Co Ltd Soc Analyst

JOHN OKORO

Tel: 773-***-**** • Email:**********@*****.***

SUMMARY

A devoted Security Operations Center analyst with over 3 years of hands-on experience providing first level response for security incidents including but not limited to security events at the level of the network, application, and endpoint. I have experience and detailed knowledge of security tools, technologies, and best practices. A goal driven and self-directed team player with strong written, communication, relationship building skills and excellent work ethics. SKILLS

Intrusion detection & prevention system

Incident response

Hands on experience with SIEM tools

Data Loss Prevention (DLP)

Malware Analysis

Threat, Vulnerability and Risk management

TCP/IP, UDP, FTP, SSH, SSL/TLS, HTTP,

DNS Protocols.

Defense in Depth

Threat Hunting

Cyber Kill Chain

MITRE ATT&CK Framework

Analytical thinker/Strong attention to detail

Good Communication skills

Team player

PROFESSIONAL EXPERIENCE

SOC Analyst

Think Tech Consulting February 2019 – PRESENT.

• Monitor and analyze security events to determine intrusion and malicious activities.

• Respond to security incidents and report on incident handling and resolution. Perform forensic analysis and data recovery, and penetration testing.

• Monitor day-to-day operations related to own job to ensure continuity of work.

• Research new and evolving threats and vulnerabilities with potential to impact the monitored environment.

• Perform daily supervisory/leadership responsibilities.

• Operational knowledge of SEIM console and follow up all related security incidents and events. Configuration and administration of security systems and tools.

• Search firewall, email, web, or DNS logs to identify and mitigate intrusion attempts.

• Investigate malicious phishing emails, domains and IPs using Agari Phishing Defense, Open- Source tools and block base on the analysis.

• Investigate, analyze, and process endpoint alerts using SIEM tools; QRadar, Symantec Antivirus, Cylance, Splunk Enterprise Security (Splunk ES) and OSINT tools.

• Communicates alerts to agencies regarding intrusions and compromises to their network infrastructure, applications and operating systems.

• Provides recommended courses of action to mitigate the risk associated with network intrusion attempts.

• Develops, documents and manages identification, containment and remediation strategies. Resume, Page 2

• Participate in managing relationship with external security vendors to ensure service delivery meets SLAs and work closely to improve their efficiency.

• Review and collect asset data; indicators of compromise, logs, configurations and running processes, on these systems for further investigation and reporting.

• Reviewing and documenting computer security and emergency.

• Assist with the development and maintenance of a weekly brief that captures all of the cyber events with metrics and trends

• Lead the operations of the SOC to ensure optimal identification/resolution of security incidents.

• Involve in planning and implementing preventative security measures and in building incident response and disaster recovery plans.

• Evaluate and process Web Site Review Requests from internal users to access blocked websites using OSINT tools.

• Perform proactive hunting for threats that may have escaped the monitoring system.

• Analyze and resolve DLP alerts from Google DLP Manager and Splunk Enterprise Security

(Splunk ES) and escalate cyber privacy incidents to the Privacy Team.

• Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident.

• Document nature of the suspected infection, the location and identification of both source

(Victim host) and target of any callbacks. Time of the alert Host or recipient Sender Name of file MD5 hash Malware name (if known) Source IP and Target IP.

• Document all activities during an incident and provide leadership with status updates during the life cycle of the incident.

• Investigate and identify the root cause behind security incidents – to include all stages of the cyber kill chain as appropriate.

• Investigate an incident, develop/communicate a timeline, and identify multiple scenarios based on the investigation.

• Perform regular continuous monitoring of events across platforms, operating systems, databases, and management systems.

• Conduct proactive monitoring, investigation, and mitigation of security incidents.

• Perform static malware analysis on isolated virtual servers.

• Participate with incident response and malware forensics investigation operations. Resume, Page 3

IT Helpdesk Support Analyst

Golden Tech Inc. Lanham, MD March 2016 – January 2019

• Provide prompt and appropriate response to phone and e-ticket inquiries and requests for assistance with the associated computer systems; Perform initial problem analysis, triage, identify, troubleshoot customer issues, provide advice and assistance, and appropriately refer technical issues to the network team or subject matter experts when appropriate.

• Provide direct assistance to customers via telephone and email.

• Coordinate efforts with staff associates and subject matter experts to resolve problems; maintain liaison with network users and technical staff to communicate the status of problem resolution; assist with monitoring network management systems.

• Contribute to the preparation of procedure manuals and documentation for help desk use; conduct periodic customer satisfaction surveys and track customer problem trends; make recommendations for improvements to customer experience and create reports based on information provided from customer surveys and trend analyses.

• Assist in the development of a comprehensive help desk training plan; assist in training personnel who provide backup coverage and in training users related to the operation and maintenance of systems.

• Perform other related duties including unlocking user accounts and helping with password reset support.

Resume, Page 4

Mining Engineering

Sahalan Civil and Mining Engineering Co Ltd. September 2010- January 2016

• Materials testing including on-site tests, soil sampling and data collection

• Laboratory Testing of soils and concrete in strict accordance with the applicable standards, including documentation and reporting of results

• Civil construction inspection including QC & QA monitoring to confirm compliance with approved drawings and contract specifications

• UAV surveys

• Material quantity control

TECHNICAL PROFICIENCIES

• Forensics trainings: Malware forensics

• Operating Systems: Unix-Based Systems (Linux); Windows.

• Networking: LANs, VPNs, Routers, Firewalls, TCP/IP

• Software: MS Office (Word, Excel, Outlook, PowerPoint), Access, Visio

• Ticket Systems: ServiceNow and Remedy

• OSINT: Virus Total, URLVOID, URLSCAN, IBM XFORCE, MX TOOLBOX, etc.

• FireEye ETP, EX, NX, HX. IronPort, Sourcefire, McAfee Web Gateway, Splunk, Splunk Express, McAfee DLP, Google DLP, Google Admin, Google Vault, Wireshark, IDS/IPS; Log Management, Anti-Virus Tools; (Norton, Symantec).

Resume, Page 5

EDUCATION & CERTIFICATION

CompTIA Security+

Splunk Fundamental 1

Evolve Security Certified Professional (ESCP), Evolve Security Academy, Chicago IL Bachelor in Engineering – Federal University of Technology, Akure

Contact this candidate