Security Analyst Incident Response

Ariev Diamond

(Current Location: San Antonio, TX)

Summary of Qualifications

An experienced Security Analyst with 3 years of analyzing, monitoring, and remediating threats. Knowledgeable in network concepts, multiple SIEM, and EDR. Extensive Service Now experience. Bilingual in English, and Spanish.

Employment

GPI (contractor for TCS): Atlanta, GA Jan 2022 – May 2023

SOC/Security Analyst

Security Analyst

Utilize PowerShell for incident response, and threat landscapes.

Use speed, and efficiency to reduce ticket consumption by 85% within the Service Now ticketing platform, handling high volume tickets.

Identify, and escalate security incidents to internal, and customer incident response teams such as Tier 2 teams.

Utilize Active Directory, and Abnormal Security email software to reduce email threats, and phishing.

Verify threat remediation using Splunk Incident Response techniques, and documented security events with ServiceNow.

Understand TCP/IP protocols, utilize network analysis, vulnerability scan, EDR scan, network detect, and firewall block, to keep the devices safe.

Conduct search queries within Splunk, and Sumo Logic environment to research, and perform extraction of information in a more simplified format.

Report to manager, and Tier 3 Security Team on a daily basis to resolve active threats.

Collaborate with client, and vendor on use case creation, while providing technical guidance, and assistance to internal customers.

Investigate operational problems (Incident Response), propose solutions, and ensure compliance with ISD standards, and best practices.

Experience in using Abnormal Security email software to reduce email threats, and phishing campaigns.

Able to communicate technical problems to nontechnical individuals.

Documented, and manage incident cases in case management system (SOP’s).

Investigated suspicious events, and incidents using open-source intelligent tools.

Monitors environments for unauthorized personnel, connections, devices, and software with various SIEM.

Reported gaps in log collection, and reporting to security engineer, and Lead analyst.

Monitoring login attempts by user, monitoring applications, and roles as the user utilizes, create roles for specific applications, Create roles through Cyberark Idaptive (IAM) per applications by members through SSO (Secure Zones).

Applications/Software Used

Splunk, Sumo Logic (SIEM), Unix, Abnormal (email security), Zscaler (proxy), SentinelOne (endpoint protection), OSINT Tools, ServiceNow (ticketing), Active Directory, CyberArk (IAM)

THIG (contractor for TCS): Gainesville, FL Feb 2021 – Jan 2022

Security Analyst

Collected, and analyzed threat intelligence to produce reports related to emerging threats.

Performed weekly presentations to report on incidents, log analysis.

Mitigated vulnerabilities by alerting clients of potential security threats in a speedy manner.

Able to communicate technical problems to nontechnical individuals.

Analyzed a large volume of security event data from log sources to identify, track, and report suspicious, and malicious activity using SIEM tools.

Performed rule fine tuning improvements to eliminate false positive alerts, and enhance use-case coverage.

Proactive monitoring of intrusion detection systems, cloud-based services, windows servers, network analysis.

Follow-up analysis throughout the incident lifecycle to bring all incidents to closure.

Stayed knowledgeable of the cyber threat landscape through daily research for the Threat Bytes Cybersecurity Newsletter.

Monitored SIEM for suspicious events, and anomalous activity.

Contributed to the documentation of new tools, and techniques.

Created, and delivered reports to customers documenting SLA, and trends of threats.

Applications/Software Used

QRadar (SIEM)

White Cloud Security: Austin, TX Jun 2020 – Dec 2020

Security Firm, Junior Cyber Security Consultant

Junior Security Consultant

Applied basic red team techniques to explore files, implement fingerprint methods, using VMWare, and Putty, through Execution Control techniques.

Cloned a repository from GitHub (kernel properties).

Applied Red Hat tactics to download packages, unzip, patch the kernel from a Whacker directory.

Compiled an SSH key login using bash scripting in Kali Linux.

Applications/Software Used

Kali Linux, Red Hat techniques.

Education

University of Texas, San Antonio, TX, College of Engineering Dec 2020 – Major – Bachelor of Computer Engineering

Certifications

CompTIA Security+ Certification

AWS Certified Cloud Practitioner

Azure AZ-900 (Azure Fundamentals)

Azure AZ-500 (Azure Security Engineering Associate)

Splunk Core Certified User

NSE1, NSE2

Working toward AZ 204, and 400

Contact this candidate