SOC Analyst
Resume:
NGENWIE ATANGA JOYSLINE
Omaha, NE ***** 531-***-**** ad11av@r.postjobfree.com
Summary
Joysline is a SOC Analyst with demonstrated command of Incident management, triaging and investigation of alerts. She has 5 years of IT experience and 5 years working as a SOC analyst. An expert with developed aptitude for critical analysis at the level of Network, Application and endpoint. A Multilingual individual, fluent in English and French, offering solid comprehension of cultural diversity.
Skills
Microsoft O356 Defender
Dark trace
Expel
Anomali/ Threatstream
Monitoring computer viruses
Protecting networks systems
Managing security breaches
Reporting and documentation
Data Loss Prevention
Training & development
Deep dive analysis
Antivirus, MS office, TCP/IP
Incidence/Response
Log Review
Team player
Multitasking
Cisco IronPort
Cisco Sourcefire
Cisco Meraki
Sentinel One
Crowd strike
Rapid7
Splunk Enterprise Security
LogRhythm
Wireshark
FireEye HX, NX & ETP
Malwarebytes
Open Source Site Check tools
Software: MS Office (Word, Excel, Outlook, Access, PowerPoint, Linux OS, Windows OS)
Ticket Systems: Archer, Service Now, Remedy & JIRA, IRT
Experience
SOC Analyst Mar 2021 to Current
Centene Wichita, KS
Responsible for security monitoring of networks, applications, endpoint and other infrastructures to protect them from cyber threats.
Report security incidents using ServiceNow ticketing system for events that signal an incident and require Tier 3 Incident Response review.
Perform triage on alerts by determining their criticality and scope of impact.
Perform threat management, threat modeling, identify threat vectors and develop use cases for security monitoring
Investigate, analyze, and process endpoint alerts using SIEM and OSINT tools.
Review and collect asset data; indicators of compromise, logs, configurations and running processes, on these systems for further investigation and reporting.
Involve in planning and implementing preventative security measures and in building incident response, SOP and disaster recovery plans.
Investigate, analyze, and process phishing email alerts from Proofpoint, MDO and FireEye following standard operating procedures.
Perform proactive hunting for threats that may have escaped the monitoring system.
Analyze and resolve DLP alerts from McAfee DLP Manager and Splunk Enterprise Security (Splunk ES) and escalate cyber privacy incidents to the Privacy Team.
Work incidents from initial assignment to final resolution.
Investigate, interpret, and responds to complex endpoint alert using CrowdStrike and containment for high criticality incident
Author SOPs for tools as needed or directed to facilitate SOC operations.
Fully document assigned tickets to show all work performed to pass SLRs.
Conduct forensics and investigations as needed using security tools such as Splunk, OSINT, etc.
Investigate, interpret, and responds to complex security incidents.
Create tasks, and Standard job-related Change Requests with other team for incident remediation.
Develop and conduct weekly targeting training for the SOC team.
Perform network investigation using Dark Trace, GTI and FireEye NX to determine true positive for reconnaissance activities across the network leveraging intelligence from multiple internal and external sources
Participate in daily security Handover meetings with colleagues and incidence call with managers and CSIO .
Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives.
Investigate AWS incident related using Expel and Prisma cloud
Soc Analyst Aug 2017 to Feb 2021
Global Solutions Technology Dallas, TX
Working in a 24x7 Security Operations Center
Continuous monitoring and interpretation of threats using the IDS and SIEM .
Investigating malicious phishing emails, using Microsoft 0365 defender, Threat Stream to analyzed malicious activities.
Rescanning mitigated systems for further infections using Crowd Strike, Malwarebytes Symantec AV and commissioning systems back to the network
Conducting research on new and evolving threats and vulnerabilities using different OSINT sources
Conducting Advance search, log analysis using Splunk
Identifying suspicious/malicious activities or codes
Monitoring and analyzing security events to determine intrusion and malicious events.
Searching firewall, email, web, or DNS logs to identify and mitigate intrusion attempts.
Investigating VPN alerts and following up with users to determine legitimacy of such activity.
Investigating possible brute-force attempts and followed up with mitigation strategies based on user feedback.
Analyzing and resolve DLP alerts from McAfee DLP Manager, Forcepoint, and Escalating cyber privacy incidents to the Privacy Team.
Working incidents from initial assignment to final resolution.
Using Firepower IPS/IDS and FireEye NX to investigate possible intrusion attempt.
Investigating, analyzing, and processing retroactive and reported phishing email alerts from IronPort while following standard operating procedures.
Use O365 Threat Explorer to analyze scope and determine the recipients of the phishing emails within the company.
Assisting in building SOPs as needed or directed to facilitate SOC operations and processes.
Fully documenting assigned tickets to show all work performed and attach the required artifacts to pass SLRs.
Assisting with the creation of the daily SOC reports and shift reports and pass down emails and tickets to the incoming shift team during handover
Investigating traffic to suspicious domains and IPs and submitted a block request to NOC per the investigation results.
Using AD to provide authentication group and user management. LDAP to manage the directory services over the TCP /IP protocol.
Using Firepower IPS/IDS and FireEye NX to investigate possible intrusion attempts.
Education and Training
Bachelor of Arts, Communications Dec 2008
University of Buea Buea, Southwest Cameroon
Certifications
CompTIA Security+
CCNA
Oracle SQL Associate
Microsoft Azure Administrator
Reference
Available Upon Request
Contact this candidate