CHANTAL COOPER

571-***-**** adoeb4@r.postjobfree.com

Professional Summary

Cyber Security Engineer/Security Analyst with 11+ years of professional Information Security, Information Management, Risk Managing, Leadership, and Pen-Testing for vulnerability assessments/compliance.

• Experience scanning networks using Nmap, Hping3, Nikto, OpenVas, and other network scanners to view open ports, running services, and network connectivity, and apply troubleshooting as required.

• Perform banner grabbing using tools such as Telnet, Netcat, and Nmap. Perform information retrieval exercises to retrieve information about a computer system on a network to mitigate vulnerabilities and prevent attackers from gaining banner information.

• Use Nmap to identify operating systems (OS) running on remote hosts.

• Use the PoF tool to identify operating systems (OS) running on remote hosts.

• Observe PCAP files, logs, and active real-time traffic patterns using WireShark.

• Install CryptoDemo to encrypt/decrypt information traversing the intranet for observation.

• Use Cyber Kill Chain to better understand and combat ransomware, security breaches, and advanced persistent attacks (APTs).

• Incorporate FireEye Threat Intelligence subscriptions and services to address all aspects of threat intelligence needs.

• Install/use HashCalc for file checking.

• Implement/configure/customize DNSSEC.

• Comfortable troubleshooting, scanning, and utilizing Linux systems and various Linux command-line tools (i.e., DIG) to troubleshoot network-related issues.

• Proficient with Windows command-line tools such as the PsInfo command-line tool, which can be used to retrieve information about remote systems in the network.

• Use tools such as Stinger to scan for malware; tools such as CurrPorts, TCPView, and What’s Running to review process monitoring; and perform file hashing with HashCalc.

• Perform port redirection using the Netcat command-line utility available for Linux, UNIX, and Windows platforms. In Linux/Unix using the finger command to retrieve information about the system users in the network.

• Use TCPView to track the port usage of devices. This displays the entire list of all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) endpoints on devices.

• Configure Firewall Rules using Windows Firewall (w/Advanced Security), Remote Desktop, and the Command Line Interface.

• Operate Microsoft Baseline Security Analyzer (MBSA) to check for available updates to the operating system, Microsoft Data Access Components (MDAC), MSXML (Microsoft XML Parser), .NET Framework, and SQL Server. MBSA also scans computers for insecure configuration settings.

• Conduct system hacking by means of malware (IDA Pro) and Trojan analysis tools, monitor ports and processes, and monitor and protect files and folders.

• Configure the TFTP (Trivial File Transfer Protocol) server to plant a backdoor on a victim’s computer system.

• Implement application-level session hijacking for viewing cookie information from unencrypted web sites.

• Knowledgeable about the Public Key Infrastructure (PKI) and Symmetric Cryptography and their uses in SSL/TLS and SSH as relates to secure access and authorization.

• Well informed about new Cyber Security industry news and trends: read periodicals, conduct research, and experiment using virtual labs.

• Install and configure ZoneAlarm Firewall, NAT Firewall, and OpenSSH.

• Install, test, configure, and re-test Snort.

• Create a DoS Attack; use anti-phishing toolbar Netcraft.

• Install/use password cracking tools Cain & Abel, PWDump, LM Hash, and ThreatFire.

• Use Hyper-V Virtual Machine to create a Secondary Virtual Hard Disk.

• Establish/configure Active Directory Certificate Services.

• Create and configure Certificate Revocation Lists (CRLs).

• Set up/configure WSUS, create Computer Groups for WSUS, configure GPO Policy for WSUS.

• Installe/configure Remote Authentication Dial-in User Service (RADIUS) for Wi-Fi authentication.

• Fix/configure Routing Protocols (Static and Dynamic) in Cisco routers and switches.

• Experience in Monitoring, Vulnerability Assessment, SOC Analysis, Incident Response, and Threat Mitigation.

• Hands-on Vulnerability Assessment and Penetration Testing.

