Post Job Free
Sign in

Soc Analyst Cyber Security

Location:
United States
Posted:
September 10, 2021

Contact this candidate

Resume:

InfoSec Analyst IT Risk Assurance Network Technician IS Auditor Incident Response Disaster Recovery

Professional Profile

Passionate enthusiast with a primary focus on Red Team Ethical Hacking, Vulnerability Assessment, Risk Management and Threat Hunting. Proven tenacious work ethic while possessing the ability to multitask effectively and handle a high-volume workload while consistently meeting or surpassing all performance metrics. Possess knowledge in Cyber Security practices and principles. Possess excellent oral and written communication skills along with excellent time management and analytical skills. Possess the ability to work independently or within a team and under supervision. Prior skills include management, operations, training, customer service and administrative duties.

Used Cyber Kill Chain to better understand and combat ransomware, security breaches, and advanced persistent threats (APTs).

Incorporated FireEye Threat Intelligence subscriptions and services to address all aspects of threat intelligence needs.

Installed/used HashCalc for file checking.

Implemented/configured/customized Domain Name System Security Extensions (DNSSEC).

Experienced troubleshooting, scanning, and utilizing Linux systems and various Linux command-line tools (i.e., DIG) to troubleshoot network-related issues.

Proficient with Windows command-line tools such as the PsInfo command-line tool, which can be used to retrieve information about remote systems in a network.

Used different tools such as Stinger to scan for malware; tools such as CurrPorts, TCPView, and What’s Running to review process monitoring; and performed file hashing with HashCalc.

Performed port redirection using the Netcat command-line utility available for Linux, UNIX, and Windows platforms. In Linux/Unix, used the finger command to retrieve information about the system users in the network.

Used TCPView to track the port usage of devices. This displays the entire list of all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) endpoints on devices.

Configured Firewall Rules using Windows Firewall (w/Advanced Security), Remote Desktop, and the Command Line Interface.

Operated Microsoft Baseline Security Analyzer (MBSA) to check for available updates to the operating system, Microsoft Data Access Components (MDAC), MSXML (Microsoft XML Parser), .NET Framework, and SQL Server. MBSA also scans computers for insecure configuration settings.

Experienced scanning networks using Nmap, Hping3, Nikto, OpenVas, and other various network scanners to view open ports, run services, troubleshoot, and ensure network connectivity.

Performed banner grabbing using tools such as Telnet, Netcat, and Nmap to retrieve information about a computer system on a network to mitigate vulnerabilities and prevent attackers from gaining banner information.

Used Nmap to identify operating systems (OS) running on remote hosts.

Used the PoF tool to identify operating systems (OS) also running on remote hosts.

Observed PCAP files, logs, and active real-time traffic patterns using Wireshark.

Installed CryptoDemo to encrypt/decrypt information traversing the intranet for observation.

Conducted system hacking by means of malware (IDA Pro) and Trojan analysis tools, monitored ports and processes, and monitored and protected files and folders.

Configured the TFTP (Trivial File Transfer Protocol) server to plant a backdoor on a victim’s computer system.

Implemented application-level session hijacking for viewing cookie information from unencrypted web sites.

Competent understanding of the Public Key Infrastructure (PKI), Symmetric Cryptography, and its uses in SSL/TLS and SSH as relates to secure access and authorization.

Well informed about new Cyber Security industry news and trends and committed to reading various periodicals, conducting research, and experimenting using virtual labs.

Installed and configured various tools and applications:

oZoneAlarm Firewall

oNAT Firewall

oOpenSSH

Installed, tested, configured, and re-tested Snort.

Created a DoS Attack; used Anti-Phishing Toolbar (Netcraft).

Installed/used Password Cracking Tools (Cain & Abel, PWDump, LM Hash, ThreatFire).

Used Hyper-V Virtual Machine to Create a Secondary Virtual Hard Disk.

Established/configured Active Directory Certificate Services.

Created and configured Certificate Revocation Lists (CRLs).

Set up/configured WSUS, created Computer Groups for WSUS, and configured GPO Policy for WSUS.

Installed/configured Remote Authentication Dial-in User Service (RADIUS) for Wi-Fi authentication.

