BRIAN ALLEN - Cyber Securiity Engineer

Email: adovli@r.postjobfree.com Phone: 818-***-****

PROFILE SUMMERY

9+ years’ combined experience in Cyber Security and Software/IT, with the past 7 consecutive years focused on the Cyber Security space.

Knowledge, understanding and experience in NIST Compliance, Security Management and Operations, Vulnerability Assessment, Risk Management Framework, Incident Response, Monitoring, and Threat Detection and Mitigation.

Analyzed, monitored, and identified security risks to determine their impact.

Monitored systems for vulnerabilities and threats, including weak password settings and weak configuration settings.

Performed security assessments of systems, and then develop test plans and write assessment reports in support of system authorization.

Hands-on Vulnerability Assessment and Penetration Testing using commercial and open-source tools such as Nmap, Nessus, and Metasploit.

Worked with teams on mitigation strategies using tools such as Wireshark, Splunk, and Metasploit.

Worked alongside Chief Information Security Officers (CISO) and Network Security Teams to set-up monitoring, access risks, and implement cyber security solutions.

Developed Incident Response Plan (IRP) and implement tools for each stage.

Conducted real-time log analysis from different devices such as Firewalls, IDS, IPS, Proxy Servers, Windows Servers, System Applications, Databases, Web Servers and Networking Devices.

Performed risk assessment and ensure proper protection or corrective measures are in place for vulnerabilities identified during assessment and audit processes.

Performed real-time monitoring, security incident handling, investigation, analysis, reporting and escalations of security events from multiple log sources.

Knowledgeable in analysis of false positive and false negative reports, and manual verification procedures.

Hands-on experience on Identity and Access Management (IAM) tools in cloud environment.

TECHNICAL SKILLS

Threat – Threat Detection, Incident Response, Incident Response Plan (IRP), SOC Analysis, Monitoring, Mitigation, Threat Intelligence Feeds, Cyber Kill-Chain, Diamond Model, Penetration Testing.

Cyber Security Monitoring and Testing Tools – Splunk, Metasploit, WireShark, SNORT, Nessus, Nmap, Core Impact, Network Miner, Alien Vault, Symantec Endpoint Protection (SEP), Firewalls (PFSense).

Vulnerability – Vulnerability testing, vulnerability assessment, vulnerability management framework.

Enterprise Security Services – Security Assessment and Testing, Security Related Awareness and Training, Risk Management Framework, Incident Response Procedures/Incident Response Plan (IR Plan), Identity and Access Management Security Assessment and Testing, IAM), Compliance and Risk Assessment, Cyber Security Audit.

PROFESSIONAL EXPERIENCE

Cyber Security Engineer

November 2021 – Present

SAP, Los Angeles, CA

Leading multinational software company, developing enterprise software to manage and streamline business operations and customer relations, engineering solutions to fuel innovation, foster equality, and spread opportunity across borders and cultures.

Gathered evidence for the Subject Matter Experts, run meetings, rendered updates to the team leaders.

Worked with 12 members in the Cyber Security Team and tracked team task/progress uing Excel.

Trained new team members, creating SOP for new members.

Deployed various resources from the team like Splunk and elk.

Analyzed log data from SIEM tools such as Splunk, and WireShark to identify threats and vulnerabilities on the network to prevent cyber security incidents.

Remediated of identified cybersecurity alerts and threats using Splunk and vulnerabilities using Tenable Nessus

Set-up and configuration of Splunk ES along with monitoring and reporting using Splunk dashboards.

Performed log aggregation, data analysis, Splunk queries, dashboard design, correlation queries.

Contributed to detecting errors and reported them to the Subject Matter Experts.

Ensured secure configuration of the Cloud Content Delivery Network.

Ensured Microsoft Azure KeyVault audit logging was enabled accordingly.

Enforced Secure Socket Layer (SSL) policies for storage in Microsoft Azure.

Enforced MFA for all accounts in GCP, Microsoft Azure and Converge Cloud.

Checked all of the storage services in Microsoft Azure for all data centres across various locations.

