Security Associate Active Directory
Resume:
Skills:
Excellent planning, interpersonal, verbal, and written communication skills, organizational skills, and ability to stay focused while multi-tasking.
Proven ability to meet designated deadlines and demonstrated the ability to learn rapidly and adapt to new process and technology.
Strong critical thinking/analytical skills, creativity, and proven drive for quality.
Work Experience:
Atos Syntel, West Palm Beach, Fl Dec 2021-July 2022
M365/Azure Consultant
•Acted as technical lead for projects focused around M365 service, security, and configuration management.
•Contacted clients to find out the nature of the problem and perform the system changes adhered to organizational policies.
•Lead adoption and management of O365, Azure Security and Compliance center to better manage records according to established schedules and data loss protection policies
•Ensured awareness of and support adoption of M365 roadmap and new tools and capabilities
•Ensured facilitation of predictable project delivery for M365 related efforts
•Ensured quarterly updates of M365 roadmap
•Strong knowledge of Teams, SharePoint Online, and OneDrive for Business
•Strong knowledge of Microsoft DLP - Microsoft Purview
•Strong level knowledge of breadth of MS M365 Security & Compliance services including breadth of Defender services
•Strong level knowledge of Exchange technologies, both on premise and Exchange Online
•Strong level knowledge of Azure AD and the Azure Active Directory Connector technologies
•knowledge of Desktop operating systems
•Strong knowledge of Azure conditional access
•Awareness of third-party tools like CASB, SIEM integrations with M365
•Performed detailed Root Cause Analysis of problems.
•Ability to clearly document and explain symptoms and solutions to complex problems
•High Level functional knowledge of Server, Workstation, Network and Application technologies and infrastructures.
•Ability to plan, manage time according to schedules, and provide status updates required.
Robert Half Technology (Honda NA) Oct 2020- Nov 2021
Cyber Security Consultant.
Identify log sources needed for collection for both Security and Compliance for the SIEM.
Generate appropriate alerting within SIEM(Qualys) to leverage in automation activities.
Write automation in the SOAR to accelerate IR activities.
Perform cleanup and sanitation of incoming log sources and events.
Work with multiple teams throughout IT on activities.
Participate in Incident Response activities.
Lead direct reports and help them develop through training and mentorship.
Lead and participated in projects brought to IT by local business leaders, corporate IT, and corporate business
Prioritized and escalated any issues that could put business objectives, results, or processes at risk.
Researched and analyzed business trends and behavioral data to identify opportunities for improvements and new initiatives.
Leads the evaluation, development, and recommendation of specific technology products and platforms to provide cost-effective solutions that meet business and technology requirements.
Researched and designed best fit infrastructure, network, database, and security architectures for products.
Proactively created and maintained tools for monitoring and support.
Participated in project planning and management across multiple efforts.
Collaborated with product and project teams to understand needs and enable them with infrastructure
South Florida Water Management District (Contractor) Oct 2020- Oct 2021
Cloud Security Associate
Lead adoption and management of O365, Azure Security and Compliance center to better manage records according to established schedules and data loss protection policies.
Performed Security monitoring, vulnerability scanning, and penetration testing, ongoing performance tuning, hardware upgrades, and resource optimization. Monitor, triage, prioritize events, and respond to alerts for further investigation. Complete, thorough, and detail-oriented work in a timely manner is a must.
Investigated SIEM events, alerts, and tips to determine if an incident has occurred.
Analyzed CTI reporting & IOCs to improve network defenses and other security measures.
Understanding of multiple log types including Windows, AD, Email, VPN, etc.
Coordinated the response for confirmed security incidents, to include efforts to scope, contain, eradicate, and remediate.
Maintained situational awareness and keep current with cyber security news and threat actor Tactics, Techniques, and Procedures (TTPs).
Documented ongoing investigations and analysis using ticketing and incident reporting systems.
Supported the production of effective situational awareness products with relevant metrics and visualizations for key constituents and leadership.
Performed endpoint security monitoring, security event triage, and incident response, coordinated with other team members & management to document and report incidents
Supported the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results, and making changes necessary to address deficiencies.
Investigated security breaches and other cybersecurity incidents.
Installed security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs.
Documented security breaches and assess the damage they cause.
Worked with the security team to perform tests and uncover network vulnerabilities.
Fixed detected vulnerabilities to maintain a high-security standard.
Stayed current on IT security trends and news.
Documented and maintained records of security events investigated and incident response activities, utilizing case management and ticketing systems tools.
Identified, collected, organized, and reviewed pertinent evidence across multiple platforms and applications to determine compliance with relevant PCI DSS controls.