Fixed/configured the Routing Protocols (Static and Dynamic) in Cisco routers and switches.

Experienced in Monitoring, Vulnerability Assessment, SOC Analysis, Incident Response, and Threat Mitigation.

Hands-on Vulnerability Assessment and Penetration Testing.

Technical Skills

Security Evaluation

Compliance Evaluation, Network Auditing, Risk Management, MBSA

Monitoring

Intrusion Detection

Security Analytics

Intrusion Prevention

Penetration Testing

FireEye

Mitigation

Mobile Protection Tools: Mobile Device Security (MDS), Mobile Device Management (MDM)

Network/wireless sniffers (e.g., Wireshark, Airsnort)

Port scanning tools (e.g., Nmap, Hping)

Vulnerability scanner (e.g., Nessus, Qualys, Retina)

Vulnerability management and protection systems (e.g., Founds tone, Ecora)

Intrusion Detection Tools (e.g., Snort, FireEye)

Splunk Enterprise Security (SES)

Metasploit

pfSense Firewall Manager

Kali Linux

Alien Vault

Network Hardware and Software (e.g., Comodo Firewall, Cisco ISR, Cisco ASA, Meraki, Cisco Smart Switches)

Honeypot tools (e.g., KFSensor)

Cloud security tools (e.g., Core Cloud Inspect)

Cryptography tools (e.g., Advanced Encryption Package)

Cryptography toolkit (e.g., OpenSSL)

Cyber Security Tools

Splunk, Nessus, Metasploit, Ettercap, Nmap, Hping3, Telnet, Burp Suite, IDA Pro, MDM Solutions, Cyber Kill Chain, Diamond Model, Intrusion Detection Tools (e.g., Snort, pfSense Firewall Manager, Kali Linux, Alien Vault, ArcSight), Hardware and software firewalls (e.g., Comodo Firewall), Honeypot tools (e.g., KFSensor), IDS/Firewall evasion tools (e.g., Traffic IQ)

Framework and Compliance

NIST 800 Series

Risk Management Framework (RMF)

HIPAA, SOC (1,2,3) FedRAMP, ISO

Enterprise Mission Assurance Support Service (eMASS)

Owasp Top 10, Consulting on OWASP best Coding Practices, CVSS, CVE’s, CIS Benchmarks

Enterprise Mission Assurance Support Service (eMASS)

DoD Information Assurance Certification and Accreditation Process (DIACAP)

PCI – DSS

ISO 27000 series

COBIT

HIPAA

Professional Experience

Lightcrest – Los Angeles, CA

2/2019-Present

Information Security Manager

Lightcrest provides custom private, hybrid, and public cloud infrastructures with full-stack engineering services and cyber-security integrations, Lightcrest handles everything from security and compliance to performance and scalability on your behalf, either in the public cloud or on top of our home-grown private cloud platform.

My cyber security work highlights:

Monitored and investigated suspicious network activities with various security tools (e.g., Splunk, Wireshark, Nessus, Alien Vault, NMAP, Snort) to identify potential incidents, network intrusions, and malware events, etc.

Utilized Wireshark to analyze PCAP traffic.

Actively participated in various enterprise working groups to provide comprehensive implementation, oversight, and mitigation solutions for Cyber Security related issues, including threat identification, security assessment, and processes as part of NIST based Cyber Security Risk Management program.

Used Splunk to onboard applications for logging capabilities.

Forwarded results of Nessus Vulnerability Scans to team leads for resolution of Cyber Security issues.

Created a detailed Incident Report (IR) and contributed to lessons learned and mitigations for future attacks of a similar nature.

Conducted confirmatory Cyber Security Vulnerability assessment rescans using Splunk.

Presented (along with SOC Team) Cyber Security Related Awareness and Training for end users and management.

Experienced working with Amazon Web Services (AWS) cloud security.

Performed Cyber Security Analysis of assigned systems, events, and cyber related incidents.

Followed SOC Team runbooks and playbooks for Cyber Security continuous monitoring, testing, and incident response as part of Cyber Security program.

Performed Penetration Testing using Metasploit penetration testing tool.

Provided support for SOC working with team members to provide shift rotation coverage and worked with system data, including but not limited to security event logs, system logs, proxy, and firewall logs.