Ensured SAP password policies were working accurately and container registries were private for all platforms.

Monitored and analyzed SIEM events to identify trends and potential vulnerabilities.

Used Jira for creating defects/blockers in and uploaded evidences in Sharepoint.

Secured configurations of all server images in converge cloud and ensured secure KMS (Key Vault Configuration).

Created a detailed Incident Report (IR) and contribute to lessons learned and mitigations for future attacks of a similar nature.

Obtained tenable scans to generate reports to show critical ang high vulnerabilities were reduced to low and acceptable count in Common Vulnerabilities Scoring Systems (CVSS) from the Common Vulnerabilities and Exposures (CVEs).

Created data centers and validating controls for SAP using cloud platforms such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and SAP Converged Cloud.

Worked on extended controls and created different data centers in various countries.

Cyber Security Subject Matter Expert

February 2020 – November 2021

Equifax, Atlanta, GA

Equifax is a global data, analytics, and technology company. Equifax operates or has investments in 24 countries in North America, Central and South America, Europe and the Asia Pacific region.

Worked with clients to ensure that controls adhered to the overall solution architecture

Developed necessary cybersecurity leading practices to ensure access to project systems and data

Collaborated with key stakeholders, including project managers, architects, and other technical leads around cybersecurity requirements throughout the lifecycle of the project.

Worked directly with senior management to make sure that the scope and focus of each mission was clear and milestone schedules were established for technical work deliverables.

Made recommendations to mitigate risks during the development and production cycle.

Ensured compliance with IT structures / processes / guidelines /technologies.

Advised about analyzing security situations and environments and mapped out solutions and integrated cybersecurity controls within the solutions.

Planned, budgeted, oversaw, and documented all aspects of the projects the company was working on.

Optimized processes for the cybersecurity program, including document control reviews, change management processes, auditing/assessment preparation for controls, staff communications coordination, threat artifact finding, coordinating with data owners on vulnerability remediation plan development, tracking remediations for vulnerabilities, and reporting and incident response escalation.

Supervised development of training content for issues related to IT Cybersecurity.

Identified threats, assessed risks, and recommend best practice solutions and cybersecurity controls to meet client requirements.

Deployed and maintained cyber controls to ensure the project development team adhered to established cybersecurity and development standards.

Oversaw troubleshooting of complex technical situations by providing solutions based on established cybersecurity standards.

Monitored technical risks and provided mitigation plans that aligned with established cybersecurity controls.

Evaluated security measures to protect against threats or hazards to data.

Engaged with external auditors and third parties in support of security activities.

Developed project plans, estimations, specifications, flowcharts, and presentations.

Performed analysis to validate security requirements and recommended additional security measures and safeguards.

Assisted multiple departments in project planning and scheduling timetables for deliverables.

Evaluated QoS for products and deliver an exceptional level of technical assistance that benefits the company.

Identified resources needed to reach objectives and managed resources in an effective and efficient manner.

Tracked project expenses to maintain the projected budgets.

Presented project updates to stakeholders about strategy, adjustments, and progress.

Worked with contracts and SLAs with the supply chain.

Communicated the seriousness of threats and proposed recommendations for remediation to upper management and other cybersecurity personnel through written and spoken means.

Calculated project performance metrics to pinpoint areas for improvement.

Monitored and managed all installed systems and infrastructure.

Established, configured, tested, and maintained operating systems, application software, and system management tools.

Scanned and monitored network vulnerabilities on servers and network infrastructure devices using vulnerability scanning solutions.

Led scrum meetings, made presentations to stakeholders, and trained staff on security best practices.

Threat Hunter

January 2018 – September 2019

H.I.G. CAPITAL, Miami, FL

H.I.G. Capital is a leading global alternative investment firm with a focus on the small cap and mid cap segments of the market. The H.I.G. family of funds includes private equity, growth equity, real estate, debt/credit, lending and biohealth.

Performed gap analysis of cybersecurity business & technical solutions

Analyzed log data and traffic to identify suspicious patterns of activity.

