Post Job Free
Sign in

Soc Analyst Desktop Support

Location:
Houston, TX
Posted:
November 15, 2022

Contact this candidate

Resume:

Nwebi Nkambfu

Tel: 240-***-**** Email: ********@*****.***

SUMMARY STATEMENT

Results oriented Cyber security professional with over 7 years’ experience. I specialize in threat analysis, incident response, Endpoint Detection and Response (EDR) and threat intelligence research. Can provide technical and risk control solutions and guidance. Support various systems to help reinforce the security posture and address security and policy weaknesses using strong analytical and problem-solving skills.

EDUCATION

B.Sc. Computer Science – 06/2012

CERTIFICATION

CompTIA Security Plus – 06/2021

Splunk Fundamental I

TECHNICAL SKILLS

Cyber Security Skills: Specialized in incident response process and security analysis. Experienced on hands-on projects, in SOC monitoring, analysis of potential and active threats using cutting-edge security tools. Currently working towards getting Cysa+ certification.

SIEM: Splunk (Enterprise Security), Solarwinds, IBM Qradar

End Point Security: Carbon Black EDR, CrowdStrike, Symantec Bluecoat, Palo Alto

Email Security: PhishER, ProofPoint, Windows Defender

Vulnerability Management: Tenable Nessus, Rapid 7, OpenVas

Ticketing Systems: ServiceNow, SharePoint, Jira, Resilient,

Security: Phishing Analysis, OWASP 10, Command Line Tools, Active Directory/Microsoft Office

Threat Intelligence: MITRE ATT&CK, Cyber Kill Chain, Malware Analysis, Maltego, CrowdStrike/TrendMicro, VirusTotal, DomainTools, IP/URLvoid, PhishER, Kali Linux, Metasploit Framework.

Networking: Wireshark packet analysis, DNS, Whois, TCP/IP packet analysis, OSI Layers, routing, protocols, ports, SMTP, HTTP, DHCP, NAT, VirtualBox, OSs: Windows, Unix/Linux.

Programming: Python (beginner), Bash ( beginner)

PROFESSIONAL EXPERIENCE

SOC Analyst 4/2018 to present

BlueVoyant, LLC

Performing active real-time security monitoring and investigating complex security events.

Conduct advanced security event detection and threat analysis for complex and/or escalated security events.

Provide log/network/malware/device analysis and making recommendations for remediation of security vulnerability conditions.

Develop internal and external documentation, such as detailed procedures, playbooks, and operational metrics reports.

Coordinating with Senior Analysts and/or Duty Manager for high priority incidents.

Coordinate with SOC Engineers and Cyber Intel teams to improve tuning and correlation.

Monitor and analyze network traffic and alerts.

Investigate intrusion attempts and perform in-depth analysis of exploits.

Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident.

Conduct proactive threat research.

Perform Tier I initial incident triage.

Document all activities during an incident and providing leadership with status updates during the life cycle of the incident.

Create a final incident report detailing the events of the incident

Provide information regarding intrusion events, security incidents, and other threat indications and warning information to the clients.

Respond to cyber incidents, including responding to IR phone calls and emails, and preparing situational awareness reports for the agency, its bureaus, and/or agency management

Act as main investigators for potential incidents identified by SOC analysts

Investigate phishing and self-identified potential cyber threats (phishing emails sent to the CIRT)

Work with Agency users to analyze, triage, contain, and remediate security incidents

Track incident managements thoroughly and communicate with end users and senior CIO officials effectively

Participate regularly in SOC working group sessions, to include idea generation for new content rules for security alerting and reduction of false positives. Collaborate across organizational lines and develop depth in your desired cyber discipline and/or technologies

Follow documented procedures yet have an eye towards process improvement/effectivity

Knowledgeable on multiple technology and system types

Able to articulate the incident response lifecycle

Manages and responds to computer security incidents that involve enterprise systems and data including personally identifiable information (PII) breaches

Detect, collect and report cybersecurity incidents

Experience detecting and remediate malicious codes

Helps improve the overall security posture by independently verifying the security of enterprise systems, and to ensure the timely dissemination of security information to the appropriate stakeholders

Analyze firewall logs, Full Packet Capture (PCAP), IDS alerts, Anti-malware alerts, Host Intrusion Prevent System (HIPS), and server and application logs to investigate events and incidents for anomalous activity and produce reports of findings

Conduct reviews and analysis of proxy logs, Microsoft Windows and Active Directory logs, Orchestrator logs, and malicious code to identify, contain, eradicate, and ensure recovery from incidents

SOC Analyst 2/2014 – 3/2018

ShorePoint, LLC

Supported, and remediated issues about current and future versions of desktop operating systems to include, but not limited to, Windows 10 operating systems and periodic system updates.

Integrated system peripherals such as printers, scanners, digital senders, mass storage devices, etc. into users’ workstations.

Configured and supports end-user network connectivity including, but not limited to, wired LAN and wireless LAN.

Demonstrated knowledge of Google's Android and Apple's iOS operating systems used primarily in mobile technology, and supported hardware devices such as smartphones and tablets.

Demonstrated knowledge in Android's Linux-based open-source technology.

Troubleshoots various users' devices such as major manufacturers for Samsung for Android and iOS Apple iPhone and iPad devices. Know its interface and basic features according to government standards to help customize, troubleshoot, and restore user issues.

Performed Purebred Agent duties to assist mobile wireless users in registering their derived credentials with the DISA database for all wireless devices.

Verified Security Technical Implementation Guide requirements have been established on user smartphone devices.

Provided support for all IT equipment, including PCs, printers, portable computers, multi-function print devices, smartphone devices, Polycom (video VTC) units, and other miscellaneous IT equipment.

Installed configures and supports current and future versions of networking protocols for wired and wireless connectivity, for local and remoter users.

Installed, configured, and troubleshoot e-mail client software (Outlook) and guide/assist customers in the management of their email and use of these client applications including, but not limited to, the use of rules and personal folders/archives.

Logged all initial requests for service (i.e., incidents) that circumvent the NMCI Helpdesk (e.g., customer contacts desktop support technician directly) into the CNIC G2 Trouble Ticket Tracking Database within a timeframe mutually agreed upon between the contractor and the Government’s Technical Representative, but no later than 4 business hours after completion of the call. -Acknowledges all incidents within the timeframe specified.

Provided detailed documentation of all tasks, troubleshooting steps, and status of each incident by making appropriate entries in the G2 Trouble Ticket Tracking Database within a timeframe mutually agreed upon between the contractor and the Government’s Technical Representative, but no later than 4 business hours after most recent contact with the customer.

Performed equipment relocation, installation, expansion, connection/disconnection, upgrades, support/maintenance, and preventive maintenance of computer systems hardware, documentation, and peripheral devices.

Reference available upon request.



Contact this candidate