Documented policies and procedures in support of Risk Management Framework (RMF) process.

Performed vulnerability assessment using tools such as Nessus, Splunk, Nmap.

Used log data from SIEM tools (Splunk and AlienVault) to conduct analysis of cyber incidents, analyzed log data from SIEM tools such as Splunk and Wireshark to identify threats and vulnerabilities on the network to prevent cyber security incidents.

Conducted periodic Cyber Security vulnerability scans of IT systems, wireless, and network-connected devices.

Performed Risk Management Framework Analysis, System Control Assessments, Vulnerability Assessment, and Compliance Testing.

Architected and implemented secure network environments following NIST Risk Management guidelines, Security Assessment and Testing, and Continuous Monitoring.

Implemented and configured Secure Network Architecture and configured SIEM tools using Splunk-Snort IDS/IPS.

Provided Security Related Awareness and Training to executives, stakeholders, and end users.

Studied and knowledgeable about Vulnerability Assessment and Penetration Testing (VAPT).

Skilled in analysis of results of security, vulnerability, and risk management assessments.

Developed mitigation strategies for security problems and created Incident Response Plans.

Applied Cyber Kill-Chain and Diamond Model for event correlation.

Managed Information Assurance Evaluation tests.

Used Splunk dashboards and visualizations with the ability to configure Splunk for specific uses and reports.

Familiar with various cyber security tools, including, Splunk, Snort, Nessus, Wireshark, and Metasploit.

Involved in Data Management Policy, implementing Data Management Policies and Disaster Recovery Plans that define Recovery Point Objective (RPO) and define Recovery Time Objective (RTO).

Ensured that the Security Assessment and Authorization process followed the National Institute of Standards and Technology (NIST) Special Publication (SP) 800.

Read the safeguard of Controlled Unclassified Information (CUI) memorandum and understand that information that resides in nonfederal systems and corporations is of vital significance to federal agencies and directly impacts the capability of the federal agencies to effectively perform its designated operations and business processes.

Applied Information Security Risk Management processes and understand that Security Risk Management is the continuous method of recognizing security risks and executing plans to address them, and that risk is established by considering the probability that identified threats would take advantage of vulnerabilities and the effect they have on critical assets.

Implemented procedures for cyber security incident response based on tabletop exercises.

Assisted in the Security Operations Center during times of high alerts to determine if they are actual security events that required risk mitigation and incident response.

Handled and oversaw the application security mitigation processes for cloud computing.

Applied the NIST Risk Management Framework (RMF) process regarding FedRAMP for cloud computing services to ensure safeguards.

Organized and compiled the documents required for the authorization package and authorization letter for submittal to the Authorizing Official (AO) to approve system operations under NIST RMF 800-37, for security controls.

Evaluated cloud computing services, cloud service providers, and cloud brokers using the CSA CCM domains to align cloud-based needs with regulatory security compliance in accordance with NIST framework for cloud computing networks.

Used the Cyber Kill Chain steps to trace stages of a cyberattack from the early reconnaissance stages to the exfiltration of data:

oReconnaissance (Observation): Attackers typically assess the situation from the outside-in to identify both targets and tactics for the attack.

oIntrusion: Based on what the attackers discovered in the reconnaissance phase, they are able to get into your systems, often leveraging malware or security vulnerabilities.

oExploitation: The act of exploiting vulnerabilities and delivering malicious code onto the system to get a better foothold.

oPrivilege Escalation: Attackers often need more privileges on a system to get access to more data and permissions; for this, they need to escalate their privileges often to an Admin.

oLateral Movement: Once they are in the system, attackers can move laterally to other systems and accounts to gain more leverage, whether that is higher permissions, more data, or greater access to systems.

oObfuscation / Anti-forensics: To successfully pull off a cyberattack, attackers need to cover their tracks, and in this stage, they often lay false trails, compromise data, and clear logs to confuse and/or slow down any forensics team.

oDenial of Service: Disruption of normal access for users and systems to stop the attack from being monitored, tracked, or blocked.

oExfiltration (Extraction stage): Getting data out of the compromised system.

Incorporated FireEye Threat Intelligence subscriptions and services to address all aspects of threat intelligence needs.

