Security Information/ Security Operation Analyst/ Remote

Adefemi Adereni

Clinton, MD ***** • 202-***-**** • adcgwi@r.postjobfree.com

PROFESSIONAL PROFILE

To obtain a career opportunity in Security Operations Center. I am a tenacious, hardworking, and results driven security support professional with over 6 years of professional experience within Information Security, Security Center Operations, break-fix, and Incident Response. I am proficient in working in any team to help Monitor, Detect, Identify, Protect, Respond, and Recover from various malicious intrusion activities. I can recognize and analyze suspicious events. I can also perform log analysis, read packets, email, and domain analysis using various security tools.

CITIZENSHIP AND CLEARANCES

U.S. Citizen

Active Public Trust

-Under investigation for Top Secret/SCI

INFORMATION TECHNOLOGY COMPETENCIES

Software: Windows Active Directory Management, LDAP, Microsoft Office Suite, MS O365(Exchange, Lync, Skype business, Vault, SharePoint), VMware, Service Now, Track-It -ticket, Lotus Notes, Citrix receiver, One note, Adobe products, Project Management, HipChat, and Slack

Hardware: Win XP-Win10, MS Server, HP, and Mac OS.

Networking: VDI, TCP/IP, LAN/WAN, Ports & Protocols

Program/Script: Basic Python, PowerShell, Linux commands

SOC Tools: Splunk, Wireshark, Remedy, VDI, FireEye, AlienVault, Snort, Bro, NMAP, Nessus, Firewall Logs, Volatility, TCP dump, JIRA, McAfee ES, Imperva, FTK, Encase, Cofense Triage (PhishMe Triage), Iron Port, McAfee (ePO, MEG, MWG), JIRA, Archer, Remedy, Risk Vision, Chartbeat, RSA Security Analytics (Net witness), Nessus, IP360, Akamai WAF, AWS cloud trail, FireEye (NX, HX, EX, AX), IBM TrendMicro, Anomali Threat-stream, Barracuda, Forcepoint, Core Impact, and Bluecoat

Training: CompTIA A+, Net+, C HFI, HBSS, ACAS, AWS Foundation

CERTIFICATIONS

CompTIA Security+ CE

CCNA Routing & Switch

C EH Certified Ethical Hacker

E CIH Certified Incident Handler

Splunk Core Certified User (pending)

ISACA CSX Nexus Cybersecurity (pending)

PROFESSIONAL IT EXPERIENCE

GDIT – Washington, DC

Cybersecurity Operations Analyst/ IR February 2019 -present

Perform incident response, investigation, remediation, recommendation, and mitigation of security incidents for the United States Secret Service.

Perform incident monitoring, response, triage, and investigation of events

Investigate malicious phishing emails, domains and IPs using Open Source tools and recommend proper blocking based on analysis.

Perform proactive monitoring of events, respond to incidents and report findings and also escalate critical tickets.

Provide security support for confidential members of the government and keep track important documents.

Create phishing exercises/campaigns with core impact.

Attend CISO meetings to provide weekly SOC updates

Utilize garrison sandbox to perform malware analysis and FireEye AX to check malware behaviors of files and URLs.

Quarantine compromised host with FireEye HX by requesting containment

Provide client feedback on incident progress and resolution.

Prioritize and differentiate between potential intrusion attempts and false alarms.

Use Vulnerability Assessment tools to perform security tastings

Monitor and analyze network traffic, IDS/IPS, security events, and logs.

Investigate malicious phishing emails, domains and IPs using Open Source tools and recommend proactive blocks based on analysis.

Utilize Splunk for various investigations, queries, and dashboards; search for mail and web proxy logs to verify if user received and clicked any links within an email, review alerts and add tag to reviewed alerts, verify domain and IP traffic within search for investigations, create alert dashboards for managers review (e.g. PHP, SQL attempts, foreign VPN traffic dashboards), review logs in correlation to incidents (Forcepoint, barracuda, http, dns log, proxy logs, etc.)

Rescan mitigated systems for further infections. If none, commission systems back to the network.

