SERGES D. LE GRAND

**** ********* **, *********, ** 21229 202-***-****

adsg79@r.postjobfree.com

SOC ANALYST

Results-oriented cyber security professional with 7+ years of experience and proven knowledge of working with the security operation center, Cyber security, threat, attacks, and vulnerability management, configuration management, and network monitoring, aiming to leverage my skills to successfully fill the cyber security and Information Systems role at your company.

ADDITIONAL SKILLS

●Experience with vulnerability scanning tools such as Tenable Nessus, Tenable.IO, and Tenable.SC, QualysGuard, etc

●Moderate knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.)

●Configuration/Patch/Vulnerability Management

●Moderate knowledge of the current threat landscape (threat actors, APT, cyber-crime, etc.)

●Moderate knowledge of Firewalls, endpoint security, IAM products, vulnerability management products

●Basic to Moderate knowledge of penetration techniques

●Basic to Moderate knowledge of DDoS mitigation techniques

●Basic knowledge of audit requirements (PCI, HIPPA, SOX, etc.)

●Good understanding of system log information and what it means, where to collect specific data/attributes as necessitated per Incident Event (host, network, cloud, etc.)

●IDS monitoring and analysis, analyze network traffic, log analysis, prioritize and differentiate between potential intrusion attempts and false alarms

●SAST, DAST, OWASP

●Intermediate knowledge in the cloud (AWS)

EXPERIENCE

WMATA THREE Washington, DC

Cyber Security Analyst. Aug, 2020 - Present

●Perform incident response analysis uncovering attack vectors involving a variety, of malware, data exposure, and phishing and social engineering methods.

●Participate in the remediation of incidents and responses generated from live threats against the enterprise.

●Recording and reporting all incidents per Federal policy, department policy, and legislation.

●Creating and tracking network incidents and investigations through completion

●Serve as a point person for Incident Management; providing coordination and assignment of activity for all entities party to incident response event

●Monitor security events received through alerts from SIEM or other security tools

Revise alerts escalated by end-users

●Carry out Level 2 triage of incoming Incidents (initial IR assessment of the priority of the event, initial determination of incident nature to determine risk and damage or appropriate routing of security or privacy data request)

●Maintain assigned ticket queue

As needed, serve as the incident response event point person and liaison to enterprise teams, responding to a crisis or urgent situations aimed at mitigating, preparing for, responding to, and recovery systems.

●Will also coordinate resources, activities and timelines during security incidents to ensure a unified structured response to incidents (I.e. data breaches, ransomware events, etc.)

●Review and recommend technical, process, and physical controls to counteract damage from breach events

●Supports/develops reports during and after incidents, which include all actions taken to mitigate, recover and return operations to normal operations properly

●Support forensic investigators and application security analysts in reactive and proactive Threat Hunting engagements, performing endpoint, network, and log analysis

WMATA ONE Washington, DC

Security Operations Analyst May 2015 - March 2017

●General SIEM monitoring, analysis, content development, and maintenance.

●Research, analysis, and response for alerts; including log retrieval and documentation.

●Conduct analysis of network traffic and host activity across various technologies and platforms.

●Assist in incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts.

●Compile detailed investigation and analysis reports for internal SOC consumption and delivery to management

●Track threat actors and associated tactics, techniques, and procedures (TTPs).

●Capture intelligence on threat actor TTPs and develop countermeasures in response to threat actors.

●Analyze network traffic, IDS/IPS/DLP events, packet capture, and FW logs.

●Analyze malicious campaigns and evaluate the effectiveness of security technologies.

Develop advanced queries and alerts to detect adversary actions.

●Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting-edge security technologies.

●Design and build custom tools for investigations, hunting, and research.

●Assist in designing, evaluating, and implementing new security technologies.

●Lead response and investigation efforts into advanced/targeted attacks.

●Hunt for and identify threat actor groups and their techniques, tools, and processes.

Identify gaps in IT infrastructure by mimicking an attacker's behaviors and responses.

●Provide expert analytical investigative support for large-scale and complex security incidents.

Perform Root Cause Analysis of security incidents for further enhancement of alert catalog.

●Continuously improve processes for use across multiple detection sets for more efficient Security Operations.

●Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed.

●Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.

●Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security, and application logs, as well as logs from various types of security sensors.

●A passion for research and uncovering the unknown about internet threats and threat actors.

●Ensure the SOC analyst team is providing excellent customer service and support.

WMATA TWO Washngton, DC

Security Operation Center Analyst (SOC) March 2017 - Aug 2020

●Responsible for Threat detection and response actions by efficient handling of SOC operations - to improve security posture of the organization.

●Strategize with leadership on the direction of the security operations program.

●Serve as the highest escalation point for technical analysis and response leveraging superior technical knowledge of adversary tactics, techniques, and procedures.

●Stay up to date with news and trends in information security including new vulnerabilities, methodologies, and products.

●Command incident response efforts and be able to correlate multiple data sources applying various analytical techniques.

●Create and track investigations to resolution as needed both internal to security operations as well as holding other department members accountable.

●Holistically deploy, maintain, and tune new security controls and alerts critical to the security mission of the organization.

●Work with other teams to identify, resolve, and mitigate vulnerabilities and risks. mance.

Define and track SOC metrics KPIs

●Detailed understanding of advanced tactics and methods used in Cybercrimes, Hacktivism, and APTs

●Work with vendors and other third parties independently in pursuit of program goals.

Generally, works to solve security challenges at scale while balancing usability, stability, scalability, and perfor

●Ability to interpret highly technical data and perform detailed data analysis slicing & dicing.

●Collects and analyzes host-based and network-based data in support of incident response investigations.

●Interprets analyzes and reports on events and anomalous activity discovered through incident response investigations.

Leverages tools including Splunk, as part of duties performing cyber incident response analysis.

●Supports incident response engagements, and partners with other incident response teams in maintaining an understanding of threats, vulnerabilities, and exploits that could impact client networks and assets

●Performs real-time and proactive analysis on various data sources, such as anti-virus logs, firewall logs, IDS & IPS data, event logs, and other host-based and network-based artifacts.

●Utilizes data analytics tools including Splunk to make sense of machine data in performing responsibilities.

●Correlates and analyzes data between disparate sources to assess threat actor techniques, tactics, and procedures.

●Supports the incident manager in focusing and providing response, containment, investigation, and remediation efforts.

EDUCATION

University of Phoenix

Degree Level in BACHELOR OF SCIENCE IN INFORMATION TECHNOLOGY

4035 S Riverpoint Pkwy

Phoenix, AZ 85040

January 2017 – June 2019

University of Phoenix 4035 S Riverpoint Pkwy

Degree Level in MASTER OF SCIENCE IN INFORMATION SYSTEMS Phoenix, AZ 85040

July 2019 – June 2021

CERTIFICATIONS

●CompTIA Sec+ (By the end of Dec 2022)

●Business Analytics

●Advanced Software Developer

Contact this candidate