Cyber Security Engineer
Resume:
Gabriel Phillips 678-***-**** ado5be@r.postjobfree.com
G a b r i e l P hill i p s
CYBER SECURITY ENGINEER
Professional Summary
Master’s graduate in Information Management with multiple certifications achieved and in progress in Cyber Security. Primary focus on Red Team Ethical Hacking, Vulnerability Assessment, Risk Management, and Threat Hunting. Proven tenacious work ethic while possessing the ability to multi-task effectively and handle a high- volume workload while consistently meeting or surpassing performance metrics.
• Skilled scanning networks using Nmap, Nikto, OpenVas, Hping3 and other network scanners to view open ports, run services, troubleshoot, and analyze network connectivity.
• Perform banner grabbing using tools such as Telnet, Netcat, and Nmap to retrieve information about computer systems on networks to mitigate vulnerabilities and prevent attackers from gaining banner information.
• Use Nmap to identify operating systems (OS) running on remote hosts and use the PoF tool to identify operating systems (OS) also running on remote hosts.
• Use Cyber Kill Chain to better understand and combat ransomware, security breaches, and advanced persistent threats (APTs).
• Incorporate FireEye Threat Intelligence subscriptions and services to address all aspects of threat intelligence needs.
• Install/use HashCalc for file checking.
• Observe PCAP files, logs and active real-time traffic patterns using Wireshark.
• Install CryptoDemo to encrypt/decrypt information traversing the intranet for observation.
• Implement/configure/customize Domain Name System Security Extensions (DNSSECs).
• Troubleshoot, scan, and utilize Linux systems and various Linux command-line tools. (e.g., DIG) to troubleshoot network-related issues.
• Utilize Windows command-line tools such as the PsInfo command-line tool to retrieve information about remote systems in a network.
• Use tools such as Stinger to scan for Malware.
• Apply tools such as CurrPorts, TCPView, and What’s Running to review process monitoring.
• Appy HashCalc to perform file hashing.
• Perform port redirection using the Netcat command-line utility available for Linux, UNIX, and Windows platforms. In Linux/Unix, use the finger command to retrieve information about system users in networks.
• Use TCPView to track port usage of devices. This displays the entire list of all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) endpoints on devices.
• Configure Firewall Rules using Windows Firewall (w/Advanced Security), Remote Desktop, and the Command Line Interface.
• Operate Microsoft Baseline Security Analyzer (MBSA) checking for available updates to the operating system, Microsoft Data Access Components (MDAC), MSXML (Microsoft XML Parser), .NET Framework, and SQL Server. MBSA also scans computers for insecure configuration settings.
• Conduct system hacking by means of malware (IDA Pro) and Trojan analysis tools, monitored ports and processes, and monitored and protected files and folders. Gabriel Phillips 678-***-**** ado5be@r.postjobfree.com G a b r i e l P hill i p s
CYBER SECURITY ENGINEER
• Configure TFTP (Trivial File Transfer Protocol) servers to plant backdoors on a victim’s computer systems.
• Implement application-level session hijacking for viewing cookie information from unencrypted web sites.
• Demonstrate understanding of the Public Key Infrastructure (PKI) and Symmetric Cryptography and their uses in SSL/TLS and SSH as related to secure access and authorization.
• Install and configure various tools and applications such as ZoneAlarm Firewall, NAT Firewall, and OpenSSH
• Install, test, configure, and re-test with Snort.
• Create DoS Attacks.
• Use Anti-Phishing Toolbar (Netcraft).
• Install/use Password Cracking Tools (Cain & Abel, PWDump, LM Hash, ThreatFire).
• Use Hyper-V Virtual Machine to create a Secondary Virtual Hard Disk.
• Establish/configure Active Directory Certificate Services.
• Create and configure Certificate Revocation Lists (CRLs).
• Set up/configure WSUS; create Computer Groups for WSUS; configure GPO Policy for WSUS.
• Install/configure Remote Authentication Dial-in User Service (RADIUS) for Wi-Fi authentication.
• Fix/configure Routing Protocols, (Static and Dynamic) in Cisco routers and switches.
• Hands-on Vulnerability Assessment and Penetration Testing.
• Keep informed about new Cyber Security industry news and trends, read various periodicals, conduct research, and experiment using virtual labs.