Skills

Security Evaluation

Compliance Evaluation, Network Auditing, Risk Management, MBSA

Monitoring

Intrusion Detection

Security Analytics

Intrusion Prevention

Penetration Testing

FireEye

Mitigation

Mobile Protection Tools (MDM)

Network/wireless sniffers (e.g., Wireshark, Airsnort)

Port scanning tools (e.g., Nmap, Hping)

Vulnerability scanner (e.g., Nessus, Qualys, Retina)

Vulnerability management and protection systems (e.g., Founds tone, Ecora)

Intrusion Detection Tools (e.g., Snort, FireEye)

Splunk Enterprise Security (SES)

Metasploit

pfSense Firewall Manager

Kali Linux

Alien Vault

Network Hardware and Software (e.g., Comodo Firewall, Cisco ISR, Cisco ASA, Meraki, Cisco Smart Switches)

Honeypot tools (e.g., KFSensor)

Cloud security tools (e.g., Core Cloud Inspect)

Cryptography tools (e.g., Advanced Encryption Package)

Cryptography toolkit (e.g., OpenSSL)

Cyber Security Tools

Splunk, Nessus, Metasploit, Ettercap, Nmap, Hping3, Telnet, Burp Suite, IDA Pro, MDM Solutions, Cyber Kill Chain, Diamond Model, Intrusion Detection Tools (e.g., Snort, pfSense Firewall Manager, Kali Linux, Alien Vault, ArcSight), Hardware and software firewalls (e.g., Comodo Firewall), Honeypot tools (e.g., KFSensor), IDS/Firewall evasion tools (e.g., Traffic IQ)

Framework and Compliance

NIST 800 Series

Risk Management Framework (RMF)

HIPAA, SOC (1,2,3) FedRAMP, ISO

Enterprise Mission Assurance Support Service (eMASS)

Owasp Top 10, Consulting on OWASP best Coding Practices, CVSS, CVE’s, CIS Benchmarks

Enterprise Mission Assurance Support Service (eMASS)

DoD Information Assurance Certification and Accreditation Process (DIACAP)

PCI – DSS

ISO 27000 series

COBIT

HIPAA

Work History

Information Security Project Lead 04/19 to Current

Crowdstrike Alexandria, VA

CrowdStrike provides technology to stop digital security breaches. The company's cloud-native Falcon platform protects clients from cyberattacks, securing devices and workloads in any environment (on premise, virtualized, and cloud-based) against hackers.

Technical work tasks:

• Monitor and investigate suspicious network activities with security tools (e.g., Splunk, Wireshark, Nessus, Alien Vault, NMAP, Snort) to identify potential incidents, network intrusions, and malware events, etc.

• Utilize Wireshark to analyze PCAP traffic.

• Actively participate in various enterprise working groups to provide comprehensive implementation, oversight, and mitigation solutions for Cyber Security-related issues, including threat identification, security assessment, and processes as part of NIST-based Cyber Security Risk Management program.

• Use Splunk to onboard applications for logging capabilities.

• Forward results of Nessus Vulnerability Scans to team leads for resolution of Cyber Security issues.

• Create detailed Incident Reports (IRs) and contribute to lessons learned and mitigations for future attacks of a similar nature.

• Conduct confirmatory Cyber Security Vulnerability assessment rescans using Splunk.

• Along with SOC Team, present Cyber Security-related Awareness and Training for end users and management.

• Handle AWS cloud security.

• Perform Cyber Security Analysis of assigned systems, events, and cyber-related incidents.

• Follow SOC Team runbooks and playbooks for Cyber Security continuous monitoring, testing, and incident response as part of Cyber Security program.

• Perform Penetration Testing using Metasploit penetration testing tool.

• Provide support for SOC working with team members to provide shift rotation coverage and work with system data, including but not limited to security event logs, system logs, proxy, and firewall logs.

• Document policies and procedures in support of Risk Management Framework (RMF) processes.

• Perform vulnerability assessment using tools such as Nessus, Splunk, and Nmap.

• Use log data from SIEM tools (Splunk and AlienVault) to conduct analysis of cyber incidents and analyze log data from SIEM tools such as Splunk and Wireshark to identify threats and vulnerabilities on the network to prevent cyber security incidents.