Conduct research on new and evolving threats and vulnerabilities using security blogs, DHS notification, and more.

Create CSP evaluations according to SOC process and DHS procedures

Deloitte – Suitland, MD

Cybersecurity Threat Intel Analyst November 2017 – January 2019

Conduct proactive monitoring, investigation, remediation, recommendation, and mitigation of security incidents for the U.S Census project.

Running daily Sync up briefings with technical teams, create and manage turnover reports, CISO reports, and ticket tracking report

Participate in phishing and spoofing campaign services within our organization

Use RSA Security Analytics and Wireshark to perform evaluations of network traffics, read and interpret log and sniffer packets and PCAP analysis.

Keep open communications via Skype business, SharePoint documents, and phone when working remotely or on call.

Collaborate with technical and threat intelligence analysts to provide indications, warnings, remediations, recommendations, and contribute to predictive analysis of malicious activity

Monitor and analyze network traffic, Intrusion Detection Systems (IDS), security events and logs.

Use McAfee DLP Manager to protect intellectual property and ensures compliance by safeguarding sensitive data.

Develop follow-up action plans to resolve reportable issues and communicate with other teams to address security threats and incidents accordingly.

Perform deep dive network hunting activities with Splunk threat hunting intelligence

Provide Incident Response (IR) support when analysis confirms actionable incident.

Monitor events, respond to incidents and report findings and also escalate critical tickets if need be.

Continuous monitoring and interpretation of threats using the IDS and SIEM

Investigate malicious phishing emails, domains and IPs using Open Source tools and recommend proper blocking based on analysis.

Rescan mitigated systems for further infections. If none, commission systems back to the network.

Conduct research on new and evolving threats and vulnerabilities using security blogs.

Research new and past threats, including malware, exploit kits, and vulnerabilities.

Search firewall, email, web or DNS logs to identify and mitigate intrusion attempts.

Perform threat hunting by looking for IOCs with FireEye iSIGHT, Anolmali threat stream, and other security bulletins.

1901 Group – Windsor Mills, MD

SOC Analyst II July 2015 – October 2017

Conduct proactive monitoring, investigation, and mitigation of security incidents for CMS HHS.

Perform static malware analysis on isolated virtual servers

Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.

Run vulnerability scans and reviews vulnerability assessment reports.

Monitoring and analysis of security events to determine intrusion and malicious events.

Monitor Security events and logs such as Proxy logs, IPS/IDS events, Firewall, Active Directory (user verification), Vulnerability Scans, Anti-Malware events, Endpoint Security, Web Application Firewall, NetFlow, Packet Capture, computer log files, etc., to maintain situational awareness.

Perform security monitoring and correlations with various security tools such Imperva, Splunk, Cofense Triage, McAfee ePO, Nitro, JIRA, Archer, Remedy, Risk Vision, Chartbeat, RSA Security Analytics (Net witness), Nessus, Akamai WAF, PhishMe, AWS cloud trail, FireEye (NX, HX, CM) and IBM TrendMicro (9.5, 10, East, and West)

Perform investigations and evaluations of network traffics, read & interpret log, sniffer packets, and PCAP analysis with RSA Security analytics and Wireshark

Identify and ingest indicators of compromise (IOC’s) (e.g., malicious IPs/URLs, etc.) into network security tools/applications.

Proactively protect the network datacenters by looking for unusual activities by reviewing all available information including but not limited to the above referenced tools and investigate any unusual activity that is detected

Investigate all security alerts received by making use of all tools and log files possible to determine if the alert is a false positive, a security event, an actual attack, and/or a security incident

Quarantine the machines with suspicious behavior and initiate triage

Create and track incidents and requests with ServiceNow, Remedy, and JIRA

Process and complete tickets received from ServiceNow such as Non-Standard Software Require, Unblock Request, Lost and Stolen, etc.

Escalate any security incident (the confidentiality, integrity, or availability of any information or information asset is negatively impacted) to Incident Response (IR), Incident Management team (IMT), Forensics Management Analysis Team (FMAT) as needed

Collaborate with technical and threat intelligence analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity

Investigate malicious phishing emails, domains and IPs using Open Source tools and recommend proper blocking based on analysis.

