Incident response professional, threat hunting
Resume:
JORMA PETTERI MALKIA (Peter Malkia)
Cyber Security Threat Analyst, Incident Response, Threat Hunter, SIEM, SOC, SOAR, CISSP
Fremont, CA 94555 ad4cm9@r.postjobfree.com (408) 659 – 9277 http://linkedin.com/in/peter-malkia-8a53b3
Results-driven Information Security Expert with 20+ years of experience safeguarding critical assets and data in high-stakes environments.
PROFILE SUMMARY
Highly analytical and experienced professional with a proven track record in leading and executing comprehensive IT security strategies across diverse industries, including financial services, critical infrastructure, healthcare, and startups. Adept at performing a wide array of information security duties, from SOC analysis and threat hunting to SIEM monitoring and maintenance. Possesses extensive expertise in deploying and administering various security tools and technologies, including EDR/XDR, SIEM, firewalls, and DLP systems. Ability to develop and implement robust security policies and guidelines, ensuring compliance with industry standards such as PCI DSS, NIST, and ISO. Excited about the opportunity to shape security capabilities alongside a world-class security team.
oExpert in ensuring adherence to industry standards (PCI DSS, NIST, ISO 27001/2) and creating robust security policies.
oSuccessful in uncovering hidden threats missed by others, leading investigations, and implementing effective mitigation strategies (CrowdStrike, Splunk, Sentinel, Palo Alto).
oMasterful administrator of leading security tools (CrowdStrike, Palo Alto, Splunk, SIEMs), proficient in firewalls, penetration testing, and various operating systems.
CORE COMPETENCIES
Strategic-minded with knowledge of Cybersecurity architecture and technical solutions
Ability to design logging, data pipelines, and integrations to enhance threat visibility/response
Expertise in optimizing detections, playbooks, and workflows for incident identification
Expert knowledge of and sound experience in digital forensics tools and procedures
Able to collaborate effectively with diverse teams to deliver holistic security solutions
Skilled in guidance, problem-solving, and conflict management to ensure smooth workflow
Outstanding interpersonal skills with strong team spirit and great respect for diversity
Exceptional organizational and time management skills with sound multitasking abilities
SKILLS HIGHLIGHTS
IT & Cyber Security Anomalous Pattern Detection Project Management
Security Architecture Technical Security Safeguards Incident Handling (Detection, Analysis, Triage)
Incident Monitoring & Security Alerts Packet Analysis Log Management
Logging & Data Pipelines Integrations & Automation Advanced Security Tooling Deployment
Identity & Access Management Internal Threat Operations Issue & Compliance Management
Risk Assessment/Advisory Security Consulting Security Operations
Strategic Planning Data Analysis Solutions Development
Cybersecurity: Crowdstrike Firewalls, Linux firewalls to Palo Alto firewalls, Splunk, other SIEMs, App-ID and DLP.
General IT: Server and workstation Security, Security Standard and Policy Development
Operating Systems: Linux, Windows, Mac OS, some Mainframe
Programming: C, Visual C++, Python, Perl, PHP, Windows PowerShell, Objective-C
Software: SAP (security, authorization, and authentication); Microsoft Office
PROFESSIONAL EXPERIENCE
Standard & Poor via Wipro
Level 3 SOC Analyst May 2023 – Nov 2023
Led collaborative efforts with SOC analysts, utilizing CrowdStrike, MS Defender, and Azure tools for incident resolution.
Drove advanced threat detection and response, prioritizing CrowdStrike as the primary EDR/XDR solution.
Implemented cutting-edge SIEM processes with MS Sentinel and Splunk, elevating threat analysis and detection capabilities.
Championed network security by expertly employing Palo Alto firewalls, ensuring a robust defense against potential threats.
Excelled in proactive Threat Hunting, uncovering and mitigating threats overlooked by others; corrected critical CrowdStrike misconfigurations.
Key Accomplishments
Elevated incident response efficiency, leading to a 20% reduction in resolution time using collaborative tools.
Spearheaded a successful EDR/XDR optimization initiative, enhancing threat detection capabilities with CrowdStrike implementation.
Various Contracts, Self-Employed
Information Security Specialist for stealth mode start-up Jan 2022 – May 2023
Led comprehensive IT security measures for stealth-mode startup, acting as lead architect and operational lead.
Designed and performed heavy duty penetration testing for the whole infrastructure.
Executed CISO duties, overseeing SIEM monitoring, Linux firewall setup, and VPN connections for company-wide security.
Directed IT security for a stealth startup, managing CISO responsibilities, SIEM, Linux firewall, and VPN.
Implemented robust cybersecurity policies, ensuring compliance and safeguarding sensitive data.
Conducted thorough vulnerability assessments, addressing and mitigating potential risks to fortify the overall security posture.
Key Accomplishments
Bolstered cybersecurity, reducing system vulnerabilities by 30% and averting potential data breaches for enhanced protection.
Implemented Open Source SIEM, resulting in a 25% increase in threat detection efficiency and incident response.
Nutanix
Incident Response Engineer, Threat Hunting May 2021 – Jan 2022
Collaborated remotely with the multinational SOC team, specializing in advanced Palo Alto Panorama firewall alerts.
Spearheaded the creation of innovative use cases and alerts, showcasing expertise in proactive threat detection.
Conducted Threat Hunting, leveraging deep investigations with Splunk and SentinelOne, honing advanced SentinelOne skills.
Executed security assessments, identifying vulnerabilities and recommending proactive measures for risk mitigation.
