Incident Response Cyber Security
Resume:
HENRY CHE NJI
214-***-**** ad489c@r.postjobfree.com www.linkedin.com/in/henry-nji-758740206
Incident Response Management Threat Detection
PROFESSIONAL SUMMARY
A highly skilled cybersecurity and ethical hacking professional with over 5+ years of working experience, with a robust proficiency in hard skills essential for safeguarding digital assets and infrastructure. Possessing extensive experience in penetration testing, vulnerability analysis, and incident response. Demonstrated expertise in identifying and exploiting security weaknesses to fortify defenses and mitigate risks effectively. Proficient in utilizing advanced tools and techniques to assess, monitor, and secure complex systems and networks against cyber threats. Committed to continuous learning and staying abreast of emerging technologies and evolving threats to provide proactive security solutions. A results-driven problem solver with a passion for leveraging technical acumen to address intricate cybersecurity challenges and uphold organizational resilience in the face of cyber threats.
TECHNICAL SKILLS
●Incident Response Management
●IT Service Management
●Active Directory
●OS (Linux, Windows and Mac)
●Information Security
●Automation
●Risk Assessment
●Threat Triage
●Remediation & Recommendations
●SIEM Configuration (Splunk, Elastic)
●Scanning And Enumeration
●Firewall
●Networking
●Malware Analysis
●Penetration Testing
●Metasploit
●Burp suite
●PaaS
CAREER HIGHLIGHTS
Wipro Limited, Plano Texas (Sr. Cyber Security Analyst) 05/2023 to Present
●Identify, define, and document system security requirements and recommend solutions to management.
●Configure, troubleshoot, and maintain security infrastructure software and hardware.
●Install software that monitors systems and networks for security breaches and intrusions.
●Monitor systems for irregular behavior and set up preventive measures.
●Educate and train staff on information system security best practices.
●Plan, direct, and manage day-to-day activities across the Security Engineering team.
●Drive implementation and improvement of new tools, capabilities, frameworks, and methodologies across all teams within the Cyber Fusion Center.
●Instill and reinforce industry best practices in the domain of change management.
●Promote and drive implementation of automation and process efficiencies.
●Interface with Information Technology teams to bake in security best practices across the entire ecosystem.
●Stays abreast of the latest security trends, vulnerabilities, and industry developments, and make recommendations for enhancing the organization's security posture.
●Performs On-call rotation with team members.
●Mentors and coaches junior security team members, fostering their professional growth and development
●Collaborates with the Security Operations Center (SOC) to enhance incident response capabilities and processes.
●Leads security-related projects, including planning, resource allocation, and timely execution.
●Collaborates with vendors and external partners to assess and improve the security posture of third-party systems and services.
●Prepares and presents comprehensive security reports and recommendations to senior management and stakeholders.
Toyota Motors, Plano Texas (SOC Analyst) 5/2020 - 02/2023
●Identify the scope of the investigation: Determine which systems and endpoints are affected and the extent of the compromise.
●Serve as first incident responder for Cyber Security incidents and perform security incident investigations.
●Analyze network traffic, endpoint indicators, and log sources to identify the threats, assess the potential damage, and recommend countermeasures.
●Recommend configuration changes to improve the performance, usability, and value of threat analysis tools, implementation, and maintenance of enterprise-wide security solutions, including but not limited to firewalls, intrusion detection/prevention systems, SIEM, endpoint protection, and secure network architectures
●Performs advanced threat modeling and vulnerability assessments to identify security gaps and recommends appropriate controls and countermeasures.
●Develops and implements security policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices.
●Conducts in-depth security incident investigations, including root cause analysis and mitigation strategies.
●Acts as a subject matter expert for security technologies, providing guidance and support to junior team members and stakeholders.
●Collaborates with cross-functional teams to evaluate, select, and deploy new security technologies, tools, and services.
●Monitors and analyzes security events and alerts from Splunk, Tenable, Nessus, Crowdstrike, and Axonius to detect and respond to potential threats.