Applied the Hyper FPE SecureData data-centric platform to provide high-strength encryption of data.

Corus360 - Orlando, FL

7/2017-2/2019

Cyber Security Engineer

Corus360 is a technology consulting and solutions company with more than ten years of success delivering infrastructure solutions, recovery, and consulting services that help organizations reduce costs, increase efficiencies, and maximize productivity. Corus360 specializes in best of breed infrastructure solutions, IT management consulting, IT staffing, application development, Data Center technologies, disaster recovery, managed services, and enterprise applications.

My cyber security work highlights:

Identified resources needed to reach objectives and managed resources in an effective and efficient manner.

Tracked project expenses to maintain the projected budget.

Presented project updates on a consistent basis to various stakeholders about strategy, adjustments, and progress.

Managed contracts, service level agreements (SLAs), and agreements with the supply chain by assigning effectively agreed deliverables on from their end.

Communicated the seriousness of threats and made recommendations for remediation to upper management and other cybersecurity personnel through written and spoken means.

Monitored performance on several risk management activities, including risk, control registers, workflow review, and approval with Archer GRC.

Monitored and analyzed network traffic security systems such as Firewalls, Servers, and Databases using tools such as Nessus, SIEM, Nmap, Snort, IDS alerts, DLP, and web proxy for system vulnerability.

Developed, tracked, and sustained action plans for the solution of issues discovered during assessments and audits, and delivered necessary assistance with the implementation of remediation plans.

Developed an internal systems security plan about how to handle procedures to isolate and investigate potential information system compromises.

Assisted internal auditors in completing IT components of audits using computer-assisted audit tools and techniques.

Implemented Assessment and Authorization (A&A) processes under the NIST 800-53/53A, 800-37 Risk Management Framework (RMF) for new and existing information systems, receiving over eight ATOs.

Upgraded software, patches, and security patches on dev/test and production.

Identified and prioritized information security risks and advised business partners about security/privacy requirements and solutions to ensure compliance.

Performed information security assessments in direct support of a major compliance efforts (NIST, PCI-DSS, and ISO).

Applied Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) configuration, tuning, deployment, and monitoring.

Performed log correlation analysis using Splunk and implemented risk and threat mitigation processes.

Contributed to security teams by making suggestions to change playbooks to keep up with the changing threat landscape.

Performed security control assessment of all assigned systems, and developed test plans and assessment reports in support of system authorization.

Automated analysis workflow revolving around endpoint detections, sandbox results, email scanning, and IMS platforms.

Used multiple forensic tools to investigate incidents using programs such as EnCase, FTK, and Volatility.

Initiated, coordinated, and tracked the patching and remediation of security weaknesses as they were discovered via a Plan of Actions and Milestones (POAM).

Owned and documented the implementation of security controls and created auditable evidence of security measures.

Collaborated with other team members and system owners/ technical managers to schedule and conduct kick-off meetings and interviews to discuss vulnerability findings.

Met with respective Business OU to discuss updates to DLP policies and rules.

Coordinated and completed various tasks and activities associated with the deployment of Splunk Enterprise in support of the risk management program.

Deployed, configured, and maintained Splunk forwarder on different platforms.

Hands-on SIEM tools (Splunk/Snort IDS/IPS) to protect organization from threats and cyber security attacks.

Experienced analyzing enterprise logs with the help of security information and event management technologies.

Used F-5Load balancers to increase capacity (concurrent users) and reliability of applications.

Paramount Software Solutions, Inc - Atlanta, GA

4/2015 – 6/2017

Information Security Threat intelligence

Paramount Software Solutions is an IT Staffing and IT Services consulting firm dedicated to providing business-critical software and IT solutions using the latest and emerging technologies.

Work highlights:

Participated and assisted with the monitoring and management and analyzing and reporting of cyber security incidents and day-to-day events of cyber security.

Performed project management functions (forecasting, budgeting) and assisted with monitoring data security projects and procedures of a Cyber Security Operations Center.

Provided 24x7x365 Level 2 support as it relates to all security incidents.

Assisted the Cyber Security Incident and Monitoring and Security Support team per client based on defined policies and procedures.

Configured a Palo Alto firewall.

Worked on Indicators of Compromise (IOC) Vetting and Ingestion.