Helped colleagues install security software and understand information security management.
Researched security enhancements and make recommendations to management. Stayed up to date on IT security trends and standards.
Maintained technical awareness of common security threats and continually improved upon knowledge to counter those threats.
Stayed up to date on information technology trends and security standards.
Implemented solutions for security threats against email messaging environments deterring attacks such as business email compromise, spear phishing, and account takeover.
.
Dept of Commerce US Census Aug 2019- Jan 2020
Technology Manager
●Monitored and communicated information security issues related to the systems and workflows to ensure the internal security controls for the IT infrastructure is appropriate and operating as intended.
●Lead the development, implementation and training of security policies, standards, processes, procedures, controls, and guidelines for multiple platforms and diverse system environments.
●Performed security analysis utilizing SIEM technologies, log collection and analysis, network and host monitoring platforms, and various analysis tools
●Recognized and organized attacker tools, tactics, and procedures (TTPs) and indicators of compromise (IOCs) that can be applied to current and future investigations.
●Performed security assessments based on relevant industry standards and provided remediation approaches to address the security control gaps identified.
●Performed Security monitoring, vulnerability scanning, and penetration testing, ongoing performance tuning, hardware upgrades, and resource optimization.
●Supported the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results, and making changes necessary to address deficiencies.
● Ensured ongoing system and network health checks on identified high risk network segments, systems, and applications as well as follow up remediation.
●Monitored and analyzed network traffic for signs of adversarial activities, responded to alerts from various systems and platforms.
●Triaged potentially malicious events to determine severity and criticality of the events using a variety of analysis tools in support of service objectives.
●Monitored security appliance health and perform basic troubleshooting of security devices; notify security engineering as necessary for malfunctioning equipment.
●Analyzed malicious artifacts obtained from network monitoring with a focus on generation of threat intelligence and service improvement.
●Identified, developed, and implemented new detections and mitigations across the services platforms.
●Communicated and collaborated with the analyst team for situational awareness.
●Followed detailed processes and procedures to analyze and escalate critical information security incidents; these procedures vary from customer to customer.
●Applied structured analytical methodologies to maximize threat intelligence growth and service efficacy.
●Directly contributed to the continued technical enhancement of the services platforms, analysis tradecraft, and development of team skills and expertise.
●Contributed to the continued evolution of services capabilities and processes.
●Experience analyzing logs for indicators of compromise, collected from various network monitoring devices such as firewalls, IDS/IPS, web proxies, email filters, etc.
●Experienced defining and refining operational procedures, workflows, and processes to support the analyst team in consistent, quality execution of defensive missions.
●Strong written and verbal communication skills, proven ability to communicate technical topics to diverse audiences.
●Expert understanding of certificate-based authentication and certificate management.
●Experienced in implementation and management of security access systems within the enterprise and in the cloud (e.g., Federation, SAML, etc.).
●Demonstrated an expert understanding of how security access systems integrate across the enterprise.
CSX Cloud Sept 2018 –May 2019 Cloud Security Associate (Remote).
●Deployed, configured, and managed infrastructure security products, tools, and solutions to help augment security threat monitoring, detection, prevention, and compliance as part of the organization’s cloud security architecture.
●Coordinated threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting- edge security technologies.
●Monitored computer networks for security issues, installs security software, analyzes, and diagnoses security issues, breaches, or other cyber security incidents, assesses the damage they cause and accurately documents findings.
●Performed moderately complex routine operational duties, including daily incident request processing as assigned.
●Performed penetration tests, conducts routine vulnerability scans to uncover network vulnerabilities, repairs detected issues and enacts corrective action to maintain a high-security standard.
●Installed security measures and operates software to protect systems and information infrastructure, including firewalls and data encryption programs.
●Gathered data and documents research to assist with internal/external IT security audits.
●Reviewed monthly patching requirements and collaborates with IT teams to provide input for monthly patch cycle.
●Gained and regularly refreshes understanding of PCI-DSS, HIPPA, and NIST standards and their impact on IT security.
●Prepared reports that take note of security breaches and the extent of the damage caused by these breaches.
●Installed software that is created to protect sensitive information, such as firewalls and data encryption programs.
●Monitored the company’s networks to keep an eye out for any security breaches and investigate it if one does occur.
●Researched the latest in information technology security trends to keep up to date with the subject and use the latest technology to protect information.
●Developed a security plan for best standards and practices for the company.
●Conducted frequent testing of simulated cyber-attacks to look for vulnerabilities in the computer systems and take care of these before an outside cyber-attack.
●Made recommendations to managers and senior executives about security advancements to best protect the company’s systems.