Investigate all reported suspicious emails and determine whether the email is malicious, non-malicious or legitimate and reply to the user who reported the suspicious email with a message reporting the determination and any recommendations

Perform shift handoff at the end of every shift to provide situational awareness to the incoming shift

ProMedica Health Systems - Toledo OH

Systems Engineer / Vulnerability Analyst II October 2014 – July 2015

Implementing and managing the tools necessary to support the team’s mission.

Built, configure and manage new servers including: Domain Controllers, Exchange servers, SQL servers, application servers, web servers, indexing servers and storage servers

Increased additional storage spaces for users on the network and maintained cloud storages like NAT, SharePoint, and network drives.

Built, configure and manage enterprise software and hardware monitoring solutions

Ensure all open tickets requiring follow-up work and/or calls are resolved within 48 hours.

Use Nessus, SCCM, SCOM, and SQL reports and product logs to locate workstations and servers that have inventory, deployment, patching or other issues, and then use provided scripts, tools, and vendor products to troubleshoot and resolve the issue and verify resolution.

Provide specific vulnerability remediation support for all devices, including laptops, workstations, printers, and network devices (including mobile devices), based on the Regional Director’s priorities, and remediate 98 percent of vulnerabilities.

Provided onsite or remote patch and vulnerability support using SCCM and other tools. This includes MS patching, Nessus scan remediation, unauthorized software remediation, baseline image deficiencies, etc.

Performed vulnerability scans and audits on systems to support applications and report results to developers for remediation and/or mitigation.

Responsible for the maintenance and analysis of current tools, monitoring for gaps or weaknesses in coverage, ensuring compliance with policy and industry standards (PII, PCI, HIPAA, PHI), and promoting security.

Utilized automated scanning tools and a host of security-related, web-based applications, to report, identify and track assets vulnerabilities throughout the systems lifecycle.

Participate in team problem solving efforts and offer ideas to solve client issues

Develops new detective and investigative capabilities using current technical solutions

Identify opportunities for efficiencies in work process and innovative approaches to completing scope of work

Conducted operating system, application, and database vulnerability assessments on various Information Systems as part of the Independent Verification and Validation scanning program and Certification and Accreditation process for enterprise systems.

Performed various vulnerability scanning assessments, application configuration, and security configuration verifications.

Provided operations for persistent monitoring on a 24/7 basis of all designated networks, enclaves, and systems. Interprets, analyzes, and reports all events and anomalies in accordance with computer network directives, including initiating, responding, and reporting discovered events.

Potomac Falls Health and Rehabilitation Center - Sterling VA

Information Security Analyst I June 2013 – August 2014

Ensured the security of information technology platforms by contributing to the definition of security requirements. Implement technology and processes to ensure the security of technology platforms and data.by applying patches/upgrades regularly. Maintain records of all security improvements and issues.

Deployed, administered, install and configure computer hardware, operating systems and applications.

Monitor, maintain and optimize servers, networks, and end user devices.

Troubleshooting system and network problems and diagnosing and solving hardware/software faults.

Managed network Printers/Scanners/Copiers within the enterprise which consists of working with vendors, and configuration, setup, install, and deployment.

Review and evaluation overall compliance with applicable regulations, including HIPAA Security Rule, PCI DSS, and SOX.

Responsible for developing and maintaining the Security Risk Management program

Responsible for scheduling and completing Security Risk Assessments, and reports, on all required applications, software, and systems.

Assist with evaluating risks and compliance associated with Third Party applications and software, including SaaS providers

Create IS Policies, Standards/Guidelines, and other supporting documentation, as well as managing reviews of all documents and coordinating updates as required

EDUCATION & TRAINING

Bachelor of Science in Biology, Pre-Med Graduated: 03/2013

University of Maryland Eastern Shore - Princess Anne, MD

Study focused in biological science in preparation for Med, Dental, Nurse or Pharm school.

Masters in Cybersecurity Technology 10/2018 - 05/2020

University of Maryland University College

Contact this candidate