• Conduct periodic Cyber Security vulnerability scans of IT systems, wireless, and network-connected devices.

• Perform tests, including SQL injection on websites that contained secured data modified by unauthorized users through command-line injection and cross-site scripting language.

• Experience in Web Application Security with an ability to evaluate security and adhere to best practices and standards.

• Experience working with Amazon Warehouse Services (AWS) Cloud Security.

• Work Software Development Security to advise on best practices.

• Patch websites after finding vulnerabilities.

• Perform Penetration Testing on Debian servers with weak key vulnerability to meet objectives.

• Monitor Cyber Security alerts related to malicious web and ad operations.

• Analyze security breaches to determine their root cause.

• Recognize potential/successful/unsuccessful intrusion attempts and compromises through review and security analysis/malware analysis of relevant event details or summary information.

• Train team members about proper Cyber Security Incident Response procedures.

• Perform web application monitoring using Arachni, SQL, and XSS injection.

• Create and maintain use cases for recurring investigation/incident, threat, and cyber threats (Wireshark in this role helps provide both offline and live capture analysis).

• Engage in threat hunting activities on the network (BeEF (Browser Exploitation Framework) helps in checking the web browser for any attacks).

• Conduct hands-on security testing, analyze test results, document risks, and recommend countermeasures.

• Forensically investigate systems flagged by our Endpoint Threat Detection/Protection product.

• Conduct research about automating Malware Analysis workflows, including AI recognition of obfuscated/malicious macros, and extract images from phishing documents to identify campaigns.

• Research detonation sandboxes, filetype identifiers, and other public tools to integrate into existing Malware Analysis frameworks for Cyber Security initiatives.

• Provide requirements for development of internal Malware Analysis intelligence frameworks and next-generation endpoint threat detection products.

• Analyze specific situations to determine appropriate security testing approaches.

• Perform manual Penetration testing and communicate findings to business and web developers.

• Experience working with Azure.

• Perform security reviews of application designs and source code.

• Develop testing scripts and procedures.

• Establish and apply online security procedures.

• Collaborate with stakeholders to revise security guides and address existing concerns.

• Update security software to prevent database security threats.

• Apply system recovery methods to reduce losses should an incident occur.

• Evaluate system access controls and monitor database access based on permissions.

• Revise cybersecurity protocols/procedures and create efficient training processes.

• Assemble daily database logs to build reports to identify potential vulnerabilities.

• Safeguard conformity with internal and external email security standards.

• Recommend software updates and oversee patch management procedures.

• Develop internal processes and standards for threat intelligence workflow.

• Deescalate and manage customer-related escalations.

• Ensure Service Management procedures are being followed and service level agreements (SLAs) met.

• Develop mitigation and countermeasure strategies from collected threat intelligence.

• Maintain and help develop operational procedures for the team to use in daily operations.

• Translate complex information sets into concise labels to assist incident response efficacy.

• Apply Risk Management Framework Analysis, System Control Assessments, Vulnerability Assessment and Compliance Testing.

• Architect and implement secure network environments following NIST Risk Management guidelines, Security Assessment and Testing, and Continuous Monitoring.

• Implement and configure Secure Network Architecture and configure SIEM tools using Splunk-Snort IDS/IPS.

• Provide Security Awareness and Training to executives, stakeholders, and end-users.

• Knowledgeable of Vulnerability Assessment and Penetration Testing (VAPT).

• Analyze results of security, vulnerability, and risk management assessments.

• Develop mitigation strategies for security problems and created Incident Response Plans.

• Apply Cyber Kill-Chain and Diamond Model for event correlation.

• Manage Information Assurance Evaluation tests.

• Use Splunk dashboards and visualizations with the ability to configure Splunk for specific uses and reports.

• Contribute to Data Management Policy, implement Data Management Policies and Disaster Recovery Plans that define Recovery Point Objective (RPO), and define recovery time objective (RTO).

• Ensure that Security Assessment and Authorization processes follow the National Institute of Standards and Technology (NIST) Special Publication (SP) 800.

