DD

DENVER DAWES

ad4zce@r.postjobfree.com 443-***-**** Randallstown, MD 21133

SOC Analyst with over 5 years' experience working to support threat monitoring, detection, event analysis, and incident reporting. I perform Security Incident Management aligned with NIST standards, while achieving deep level investigation and log analysis. A SOC Cyber Defense Analyst with experience in incidence response, endpoint, threat intelligence, forensics, as well as the functioning of specific applications or underlying IT infrastructure. I analyzed phishing emails including email headers, malware, source code, acts as a first responder to network and system attacks and compromises to determine threat vectors and provide initial remediation. I also have experience in utilizing different SIEM tools to monitor and analyze incidents. I work well with stakeholders to resolve incidents and escalates incidents when necessary following policies and procedures. Certifications CompTIA Security + Splunk Applications Microsoft Office Suites Programs (Word, Excel, PowerPoint, Outlook) Microsoft Azure Splunk Archer ArcSight SIEM RSA NetWitness FireEye Sourcefire (Snort) Wireshark Bro IDS Fidelis XPS QRadar Alienvault ForeScout NAC TippingPoint Carbon Black Rapid Nmap Nessus Firewall Logs Qualys AWS SNOW Remedy FireEye EX, HX, NX Splunk Trend Micro Technical Skills Vulnerability Assessment Service Level Agreements Ansible, Perl, Shell, REXX Scripting Data Leakage Prevention Cyber Threat Incident Management zOS Tape Backup/Library IT Security Network Security Log Analysis Incident Response Plans Standard Operating Procedures Cyber Kill Chain Mitre ATT & CK Framework Linux and Windows OS

Operating Systems Knowledge (Mainframe Skills) -

Z/OS, z/VM, TSO/ISPF, ISMF, JCL, SMP/E, Catalogs, CA1, DFSMS, DFHSM, DFDSS, REXX, Utilities

Support zOS Team to configures IBMZ machines in a

complex environment of multiple Parallel Sysplex's, maximizing the performance of z/OS systems, EMC

DASD, and applications while minimizing risk and

expense.

Network Administration: Routing, Switches, Cisco,

Software Defined Networks, LAN/WAN, Security

Solutions.

Server/System Administration: Virtualization, Active Directory, Windows, Linux, Hyper converged

Infrastructure, Citrix, Enterprise System Monitoring Mainframe: z/OS, JES2, VTAM, TCPIP, SMPE, HCD, ISPF, REXX, SDSF, DSS, SMS, ISMF, z/VM

Database: Oracle, DB2 z/OS and LUW, AWSDB Services Middleware: BPM, USS, Data power, IIB, IMQ, MSIIS, WAS, Redis Cache, Storage: Dell EMC Power MAX,

VMAX, SRDF, Disaster Recovery, Open System Backup

Technologies

COLLABERA

SOC Analyst

11/2019 - Current

Monitor security infrastructure and security alarm devices for indicators of compromise utilizing cybersecurity tools such as firewalls and IDS/IPS systems under 24/7 operations

Analyzed security event data using Splunk SIEM tool Provide 24/7/365 monitoring and analysis of Security event alerts across the enterprise network

Monitor company systems and daily log events to identify potential security threats

Sources include, but not limited to, sensor alert logs, firewall logs, content filtering logs, and Security Event Manager

Review all incoming alerts, and potential security threats, and properly investigate and ticket all identified potential security threats within the Summary

Skills

Experience

agency incident response-ticketing platform

Validate traffic and/or network activity (per alerts/logs) as anomalous in accordance with established Standard Operating Procedures Identify, investigate, and escalate potential security threats to senior technicians in accordance with established Standard Operating Procedures Utilize agency Security Event Manager Software to measure and model traffic, while identifying patterns and ports

Monitor and analyze data feeds of alerts and logs from firewalls, routers, and other network devices or hosts to watch for security violations and determine vulnerabilities

Conduct initial triage of security events and incidents and document progress throughout the Incident Response Lifecycle Identify potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information

Assess threat and vulnerability information from all sources (both internal and external), promptly applying applicable mitigation techniques and communicate information to leadership

Provide reporting and metrics around security monitoring by designing dashboards for asset owners and management

Ensure system monitoring for security and uptime

Recommend modifications to monitoring tools and identifies opportunities to streamline process

Monitoring our web applications to make sure our environment is secure Supports enterprise vulnerability scanning, penetration testing, and security compliance

Conduct malware analysis with the FireEye Malware Analysis system Support and monitor the planning, implementation, and growth of the AWS cloud infrastructure

Troubleshoot and analyze firewall logs using Splunk ITSI Experience and ability to analyze information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents/false positives

Monitoring and analyzing events with SPLUNK Enterprise Security Information Event Monitoring (SIEM) system

Monitor/create custom search queries and dashboards in Splunk Identify and detect security incidents and compromises in the organization by daily review and analysis of system and network logs, system configurations, and system behavior

Discover and analyze all classes of malicious attacks on different networks/systems, providing analysis from logs and utilizing tools

(automated and manual methods) to provide recommendations for remediation

Provide Incident Response (IR) support when analysis confirms actionable incident

