DD
DENVER DAWES
ad4zce@r.postjobfree.com 443-***-**** Randallstown, MD 21133
SOC Analyst with over 5 years' experience working to support threat monitoring, detection, event analysis, and incident reporting. I perform Security Incident Management aligned with NIST standards, while achieving deep level investigation and log analysis. A SOC Cyber Defense Analyst with experience in incidence response, endpoint, threat intelligence, forensics, as well as the functioning of specific applications or underlying IT infrastructure. I analyzed phishing emails including email headers, malware, source code, acts as a first responder to network and system attacks and compromises to determine threat vectors and provide initial remediation. I also have experience in utilizing different SIEM tools to monitor and analyze incidents. I work well with stakeholders to resolve incidents and escalates incidents when necessary following policies and procedures. Certifications CompTIA Security + Splunk Applications Microsoft Office Suites Programs (Word, Excel, PowerPoint, Outlook) Microsoft Azure Splunk Archer ArcSight SIEM RSA NetWitness FireEye Sourcefire (Snort) Wireshark Bro IDS Fidelis XPS QRadar Alienvault ForeScout NAC TippingPoint Carbon Black Rapid Nmap Nessus Firewall Logs Qualys AWS SNOW Remedy FireEye EX, HX, NX Splunk Trend Micro Technical Skills Vulnerability Assessment Service Level Agreements Ansible, Perl, Shell, REXX Scripting Data Leakage Prevention Cyber Threat Incident Management zOS Tape Backup/Library IT Security Network Security Log Analysis Incident Response Plans Standard Operating Procedures Cyber Kill Chain Mitre ATT & CK Framework Linux and Windows OS
Operating Systems Knowledge (Mainframe Skills) -
Z/OS, z/VM, TSO/ISPF, ISMF, JCL, SMP/E, Catalogs, CA1, DFSMS, DFHSM, DFDSS, REXX, Utilities
Support zOS Team to configures IBMZ machines in a
complex environment of multiple Parallel Sysplex's, maximizing the performance of z/OS systems, EMC
DASD, and applications while minimizing risk and
expense.
Network Administration: Routing, Switches, Cisco,
Software Defined Networks, LAN/WAN, Security
Solutions.
Server/System Administration: Virtualization, Active Directory, Windows, Linux, Hyper converged
Infrastructure, Citrix, Enterprise System Monitoring Mainframe: z/OS, JES2, VTAM, TCPIP, SMPE, HCD, ISPF, REXX, SDSF, DSS, SMS, ISMF, z/VM
Database: Oracle, DB2 z/OS and LUW, AWSDB Services Middleware: BPM, USS, Data power, IIB, IMQ, MSIIS, WAS, Redis Cache, Storage: Dell EMC Power MAX,
VMAX, SRDF, Disaster Recovery, Open System Backup
Technologies
COLLABERA
SOC Analyst
11/2019 - Current
Monitor security infrastructure and security alarm devices for indicators of compromise utilizing cybersecurity tools such as firewalls and IDS/IPS systems under 24/7 operations
Analyzed security event data using Splunk SIEM tool Provide 24/7/365 monitoring and analysis of Security event alerts across the enterprise network
Monitor company systems and daily log events to identify potential security threats
Sources include, but not limited to, sensor alert logs, firewall logs, content filtering logs, and Security Event Manager
Review all incoming alerts, and potential security threats, and properly investigate and ticket all identified potential security threats within the Summary
Skills
Experience
agency incident response-ticketing platform
Validate traffic and/or network activity (per alerts/logs) as anomalous in accordance with established Standard Operating Procedures Identify, investigate, and escalate potential security threats to senior technicians in accordance with established Standard Operating Procedures Utilize agency Security Event Manager Software to measure and model traffic, while identifying patterns and ports
Monitor and analyze data feeds of alerts and logs from firewalls, routers, and other network devices or hosts to watch for security violations and determine vulnerabilities
Conduct initial triage of security events and incidents and document progress throughout the Incident Response Lifecycle Identify potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
Assess threat and vulnerability information from all sources (both internal and external), promptly applying applicable mitigation techniques and communicate information to leadership
Provide reporting and metrics around security monitoring by designing dashboards for asset owners and management
Ensure system monitoring for security and uptime
Recommend modifications to monitoring tools and identifies opportunities to streamline process
Monitoring our web applications to make sure our environment is secure Supports enterprise vulnerability scanning, penetration testing, and security compliance
Conduct malware analysis with the FireEye Malware Analysis system Support and monitor the planning, implementation, and growth of the AWS cloud infrastructure
Troubleshoot and analyze firewall logs using Splunk ITSI Experience and ability to analyze information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents/false positives
Monitoring and analyzing events with SPLUNK Enterprise Security Information Event Monitoring (SIEM) system
Monitor/create custom search queries and dashboards in Splunk Identify and detect security incidents and compromises in the organization by daily review and analysis of system and network logs, system configurations, and system behavior
Discover and analyze all classes of malicious attacks on different networks/systems, providing analysis from logs and utilizing tools
(automated and manual methods) to provide recommendations for remediation
Provide Incident Response (IR) support when analysis confirms actionable incident
Work with the team to understand, mitigate, and respond to threats quickly, restoring operations and limiting impact
Recommending tuning and filtering of events and information, creating custom views and content using all a Experience and ability to analyze information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents/false positives Monitoring and analyzing events with SPLUNK Enterprise Security Information Event Monitoring (SIEM) system
