Security Analyst Information
Resume:
Jason Somuncuoglu
*** ********** **, ****/**, ***02 • *****.*******@*****.*** • 919-***-**** • /in/jason-somuncuoglu Information Security Analyst
SOLVENT CYBERSECURITY, Fairfax, VA
August 2022-Present
Summary
As a Cyber Security Analyst, I am passionate about protecting the network and data assets of our clients from evolving cyber threats. I have over 5+ years of combined IT and security work experience, with broad exposure to infrastructure, network, and multi-platform environments. I hold Splunk Search Expert certifications, demonstrating my proficiency in using SIEM tools to monitor, analyze, and investigate security incidents. Holding CompTIA Security+ and IBM Cybersecurity Analyst certificates. Currently working towards obtaining CEH certification. Proven ability to collaborate across teams and contribute to incident response efforts. Adept at working effectively unsupervised and quickly mastering new skills. Advanced skills in security information and event management (SIEM), incident analysis and proactive cybersecurity measures for optimal organizational defense.
Create and track incidents and requests with an integrated ServiceNow (SNOW) ticketing system.
Follow detailed operational processes and procedures to appropriately analyze, escalate, and assist in the remediation of security incidents.
Liaise with the Company’s Security Operation Center to respond to emerging incidents in a timely manner.
Perform analysis of log files of Firewall, IPS, IDS, Server, and Proxy via Splunk SIEM solution. Skilled in performing thorough analysis of PCAP files using Wireshark, adept at extracting valuable insights to troubleshoot network issues, identify security threats, and optimize network performance.
Identify, track, and investigate high-priority threat campaigns, malicious actors with the interest, capability, and TTPs (Techniques, Tactics, and Procedures). Conduct core information security activities: Security Information and Event Management
(SIEM), Malware Detection, Vulnerability Management, Education & Awareness, Open-Source Intelligence (OSINT), Network Monitoring and Log Analysis. Monitor and analyze Security Information and Event Management (SIEM) alerts through Splunk and identify security incidents for remediation and investigation.
Document all activities during an incident, provide management with status updates during the life cycle of it.
Provide information and warning for intrusion events, security incidents, and other threat indications.
Triage security events and incidents, detect anomalies, and report remediation actions. Analyzing Qualys scan results to assess the severity of vulnerabilities and collaborated with cross-functional teams to develop targeted remediation plans. Assist in preforming and containment of compromised systems and mitigate root causes. Conducted in-depth analysis of security events and alerts within Splunk, providing actionable insights to the incident response team for timely mitigation. Develop and deliver security awareness and training programs to educate employees about cybersecurity best practices, policies, and procedures. Develop and implement an anti-phishing campaign periodically. Performing periodic scans in Qualys and inspecting and analyzing in ServiceNow(SNOW). Applied and managed security frameworks such as HIRA, NIST, ISO 27001 to enhance and govern the organization’s information security strategies. English
Turkish
Master’s Degree / Physics / Black Sea Technical University Bachelor degree /Physics / Black Sea Technical University CompTIA Security+
IBM Cybersecurity Analyst Certificate
QUALYS Vulnerability Management,
Detection and Response Specialist DDoS Attacks by University of Colorado Splunk 7.x Fundamentals & Core User
Google Cybersecurity Professional Certificate
Wireshark Project Certificate by Coursera
Intro to Microsoft Azure Cloud Services by Coursera IT Security Analyst
STIRLING CO.
May 2019-June 2022
Education
Skills
Risk Analysis
Splunk SIEM
Phishing Analysis
Threat Detection
MITRE ATT&CK
Microsoft Defender
Microsoft Intune
Languages
Certifications & Trainings
Using KQL in Microsoft Sentinel to write query, to select data sources, to analyze large volume of data in real-time, create new rule and rule logics. Assisted with Azure Active Directory (MS-Entra) services as Conditional Access and Privilege Access Management in Azure, enhancing the company's security posture. Security Awareness and Training: Cybersecurity engineers may develop and deliver security awareness and training programs to educate employees about cybersecurity best practices, policies, and procedures.
Developed and implemented an anti-phishing campaign periodically. Follow detailed operational processes and procedures to appropriately analyze, escalate, and assist in remediation of security incidents by using Microsoft Defender. Proficient in Microsoft Intune for managing and securing endpoints, ensuring compliance, and providing seamless mobile device and application management across the organization Virus Total
Wireshark
Cyber Kill Chain
Virtual Box
Microsoft Sentinel
Entra ID
Cisco Talos
Azure Security Center
AWS Security Hub
Google Cloud Security Command Center
Cloud Access Security Broker (CASB)
Identity and Access Management (IAM)
Zero Trust Architecture
Cloud Security Posture Management (CSPM)
Cloud Infrastructure Security
Serverless Security
Cloud Encryption
Multi-Factor Authentication (MFA)
Compliance (e.g., GDPR, HIPAA)
Data Loss Prevention (DLP)
Security Information and Event Management (SIEM)
Intrusion Detection and Prevention Systems (IDPS)
Geleneksel Güvenlik (Traditional Security)
Network Security
Firewalls
Intrusion Detection Systems (IDS)
Intrusion Prevention Systems (IPS)
Endpoint Security
Malware Analysis
Security Operations Center (SOC)
Penetration Testing
Vulnerability Assessment
Incident Response
Forensics Analysis
Encryption
Access Control
Security Policies and Procedures
Risk Management
Contact this candidate