• Evaluate cloud computing services, cloud service providers, and cloud brokers using the CSA CCM domains to align the VA’s cloud-based needs with regulatory security compliance and in accordance with NIST framework for cloud computing networks.

• Use Cyber Kill Chain steps to trace stages of a cyberattack from the early reconnaissance stages to the exfiltration of data:

o Reconnaissance (Observation): Attackers typically assess the situation from the outside-in to identify both targets and tactics for the attack.

o Intrusion: Based on what the attackers discovered in the reconnaissance phase, they are able to get into your systems, often leveraging malware or security vulnerabilities.

o Exploitation: The act of exploiting vulnerabilities and delivering malicious code onto the system to get a better foothold.

o Privilege Escalation: Attackers often need more privileges on a system to get access to more data and permissions, and for this they need to escalate their privileges, often to an Admin.

o Lateral Movement: Once they are in the system, attackers can move laterally to other systems and accounts to gain more leverage, whether that is higher permissions, more data, or greater access to systems.

o Obfuscation / Anti-forensics: To successfully pull off a cyberattack, attackers need to cover their tracks, and in this stage, they often lay false trails, compromise data, and clear logs to confuse and/or slow down any forensics team.

o Denial of Service: Disruption of normal access for users and systems to stop the attack from being monitored, tracked, or blocked.

o Exfiltration (Extraction stage): Getting data out of the compromised system.

• Incorporate FireEye Threat Intelligence subscriptions and services to address all aspects of threat intelligence needs.

• Apply the Hyper FPE SecureData data-centric platform to provide high-strength encryption of data:

o Voltage SecureData Enterprise: End-to-end data encryption solutions available across the enterprise, cloud, and mobile.

o Voltage SecureMail Cloud: SaaS service for the protection of your most sensitive information and your email transition to Office 365.

o Voltage SecureMail On-Premises: Achieving email security with an end-to-end email encryption solution without impacting the user experience.

o Voltage SmartCipher: Voltage SmartCipher simplifies unstructured data security, providing persistent file encryption and complete control and visibility over file usage and disposition.

• Handle Azure Cloud security.

• Use NIST, ISO, CSA CCM, FISMA, and FedRAMP guidelines to employ and sustain a secure network defense in concert with authorized cloud services providers.

• Use Splunk Enterprise Security to allow team to quickly identify, investigate, and respond to threats based on a broader security context than is possible with legacy security products.

Cyber Security Engineer 10/16 to 04/19

Secure Ninja Washington, DC

SecureNinja provides highly specialized cybersecurity training and consulting services, as well as video production services targeted to the cybersecurity community.

Technical work tasks:

• Responsible for (Intrusion Detection System) IDS/IPS (Intrusion Prevention System) configuration, tuning, deployment, and monitoring.

• Performed log correlation analysis using Splunk and implemented risk and threat mitigation processes.

• Responsible for making suggestions to change playbooks to keep up with the changing threat landscape.

• Performed security control assessment of all assigned systems, developed test plans and assessment reports in support of system authorization.

• Automated analysis workflow revolving around endpoint detections, sandbox results, email scanning, and IMS platforms.

• Used multiple forensic tools to investigate incidents using programs such as EnCase, FTK & Volatility.

• Initiated, coordinated, and tracked the patching and remediation of security weaknesses as they were discovered via a "Plan of Actions and Milestones" (POAM).

• Owned and documented the implementation of security controls and created auditable evidence of security measures.

• Collaborated with other team members and system owners/technical managers to schedule and conduct kick-off meetings and interviews to discuss vulnerability findings.

• Met with respective Business OU to discuss updates to DLP policies and rules.

• Responsible for the coordination and completion of various tasks and activities associated with the deployment of Splunk Enterprise in support of the risk management program.

• Deployed, configured, and maintained Splunk forwarder on different platforms.

• Hands-on with SIEM tools (Splunk/Snort IDS/IPS) to protect organization from threats and cyber security attacks.

• Experienced on analyzing the enterprise logs with the help of security information and event management technologies.

• Used F-5Load balancers to increase capacity (concurrent users) and reliability of applications.