Monitor/create custom search queries and dashboards in Splunk Discover and analyze all classes of malicious attacks on different networks/systems, providing analysis from logs and utilizing tools
(automated and manual methods) to provide recommendations for remediation
Provide Incident Response (IR) support when analysis confirms actionable incident
Strong working knowledge of network and security architecture principles such as defense-in-depth
Investigate, document, and report on information security issues and emerging trends
Analyze security events/logs and report on threats and incidents across various platforms and environments
Work with the team to understand, mitigate, and respond to threats quickly, restoring operations and limiting impact
Recommending tuning and filtering of events and information, creating custom views and content using all available tools following an approved methodology and with approval and concurrence from management Provide Incident Response (IR) support when analysis confirms actionable incident
Work with the team to understand, mitigate, and respond to threats quickly, restoring operations and limiting impact available tools following an approved methodology and with approval and concurrence from management
Provide Incident Response (IR) support when analysis confirms actionable incident
Work with the team to understand, mitigate, and respond to threats quickly, restoring operations and limiting impact
Capable of cultivating robust relationship and training bank branch personnel to become valuable referral partner
Provide information regarding intrusion events, security incidents, and other threat indications and warning to the client Provided detailed status updates on existing cyber security incidents daily to include follow up with client/customer to ensure satisfactory resolution Assess incident severity and escalate to next level as needed to begin remediation
Contributed to the investigation and resolution of security incidents, develop incident reports, and aggregate a monthly incident status report. CYBER VERGE
SOC Analyst
02/2017 - 10/2019
Monitor security infrastructure and security alarm devices for indicators of compromise utilizing cybersecurity tools such as firewalls and IDS/IPS systems under 24/7 operations. Analyzed security event data using Splunk SEIM tool.
Provide 24/7/365 monitoring and analysis of Security event alerts across the enterprise network.
Monitor company systems and daily log events to identify potential security threats. Sources include, but not limited to, sensor alert logs, firewall logs, content filtering logs, and Security Event Manager. Review all incoming alerts, and potential security threats, and properly investigate and ticket all identified potential security threats within the agency incident response-ticketing platform.
Validate traffic and/or network activity (per alerts/logs)as anomalous in accordance with established Standard Operating Procedures. Identify, investigate and escalate potential security threats to senior technicians in accordance with Standard Operating Procedures. Conduct initial triage of security events and incidents, document progress throughout the Incident Response Lifecycle.
Conduct malware analysis with FireEye Malware Analysis systems. ZINMADE
NOC Analyst
07/2014 - 11/2016
Monitoring, design, installation, configuration, administration, and troubleshooting of LAN/WAN infrastructure using Cisco routers, Riverbed WAN Optimization, and Switches
Worked with Lotus, Novell Netware, and Red Hat Linux Palo Alto/Panorama, Cisco ASA 5505, Meraki Switches, ISE and Provide Excellent Customer Service
Knowledge of network troubleshooting, traceroutes, pings, Find host, TCP/IP, and Tracert
Perform network diagnostics to re-mediate detected/reported network incidents
Perform monitoring and first-level troubleshooting of the Bank's Local Area Network (LAN) and Global Communications networks Both MPLS and VSAT troubleshooting
Use monitoring tools to monitor the health of a network Monitoring tools include Smarts, HP Open View, SolarWinds, and EM7 PRTG, Prime, Splunk, AMS, Nagios, Smoke Ping, Net Cricket Initiate and performing changes on production systems and proactively escalate any issues that cannot be resolved within the established timeframes
Acting as a point of contact for the Country Office Information Technology staff, in case of network and communication link problems Send out a Notification and escalate during a major outage to concerned Team using (MIR3)
Taking follow-up action to make sure problems are resolved in a prompt, professional manner, and managing the escalation process to resolve problems and be sure of accurate response to all alerts Producing and publishing various reports on a regular basis (per shift, day, week, month), after data and status have been collected, in order to inform clients and the management teams on status and availability Also, create a report for NOC weekly meeting
Root cause analysis to isolate and determine problems or potential issues Provides technical analysis to all customers to isolate issues and develops strategies to restore or activate services
Regularly participates in the Shift Handover process with previous and incoming shift teams to help sync and transfer any ongoing issues or outages
Provide Local & Wide Area Network and Network Security Support Monitors network performance and implement performance tuning using Splunk when necessary
Working with vendors and management teams on change request ticket and to resolve problem tickets
Monitor security infrastructure and security alarm devices for indicators of compromise utilizing cybersecurity tools such as firewalls and IDS/IPS systems under 24/7 operations
Analyzed security event data using Splunk SIEM tool. Education and Training
Morgan State University
Bachelors of Science, Finance
University of Baltimore
Masters, Cyber Security