Post Job Free
Sign in

Cyber Security Operations Analyst

Location:
Washington, DC
Salary:
110000
Posted:
May 31, 2024

Contact this candidate

Resume:

JEFFREY NYINAH

Gaithersburg, MD *****

**.******@*****.***

301-***-****

Proactive and dedicated Cyber Security Operations Analyst with over 4 years of experience in monitoring and detecting malicious activity based on the MITRE framework of adversary tactics, techniques, and procedures (TTP) in supporting organizational mission. Solid understanding of cyber threats and information security in the form of Threat Actors, Campaigns, and Observables. Experience in static and dynamic malware analysis using Xcitium EDR, with strong critical thinking, communication skills, and people skills (team-player). Strong analytical and problem-solving skills, self-motivated to improve knowledge and skill in alert triage and analysis to determine the course of action. Experience in creating SOPs and Playbooks with the overall objective to ensure confidentiality, integrity and availability of the systems, network, and data. Security operation security Analyst with proficient and thorough experience and a good understanding of information technology. Specialized in proactive network monitoring of SIEM

(SPLUNK). Have a deep knowledge in identifying and analyzing suspicious events and ability to manage sensitive material. Able to use various security tools to perform logs and packet analysis. Ability to perform malware analysis with the overall objective to ensure confidentiality, integrity and availability of the systems, network, Application and endpoint. Work Experience

CyberSecurity Analyst/incident Response Analyst

STS AVIATION GROUP

February 2022 to Present

· Provide response to security events, security alerts and security incidents including network intrusion, malware infection, DOS, DDOS, Brute force attack, privilege account misuse brought at the level of the Network, Application, and endpoint (OS).

· Experience using tools such as Cisco Sourcefire or Firepower (NIPS) at the level of the network.

· Use our main SIEM tool - Splunk to investigate intrusion events, action taken by the Firewall, and find out the HTTP response code to determine whether the intrusion was successful, redirected or errored.

· Perform full packet capture using Wireshark, which captures traffic from layer 2 to layer 7 of the OSI model. Looking at the source IP and destination IP, source and destination port, and the protocols whether TCP or UDP. Want to find out if the TCP handshake is taking place.

· Perform network investigation using Firepower, looking for malicious traffic or IPs that are being dropped or blocked and if it was allowed, determine if installation took place at the endpoint.

· Use endpoint tool which is Cisco Secure Endpoint formerly known as AMP to search host from the event logs, looking for detection of suspicious file or malware and confirm the file is quarantined, and the process blocked.

· Terminate malicious process with Carbon Black Cloud, delete the file and place it in the banned or block list.

· Monitor endpoint by verifying if there is any auto run process, exploitation, and installation process, .exe files, and SHA 256 Hash.

· Use Mimecast admin and Splunk to monitor phishing email alerts focusing on IOCs at the level of the email header including the sender’s email address, return path, SPF, DKIM and DMARC. SOC Security Analysis/Incident Response Analyst

PIMAJOY TECH

February 2021 to Present

· Monitored security event and incident detection systems, including SIEM

(Security Information and Management) IDS/IPS (intrusion detection/prevention system) and other security tools.

· Identified and ingested indicators of compromise (IOC) e.g., malicious IPs/URLs etc., into network tools/ application.

· Stayed up to date with current vulnerabilities, attacks, and countermeasures with security blogs and internal news reporting’s from CISA, DHS and Akamai.

· Performed incident monitoring, triaged alerts and initiated investigations

· Created and tracked incident and requests using ticketing tools:(Jira)

· Analyzed security event data from the network (IDS, SIEM)

· Performed investigations and evaluation of network traffic, read and interpret logs, sniffer packet and PCAP analysis with RSA Security analytics and Wireshark.

· Escalated any security incident (the integrity, Confidentiality or availability of any information or information asset that us negatively impact) to the incident Response (IR), incident Management Team (IMT).

· Conducted analysis using Splunk ES.

· Identified suspicious /malicious activities or codes.

· Performed domain and email analysis.

· Participated in phishing campaigns.

· Searched firewall, emails or DNS logs to identify and mitigate intrusion and attempts.

· Investigated malicious phishing email, domain and IPs using Open-Source tools and recommend proper blocking base on analysis.

· Continuously monitored and interpreted threats using the IDS and SIEM tools.

· Investigated all reported suspicious email and determine whether the email is malicious, non-malicious or legitimate and reply to the user who report the suspicious email with a message reporting the finding and any recommendations.

· Performed shift handoff at the end of every shift to provide situational awareness to the incoming shift. Education

Associate Degree in Management

Maritime University

January 2008 to December 2010

Cybersecurity and Information Assurance

Western Governors University

Skills

• MX Toolbox

• IP Void

• Cyber Chef

• Web Proxy

• IBM X-Force Exchange

• Cisco Firepower

• Forcepoint DLP Manager

• Routers

• URL Decoder

• GoToMeeting

• Virus Total

• TCP/IP

• Cisco Secure Endpoint

• McAfee

• Instant Messenger

• WANs

• Firewalls

• Microsoft Teams

• Carbon Black Cloud

• Palo Alto Networks URL filtering

• DHCP

• Microsoft Office (Word, Excel, PowerPoint, Access, Outlook, SharePoint)

• Test A Site

• Hybrid Analysis

• Anti-Virus Tools

• Splunk

• Zoom

• Student information system

• Windows (2000, 2007, 10, 11)

• LANs

• Mimecast

• Information Security

• Security Frameworks: NIST SP 800 Series including NIST 800-61 Rev. 2, Incident Response Lifecycle, NIST 800-83 Rev 1 Guide to malware incident prevention and handling for desktops and laptops; Privacy Act of 1974, HIPAA

• Ticket Systems: JIRA

• VPNs

• DNS Checker

• Mac OS

• DNS

• Sentinel One

• URL Scan

• Abuse IPDB

• Wireshark

• Cisco Umbrella

• WebEx

• Network Monitoring

• WAN

• Operating Systems

• Network Security

• Azure

• LAN

• ServiceNow

• Cybersecurity

• CrowdStrike

• Vectra

• Microsoft Sentinel

Certifications and Licenses

CompTIA Security+

Networking and Cloud Computing

May 2024 to Present

Cybersecurity Threat Vectors and Mitigation

May 2024 to Present



Contact this candidate