – 07/2017

Developed and performed comprehensive security operations for the customer’s Computer Security Incident Response Team (CSIRT). Performed daily monitoring and incident response reporting for issues relative to malware threats and intrusion detection. Extensively utilized Open Source Intelligence (OSINT) to conduct research on malicious domains, IP addresses, file extensions, and the creation pf IOCs on those findings within the internal environment. Actively researched inbound and outbound network traffic using Fortinet. Proven SME for PhishMe tool; conducted research on phish alerts, spam alerts, and create blocks for malicious actors in Palo Alto firewall. Executed OSINT research, investigative reports, and log analysis based on all alerts triggered in security tools. Analyzed PCAP files in Wireshark. Spearheaded incident response such as host triage and retrieval, malware analysis, remote system analysis, end-user support, and remediation.

Additional Duties

Provided steps required for both the investigation and resolution of security incidents.

Created SOPs on tools utilized for the CIRT team.

Monitored and detected possible Malware on network and systems.

Researched FS-ISAC intel alerts, emerging malware threats, malicious IP addresses, and URLs.

Engaged a variety of security tools, to include FireEye HX, NX, FireEye SaaS, Security Center Nessus, Trend Micro, and Barracuda Spam firewall.

Responsible for generating security operational summaries and reports for the team meetings

Created Indicator of Compromise (IOC) in FireEye HX on events investigated.

Conducted research on APT groups through security news, documenting any open source intel.

Led cyber hunting and reporting utilizing OSINT.

Incident Analysis and response in event of alerts

Responsible of utilizing Encase running file share scans and adding Yara rules as IOCs

Performed dynamic and static analysis of malware

Monitored, analyzed, and reported on phish and spam emails targeting customer employees.

Senior Cyber Security Consultant, 02/2015 – 09/2016

Delivered best-in-class cyber security consulting expertise for multiple clients, with select projects detailed below:

Security Operations Consultant, Department of Homeland Security (DHS)

Performed network security monitoring and incident response for DHS ESOC organizations; coordinated with other government agencies to record and report incidents. Maintained detailed records of security monitoring and incident response activities utilizing case management and ticketing technologies. Executed monitoring and investigation using FireEye HX and FireEye NX. Monitored and analyzed Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) to identify security issues for remediation. Created, modified, and updated IDS and SIEM tool rules. Identified potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information. Lead investigations and followed through to resolution.

Additional Duties

Evaluated/deconstructed malware (e.g. obfuscated code) through open-source and vendor provided tools.

Communicated alerts to agencies regarding intrusions and compromises to their network infrastructure, applications and operating systems; assisted with implementation of counter-measures or mitigating controls.

Utilized Encase Investigator 8 for file scan and log analysis, memory acquisition, and malware and threat hunting.

Prepared briefings and reports of analysis methodology and results.

Conduct cybersecurity system forensic investigations and analysis utilizing FTK imager

Created and maintained Standard Operating Procedures and other similar documentation.

Conducted and consolidated comprehensive analysis of threat data obtained from classified, proprietary, and open source resources to provide indication and warnings of impending attacks against unclassified/classified networks.

Generated end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty.

Gathered threat intelligence and conducted reports based on vulnerability findings and malicious actors.

Senior Cyber Security Consultant, Department of Energy (DOE)

Proactively monitored Department of Energy (DOE) networks for alerts triggered in Solar Winds Security Incident & Event Management (SIEM) system followed by reporting to initiate triage and containment of threats based on incident response actions. Conducted web content filtering (WCF) administration of known malicious IP addresses and domains with the use of Websense reducing end-user data loss prevention (DLP) risks. Utilized McAfee ePO to generate reports for top malicious network threat notifications. Conducted open-source research of emerging threats for enhanced incident response capabilities.

Senior Operations Center Consultant, Foreground Security

Monitored network and web application traffic for suspected malicious activity with the use of SIEM technologies combined with proactive log analysis. Utilized Wireshark to conduct packet capture analysis (PCAP) of confirmed malicious network traffic activity for identification of additional trends and indications exhibiting signs of successful compromise. Authored Standard Operating Procedures for the management of alerts data correlation within the SIEM. Monitored indicators of Malware on healthcare network systems.

Information Security Analyst, National Railroad Passenger Corp. (AMTRAK), Washington D.C., 12/2013 – 02/2015

Performed daily monitoring and incident response reporting for issues relative to malware threats, intrusion detection, and cyber forensic investigation. Created and tracked work orders using IBM Maximo for the submission of change requests; monitored network health checks and security incidents identified in LogRhythm SIEM tool. Utilized Kismet to conduct the identification of rogue wireless access points and open wireless connections that could be potentially exploited during routine site visits. Performed cyber forensic investigations with the use of SpectorSoft, Encase, and Autopsy. Collaborated with Principal IT Security Analyst in the development of cyber security maturity model based on the frameworks of NIST, FISMA, and PCI-DSS Compliance.

Information Security Analyst, National Railroad Passenger Corp. (AMTRAK) Continued:

Additional Duties

Conducted vulnerability assessments of workstations and servers with the use of Nessus followed by the analysis and creation of comprehensive reports outlining the remaining mitigation strategies required.

Lead internal penetration testing on Amtrak networks; thoroughly documented vulnerabilities.

Executed penetration testing techniques for reports on open ports and system vulnerabilities.

Earlier Experience

Senior Desktop Support, L-3/ STRATIS, Arlington, VA, 11/2012 – 02/2013

Helpdesk Analyst, ManTech International, Washington D.C., 04/2011 – 09/2012

System Administrator, Legal Placements, Inc., Washington D.C., 03/2010 – 07/2012

Security Administrator, U.S. China Business Council, Washington D.C., 02/2009 – 09/2010

Technical Competencies

O/S and Networks: Windows Server 2003, 2008, & 2010, Vista, Windows 7, Linux Ubuntu, and Kali/Remux O/S; Network protocol knowledge includes: TCP/IP, DNS, SMTP, SHH, VPN, HTTP and HTTPS

Tools and Software: Wireshark, Metasploit, Kali Linux, Splunk, FTK Imager, SolarWinds SIEM, LogRhythm, McAfee Nitro ESM, ArcSight, Imperva, Symantec End-Point, SpectorSoft 360, Netwitness Investigator, HP WebInspect, Protection Threat Analysis (PTA), AT&T Business Direct IDS, Arbor Peakflow, Burp Suite, McAfee ePolicy Orchestrator (ePO), Tenable Security Center, ArchSight Logger, RSA Analytics, FireEye NX, FireEyeHX, Palo Alto, and Blue Coat Proxy, Trend Micro Endpoint, Security Onion ELSA Security Incident & Event Management (SIEM) system, and Security Onion SQUERT log management system.

Professional Affiliations

Member, University of Maryland University College’s Cyber Padawans Competition Team, comprised of students, alumni, faculty, and team members who dominate in cyber security games around the world.

Contact this candidate