Post Job Free
Sign in

Soc Analyst Active Directory

Location:
Argyle, TX
Posted:
June 28, 2022

Contact this candidate

Resume:

SUMMARY

Passionate SOC, Cyber Threat Detection and Response Analyst with experience in investigating, containing, and preventing network, host and email-based attacks and providing security services for global enterprises. Able to use various security tools to perform log and packet analysis. Experience in performing malware analysis with the overall objective to ensure confidentiality, integrity and availability of the systems, networks, and data.

SKILLS

Malware Analysis/Endpoint Security

Incident Response/Cyber Threat Intelligence

Data Loss Prevention/Anti-Phishing/O365/MX Toolbox

Wireshark/IBM Big Fix

Network Security Protocols/ TCP/IP

Nessus

ThreadGrid/Anyrun

Splunk

Firepower, FireEye

ServiceNow/SharePoint

CrowdStrike/TrendMicro

Palo alto/Cisco

Linux/Windows

Active Directory/Microsoft Office

VirusTotal, DomainTools, IP/URLvoid, IBM X-Force

EDUCATION & CERTIFICATIONS

University of Yaoundé I

B.S., Information Technology

CompTIA Security+ SYO-601 (SEC+)

Splunk Fundamentals I

PROFESSIONAL EXPERIENCE

Pitch Technologies LLC October 2018 – Present

SOC Analyst

Triage and investigate incoming alerts generated from Splunk ES to determine the severity and impact of the event or incidents

Give Client recommendations on how to resolve, remediate and

Consistently monitor events generated on Splunk ES incident dashboard. Assist in creating Splunk dashboards to capture all customized logs generated by systems and applications

Investigate malicious embedded links, attachments obfuscated in phishing emails using Threat Grid, IronPort, O365 Threat explorer

Train employees how to handle phishing email cases and triage the phishing submission mailbox

Prioritizing and categorizing between potential intrusion attempts and false positives.

Developing follow-up action plans to resolve reportable issues and communicating with

other IT teams to address security threats and incidents accordingly

Escalating incidents to tier 2 and incident response analysts for further analysis

Supporting Incident Response till resolution following Standard Operation Procedures

(SOP)

Consistently monitoring and working on alerts generating on Splunk

Assisting in creating Splunk dashboards to capture all customized logs generated by systems and applications

Assisting in creating new use cases and performing SOC testing

Creating and updating SOC run books as required

Performing endpoint investigations using FireEye and McAfee ePO

Investigating attachments and links for imbedded malware using FireEye ETP, IronPort and ThreatGrid

Giving client recommendations on how to securely resolve escalated issues

Training new employees on how to handle investigations and safely deal with phishing emails

Developing follow-up action plans to resolve reportable issues and communicating with other IT teams to address security threats and incidents accordingly

Escalating incidents to tier 2 and incident response analysts for further analysis

Supporting Incident Response till resolution following Standard Operation Procedures

(SOP)

Prioritizing and differentiating between potential intrusion attempts and false alarms

Assisting with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions

Responding to computer security incidents by collecting, analyzing, preserving digital evidence, and ensuring that incidents are recorded and tracked in accordance with organizational SOC requirements

Using McAfee DLP to protect intellectual property and ensuring compliance by safeguarding sensitive data

Analyzing email logs to confirm malicious emails were not delivered or are quarantined and malicious attachments dropped

Monitoring and analyzing network traffic, Intrusion Detection Systems (IDS), security events and logs to identify abnormal and suspicious activity

Working with SOC Engineers and other SMEs to operate Intrusion detection and prevention systems (IDS/IPS) such as SNORT and Sourcefire to analyze, detect worms and vulnerability exploit attempts

Staying up to date with current vulnerabilities, attacks, and countermeasures

Pitch Technologies LLC March 2016 – September 2018

IT Help Desk

Assisted users with networking connectivity issues, with commands like ping and Ipconfig

Troubleshooted storage, and applications

Troubleshooted and resolved hard and soft phone issues (Cisco)

Created SOPs for various tasks completed and issues resolved

Diagnosed and resolved issues related to DNS, SSH, HTTP, DHCP and SNMP

Attended production meetings with senior system administrators and engineers

Supported and participated in execution of the operations and management of a group of Windows

Worked on Operating Systems such as Linux Servers, Windows Servers (2008 R2 and 2012 R2) and Workstations (Windows 7, 8 and 10)

Supported common applications such as Mozilla Firefox, Google Chrome, Antivirus, and Remote

Assisted in supporting Desktops, VoIP programs, Microsoft Office, and Adobe Creative Cloud

Resolved incidents using JIRA ticketing system

Prepared outage and weekly reports

Performed network and local printer troubleshooting



Contact this candidate