Participated and assisted with the monitoring and management, analyzing and reporting of cyber security incidents and day to day events of cyber security.

Performed project management and assisted with forecasting, budgeting, and monitoring of data security projects and procedures as they are to Cyber Security Operations Center.

Ensured 24x7x365 level 2 support as related to all security incidents.

Assisted the Cyber Security Incident and Monitoring and Security Support team as per client based on the policies and procedures.

Worked on Indicators of Compromise (IOC) Vetting and Ingestion.

Performed simulation and incident testing in a lab environment

Improved organization’s incident response procedures' mitigation and reaction capabilities by emulation and analysis of network intrusion events and incidents from emerging cyber risks.

Provided, tracked, and documented threat attribution to incident response and intelligence reporting activities.

Implemented Splunk for Information System Continuous Monitoring (ISCM).

Remediation of identified cybersecurity threats and vulnerabilities using Splunk.

Managed Artifacts and Plan of Action & Milestones (POA&Ms) to ensure correct implementation of controls.

Evaluated systems covering for Risk Management Framework(RMF).

Coordinated with application and system owners to onboard applications in Splunk and ensure logging capabilities are functional.

Educated other company associates on security best practices.

Located malicious software on servers and endpoint symptoms.

Used of Tanium and SCCM and designed and implemented search rules on SIEM.

Configured Palo Alto firewall.

Monitored security patch levels of the servers, workstations and network environments, and anti-virus systems.

Monitored and hunted for intrusion and incidents.

Worked with industry-standard Cyber Security tools for testing, monitoring and investigation such as, Splunk, Nessus, Alien Vault Nmap, WireShark, Metasploit and pfSense.

Deployed, configured and maintained Splunk forwarder on different platforms.

Audited network and security systems including Vulnerability Assessment and Identity Access Management (IAM).

Audited data location and permissions; verified end user, service and administrator access to resources.

Audited EPs to verify compliance with security controls.

Threat Hunter

January 2016 – December 2017

Essilor International, Dallas, TX

Essilor International S.A. is a French-based international ophthalmic optics company that designs, manufactures and markets lenses to correct or protect eyesight.

Performed security vulnerability assessments and penetration tests to ensure client environments and data were secure and satisfied regulatory compliance requirements.

Conducted security assessment of management, operational, and technical controls.

Conducted interviews to gather information about the status of certain controls, as well as the overall security status of information systems.

Created and documented policy for SSL certificate management.

Used WireShark to troubleshoot and investigate network issues.

Tracked and updated Plans of Action and Milestones (POAM) regarding the mitigation and remediation status.

Tracked authorization termination dates for various information systems risk assessments, including reviewing organizational policies, standards, and procedures and providing advice on their adequacy, accuracy, and compliance with industry standards.

Created reports, including remediation plans for discovered vulnerabilities.

Conducted security vulnerability assessments, security configuration, and research and penetration tests using commercial tools such as Cobalt Strike, Metasploit Framework, Burp Suite, and other Open-Source infosec tools while following methodologies and best practices as defined in PTES and NIST.

Responsible for setting-up configuration files in Splunk; tuned rules to create better alerting and established security baselines for configurations to tune out unnecessary alerts.

Developed security strategy and performed IT risk assessment and vulnerability assessment and worked with the business to mitigate risks.

Composed security alert notifications and other communications.

Advised incident responders in the steps to take to investigate and resolve computer security incidents.

SOC Analyst

October 2014 – December 2015

Asus, Fremont, CA

Asus is a multinational computer and phone hardware and electronics company. Its products include desktop computers, laptops, netbooks, mobile phones, networking equipment, monitors, wi-fi routers, projectors, motherboards, graphics cards, optical storage, multimedia products, peripherals, wearables, servers, workstations, and tablet PCs.

Reviewed and documented contingency plans (CP), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various agencies.

Reviewed and updated of the System Security Plan (SSP) using NIST SP 800-18 guidelines.

Reviewed and updated Cybersecurity documentation.