●Hunted for and identify threat actor groups and their techniques, tools and processes and identify gaps in IT infrastructure by mimicking an attacker's behaviors and responded accordingly.
●Designed and built custom tools for investigations, hunting and research to enable automated deployment and monitoring of cloud infrastructure and applications using security tools.
●Responsible for the vulnerability management program that includes periodic scanning, reporting, and tracking remediation of the security vulnerabilities.
●Developed and enforced cloud security standards in Azure including IAM policies, security groups, S3 bucket policies, encryption, network security, cloud workload and container security, logging, monitoring etc.
●Responded to and performed initial investigation and triaging of alerts from security tools and products like SIEM, IDS/IPS, EDR, Email Security etc.
●Performed security assessments based on relevant industry standards and provided remediation approaches to address the security control gaps identified.
●Worked with management and other technical teams in defining and implementing strategic, technical, and operational security/infrastructure controls that are properly aligned with business goals and objectives.
●Responsible for maintaining security configurations for routers, switches, and firewalls and for using applicable encryption methods.
●Coordinated the implementation of security tools and secure infrastructure architectures to support transaction processing and internal initiatives, and implementation and support of transaction processing systems.
●Researched, designed, and developed new information security controls for clients on multiple security technologies such as Firewalls, Intrusion Detection/Prevention Systems, Vulnerability Scanning and SIEM.
Microsoft (Experis IT), West Palm Beach, Fl Nov 2017 to Aug 2018 Office365 Engineer-Remote
O365 migrations - Exchange migrations & upgrades - Active Directory / ADFS / Azure AD, DNS.
Provided leadership and SME level support with emphasis upon adherence to processes and meeting SLA/KPI metrics to other members of the team.
Supported messaging migration of mailboxes, shared/resource mailboxes, distribution list, contacts to O365.
Provided support for escalated incident response related to messaging migration activities.
Created, monitored, and troubleshooted mailbox migrations using PowerShell scripts.
Supported Post-Mailbox Migration configuration tasks such as assigning licensing, enabling, or disabling various mailbox features, performing audit checks, and submitting migration reports, etc.
Performed e-Discovery searches, enabling Litigation Holds, Exporting Mailbox data, etc.
Generated a variety of reports to ensure proper configuration and uniformity.
Provided guidance and assistance with AD account remediation in preparation for migrations.
Troubleshooted end user migration failures, including end user and server outlook client-side support issues.
Created and implemented PowerShell Scripts with MSOL and on-prem and online Exchange.
Supported, configured, and maintained SharePoint 2010 and/or SharePoint 2016 environments.
Defined, implemented, and managed an Azure Cloud based infrastructure.
Office 365, Intune, Exchange Online, SharePoint, Skype for Business, Teams, and other Office 365 products.
DLP Policy Creation/Quarantine.
Microsoft (Blueprint), Charlotte, NC Feb 2015 to Oct 2017
Office365 Engineer
•Provided guidance and recommendations on migration from on-premises servers to Office365(Exchange Online).
•Worked with Microsoft Fast Track Team as needed.
•Provided remediation plan for preparation of multi-tenant environment based on readiness assessment report and business requirements.
•Provided implementation and migration plan of for secure SharePoint Online multi-tenant environment.
•Provided knowledge transfer to security and technical team for Office 365 best practices.
•Security and compliance configuration and management in Office365.
•Microsoft Enterprise Mobility + Security (EMS – E5) configuration.
•Participated in weekly project status and team meetings throughout engagement.
•Experienced designing and implementing Microsoft Office 365, Exchange Server, SharePoint, and Active Directory.
•Consulted large-scale migrations to Microsoft Office 365/SharePoint.
•Supported services including Skype for Business, Exchange Online, SharePoint online, Intune, Teams, and other office 365 services.
•Communicated with both business and technical individuals effectively and explain technologies in a non-technical manner.
•Proficient written and verbal communication skills
•DNS, DHCP, FTP, IIS, Active Directory management.
•Mobile devices configurations and support.
•Experience deploying Office 365.
•Analyzed Office 365 service reports, auditing log, and third-party service reports.
•Implemented various email source migrations (Office 365, Yahoo, G Suite, Exchange) to Office 365 Exchange Online.
Education:
Florida Career College May 2008
Associate of Science in Computer Networking
Northwood University May 2012
Management of Information Systems BSc
University of Maryland University College May 2017
Master of Science in Cybersecurity
Master of Business Administration (MBA)
Certifications:
Microsoft Azure Security Engineer
Microsoft 365 Security Administrator
CompTIA CySA+.
Contact this candidate