Technical Skills
Cyber Security Tools
Intrusion Detection Tools (e.g., Snort, pfSense Firewall Manager, Kali Linux, Alien Vault, ArcSight), Splunk, Cyber Kill Chain, Diamond Model, Nessus, Metasploit, Ettercap, Nmap, Hping3, Telnet, Burp Suite, IDA Pro, MDM Solutions, Hardware and software firewalls (e.g., Comodo Firewall), Honeypot tools (e.g., KFSensor), IDS/Firewall evasion tools
(e.g., Traffic IQ)
Mitigation
Mobile Protection Tools (MDM)
Network/wireless sniffers (e.g., Wireshark, Airsnort) Port scanning tools (e.g., Nmap, Hping)
Vulnerability scanner (e.g., Nessus, Qualys, Retina) Vulnerability management and protection systems (e.g., Framework and Compliance
NIST 800 Series
HIPAA
DoD Information Assurance Certification and
Accreditation Process (DIACAP)
Risk Management Framework (RMF)
HIPAA, SOC (1,2,3) FedRAMP, ISO
Enterprise Mission Assurance Support Service (eMASS) Owasp Top 10, Consulting on OWASP best Coding
Practices, CVSS, CVE’s, CIS Benchmarks
Enterprise Mission Assurance Support Service
(eMASS)
PCI – DSS
ISO 27000 series
COBIT
Gabriel Phillips 678-***-**** ado5be@r.postjobfree.com G a b r i e l P hill i p s
CYBER SECURITY ENGINEER
Founds tone, Ecora)
Intrusion Detection Tools (e.g., Snort, FireEye)
Splunk Enterprise Security (SES)
Metasploit
pfSense Firewall Manager
Kali Linux
Alien Vault
Network Hardware and Software (e.g., Comodo Firewall, Cisco ISR, Cisco ASA, Meraki, Cisco Smart Switches) Honeypot tools (e.g., KFSensor)
Cloud security tools (e.g., Core Cloud Inspect)
Cryptography tools (e.g., Advanced Encryption Package) Cryptography toolkit (e.g., OpenSSL)
Security Evaluation
Compliance Evaluation, Network Auditing, Risk
Management, MBSA
Monitoring
Intrusion Detection
Security Analytics
Intrusion Prevention
Penetration Testing
FireEye
Experience
08/2019 to Current
Information Security/Cyber Security Engineer
Rollins, Inc. – Atlanta, GA
• Conduct security assessments on assigned systems to ensure FISMA compliance following NIST SP 800-53 rev 4, NIST 800-53A, and FIPS.
• Apply extensive knowledge of networking principles, routing protocols, and the TCP/UDP/IP stack.
• Populate and sustain an active intrusion database and delivered data analysis support, evaluate data from logs, sensors, network devices, alerts, and run applications using SIEM tools, log servers, application interfaces, and third-party applications such as Process Explorer.
• Monitor performance on several risk management activities, including risk, control registers, workflow review, and approval with Archer GRC.
• Monitor and analyze network traffic security systems such as Firewalls, Servers, and Databases using tools such as Nessus, SIEM, Nmap, Snort, IDS alerts, DLP, and web proxy for system vulnerability.
• Perform information security assessments in direct support of a major compliance effort
(NIST, PCI-DSS, and ISO)..
Gabriel Phillips 678-***-**** ado5be@r.postjobfree.com G a b r i e l P hill i p s
CYBER SECURITY ENGINEER
• Monitor and analyze network traffic security systems such as Firewalls, Servers, and Databases using tools such as Nessus, SIEM, Nmap, Snort, IDS alerts, DLP and web proxy for system vulnerability.
• Use ArcSight information such as the source IP, ports, payload, and destination address, and provide insight about how to create a response action plan in the event of a real- time incident.
• Devise playbook for tabletop exercises about how to respond to hypothetical incidents.
• Assist in the architecture of how to configure Splunk for threat feeds alongside ArcSight and Sourcefire.
• Apply security to AWS cloud.
• Use Sourcefire IDS to inspect packets and payloads that trigger ArcSight alerts.
• Use the Cyber Security Kill chain as part of the Intelligence driven defense initiative aimed at providing greater visibility for identification and prevention of cyber intrusions/malicious activity.
• Involved in all steps from initial reconnaissance through intrusion and exploitation, privilege escalation, lateral movements, obfuscation, and exfiltration.
• Employ FireEye sandboxing solutions for Dynamic Malware analysis.
