Page */*

Zeliha ONGOREN

ad3dt1@r.postjobfree.com VA 414-***-**** LinkedIn/Zeliha ONGOREN

CYBERSECURITY ANALYST

Specialized in security event analysis and incident response. Experienced in various security tools like SIEM and EDR. Worked on hands-on projects in monitoring network and endpoint security, as well as phishing email analysis. I am a team player who actively contributes to the group in order to complete tasks, meet goals and manage projects, listen to coworkers, respect ideas, and aim to improve the product or process in cybersecurity, keeping up to date with the latest trends, creating synergy with cybersecurity teams.

TECHNICAL SKILLS & TOOLS

SIEM: Splunk ES, IBM QRadar

EDR: CrowdStrike Falcon, Sentinel One, FireEye HX

Vulnerability: Nessus, Nmap

Penetration Testing: Kali, Linux Command Line Tools, Virtual Box

Packet Capture: Wireshark

Ticketing System: IBM Resilient, The Hive, JIRA, Service Now, Strike Ready

Security Frameworks/ Standards: OWASP 10, MITER ATTA&CK, Cyber Chain

OSINT Tools: Virus Total, Any Run, MX Toolbox, Joe Sandbox, Urlscan.io, IBM X-Force,

Phishing Analysis: Proofpoint, Proofpoint Tab

McAfee, Palo Alto, Microsoft 365 Security Center PROFESSIONAL EXPERIENCE

Tier L2 SOC Analyst Dec 2022 to Oct 2023

CNA Insurance, Chicago IL

Identified potential threats, phishing attacks, anomalies, and infections escalated by Tier1.

Monitored and analyzed SIEM alerts through Splunk and identified security anomalies for investigation and remediation and provided recommendations to the technical teams with StrikeReady and Service Now ticketing system.

Monitored EDR tools like CrowdStrike Falcon to identify suspicious processes of detections and affected hosts.

Conducted analysis to determine the legitimacy of files, domains and emails using Proofpont and Proofpoint Tap, online resources such as Virus Total, Strike Ready, and MX Toolbox.

Investigated phishing emails by reviewing attachments, header information and the resource and took required actions to prevent users from interacting with malicious content.

Analyze alerts using tools such as Splunk, McAfee ePO, Netskope, Palo Alto and Microsoft 365 Security Center

Collaborate with support teams to track and escalate the issues to Tier 3 or other related departments as needed until resolved.

Responsible for shift-to-shift turnover providing a summary of the report of shift activity to the next team.

Page 2/2

Incident Response Analyst June 2022 to October 2022 Halvik, Alexandria, VA

Investigate monitoring alerts, troubleshoot, and engage the support teams.

Analyzing threat patterns on various security devices and validation of False/True positive security incidents.

Responding to cyber security incidents by collecting, analyzing, and providing detailed evidence (network log files) and ensuring that incidents are recorded and tracked in accordance with its guideline and requirements.

Responsible for shift-to-shift turnover providing a summary of the report of shift activity to the next team.

Communicate the outage to senior leadership following approved guidelines. Analyze alerts using tools such as Splunk, Sitescope, OBM, OpenNMS and Qradar Collaborate with support teams to track and escalate the issues as needed until resolved. Security Operations Center Analyst May 2020 to June 2022 CyberNow Labs, Sterling, VA

Monitored real-time log in the Security Operations Center from different devices such as firewalls, IDS, IPS, operating systems like Windows, Linux, Windows Servers, Databases, and Networking Devices.

Identified potential threats, phishing attacks, anomalies, and infections.

Monitored and analyzed SIEM alerts through Splunk and identified security anomalies for investigation and remediation and provided recommendations to the technical teams via IBM Resilient and Jira ticketing system.

Monitored EDR tools like CrowdStrike Falcon to identify suspicious processes of detections and affected hosts.

Conducted analysis to determine the legitimacy of files, domains and emails using online resources such as Virus Total, Any Run, and MX Toolbox.

Investigated phishing emails by reviewing attachments, header information and the resource and took required actions to prevent users from interacting with malicious content.

Became familiar with fundamentals of information security including network technologies and tools, network security, and implementing secure systems. Early Childhood – Teacher Sep 2019 to May 2021

Creative Explorers, Oak Creek, WI

Developed activities that promote literacy and math concepts

Maintained and schedule weekly and monthly activities

Provided a classroom environment that encourages parent participation

Participated in on-going in-service and education development opportunities, and participated in the ongoing development and evaluation of the program’s goals and objectives Early Childhood – Assistant Teacher Nov 2016 to March 2019 YIM Youth in Motion, Cudahy, WI

Adapted daily routines to meet the interest and needs of the individual child and the group

Planned and implemented activities that meet the physical, intellectual, emotional, and social needs of students

Provided adequate equipment and activities

Page 3/2

EDUCATION

Associate Degree, Early Childhood Education 2010 - 2012 Yeni Yuzyil University, Istanbul, Turkey

Received 100% scholarship, honor student

Speaks Turkish

CERTIFICATIONS

CompTIA Security+

CompTIA CySA+

CompTIA Security Analytics Professional CSAP

Splunk Core Certified User

Certified Ethical Hacker (CEH)

References are available upon request

Contact this candidate