●Develops and delivers security awareness and training programs to educate employees on security best practices and policies.
●Participates in security audits and compliance assessments, ensuring adherence to relevant frameworks and regulations.
●Stays abreast of the latest security trends, vulnerabilities, and industry developments, and make recommendations for enhancing the organization's security posture.
●Performs On-call rotation with team members.
●Mentors and coaches junior security team members, fostering their professional growth and development
●Collaborates with the Security Operations Center (SOC) to enhance incident response capabilities and processes.
●Leads security-related projects, including planning, resource allocation, and timely execution.
●Collaborates with vendors and external partners to assess and improve the security posture of third-party systems and services.
●Prepares and presents comprehensive security reports and recommendations to senior management and stakeholders.
Verizon Communications (Aricent), Dallas Texas (SOC) 4/2018 to 5/2020
●Provide 24/7/365 real-time monitoring of security tools, dashboards, and email alerts.
●Provide continuous monitoring of Security defenses and functions for the Agency.
●Provide triage analysis and initial preventive response in significant incidents including basic response analysis, quarantine, and escalation.
●Creating comprehensive security write-ups which articulate security issues, analysis, and remediation techniques.
●Provide incident data gathering, quality control and validation of required data via tickets like ServiceNow, Jira and AutoTask.
●Correlate data analysis from different sources for escalation or validation.
●Detect and track critical and high vulnerabilities and verifies and validates remediation.
●Use Splunk Enterprise Security (ES), AlienVault and QRADAR to monitor and investigate alerts from different data sources.
●Use Cisco Sourcefire/Firepower to monitor and investigate network alerts.
●Analyze and resolve DLP alerts from McAfee/ Forcepoint DLP Manager, escalate cyber privacy incidents to the Privacy Team.
●Process Daily Threat Intel and blocking malicious MD5 hashes, IPs and Domains following standard operation procedure.
●Process Web Site Review Requests using McAfee Web Gateway GUI to grant temporal Web Access to users within the Company to websites that are being blocked for security.
●Use Splunk to search and analyze email logs to confirm malicious emails were not delivered.
●Review and process accidental disclosure requests following standard operation procedures.
●Analyze, investigate and process potential Phishing Email alerts reported by users and or Microsoft O365, Proofpoint following standard operation procedure.
●Contribute to security strategy and security posture by identifying security gaps, evaluate and implement enhancements.
●Prepare and maintain SOPs for triage and escalation of most common types of incidents.
●Detects and tracks critical and high vulnerabilities and verifies and validates remediation.
●Use Splunk Enterprise Security (ES) to monitor and investigate alerts from different data sources.
●Analyze and determine root cause of security breaches and changed security controls.
● Examined and evaluated computer software and hardware to uncover access attempts.
● Ensure customers follow security policies and procedures following NIST publications.
●Played an instrumental role in monitoring and analyzing logs and alerts from various cybersecurity technologies across multiple platforms, resulting in a 10% decrease in false positive alerts.
●Maintain and follow Service Level Agreements (SLA’s) for security event alerting.
●Communicate alerts to clients regarding intrusions and compromises to their network infrastructure, applications, and operating systems.
●Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall, SOC functions.
●Review computer logs and messages and identify and report possible violations of security policies.
●Validate suspicious events and determine if the event constitutes an incident and properly enter associated data into the appropriate reporting systems.
Information Assurance Analyst 7/2016 to 3/2018
Defense Point Security (DPS) Washington
●Assisted System Owners and ISSOs through Certification and Accreditation (C/A) process, ensuring that technical, operational and management control securing sensitive security systems are in place and being followed according to the Federal Guidelines.
●Accomplished continuous monitoring of security controls as a guide by testing a portion one-third of the Applicable Security controls annually and performing periodic Vulnerability Scanning.
●Conducted assessment meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting weaknesses of assessment.
●Performed Security Privacy Threshold Analysis (PTA).
●Privacy Impact Assessment and E-Authentication with business owners and selected stakeholders.