• Provide high-level consultation and security analysis for best practices to safeguard data across several interoffice departments (e.g., H.R., Finance, R&D, I.T., Coding, Risk Management).
• Research various cybersecurity domains for the client (Mobile Security, End Point Solutions, MDM, Policies, Physical Security, etc.).
• Utilize CrowdStrike Falcon Platform by providing endpoint security with antivirus solutions
(Falcon Prevent), Threat detection and Response (Falcon Insight) and device control
(Falcon Device Control).
• Set up Cloud native endpoint protection for scalability and real-time threat intelligence combined with security and IT operations to provide robust and lightweight security platform.
• Provide backend support for company infrastructure using both active directory and SCCM.
• Support clients both onsite and remotely for dealing with hardware and software issues on laptops, desktops, mobile devices and networks, local peripherals, as well as virtual machines and mobile devices.
• Serve as primary support person for asset tracking, loss prevention, and hardware/software remediation, as well as change management for onsite network equipment.
• Work with stakeholders across all levels of the organization to establish and implement a security policy within the company that ensures confidentiality, integrity, and availability of company resources.
Gabriel Phillips 678-***-**** ado5be@r.postjobfree.com G a b r i e l P hill i p s
CYBER SECURITY ENGINEER
• Follow Response Playbooks/Incident Response Plans (IR Plans) used by SOC team.
• Use NIST Risk Management Framework as a basis for SOC team Cyber Security guidelines such as Continuous Monitoring.
06/2017 to 08/2019
SOC Analyst 3
Carrix, Inc.– Seattle, WA
• Analyzed log traffic and PCAPS, read and understood system data, including security event logs, system logs, and firewall logs.
• Worked with a team of Information System Owners, Developers, and System Engineers to select and implement tailored security controls in safeguarding system information.
• Coordinated and performed internal and external vulnerability assessments on computing assets such as hosts, network infrastructure.
• Utilized Archer GRC in performing operational risk management of new and existing assigned entities/vendors to identify the risk- level and security posture for each entity.
• Reviewed system vulnerability scans and audit logs and work with system administrators to remediate findings and document non-remediated findings in the POA&M and performed security categorization of systems using FIPS199 & NIST SP 800-60 and initiated compliance and vulnerability scan requests to identify and report weaknesses and potential security breaches in accordance with SP 800-34.
• Conducted Security Assessment/Testing per company policy regarding the Risk Management Plan.
• Ensured that the Security Assessment and Authorization process are met per NIST SP 800 guidelines.
• Conducted system baselining and hardening based on CIS standards
• Executed risk-based audit programs to assess the effectiveness of controls for critical systems and processes.
• Employed security testing techniques such as network discovery, port and service identification, vulnerability scanning using Splunk ES, Snort IDS/IPS, Firewall, Wireshark, and Nessus.
• Experienced detecting malicious activities through the analysis of User Behavior.
• Performed forensic investigations and advanced threat analysis on many cyber security threats and reported on industry standard security information on current trends.
• Provided holistic data governance solutions with an emphasis on data classification and data leakage prevention.
• Analyzed, monitored, and identified security risks to determine potential impacts.
• Oversaw successful SIEM audits by constructing a management action plan. Gabriel Phillips 678-***-**** ado5be@r.postjobfree.com G a b r i e l P hill i p s
CYBER SECURITY ENGINEER
• Conducted weekly meetings with the CISO to review security incidents and trends.
• Delivered Splunk into S&P Ratings as the project manager to close a gap against the company logging standard. Led the design of the Splunk architecture.
• Implemented and configured SIEM tool using Splunk/Snort IDS/IPS, Wireshark for network traffic and packet analysis, and various Cyber Security tools Nmap and Nessus.
• Implemented security setting on Firewalls and Switches and Routers.
• Implemented DLP Plan with Backup and Recovery/Data Recovery and RAID.
• Establish Host Security to protect Application Data
• Conducted Security Assessment/Testing per company policy regarding the Risk Management Plan.
• Ensured that the Security Assessment and Authorization process are met per NIST SP 800 guidelines.
• Generated security documentation, including security assessment reports; system security plans; contingency plans; and disaster recovery plans.
• Coordinated and implemented Information security policies, processes, and procedures to ensure information systems security objectives and compliance were met. 02/2015 to 06/2017
SOC Analyst 2
Adecco USA – Jacksonville, FL
• Developed and updated System Security Plans (SSP), Contingency Plans, Disaster Recovery Plans, Incident Response Plans, and Configuration Management.