Work with the team to understand, mitigate, and respond to threats quickly, restoring operations and limiting impact

Recommending tuning and filtering of events and information, creating custom views and content using all a Experience and ability to analyze information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents/false positives Monitoring and analyzing events with SPLUNK Enterprise Security Information Event Monitoring (SIEM) system

Monitor/create custom search queries and dashboards in Splunk Discover and analyze all classes of malicious attacks on different networks/systems, providing analysis from logs and utilizing tools

(automated and manual methods) to provide recommendations for remediation

Provide Incident Response (IR) support when analysis confirms actionable incident

Strong working knowledge of network and security architecture principles such as defense-in-depth

Investigate, document, and report on information security issues and emerging trends

Analyze security events/logs and report on threats and incidents across various platforms and environments

Work with the team to understand, mitigate, and respond to threats quickly, restoring operations and limiting impact

Recommending tuning and filtering of events and information, creating custom views and content using all available tools following an approved methodology and with approval and concurrence from management Provide Incident Response (IR) support when analysis confirms actionable incident

Work with the team to understand, mitigate, and respond to threats quickly, restoring operations and limiting impact available tools following an approved methodology and with approval and concurrence from management

Provide Incident Response (IR) support when analysis confirms actionable incident

Work with the team to understand, mitigate, and respond to threats quickly, restoring operations and limiting impact

Capable of cultivating robust relationship and training bank branch personnel to become valuable referral partner

Provide information regarding intrusion events, security incidents, and other threat indications and warning to the client Provided detailed status updates on existing cyber security incidents daily to include follow up with client/customer to ensure satisfactory resolution Assess incident severity and escalate to next level as needed to begin remediation

Contributed to the investigation and resolution of security incidents, develop incident reports, and aggregate a monthly incident status report. CYBER VERGE

SOC Analyst

02/2017 - 10/2019

Monitor security infrastructure and security alarm devices for indicators of compromise utilizing cybersecurity tools such as firewalls and IDS/IPS systems under 24/7 operations. Analyzed security event data using Splunk SEIM tool.

Provide 24/7/365 monitoring and analysis of Security event alerts across the enterprise network.

Monitor company systems and daily log events to identify potential security threats. Sources include, but not limited to, sensor alert logs, firewall logs, content filtering logs, and Security Event Manager. Review all incoming alerts, and potential security threats, and properly investigate and ticket all identified potential security threats within the agency incident response-ticketing platform.

Validate traffic and/or network activity (per alerts/logs)as anomalous in accordance with established Standard Operating Procedures. Identify, investigate and escalate potential security threats to senior technicians in accordance with Standard Operating Procedures. Conduct initial triage of security events and incidents, document progress throughout the Incident Response Lifecycle.

Conduct malware analysis with FireEye Malware Analysis systems. ZINMADE

NOC Analyst

07/2014 - 11/2016

Monitoring, design, installation, configuration, administration, and troubleshooting of LAN/WAN infrastructure using Cisco routers, Riverbed WAN Optimization, and Switches

Worked with Lotus, Novell Netware, and Red Hat Linux Palo Alto/Panorama, Cisco ASA 5505, Meraki Switches, ISE and Provide Excellent Customer Service

Knowledge of network troubleshooting, traceroutes, pings, Find host, TCP/IP, and Tracert

Perform network diagnostics to re-mediate detected/reported network incidents

Perform monitoring and first-level troubleshooting of the Bank's Local Area Network (LAN) and Global Communications networks Both MPLS and VSAT troubleshooting

Use monitoring tools to monitor the health of a network Monitoring tools include Smarts, HP Open View, SolarWinds, and EM7 PRTG, Prime, Splunk, AMS, Nagios, Smoke Ping, Net Cricket Initiate and performing changes on production systems and proactively escalate any issues that cannot be resolved within the established timeframes

Acting as a point of contact for the Country Office Information Technology staff, in case of network and communication link problems Send out a Notification and escalate during a major outage to concerned Team using (MIR3)

Taking follow-up action to make sure problems are resolved in a prompt, professional manner, and managing the escalation process to resolve problems and be sure of accurate response to all alerts Producing and publishing various reports on a regular basis (per shift, day, week, month), after data and status have been collected, in order to inform clients and the management teams on status and availability Also, create a report for NOC weekly meeting

Root cause analysis to isolate and determine problems or potential issues Provides technical analysis to all customers to isolate issues and develops strategies to restore or activate services

Regularly participates in the Shift Handover process with previous and incoming shift teams to help sync and transfer any ongoing issues or outages

Provide Local & Wide Area Network and Network Security Support Monitors network performance and implement performance tuning using Splunk when necessary

Working with vendors and management teams on change request ticket and to resolve problem tickets

Monitor security infrastructure and security alarm devices for indicators of compromise utilizing cybersecurity tools such as firewalls and IDS/IPS systems under 24/7 operations

Analyzed security event data using Splunk SIEM tool. Education and Training

Morgan State University

Bachelors of Science, Finance

University of Baltimore

Masters, Cyber Security

Contact this candidate