Soc Analyst Support
Resume:
HUMPHREY MBAH
Tel:******@*****.*** Tel: 619-***-**** GREEN CARD HOLDER
EXPERIENCE SUMMARY:
I have over 5 years of IT experience as a SOC Analyst with expertise in assessing network, application, and endpoint alerts. I've successfully investigated spam/phishing instances, finding every sign of compromise in the email text and attachment and stopping it. I also have experience in checking the email header for any spoofing behavior. I have practical experience working with SIEM platforms like Splunk, or IronPort, firewalls, intrusion detection/prevention systems, proxies, and web applications. I work well with others and have good communication skills.
EDUCATION
University Of BAMENDA, Cameroon
Bachelor of Science, Computer sciences - 2014
CERTIFICATIONS
• CompTIA Security+
PROFESSIONAL EXPERIENCE:
SOC Analyst JAN 2020 –
CURATIVE INC
Responsibilities:
• Triage and investigate incoming alerts generated from Splunk ES to determine the severity and impact of the event or incidents.
• Investigate, analyze, and process retroactive and reported phishing email alerts from IronPort and following standard operating procedures. Use O365 Threat Explorer to analyze, scope and determine the recipients of the phishing emails within the company.
• Evaluate and process Web Site Review Requests from internal users to access blocked websites using OSINT tools.
• Analyze and resolve DLP alerts from McAfee DLP Manager and Splunk Enterprise Security
(Splunk ES) and escalate cyber privacy incidents to the Privacy Team.
• Work incidents from initial assignment to final resolution.
• Assist in building SOPs as needed or directed to facilitate SOC operations and processes.
• Develop, update, and maintain standard operating procedures and other technical documentation.
• Determines appropriate courses of action in response to identified anomalous network activity.
• Perform all phases of the incident response life cycle including preparation, analysis, containment, eradication, remediation, recovery, and post-incident activities.
• Evaluate external threat intelligence feeds related to zero-day exploits, or other vulnerabilities to determine organizational risk.
• Investigate, analyze, and process phishing email alerts from IronPort and FireEye following standard operating procedures.
• Evaluate and process Web Site Review Requests from internal users to access blocked websites using OSINT tools.
• Analyze DLP alerts and escalate cyber privacy incidents to the Privacy Team.
• Provide log/network/malware/device analysis and making recommendations for remediation of security vulnerability conditions.
• Provide situational awareness and reporting on cybersecurity status, incidents, and trends in adversary behavior to appropriate organizations
• Coordinate with SOC Engineers and Cyber Intel teams to improve tuning and correlation.
• Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident.
• Performs deep-dive incident analysis by correlating data from various sources; determines if a critical system or data set has been impacted; advises on remediation; provides support for new analytic methods for detecting threats.
• Continuously monitors the alert queue; triages security alerts; monitors health of security sensors and endpoints; collects data and context necessary to investigate and validate alerts.
• Monitoring, detection, and analysis of potential intrusions in real-time and through historical trending on security-relevant data sources.
• Fully document assigned tickets to show all work performed and attached the required artifacts in order to pass SLRs.
• Work incidents from initial assignment to final resolution
• Perform Root Cause Analysis (RCA) and make preventative recommendations for incidents and events.
• Conduct forensics and investigations as needed using security tools such as Carbon Black Splunk, FireEye, Cisco IPS, OSINT, etc.
• Assist with the creation of the daily SOC report and Shift reports and pass down emails to the incoming shift member.
• Participate in daily security meetings with team members and customer teams. JUNIOR SOC CURATIVE JAN 2019- JAN 2020
• Monitored and Analyzed security data to identify potential threats.
• Recommended enhancements to soc security process, procedures and policies.
• Participated in security incident management and vulnerability management processes.
• Utmost attention to online monitoring systems to ensure 24/7 and 100% system availability and escalation in case of discrepancy.
• Analyze a variety of network and host-based security appliance logs (FIREWALL, NIDS, SYSLOGS, EDR LOGS, WINDOWS LOGS) to determine the correct remediation actions and escalation paths for each incident.
• Ensured the BII, PII and PHI of our patients, clients and employees are kept confidential through DLP monitoring.
• Ensured integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies through monitoring of vulnerabilities scanning devices.
• Analyzed security event data from the network (IDS, SIEM).
• Understood the product's scope and interactions to correlate product incidents and evaluate its urgency.
• Recognized potential, successful, and unsuccessful intrusion attempts and compromises.
• Thorough reviews and analyses of relevant event detail and summary information. IT Helpdesk Support Analyst DECEMBER 2016- DECEMBER 2018 BORD OF EXAMS
Responsibilities:
• Provided prompt and appropriate response to phone and e-ticket inquiries and requests for assistance with the associated computer systems.
• Performed initial problem analysis, triage, identified, troubleshot customer issues.
• Provided advice and assistance and appropriately referred technical issues to the network team or subject matter experts when appropriate.
• Provided direct assistance to customers via telephone and email.
• Coordinated efforts with staff associates and subject matter experts to resolve problems.
• Maintained liaison with network users and technical staff to communicate the status of problem resolution.
• Assisted with compiling data and prepared reports setting forth progress, adverse trends, and appropriate recommendations based on information from the Call Management Tracking System.
• Assisted with compiling and regularly maintaining a log of Frequently Asked Questions (FAQ) originating with all categories of customers.
• Assisted with providing and managing official answers to all FAQs and distribute same to all interested stakeholders.
• Contributed to the preparation of procedure manuals and documentation for helpdesk use.
• Conducted periodic customer satisfaction surveys and tracked customer problem trends.
• Made recommendations for improvements to customer experience and created reports based on information provided from customer surveys and trend analyses.
• Assisted in the development of a comprehensive help desk training plan; assist in training personnel who provide backup coverage and in training users related to the operation and maintenance of systems.
• Performed other related duties including unlocking user accounts and helping with password reset support.
TECHNICAL SKILLS
• Malware Analysis/Endpoint Security
• Incident Response/Cyber Threat Intelligence
• Network Security Protocols/TCP/IP
• Splunk, Wireshark/Crowdstrike falcon
• PCI-DSS/FIPS/NIST 800 Series
• Snort/Firepower/FireEye/Carbon Black
• Azure Sentinel
• McAfee/Bluecoat/FireEye/
• Palo Alto/Cisco IronPort
• Linux/Windows/ Active Directory
• Archer/ServiceNow/Confluence/Jira
• Microsoft Office 356/ Qualys
• Any. Run Sandbox, Thread grid
• Virus Total, Domain Tools, IP/URL void, IBM X-Force, MX toolbox
Contact this candidate