●Worked closely with the ISSOs and Security team to access security controls selected and assess the finding and the result be reflected on the (RTM) or Test case and all weakness noted be reported in our SAR report.
●Provided services as security control assessors (SCA) and perform as an integral part of the Assessments and Authorizations process to include vulnerability scanning, documentation, reporting and analysis requirements.
●Manually review logs and provide documentation guidelines to business process owners and management.
PROJECTS
●Vulnerability Management Program:
-Conducting and scheduling monthly and quarterly vulnerability scan using Nessus and Tenable.
-Maintain documentation of scan results, actions taken, and any changes made to the scanning process.
-Periodically review and update scan policies based on changes in the threat landscape or network architecture.
-Regularly review the results of both monthly and quarterly scans.
-Prioritize and address critical vulnerabilities promptly.
●Security Awareness Training:
-Conduct a baseline assessment to gauge the current understanding of security concepts among employees.
-Conduct simulated phishing exercises to test employees' ability to recognize phishing attempts.
-Provide feedback and additional training for those who fall for simulated attacks.
-Send periodic security reminders through internal communication channels.
-Implement a program to recognize and reward employees who actively contribute to the organization's security culture.
-Establish a feedback mechanism to gather insights on the effectiveness of the training.
-Use feedback to make continuous improvements.
●Threat Intelligence Integration:
-Participate in Information Sharing and Analysis Centers (ISACs) and other threat intelligence sharing communities.
-Contribute and receive threat intelligence from trusted sources.
-Regularly assess the effectiveness of threat intelligence integration in improving security outcomes.
PROFESSIONAL EXPERIENCE
●Integrated and fine-tuned endpoint protection tools, including CrowdStrike and Microsoft Defender for advanced threat detection and prevention.
●Conducted thorough vulnerability assessments using tools like Nessus and Tenable to identify and address weaknesses.
●Leveraged Microsoft 365 (O365) security features for application security, ensuring robust protection of cloud-based services.
●Utilized advanced capabilities of Cisco Firepower for comprehensive network security against evolving threats.
●Employed SOAR platforms like Demisto for the automation of security workflows, improving incident response efficiency.
●Stayed abreast of emerging threats and industry best practices, continuously enhancing the cybersecurity posture of the SOC.
●Proficient in using industry leading SIEM platforms such as Splunk, AlienVault, and QRadar for comprehensive log analysis and event correlation.
●Managed security tools like Snort, Cortex XDR and Cisco Firepower/SourceFire to enhance intrusion detection capabilities within the SOC.
●Experienced in optimizing security platforms, including McAfee, Symantec, Cisco AMP and Palo Alto Networks, for robust endpoint protection and network security.
●Conducted regular security awareness training and simulated phishing exercises to enhance the human element of cybersecurity defenses.
●Design, deploy, and maintain Splunk infrastructure to collect, analyze, and correlate security event data.
●Develop and optimize Splunk queries, dashboards, and reports to extract meaningful insights from large datasets.
●Monitor and fine-tune Splunk performance for optimal efficiency.
●Implement and manage endpoint security solutions to protect against malware, ransomware, and other threats.
●Assess and enhance network security controls, including firewalls, intrusion detection/prevention systems, and network segmentation.
●Continuously evaluate current-state processes and implementations, identifying opportunities for further optimization, and acting upon those opportunities, where appropriate.
●Provide training and knowledge transfer to junior team members and other relevant stakeholders.
●Work closely with architecture and engineering teams to integrate security solutions seamlessly.
●Work on and prioritize multiple, concurrent projects while meeting deadlines in a fast-paced environment.
EDUCATION AND CERTIFICATIONS
● B.A Education and Computer Studies (University of Yaoundé - Cameroon) 2005.
● M.S. Cyber security and Information Assurance, (Western Governors University, Utah) in progress.
●CEH Certified Ethical Hacker
●CompTIA security
●Scrum Master
●Microsoft Certified: Azure Security Engineer
●Microsoft Certified: Azure Security Engineer Associate
●Microsoft Certified Azure Fundamental (AZ-900)
Contact this candidate