Gerald Tembu Anoh

Tel: 240-***-**** Email: adri86@r.postjobfree.com

Summary:

Experienced Cybersecurity Professional with 4+years in information technology and 2+ years hands-on in Security Operation Center processes with in-depth knowledge on incident response, Computer Network Defense (CND). Experience in Monitoring, evaluating, investigating analyzing and responding to security events and incidents with most of the leading security information and event management (SIEM) technologies, endpoint detection and response (EDR and XDR), intrusion detection/prevention systems (IDS/IPS), NGFWs, network- and host-based firewalls, network access control (NAC), data leak protection (DLP), web and email content filtering, vulnerability. Solid knowledge in ticketing, and reporting systems for example ServiceNow, Remedy and Archer.

Soft Skills:

Ability to work well in a fast-paced environment, multitask with an eye on detail. Proactive and solution focused with excellent interpersonal and strong relationship building skills. Excellent communicator with team members and customers. (English and French) Resourceful, dependable, with a profound sense of ethics. Time conscious and organizational ready to work anytime 24X7X365. Keen on planning, to fulfill and surpass SLA.

Certification:

CAP Certified Authorization Professional 2020

SECURITY + 2021

SPLUNK Certified Core User 2022

CEH in Process.

Education:

Ms. International Relations (2005)

Post Graduate English Common Law (2000)

BA English Private Law (1993)

Experience:

SOC Analyst 01/2020 - Present

Think Tech Consulting LLC

Perform real-time monitoring, security incident handling, investigation, analysis, reporting and escalations of security events from multiple log sources; network devices such as NGFWs, IPS, IDS, Operating Systems like Windows Servers, System Application, Proxy Servers, and Web Servers aggregated to the Splunk ES. Creating and tracking every ongoing investigation to resolution.

Used McAfee DLP Manager to protect intellectual property and ensures compliance by safeguarding sensitive data such as PII and BII.

Monitor, investigate and analyze alerts from different security logs and correlating them to separate events which are false positives and security incidents that require further investigations.

Monitor DLP alerts from Google Admin or Iron Port via Splunk, investigate and prevent data loss or exfiltration by unintentional and malicious internal users or attackers and escalate to the privacy team for proper handling as applicable

Monitor, analyze, and investigate retroactive email alerts from IronPort and FireEye EX ETP through Splunk and process them following standard operation procedure.

Monitor Splunk dashboard for automated reports on critical host of data sources and take the necessary action.

Receive and fulfill Site review request for internal employees, grant or deny request and provide reasons for decision based on Business justification and company policy.

Manage mobile devices including remote wipe of especially missing or stolen device

Prepare summary of daily shift reports to the clients and creation of correlation rules, dashboards, and knowledge objects in Splunk, of network events and activities relevant to cyber defense practices.

Properly document investigated events or incidents with corresponding artifacts and attack details.

Interface with customers and providing advice on specific questions.

Partake in meetings for tunning of security monitoring tools events to reduce false positives, and work with technical and non-technical teams to track progress, report on status and ensure remediation of gaps in company’s security posture.

Mentor other new Junior analyst bringing them up to speed.

Conduct initial analysis of infected hosts or analyze network traffic to identify attacker activity; perform event correlation review through incoming data feeds, ticketing systems and security alerts.

Notify internal teams of security incidents, utilize technical knowledge to follow procedures for the detection of threat actor’s behavior, as well as follow and provide feedback on Security Monitoring runbooks, review security related events assess their risk and validity based on available network, endpoint, and global threat intelligence information.

Perform security incident response activities to identify, triage, contain, and eradicate various information technology threats.

Identify tactics, techniques and procedures for APT and intrusion sets following the Maître ATT & CK framework.

Leverage existing technology to identify and communicate vulnerabilities, coordinating remediation efforts with IT operations.

Make recommendations to leadership based on significance of threats and vulnerabilities

Use Endpoint detection and response tools to create detection rules and identify threats

Processed Daily Threat Intel and blocking malicious MD5 hashes, IPs and Domains following standard operation procedure.

IT Support Analyst 01/2019-12/2019 Datalogic Solutions

Provide prompt and appropriate response to phone and e-ticket inquiries and requests for assistance with the associated computer systems; Perform initial problem analysis, triage, identify, troubleshoot customer issues, provide advice and assistance, and appropriately refer technical issues to the network team or subject matter experts when appropriate.

Responsible for investigating and identifying computer hardware and software-related problems.

Effectively communicates step-by-step solutions to end-users.

Records solutions into the database for other Help Desk professionals.

Redirects issues to appropriate resources if necessary

Assist with providing and managing official answers to all FAQs and distribute same to all interested stakeholders.

Contribute to the preparation of procedure manuals and documentation for help desk use; conduct periodic customer satisfaction surveys and track customer problem trends; make recommendations for improvements to customer experience and create reports based on information provided from customer surveys and trend analyses.

Assist in the development of a comprehensive help desk training plan; assist in training personnel who provide backup coverage and in training users related to the operation and maintenance of systems.

Perform other related duties including unlocking user accounts and helping with password reset support.

Troubleshoot and resolve Tier I and II incidents to include: system inquiries, requests, incidents, software installation, printer support, hardware support (desktop, laptop, peripheral).

Provide VIP support and communication regarding status of incident troubleshooting and resolution.

Actively participate in all meetings such as, but not limited to weekly staff meetings, weekly training, Weekly Ticket Tag-Up, etc.

Preparing accurate documentation to support and maintain a working knowledge base of service desk processes including pertinent guidelines, regulations, compliance issues, and documentation requirements as well as reference all application reference guides.

Support focus teams or specialized projects to promote rapid improvement turnaround.

Maintains a high-level of customer service focus, exhibiting expertise, courtesy, timeliness, and professionalism while interfacing with users and senior staff members in person, on the phone and/or email.

Be part of a team that supports and operates a 24x7x365 Service Desk.

Demonstrate excellent communication skills, both verbal and written to support incoming customer support calls and emails.

Analytically inclined with attention to detail and accuracy and consistent follow-through to assure problems are resolved with the ability to respond to last minute requests.

Exercise discretion and independent judgment when handling situational occurrences.

Analyzes and recommends alternative solutions to meet customer needs.

Builds credibility and trust with customers and team members.

Identifies areas of opportunity to improve customer satisfaction.

Supports the team process and participates on cross-functional teams.

Responsible for handling after-hours on call support (when necessary).

Technical Skills:

Security Technologies: SIEM Tools: Splunk ES,

Networking: CISCO Source Fire/ FirePower, FIRE Eye NX, Wireshark, Fire Eye HX

Applications: Google Admin, Cisco IronPort McAfee DLP Manager/Google DLP

End Point; Fire Eye HX, IDS/IPS; SentinelOne, MDM; Air Watch, Forescout

Ticketing; Service Now, JIRA and Remedy,

Others, Web Access review request; McAfee Web gate way, McAfee Web Proxy, OSINT Tools,

Operating Systems: Windows Systems, Unix-Based, Anti-Virus Tools,

Software: MS Office (Word, Excel, Outlook, PowerPoint)

REFERENCESES

Favor Nji 917-***-****. (Manager at work)

Ryan Neba 301-***-**** (Teacher )

Contact this candidate