Resume

Cyber Security Expert

Location:

Englewood, CO

Posted:

January 18, 2023

Contact this candidate

Resume:

PROFESSIONAL SUMMARY

Experience as a Cyber Security Expert.

Log aggregation, data analysis, Splunk queries, dashboard design, correlation queries.

Set up and configure Splunk ES along with monitoring and reporting using Splunk dashboards.

Configure Splunk in tandem with Snort for a comprehensive SIEM (IDS/IPS).

Use log data from SIEM tools (Splunk, AlienVault) to conduct analysis of Cyber Security incidents.

Conduct detailed vulnerability analysis and provides support documentation to per NIST Risk Management Framework.

Understand control types (administrative controls, technical controls, physical controls).

Implement virtualization using VMWare, Virtual Box.

Use command-line tools in Linux, Windows OS, and various tools such as Nessus and Nmap.

Experience in Network Intrusion detection/Intrusion Prevention System and Firewalls.

Responsible for SIEM systems, rules, and actions in Snort for incident response and set alerts to intrusion attempts.

Experience implementing & managing Data Loss Prevention.

Perform network traffic analysis using Wireshark and manages Firewall Vulnerability with pfSense firewall manager.

Adheres to NIST guidelines in continuous monitoring as part of Cyber Security program.

Enforces Cyber Security best practices per NIST guidelines and SOC procedures.

Execute risk-based Cyber Security audit programs, to assess the design and effectiveness of key technology and/or security controls for critical systems and processes.

Knowledgeable of IAM Concepts and IAM Models; Access Protocols and Account Practices.

Knowledgeable about Kerberos Authentication Protocol.

Risk mitigation and use of necessary controls proactively address vulnerabilities and threats, through intrusion detection, controls and security assessment and training.

Familiar with various cyber security tools including, Splunk/Snort IDS/IPS, Nessus, Wireshark, and Metasploit.

Expertise in Mobile Security and Access Control Identity Management.

In-depth understanding of attack scenarios and common vulnerabilities.

Active in continuously updating knowledge with new security procedures and protocols and adapting to rapid changes in the security landscape.

Skilled in use of Symantec Endpoint Protection (SEP) and PfSense.

Access Control Identity Management, Penetration Testing, Vulnerability Assessment, SOC Analysis, Incident Response and Threat Mitigation.

Experience with policy exceptions with management of Business Unit requesters.

Experience in risk mitigation and deployment of necessary controls proactively address vulnerabilities and threats, through intrusion detection, controls and security assessment and training.

Use of different Vulnerability Assessment and Penetration Testing (V.A.P.T.) tools.

Use of Cyber Kill Chain and Diamond Model in threat intelligence.

Support of security compliance initiatives and assessments including responses to client security organization audits, questionnaires.

Strong analytical skills, including the ability to problem solve to make value-added control recommendations.

Understanding with software and security architectures as well as Intranet and Extranet security practices.

Experience developing Incident Response Playbooks/Incident Response Plans (IR Plans).

Experience coordinating annual security exception review process.

Risk Management using NIST guidelines, Security Assessment and Testing, and Continuous Monitoring.

Skillful use of industry tools for traffic monitoring such as WireShark and PFSense.

Assisted with the development of Incident Response Plans (IRP) and implemented tools for each stage.

Skilled in analysis of results of security, vulnerability, and risk management assessments.

Analyze cyber security controls and how they align to business objectives.

Analyze, monitor, and identify security risks to determine their impact.

Trained users on risks, social engineering, security controls and best practices to ensure security and safety of assets.

Experience in NIST Compliance, Security Management and Operations, Vulnerability Assessment, Risk Management Framework, Incident Response, Monitoring, Threat Detection and Mitigation.

Understanding of electronic investigation, forensic tools, and methodologies. Including: log correlation and analysis, forensically handling electronic data, knowledge of the computer security investigative processes.

TECHNICAL SKILLS

Programming: HTML, PHP, Advanced C++, C#, Visual Studio, MATLAB, API, MySQL,

Scripting Languages: JAVA, Python, PowerShell, Bash

Networking: SSL/TLS, DHCP, OSI Model, DNS, TCP, UDP, HTTP, PHP, HTML, CSS, SML, Wireshark, Nmap, Cisco

Software: Microsoft Office Suite, PDF, Active Directory, VMware, Weka, vSphere, NetworkMiner

Operating Systems: Windows, MacOS, Linux, Unix, CentOS, Red Hat, Kali Linux

Technologies: DNS, DHCP, Windows Desktop Environment, Windows Servers Systems, Backup, Recovery, Testing

SIEM Tools: Splunk, Qradar, AWS Guard Duty, Azure Sentinel, Alien Vault, and ArcSight

Threat Hunting Tools: CrowdStrike, Carbon Black, FireEye,

Vulnerability Management Tools: Nessus, Qualys, AWS Inspector, Azure Security Center, Rapid 7, Tenable IO

Risk Management and Auditing Tools: Archer, ServiceNow GRC, Netwrix

Cloud Platforms: Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP)

Amazon Web Services (AWS) Resources: Guard Duty, Cloud Trial, Cloud Watch, Inspector, IAM, VPC, S3.