• Reviewed and documented contingency plans (CP), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various agencies.
• Reviewed and updated of the System Security Plan (SSP) using NIST SP 800-18 guidelines.
• Reviewed and updated Cybersecurity documentation on an annual basis.
• Worked with ISSO, AO, and the Security team to access security controls selected and assess the weakness and produce (RTM), or Test case, and all findings reported in our SAR report.
• Monitored and analyzed network traffic and logs using WireShark, Nmap, and pfSense.
• Monitored traffic for irregularities based on information received from various sources.
• Monitored and analyzed SCCM and SIEM reports to identify trends and potential vulnerabilities.
• Monitored and audited information security controls for compliance and effectiveness.
• Analyzed security breaches to determine their root cause.
• Recognized potential, successful, and unsuccessful intrusion attempts and compromises Gabriel Phillips 678-***-**** ado5be@r.postjobfree.com G a b r i e l P hill i p s
CYBER SECURITY ENGINEER
thorough reviews and analyses of relevant event detail and summary information.
• Analyzed discovered infrastructure and software vulnerabilities obtained from scanning to determine risk, impact and remediation plans.
• Applied understanding the function and content of information security policies, standards, procedures, and practices as well as threats, risks and vulnerabilities at a functional level.
• Executed security data management plans for the design and implementation of data collection, scheduling and review clarification and reporting systems.
• Performed penetration testing and vulnerability analysis.
• Monitored IT regulatory landscape for emerging regulations and assessed the impact to control framework and risk strategy.
• Processed Nessus vulnerability scanning for critical and high severity alerts, log analysis, and results.
• Managed Security Assessment and Authorization (SA&A) process to support continuous monitoring activities in accordance with NIST guidelines.
• Worked with internal stakeholders to create a matrix that mapped project requirements to the National Institute of Standards and Technology (NIST) security controls.
• Responsible for IT testing using appropriate tools.
• Tested, maintained, and monitored computer programs and systems, including coordinating the installation of computer programs and systems.
• Provided services as security control assessor (S.C.A.) and perform as an integral part of the Assessment and Authorization process to include A&A, documentation, reporting, reviewing, and analysis requirements. As a team, we determined Security Categorizations using the FIPS 199 as a guide, reviewed, update and develop Privacy Impact Assessment
(PIA), Privacy Threshold Analysis (PTA), and initiated System Security Plan (SSP).
• Specialized in the entire FISMA Risk Management Framework (RMF), and system control assessment processes using NIST SP 800-60, NIST SP 800-53A, preparing and reporting SSP, SAP, PTA, P.I.A., E-Authentication ST&E (Security Test & Evaluation), POA&M.
• Developed and conducted ST&E (Security Test & Evaluation according to (NIST SP 800- 53A) and perform on-site evaluation and support.
11/2012 to 02/2015
Malware Analyst
Adidas North America – Portland, OR
• Reversed encryption on files encrypted using flawed or uncertified custom cryptographic protocol.
• Performed return-to-libc buffer overflow attack. Gabriel Phillips 678-***-**** ado5be@r.postjobfree.com G a b r i e l P hill i p s
CYBER SECURITY ENGINEER
• Applied Machine Learning techniques and practices and tools to Malware Detection process.
• Developed methods using ImageNet Large-Scale Visual Recognition Challenge (ILSVRC) models to classify malware images by achieving high accuracies on Malware image classification predictions. Identified emerging cyber security risks, threats, and vulnerabilities.
• Monitored Cyber Security alerts related to malicious web and ad operations.
• Documented Cyber Security incidents on blacklisted IPs/domains detected on client ad tag and alerted clients.
• Decoded large volume of obfuscated code from the compiled binary.
• Researched security strategies and techniques used in malicious campaigns to identify their source or offending parties involved.
• Analyzed security breaches to determine their root cause.
• Exploited systems using Metasploit by getting connected through a shell.
• Forensically investigated systems flagged by our Endpoint Threat Detection/Protection product.
• Performed research on automating Malware Analysis workflow, including AI recognition of obfuscated/malicious macros, and extracting images from phishing documents to identify campaigns.
• Researched detonation sandboxes, filetype identifiers, and other public tools to integrate into existing Malware Analysis framework for Cyber Security initiatives.