Performed simulation and incident testing in a lab environment.

Experienced using Windows Environment (Windows 10, newer versions of Server).

Performed Ticketing and CIRT recording.

Experienced with PCI/DSS Compliance.

Performed remediation on the WannaCry ransomware.

Experienced with Sandboxing environments.

Conducted knowledge-based article creation and housekeeping.

Attended industry-based webinars and meetings hosted by reputable organizations and agencies such as FS-ISAC, MS-ISAC, CISA, DHS, and Recorded Future.

Experienced detecting malicious activities through the analysis of User Behavior.

Performed forensic investigations and advanced threat analysis on many cyber security threats and reported on industry standard security information on current trends.

Provided holistic data governance solutions with an emphasis on data classification and data leakage prevention.

Analyzed, monitored, and identified security risks to determine potential impacts.

Oversaw successful SIEM audits by constructing a management action plan.

Conducted weekly meetings with the CISO to review security incidents and trends.

Delivered Splunk into S&P Ratings as the project manager to close a gap against the company logging standard. Led the design of the Splunk architecture.

Analyzed log traffic and PCAPS, reading and understanding system data, including security event logs, system logs, and firewall logs.

Ensured Cyber Security and Information Security program design followed NIST-SP 800-37 Risk Management Framework.

Executed risk-based audit programs to assess the effectiveness of controls for critical systems and processes.

Employed security testing techniques such as network discovery, port and service identification, and vulnerability scanning using Splunk ES, Snort IDS/IPS, Firewall, Wireshark, and Nessus.

Implemented and configured SIEM tool using Splunk/Snort IDS/IPS, and Wireshark for network traffic and packet analysis, and various Cyber Security tools such as Nmap and Nessus.

Implemented security setting on Firewalls and Switches and Routers.

Implemented DLP Plan with Backup and Recovery/Data Recovery and RAID.

Established Host Security to protect Applications data.

Conducted Security Assessment/Testing per company policy regarding the Risk Management Plan.

Ensured that the Security Assessment and Authorization process were met per NIST SP 800 guidelines.

Conducted system baselining and hardening based on CIS standards.

Participated in writing security policy and Standards for security controls according to NIST SP 800 -37.

Generated security documentation, including security assessment reports, system security plans, contingency plans, and disaster recovery plans.

Coordinated and implemented Information security policies, processes, and procedures to ensure information systems security objectives and compliance were met.

Coordinated and performed internal and external vulnerability assessments on computing assets such as hosts and network infrastructures.

Utilized Archer GRC in performing operational risk management of new and existing assigned entities/vendors to identify the risk level and security posture for each entity.

Information Security Risk Management expert with a focus on FISMA, System security evaluation, validation, monitoring, Risk assessments, and Audit engagements.

Worked with a team of Information System Owners, Developers, and System Engineers to select and Implement tailored security controls in safeguarding system information.

Documented and Reviewed security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines.

Reviewed system vulnerability scans and audit logs and work with system administrators to remediate findings and document non-remediated findings in the POA&M, performed security categorization of systems using FIPS199 & NIST SP 800-60, and initiated compliance and vulnerability scan requests to identify and report weaknesses and potential security breaches in accordance with SP 800-34.

Participated in weekly meetings to discuss the status of the risk assessment process.

TekRevol – Houston, TX

(1/2013 – 3/2015)

SOC Analyst

Tekrevol is a mobile app development company dedicated to providing technological solutions to businesses and startups. Tekrevol has offices located in Houston, California, Estonia, and Pakistan, and a network of employees extending across Europe, United States, and the Middle East.

My security work highlights:

Responsible for following Response Playbooks/Incident Response Plans (IR Plans) used by SOC team.

Used NIST Risk Management Framework as a basis for SOC team Cyber Security guidelines such as Continuous Monitoring.

Worked with cross-functional teams to ensure compliance with SOC Team Cyber Security Risk Management procedures throughout the system.

SOC Team worked with NIST Compliance, Security Management and Operations, Vulnerability Assessment, Risk Management Framework, Incident Response, Monitoring, Threat Detection and Mitigation.

Created a formal Cyber Weekly Report for reporting to Senior Management/Executives.