Microsoft Azure Resources: Azure Security Center, Sentinel, Active Directory, Log Analytics Workspace.

Frameworks: NIST Cybersecurity Frameworks, COBIT, SOX, HIPAA, PCI – DSS, ISO / IEC.

Firewalls: Palo Alto, Cisco Meraki, AWS Firewall, AWS WAF, Azure Firewall, Azure WAF

PROFESSIONAL WORK EXPERIENCE

Cyber Security Subject Matter Expert February 2020- Present

Dish network

Englewood, Colorado

Acted as a primary resource and provide detailed/hands-on support to the Cyber Security Engineers working on project at client sites through the United States of America and United Kingdom.

Prepared training modules to mock interview situations to enhance the learning process provided by the company and provided mentorship to ensure value-add at client site.

Interacted with the company’s Executives to ensure that projects and employees are appropriately matched to assignments.

Interviewed Cyber Security Engineers to help with the development and Implementations of Cyber Security.

Responsible for the design, development, and maintenance of the company’s Cyber Security training materials.

Assisted in training and cyber security awareness to organization staff.

Applied qualitative and quantitative risk assessment methods.

Identified and modeled information and network security risks.

Controlled Identity and Access Management for all users in the organization by assigning them with access and privileges based on the groups and assigned licenses.

Articulated information security risks as business consequences based on the impact and likelihood of risk to be reduced to an acceptable level.

Supported all technical subject matters on Cyber Security, while also overseeing information assurance internally.

Used in Advanced threat protection, PKI, and Cryptography.

Experienced with Endpoint Detection and Response, Software integrity, Access control, and volume forensics, Authentication, File encryption, Volume encryption, Network monitoring, POP, DNS, Email security, Network crypto, and Certificates.

Used top Frameworks and Standards (NIST/ITIL/ PCI DSS/ISO/CIS)

Experienced in using SIEM Tools (Splunk, Qradar, AWS Guard Duty, Azure Sentinel, Alien Vault, and ArcSight)

Performed incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts.

Responsible for making suggestions to change playbooks to keep up with the changing threat landscape.

Fine-tuned and analyzed SIEM and its events to identify trends and potential vulnerabilities.

Produced advisory reports regarding 0-day exploits, CVE vulnerabilities, current network.

Hands-on SIEM tools to protect organization from threats and cyber security attacks. Also, created, and modified Use cases for Splunk.

Evaluated, recommended the acquisition of, implemented, and disseminated IT security tools, procedures, and practices to protect information assets.

Responded to intrusions and threats detected by endpoint security tools.

Performed security vulnerability assessments and penetration tests to ensure environment and data were secure as well as satisfying regulatory compliance requirements.

Met with respective Business OU to discuss updates to DLP policies and rules.

Performed log correlation analysis using Splunk and implemented risk and threat mitigation processes.

Responded to computer security incidents and coordinated efforts to provide timely updates to multiple business units during response.

Utilized Splunk to support dashboard, report, and other capabilities to support the Cyber Security Program.

Monitored and analyzed SIEM events to identify trends and potential vulnerabilities.

Collaborated with system owners, senior management (CIO, CISO etc.,) and executive leadership to determine remediation strategies. Experience in Office 365 Protection to investigate and remediate phishing threats.

Assisted I.T staff with understanding and resolving system vulnerabilities.

Conducted risk assessments and collaborated with Management and technical team to provide recommendations regarding any changes that were being implemented on assigned systems.

Performed and analyzed vulnerability scan reports and worked with stakeholders to establish plans for sustainable resolutions.

Completed tasks such as researching and identifying security vulnerabilities on the networks and systems.

Used Nessus to run scans on operating systems and applications to identify vulnerabilities and compliance.

Monitored controls post authorization to ensure continuous compliance with the security requirements by evaluating vulnerabilities through Nessus scan results and work with the IT staff for mitigation actions.

Cyber Security Engineer September 2018- February 2020

IBM

Armonk, New York

Used log data from SIEM tools (Splunk and Qradar) to conduct analysis of cyber incidents.

Analyzed log data from SIEM tools such as Splunk, and WireShark to identify threats and vulnerabilities on the network to prevent cyber security incidents.

Created a detailed Incident Report (IR) and contribute to lessons learned and mitigations for future attacks of a similar nature.

Documented policies and procedures in support of Risk Management Framework (RMF) process.

Worked with security compliance policies, programs, processes, and metrics.

Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.

Monitored the general support system for vulnerabilities and threats including patch management, weak password settings, and weak configuration settings.

Reviewed the PAOM to validate the items uploaded in the POAM tracking tools supported the closed findings and coordinated promptly with stakeholders to ensure timely remediation of security weaknesses.

Conducted system security evaluations and assessments, documented, and reported security findings using NIST 800 guidance per the continuous monitoring requirements.

Researched emerging threats and vulnerabilities to aid in the identification of network incidents.

Implemented deep drive analyses on alerts received from Splunk and took actions on remediation process.

Participated in the creation of enterprise security documents (policies, procedures, standards, guidelines, and playbooks) under the direction of the Chief Information Security Officer.