• Provided requirements for development of internal Malware Analysis intelligence framework and next-generation endpoint threat detection products.
• Performed penetration testing using active and passive Footprinting.
• Performed Penetration Testing on Debian servers with weak key vulnerability to meet objectives.
• Sniffed the network using Wireshark, scanned ports using Nmap, scanned for vulnerabilities using Nessus.
05/2010 to 11/2012
Penetration Tester
Caesars Entertainment– Las Vegas, NV
• Tested for vulnerabilities and confirmed exploitability using Burp Suite, Metasploit, Kali Linux and custom scripts and manual techniques as needed.
• Completed tasks such as researching and identifying security vulnerabilities on the networks and systems.
• Conducted penetration tests on systems and applications using automated and manual Gabriel Phillips 678-***-**** ado5be@r.postjobfree.com G a b r i e l P hill i p s
CYBER SECURITY ENGINEER
techniques with tools such as Metasploit, Burp Suite, IBM App Scan, Kali Linux, and many other open-source tools as needed. Worked with support teams to address findings from tests.
• Engaged in computer exploitation and reconnaissance, applied target mapping and profiling and network decoy and deception operations in support of computer intrusion defense operations.
• Performed Threat Intelligence using the Cyber Kill Chain and Diamond Model.
• Analyzed security breaches using the Cyber Kill Chain and Diamond Model.
• Performed Intrusion Testing and Prevention, created and annotated log data samples, and managed a malware lab sandbox environment.
• Assisted in the evaluation, testing, and recommendation of hardware, software, and network configurations based on customer needs.
• Created a detailed Incident Report (IR) and contributed to lessons learned and mitigations for future attacks of a similar nature.
• Documented policies and procedures in support of Risk Management Framework (RMF) processes.
• Worked with security compliance policies, programs, processes, and metrics.
• Used log data from SIEM tools (Splunk and AlienVault) to conduct analysis of cyber incidents.
• Audited data location and permissions, verified end user, service, and administrator access to resources.
• Provided, tracked, and documented threat attribution to incident response and intelligence reporting activities.
• Communicated and engaged with senior management (CISO, CIO, and Directors) and system owners to assure information sharing and timely incident response and risk reporting.
• Led penetration tests and security assessments for applications and infrastructure, including web application assessments, mobile application assessments, API assessments, and physical penetration of properties.
• Provided user support in all software under Windows environment. Performed backups on the main system.
• Determined the need, scope, testing plan, and processes required for information security.
• Assisted in exploring OWASP top 10 vulnerabilities along with remediation recommendations.
• Participated in assigned exercises (e.g., COOP, network vulnerability, "red team/blue team", etc.).
• Monitored daily event collection, security intelligence and emerging threat information sources, including SIEM, vendors, researchers, websites, newsfeeds, and other sources. Gabriel Phillips 678-***-**** ado5be@r.postjobfree.com G a b r i e l P hill i p s
CYBER SECURITY ENGINEER
• Determined cause and researched attack vectors, extent of exposure, and overall risk to environment.
03/2007 to 05/2010
Systems Technician
Alliant Techsystems – Arlington County, VA
• Administered Active Directory (AD) in a Windows Server distributed environment.
• Provided technical support to clients to resolve issue related to product hardware, software, and operating systems. Provided assistance via phone or remote access for all supported applications or products.
• Performed daily monitoring of application software using market-standard tools.
• Reviewed system logs for applications and reviewed trends for vulnerabilities in systems.
• Ran updates and patches on services and systems to address threats and vulnerabilities.
• Maintained and managed DNS, DHCP, WINS, SNMP and NTP in a Windows environment.
• Performed root cause analysis and resolved root cause of issues of Windows and Exchange messaging systems.
• Analyzed system logs and utilized monitoring tools to identify potential issues with computing systems.
• Created and maintained documentation of hardware/software, application, processes and other related information.
Education
Master of Info Systems Management - Info systems management - Keller School of Management
Certifications
• Splunk Fundamentals part 1 certified
• Certified Ethical Hacker (CEH) – currently working on
• Azure Security AZ-500 – currently working on
• Certified Information Security Manager (CISM) – currently working on
• Server+ Certification – currently working on
Gabriel Phillips 678-***-**** ado5be@r.postjobfree.com G a b r i e l P hill i p s
CYBER SECURITY ENGINEER
• CompTIA Security+ (Certified) – currently working on
Contact this candidate