Incident Response Security Analyst

Ariev Diamond

360-***-**** San Antonio, TX, ***** ***********@*****.***

https://www.linkedin.com/in/diamondawsphenom/

Summary of Qualifications

Cultivated 3+ years, my expertise as a Security Analyst encompasses proficient analysis, vigilant threat monitoring, and effective remediation strategies. Well-versed in network principles, adept with multiple SIEM systems, and skilled in EDR deployment. I possess extensive proficiency in Service Now. Key Skills: SIEM SOC Email Security VPN Endpoint Protection Vulnerability Management Cybersecurity Operations Security Compliance ServiceNow Ticketing Active Directory NIST ISO

Incident Response privacy investigation application security data protection risk management Applications and Software: Splunk SumoLogic UNIX Abnormal Security Zscaler SentinelOne OSINT QRADAR Kali Linux

Programming skills: python

Certifications:

CompTIA Security+ AWS Certified Cloud Practitioner Azure AZ-900 and Azure AZ-500 Splunk Core Certified User

EXPERIENCE_

Graphic Packaging International

Atlanta, GA Jan 2022 – Present

Soc Analyst

● First line of defense to end users [PC, machines, servers, applications, hardware]

● Documented, and managed incident cases in case management system (SOP’s).

● Document and adhere to policies working with personnel and client on international basis

● Contribute to Security Operations knowledge base materials (playbooks, runbooks,) while strengthening principles with SOP’s

● Provide completion of daily tasks for cybersecurity programs such as incident response, application cybersecurity, vulnerability management and remediation, cloud and infrastructure cybersecurity, data protection and privacy, and risk management and compliance.

● Conduct threat remediation using Splunk Incident Response techniques, and documented security events with ServiceNow.

● Reduce backlog of Cybersecurity alerts by 95 percent

● Screened,reported,and detected any issues within Windows servers, mobile devices, and machines

[EDR]

● Perform incident response based on the disaster recovery plan to reduce the threat landscape and improve the structure of the client and vendor.

● Investigate operational problems (Incident Response), propose solutions, and ensure compliance with ISD standards, and best practices.

● Manage, lead, and closed over 10000 tickets in ServiceNow

● Respond and diagnose issues by communicating with users and managers

● Utilize OSINT tools, research, and isolate machines, hosts, domains and machines to adhere to SLA agreements.

● Provide on call rotation support to end users on all use cases/threats for incident response

● Provide an end solution on all use cases via phone, email, and technical support.

● Collaborate with client, and vendor on use case creation, while providing technical guidance, and assistance to internal customers.

● Able to communicate technical problems to nontechnical individuals.

● Utilize ServiceNow ticketing system to document issues and provide an end solution.

● Perform Malware analysis based off of the disaster recovery plan, utilizing playbooks and standard operating procedures.

● Identify, and escalate security incidents to internal, and customer incident response teams such as Tier 2 and Tier 3 teams.

● Utilize network monitoring software to take action against malware, ransomware, phishing attacks and more.

● Understand TCP/IP protocols, utilize network analysis, vulnerability scanning, endpoint detection and response methods, network detection, and firewall blocking, to keep the devices secure.

● Conduct search queries within Splunk, and Sumo Logic environment to research, and perform extraction of information in a more simplified format.

● Report to manager, and Tier 3 Security Team on a daily basis to resolve active threats.

● Reported gaps in log collection, and reporting to security engineer, and Lead analyst. Tower Hill Insurance Group

Gainesville, FL Feb 2021 – Jan 2022

Security Analyst

● Collected, and analyzed threat intelligence to produce reports related to emerging threats.

● Performed weekly presentations to report on incidents, log analysis.

● Mitigated vulnerabilities by alerting clients of potential security threats in a speedy manner.

● Able to communicate technical problems to nontechnical individuals.

● Analyzed a large volume of security event data from log sources to identify, track, and report suspicious, and malicious activity using SIEM tools.

● Performed rule fine tuning improvements to eliminate false positive alerts, and enhance use-case coverage.

● Proactive monitoring of intrusion detection systems, cloud-based services, windows servers, network analysis.

● Follow-up analysis throughout the incident lifecycle to bring all incidents to closure.

● Stayed knowledgeable of the cyber threat landscape through daily research for the Threat Bytes Cybersecurity Newsletter.

● Monitored SIEM for suspicious events, and anomalous activity.

● Contributed to the documentation of new tools, and techniques.

● Created, and delivered reports to customers documenting SLA, and trends of threats. White Cloud Security

Austin, TX Jun 2020 – Dec 2020

Junior Cyber Security Consultant

● Applied basic red team techniques to explore files, implement fingerprint methods, using VMWare, and Putty, through Execution Control techniques.

● Cloned a repository from GitHub (kernel properties).

● Applied Red Hat tactics to download packages, unzip, patch the kernel from a Whacker directory.

● Compiled an SSH key login using bash scripting in Kali Linux. Education

University of Texas, San Antonio, TX, College of Engineering Dec 2020 – Major – Bachelor of Computer Engineering

Contact this candidate