• Monitored and analyze network traffic security systems such as Firewalls, Servers, and Databases, using tools like Nessus, SIEM, Nmap, Snort, IDS alerts, DLP, web proxy, for system vulnerability.

• Performed information security assessments in direct support of a major compliance effort (NIST, PCI-DSS, and ISO).

• Identified and prioritize information security risk; advise business partners on security/privacy requirements and solutions to ensure compliance.

• Monitoring security patch levels of the servers, workstations and network environments, and anti-virus systems.

• Monitored and hunted for intrusion and incidents.

• Experience in working with AWS cloud security.

• Improved upon organization incident response procedures' mitigation and reaction capabilities by emulation and analysis of network intrusion events and incidents from emerging cyber risks.

SOC Analyst lll 02/2015 to 10/2016

Aerojet Rocketdyne Sacramento, CA

Aerojet Rocketdyne is an American rocket and missile propulsion manufacturer.

Technical work tasks:

• Coordinated with application and system owners to onboard applications in Splunk and ensure logging capabilities were functional.

• Educated other company associates about security best practices.

• Located malicious software on servers or endpoint symptoms. Used Tanium and SCCM, and designed and implemented search rules on SIEM.

• Monitored security patch levels of the servers, workstations, network environments, and anti-virus systems.

• Monitored and hunted for intrusion and incidents.

• Improved organization’s incident response procedures by applying emulation and analysis capabilities to optimize search and react times and processes for responding to and remediating network intrusion events and incidents.

• Provided, tracked, and documented threat attribution to incident response and intelligence reporting activities.

• Implemented Splunk for Information System Continuous Monitoring (ISCM).

• Remediated identified cybersecurity threats and vulnerabilities using Splunk.

• Managed Artifacts and Plan of Action & Milestones (POA&Ms) to ensure correct implementation of controls.

• Evaluated systems covering for Risk Management Framework (RMF).

• Worked with industry-standard Cyber Security tools such as Splunk, Nessus, Alien Vault Nmap, WireShark, Metasploit and pfSense for testing, monitoring, and investigation.

• Deployed, configured, and maintained Splunk forwarder on different platforms.

• Audited network and security systems, including Vulnerability Assessment and Identity Access Management (IAM).

• Audited data location and permissions and verified end user service and administrator access to resources.

• Audited EPs to verify compliance with security controls.

• Performed gap analysis of cybersecurity business & technical solutions.

• Analyzed log data and traffic to identify suspicious patterns of activity.

• Applied Signature Updates Deployment on the Management Components and all Individual IPS/IDS devices Intrusion Prevention System - IDS/IPS Implementation and Upgrade for Site Protector.

• Produced and submitted appropriate forms to ensure the proper guidance for the protection and handling of security information. Identified problems, determined accuracy of information, and used sound judgment to generate and evaluate alternatives, and to make recommendations.

• Ensured the confidentiality, integrity, and availability of systems, networks, and data through security programs, policies, procedures, and tools.

• Implemented, validated, and maintained Information Assurance controls.

Penetration Tester 04/2013 to 02/2015

CenturyLink Monroe, LA

CenturyLink) was an American telecommunications company that offered communications, network services, security, cloud solutions, voice, and managed services.

Technical work tasks:

• Completed tasks such as researching and identifying security vulnerabilities on networks and systems.

• Differentiated potential intrusion attempts and false alarms and prioritized responses using Splunk and Snort.

• Scheduled Penetration Testing Plans throughout the organization and completed security tasks within tight time frames.

• Performed pen tests over different business applications and network devices of a variety of corporations and large formal organizations.

• Conducted penetration tests on systems and applications using automated and manual techniques with tools such as Metasploit, Burp Suite, IBM App Scan, Kali Linux, and many other open-source tools.

• Worked with support teams to address findings from tests.

• Participated in assigned exercises (e.g., COOP, network vulnerability, "red team/blue team", etc.).

• Monitored daily event collection, security intelligence, and emerging threat information sources, including SIEM, vendors, researchers, websites, newsfeeds, and other sources.

