Security Operations Soc Analyst
Resume:
Alain Ngensi
SOC-Analyst
Royse City, TX ***** Tel: +1-936-***-**** Email: *********@*****.*** Linkedin
SUMMARY:
Experienced SOC Analyst with Around 5 years in security operations, specializing in security frameworks (NIST, ISO, HIPAA), compliance, incident management (Splunk, IBM QRadar), and vulnerability analysis.
Utilized top-tier SIEM tools like Splunk, and QRadar to effectively analyze security events and identify potential threats.
Proficient in implementing industry-standard cybersecurity frameworks like NIST, CIS, and ISO to ensure robust security measures.
Acquired hands-on experience in securing multi-cloud environments Cloud security (AWS)
Proficient in documenting threat actor TTPs using the MITRE ATT&CK Framework, combining strong documentation and presentation skills to deliver comprehensive and impactful insights.
Used PowerShell and other scripting languages to automate security tasks and processes, enhancing the efficiency and effectiveness of security operations.
Implemented and maintained security frameworks like the NIST Cybersecurity Framework, ISO 27001 & ISO 27002, and adhered to cybersecurity best practices as outlined by CIS, CISA, MITRE ATT&CK, and SANS.
Ensured compliance with industry standards and regulations through effective security practices such as PCI-DSS, HIPAA
Implemented and managed Network intrusion detection/prevention systems IDS/IPS technologies to safeguard network infrastructure.
Conducted regular vulnerability assessments using tools like Tenable Nessus, Qualys, and Acunetix. Performed penetration testing to identify and remediate security weaknesses.
Protected Active Directory environments against attacks and managed network security using FortiGate and ManageEngine (OpManager). Employ Wireshark for network protocol analysis and Armis for IoT security.
Utilized TCP/IP troubleshooting to resolve inter-departmental connectivity issues, ensuring seamless communication and collaboration between teams
Developed and executed incident response plans for various security incidents, promptly demonstrating a proactive approach to promptly containing and remediating security issues.
Consistently served as the primary point of contact for all security incidents within a multi-cloud environment, showcasing excellent analytical and problem-solving skills in identifying and mitigating potential threats.
Conducted assessments and tests to identify and address weaknesses in networks and systems such as Vulnerability assessment and management and penetration testing.
SKILLS:
Frameworks & Regulations
NIST Cybersecurity Framework, HIPAA, PCI DS, ISO 27001 & ISO 27002, GDPR, FISMA, CIS, CISA, MITRE ATT&CK, SANS
Tools & Platforms
Visual Studio Code, Windows Desktop/Server OS, Active Directory Defense, VMware, AWS, IDS/IPS, Log Analysis & Pen-Testing
Security Tools:
Proofpoint, ONSIT, Jira, PowerShell, CrowdStrike Falcon, SOAR, AI, IBM QRadar, Splunk Enterprise Security, FortiGate, ManageEngine (OpManager), Tenable Nessus, Qualys, Acunetix, Armis, Wireshark, ServiceNow, Guard Duty
Cloud
AWS (CloudTrail, Security Hub)
Operating Systems
Linux OS, Windows Desktop/Server OS
EMPLOYMENT HISTORY:
Security Operations Center Analyst Feb 2022 - Present
Wipro Limited/Dell Technologies
Report security incidents using the Jira ticketing system for events that signal an incident and require Tier 3 Incident Response review.
Perform triage on alerts by determining their criticality and scope of impact.
Investigate, analyze, and process endpoint alerts using tools such as carbon black, Splunk Enterprise Security (Splunk ES), and OSINT tools.
Review and collect asset data; indicators of compromise, logs, configurations, and running processes, on these systems for further investigation and reporting.
Involve in planning and implementing preventative security measures and in building incident response and disaster recovery plans.
Investigate, analyze, and process phishing email alerts from material security and Jira following standard operating procedures.
Identify and block over 1,000 phishing emails by scrutinizing email headers for signs of spoofing, examining URLs and attachments in the body of emails through static and dynamic analysis, and following SOC playbooks.
Successfully analyzed, escalated, and assisted in the remediation of over 100 critical phishing email security incidents by following detailed processes and procedures.
Harness Proofpoint TAP to identify and mitigate email threats
Effectively communicate findings and provide recommendations for remediation of phishing email threats.
Utilize CrowdStrike Falcon Platform to investigate and respond to potential security incidents, prioritizing IOA and IOC.
Ensured effective incident response and threat mitigation by leveraging Splunk Security Enterprise to triage and investigate notable events.
Utilize the powerful search and analysis capabilities of Splunk Security Enterprise to review and analyze notable events generated by various security data sources, including logs, network traffic, and system events.
Actively monitored offensive activities within QRadar SIEM, ensuring timely response and resolution. Conducted investigations on offensive activities by utilizing QRadar centralized log management, network flow analysis, and threat intelligence integration to gain a holistic view of potential threats.
Utilize MITRE ATT&CK, to research and analyze potential security threats and risks
Collaborate with cross-functional teams, sharing insights gained from packet analysis using Wireshark.
Conduct vulnerability scanning using Tenable Nessus to identify and mitigate network and infrastructure risks.
Stay updated with emerging threat intelligence trends and technologies through continuous learning.
Security Operations Center Analyst
Epsilon Jul 2017 – Jan 2022
Monitored and analyzed Active Directory logs using IBM QRadar SIEM, enhancing detection
Conducted in-depth analysis of logs, system events, and network traffic to identify signs of compromise.
Collaborated with the vulnerability management team to ensure timely patching and remediation.
Enhanced detection capabilities and proactive threat hunting for Active Directory attacks.
Implemented security controls, policies, and procedures to protect client data and applications.
Monitored AWS infrastructure and applications for security incidents, responding effectively.
Implemented security controls, and intrusion detection using GuardDuty, Inspector, VPC flow log, CloudWatch, and CloudTrail for monitoring user login.
Monitored security events from the various SOC entry channels (SIEM, Tickets, Email, and Phone), based on the security event severity,
Escalated to managed service support teams or tier 2 information security specialists, to perform further investigation and resolution.
Recommend enhancements to SOC security processes, procedures, and policies. Participate in security incident management and vulnerability management processes
Worked in a 24x7 Security Operations Center
Provided network intrusion detection expertise to support timely and effective decision-making of when to declare an incident.
Analyzed a variety of network and host-based security appliance logs (Firewall, NIDS, Sys Logs, EDR Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.
Ensured PHI, PII, and BII are kept confidential through DLP monitoring
Ensured integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies through monitoring of vulnerabilities scanning devices
Used vulnerability assessment tools such as Nessus, and Nmap to perform security testing.
Developed advanced queries and alerts to detect adversary actions.
EDUCATION:
Information and Communication Technology
University of BUEA Jan 2015
CERTIFICATES:
CompTIA Security +
CISM (Certified Information Security manager)
Contact this candidate