Actively conducted open-source research to find new threats and IOCs.

Served as the system tool owner for our security applications (Splunk, Carbon Black, etc.).

Completed Threat Intelligence using Cyber Kill Chain and Diamond Model in Cyber Security.

Provided Cyber Security support for complex computer network exploitation and defense techniques and conducted e-mail analysis on suspicious e-mails.

Implemented processes to capture both current and historical audit findings to identify systemic failures and patterns for corrective action.

Performed periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file systems, and external web integrity scans to determine compliance.

Responsible for leading and delivering accurate and expedient handling of end-user support requests.

Responsible for creating, maintaining, and enforcing Information Security Policies and Procedures in compliance with PCI-DSS regulations and NIST cyber security best practices.

Worked with IT teams to assess weaknesses, identify solutions, and develop security policies.

Monitored firewall and database activity and maintained confidentiality, integrity, and availability of the network environment.

Identified and evaluated foreign communications for intelligence purposes, mission support and the handling of classified communications for threat intelligence.

Used log data from SIEM tools (Splunk and AlienVault) to conduct analysis of cyber incidents.

Analyzed log data from SIEM tools such as Splunk and Wireshark to identify threats and vulnerabilities on the network to prevent cyber security incidents.

Created a detailed Incident Report (IR) and contributed to lessons learned and mitigations for future attacks of a similar nature.

Documented policies and procedures in support of Risk Management Framework (RMF) processes.

Worked with security compliance policies, programs, processes, and metrics.

Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.

Monitored the general support system for vulnerabilities and threats, including patch management, weak password settings, and weak configuration settings.

Reviewed the PAOM to validate items uploaded in the POAM tracking tools and supported the closed findings and coordinated promptly with stakeholders to ensure timely remediation of security weaknesses.

Conducted system security evaluations and assessments and documented and reported security findings using NIST 800 guidance per the continuous monitoring requirements.

Researched emerging threats and vulnerabilities to aid in the identification of network incidents.

Provided scanning of range operating systems and test beds using SCAP compliance tool and Nessus vulnerability scanner for independent security analysis.

Implemented deep drive analyses on alerts received from Splunk and took actions on remediation processes.

Participated in the creation of enterprise security documents (policies, procedures, standards, guidelines, and playbooks) under the direction of the Chief Information Security Officer.

Assisted IT staff with understanding and resolving system vulnerabilities.

Conducted risk assessments and collaborated with Management and technical teams to provide recommendations regarding changes being implemented on assigned systems.

Performed and analyzed vulnerability scan reports and worked with stakeholders to establish plans for sustainable resolutions.

Completed tasks such as researching and identifying security vulnerabilities on the networks and systems.

Used Nessus to run scans on operating systems.

Monitored controls post authorization to ensure continuous compliance with the security requirements by evaluating vulnerabilities through Nessus scan results and worked with the IT staff for mitigation actions.

Locuz INC – New York, NY

(1/2011 – 1/2013)

Penetration Tester

Locuz Inc. is an IT infrastructure solutions and services company specializing in Datacenter Transformation - Private and Hybrid Cloud Infrastructures, Workplace Transformation - VDI/BYOD and Mobility, High-Performance Computing (HPC), Communication and Collaboration, Service Management Automation, Remote Infrastructure Management

Security Services - Assessments, and IDM/SSO and Architecture Consulting.

Work highlights:

Performed Threat Intelligence using Cyber Kill Chain and Diamond Model.

Analyzed security breaches using the Cyber Kill Chain and Diamond Model.

Performed Intrusion testing and prevention, created and annotated log data samples, and managed a malware lab sandbox environment.

Engaged in computer exploitation and reconnaissance, target mapping and profiling, and network decoy and deception operations in support of computer intrusion defense operations.

Led penetration tests and security assessments for applications and infrastructure, including web application assessments, mobile application assessments, API assessments, and physical penetration of properties.

Applied hands-on penetration testing and threat emulation of assets to enhance the security posture.

Provided user support in all software under Windows environment. Performed backups of the main system.

Determined the need, scope, testing plan, and processes required for information security.

Assisted in exploring OWASP top 10 vulnerabilities along with remediation recommendations.

Tested for



Contact this candidate