Provided services as security control assessor (S.C.A.) and perform as an integral part of the Assessment and Authorization process to include A&A, documentation, reporting, reviewing, and analysis requirements. As a team, we determined Security Categorizations using the FIPS 199 as a guide, reviewed, update and develop Privacy Impact Assessment (PIA), Privacy Threshold Analysis (PTA), and initiated System Security Plan (SSP).

Applied understanding the function and content of information security policies, standards, procedures, and practices as well as threats, risks and vulnerabilities at a functional level.

Executed security data management plans for the design and implementation of data collection, scheduling and review clarification and reporting systems.

Monitored and audited information security controls for compliance and effectiveness.

Worked with internal stakeholders to create a matrix that mapped project requirements to the National Institute of Standards and Technology (NIST) security controls.

Analyzed security breaches to determine their root cause.

Recognized potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.

Analyzed discovered infrastructure and software vulnerabilities obtained from scanning to determine risk, impact and remediation plans.

Monitored and analyzed network traffic and logs using WireShark, Nmap and pfSense.

Monitored traffic for irregularities based on information received from various sources.

Monitored and analyzed SCCM and SIEM reports to identify trends and potential vulnerabilities.

Performed penetration testing and vulnerability analysis.

Processed Nessus vulnerability scanning for critical and high severity alerts, log analysis, and results.

Managed Security Assessment and Authorization (SA&A) process to support continuous monitoring activities in accordance with NIST guidelines.

Monitored the IT regulatory landscape for emerging regulations and assessed the impact to control framework and risk strategy.

Responsible for IT testing using appropriate tools.

Tested, maintained, and monitored computer programs and systems, including coordinating the installation of computer programs and systems.

Experience developing and updating System Security Plans (SSP), Contingency Plan, Disaster Recovery Plan, Incident Response Plans, and Configuration Management.

Skilled in performing assessments on FedRAMP based on customer responsibility documentation and controls provided by the Cloud provider to assess.

Worked with ISSO, AO, and the Security team to access security controls selected and assess the weakness and produce (RTM), or Test case, and all findings reported in our SAR report.

Specialized in the entire FISMA Risk Management Framework (RMF), and system control assessment processes using NIST SP 800-60, NIST SP 800-53A, preparing and reporting SSP, SAP, PTA, P.I.A., E-Authentication ST&E (Security Test & Evaluation), POA&M.

Developed and conducted ST&E (Security Test & Evaluation according to (NIST SP 800-53A) and perform on-site evaluation and support.

Help Desk Support Specialist

May 2013 – October 2014

CoStar Group, Washington, DC

CoStar Group is a provider of information, analytics and marketing services to the commercial property industry in the United States, Canada, the United Kingdom, France, Germany, and Spain.

Worked closely with cross-functional teams assisting as needed.

Installed and configured new Lenovo ThinkPad and Dell laptops for end users.

Repaired all hardware related issues such as system boards, hard drives, LCD displays and DVD drives.

Supported office environment multi-function machines such as Ricoh and Xerox.

Provided support for Windows servers, updates, patches and DLP.

Performed troubleshooting of computers remotely using LANDesk and windows remote desktop.

Repaired all software related issues for Windows base computers such as Microsoft office.

Wrote automated test scripts in Unix scripting language.

Developed scripts using Java, SQL, and worked with proprietary software parsing Java objects using IBM Rational Functional Tester.

Responsible for providing all levels of desktop support for more than 1800 end users.

Was the primary Executive desktop support technician and handled day to day PC Support of designated Executive staff and their assistants.

Troubleshot and repaired various hardware issues on several models of Windows Base computers such as HP and Dell.

EDUCATION

Bachelor of Science - Information Studies - Information Security - University of South Florida

CERTIFICATIONS

Splunk Fundamentals Part1 Certified

CompTIA Security+ (Certified) – in progress

Certified Ethical Hacker (CEH) – in progress

Azure Fundamentals AZ-900 – in progress

AWS Fundamentals, Azure Security AZ-500 – in progress

Contact this candidate