• Analyzed security vulnerabilities and the impact of mobile devices on network using mobile device management (MDM) tools.

• Determined cause and researched attack vectors, extent of exposure, and overall risk to environment.

• Demonstrated problem-solving abilities by finding vulnerabilities and risks in computer networks and took measures to correct or exploit those vulnerabilities.

• Supported threat intelligence gathering, processing, correlation, and analysis.

• Performed Vulnerability Assessments and Penetration Tests using tools such as Burp Suite, Nessus, and Kali Linux.

• Performed security vulnerability assessments and penetration tests to ensure client environments and data were secure, as well as satisfied regulatory compliance requirements.

• Used Burp Suite, DirBuster, Hp Fortify, N-map, and SQL Map as part of the penetration testing on daily basis to complete vulnerability assessments.

• Established and improved the processes for privileged user access request.

• Promoted a new and cost-effective Plan against Phishing Attacks and successfully reduced the volume of phishing mails up to 60%. Conducted attack analysis on the IDS reports to detect the attacks and reported the analysis.

SOC Analyst ll 09/2010 to 04/2013

Infoguard Security San Jose, CA

Infoguard Security is a cyber security solutions and consulting services firm that identifies business network security needs and develops and deploys cyber security solutions to protect organizations’ information assets against a range of cyber threats and mitigates security risks to organizations.

Technical work tasks:

• Administered Cyber Security continuous monitoring information security program per NIST framework.

• Worked as part of Cyber Security incident Response team and applied SOC Incident Response procedures.

• Utilized Splunk dashboards for Cyber Security incident reports and helped create automated reports for greater understanding of and accountability for Cyber Security issues and Incident Response Plan and Continuous Monitoring in accordance with NIST 800 series guidelines.

• Used WireShark to troubleshoot and investigate Cyber Security threats.

• Responsible for troubleshooting various indexing issues by analyzing Splunk logs such as splunkd.log and metrics.log ingested as internal index.

• Supported Cyber Security with SIEM tools such as Alien Vault, NMAP, Splunk, Snort, WireShark, pfSense, and Nessus.

• Reviewed AD and SIEM reports for user account creation, onboarding and separation per Cyber Security policy compliance following NIST guidelines.

• Conducted Cyber Security vulnerability scanning and evaluation of controls.

• Automated Cyber Security analysis workflow regarding endpoint detections, sandbox results, and email scanning.

• Detected Cyber Security events and reported threats directed against systems regardless of classification level or type.

• Reviewed audit logs and provided Cyber Security documentation guidelines to business process owners and management.

• Conducted Cyber Security Awareness Training with SOC Team for all end-users and management.

• Evaluated the adequacy of Cyber Security Programs against NIST guidelines and industry best practices.

• Worked with SOC team to provide 24/7 Cyber Security coverage, responding to alerts per SLAs.

• Stayed abreast of current updates and patches, and ensured all systems were maintained and tested post update/patch implementation.

• Provided technical support for continuous monitoring, computer exploitation and reconnaissance, target mapping and profiling, and, network decoy and deception operations in support of computer intrusion defense operations.

• Led a team that provided next-day solutions for misconfigurations, security issues, and security events reported to our office.

• Secured government requirements to guarantee information security solutions aligned with HIPAA requirements for critical data assets.

• Conducted security assessments of interoffice programs IAW ISO 27002, NIST, and DoD frameworks for data privacy.

• Directed and coordinated with management on security projects to include budget, resource acquisition, and security implementations.

• Researched developing technologies and identified use cases for inclusion into the security program, including physical security to critical data assets.

• Assisted SOC team in maintaining SIEM tools, hardware for network security and their configurations, change management, and security logging.

• Provided analysis of cybersecurity as well as physical security policies and procedures depending on departments duties and needs.

• Worked closely with managers and security personnel to ensure that security policies and controls were effective with provided services, software, hardware, and updates.

• Collaborated with IT, Security, Record, and Policies departments on the best practices for moving from physical to digital records keeping in a continuous production environment while ensuring continuity of service.

Education

Bachelor of Science - Computer Information Science

ECPI University

Contact this candidate