Led training sessions on Palo Alto Panorama, enhancing team proficiency and ensuring optimal firewall management.
Key Accomplishments
Elevated threat detection efficiency by 20% through the development of advanced Palo Alto Panorama alerts.
Independent Contractor, Threat Hunting, SOC Engineer/Information Security Consultant Sept 2020 – May 2021
Guided consulting projects as a versatile SOC Engineer, tailoring solutions for clients of varied scales.
Initiated the installation and administration of Crowdstrike for three clients, ensuring robust cybersecurity measures.
Established SOC from the ground up, creating runbooks to optimize responses for diverse scenarios.
Key Accomplishments
Achieved 25% improvement in client cybersecurity postures through effective Crowdstrike implementation/administration.
Ellie Mae
Cyber Security Threat Analyst July 2019 – Sept 2020
Collaborated daily with SOC analysts, providing support and expertise in addressing complex cybersecurity challenges.
Managed daily Crowdstrike alerts, adeptly troubleshooting issues to ensure swift and effective response mechanisms.
Ensured Forcepoint DLP functionality, meticulously verifying rules to uphold robust data loss prevention measures.
Specialized as a Level 3 SOC Analyst, Cyber Threat Analyst, and proactive Threat Hunter for advanced security operations.
Conducted daily Forcepoint DLP administration, demonstrating proficiency in maintaining data loss prevention protocols.
Key Accomplishments
Facilitated seamless collaboration with an offshore SOC team, contributing to global cybersecurity efforts.
Expertly navigated security landscapes with Splunk for SIEM, Crowdstrike for EDR, and Forcepoint for DLP.
National Mortgage Insurance
Information Security Analyst May 2018 – Sept 2018
Administered Symantec DLP system daily, ensuring its efficacy and managing incidents for prompt resolution.
Monitored Information Security events, demonstrating expertise in incident response and maintaining compliance with PCI DSS.
Key Accomplishments
Enhanced data protection by 25% through strategic creation and implementation of DLP rules and exceptions.
Sabbatical July 2017 – May 2018
Merrick Bank
Senior Information Security Analyst Feb 2017 – May 2017
Led daily Incident Response, playing a pivotal role in managing SIEM (Qradar) for optimal effectiveness.
Expertly ingested diverse log sources, ensuring comprehensive data availability for robust security analytics and reporting.
Oversaw CarbonBlack integration, facilitating tool onboarding, readiness for enforcement, and approval of correct processes.
Key Accomplishments
Enhanced SIEM functionality, resulting in a 25% increase in threat detection and response effectiveness.
University of Utah Hospital
Senior Information Security Analyst Oct 2014 – Jan 2017
Conducted daily incident response in a HIPAA environment, optimizing SIEM (Qradar) for efficient threat mitigation.
Performed application DAST and SAST testing and heavy penetration testing before application was released to production.
Mentored a student workforce in the SOC, training future information security incident analysts for SOC development.
Contributed to a University-wide PaloAlto upgrade project, administering three Palo Alto firewall trainings for all analysts.
Hands-on management of SIEM and security tools (FireEye, McAfee, Qualys, Qradar) with strict adherence to HIPAA.
Conducted multiple HIPAA risk analyses, maintaining compliance while actively using SIEM (QRadar) and EDR (FireEye).
Key Accomplishments
Attained 20% efficiency gain in incident response through strategic optimization of SIEM (Qradar) in HIPAA environment.
Royal Bank of Scotland (RBS)
Information Security Analyst July 2013 – Oct 2014
Managed SIEM (McAfee), DLP (Symantec Vontu), and Vulnerability Management (Qualys) for robust cybersecurity measures.
Oversaw operational maintenance of CyberArk admin passwords, playing a vital role in privileged access management.
Led SIEM design and deployment, optimizing McAfee ESM for advanced threat detection and response capabilities.
Demonstrated hands-on expertise in daily administration of SIEM and vulnerability management tools (McAfee, Qualys).
Utilized Linux to validate QualysGuard Vulnerability scans, ensuring accuracy and effectiveness in cybersecurity assessments.
Key Accomplishments
Contributed to RBS IT security in both operational and engineering capacities, ensuring comprehensive cyber resilience.
ADDITIONAL EXPERIENCE
Suomen E-Turva Information Security Consultant, Own Company June 2011 – Mar 2013
Nordea Bank IT Security Analyst Jan 2002 – Aug 2010
European Central Bank, Frankfurt, Germany Senior IT Security Specialist June 2006 – June 2007
Tietoenator, Helsinki, Finland Information Security Consultant June 1999 – June 2000
Ericsson IPSEC Competence Center Helsinki, Finland, & Santa Barbara, CA Software Engineer Aug 1997 – Aug 1999
EDUCATION
CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL (CISSP)
CISSP training and Certification, 2000, certificate number: 20031
M.Sc: Tampere University of Technology, Tampere, Finland
Master of Science in Computer Science. Minors: Telecommunications, and Industrial Management, 1997
Publication: Authored a Master’s Thesis entitled “ADSL in Remote Access Networks”, LMF Ericsson.
Microsoft Certified Professional and Internet Information Server (MCP + I)
Microsoft Training and Certification, 2000
CERTIFICATION
Several CrowdStrike advanced trainings at Crowdstrike security meetings (San Jose, San Diego).
SANS (Windows Security, Forensics); CISA training and passed examination; several SAP training courses
McAfee ESM/Nitro Certification training; CarbonBlack administration training
Contact this candidate