Post Job Free
Sign in

Soc Analyst Security Guard

Location:
Lanham, MD
Posted:
March 02, 2023

Contact this candidate

Resume:

Therese Nkede

Phone: 301-***-****

Email: ************@*****.***

SUMMARY

Experienced SOC Analyst with great experience working network, endpoint, and phishing investigations. Ability to perform Intrusion Detection, Vulnerability Assessment, Incident Response, and strategies needed to safeguard highly sensitive systems, data, and communications resources. Self-motivated and goal-oriented cyber security professional, with a demonstrated ability to handle complex responsibilities in a demanding environment. SKILLS:

• Endpoint Investigations

• Phishing Email Investigations

• Network Security Protocols/ TCP/IP

• Data Loss Prevention/Anti-Phishing

• Ability to multitask, Ability to work under pressure, Attention to detail, Excellent work ethic, Professional, Reliable, Strong interpersonal skills.

• Strong leadership skills, Exceptional workflow management, Security Guard License, Conflict resolution techniques

TOOLS:

SIEM: Splunk

EDR: Crowdstrike, Cisco AMP, McAfee Endpoint Protection (ePO), Carbon black WAF: Cisco Umbrella, F5 ASM, Cisco Umbrella (Web gateway), McAfee Web Gateway

Email Threat protection: Proofpoint

Ticketing System: Service Now, Jira

• Other Tools: Strike Ready, Tenable Nessus, OSINTS tools, MS Office (Word, Excel, Outlook, Access, PowerPoint)

PROFESSIONAL EXPERIENCE

Zebka Consulting /(MSSP) October 2019 - Current

SOC Analyst L2

• Developed follow-up action plans to resolve reportable issues and communicate with other IT teams to address security threats and incidents accordingly.

• Supported Incident Response till resolution, following Standard Operation Procedures

(SOP)

• Assisted with the development of processes and procedures to improve incident response times, analysis of incidents, and overall, SOC functions.

• Responded to computer security incidents by collecting, analyzing, preserving digital evidence, and ensuring that incidents are recorded and tracked in accordance with organizational SOC requirements.

• Used McAfee DLP to protect intellectual property and ensure compliance by safeguarding sensitive data.

• Monitored and analyzed network traffic, Intrusion Detection Systems (IDS), security events, and logs to identify abnormal and suspicious activity.

• Worked with SOC Engineers and other SMEs to operate Intrusion detection and prevention systems (IDS/IPS) such as SNORT and Sourcefire to analyze and detect worms and vulnerability exploit attempts.

• Staying up to date with current vulnerabilities, attacks, and countermeasures

• Analyzed Threat Patterns on various security devices and validation of false/true positive security incidents.

• Performed investigations relating to potential compromise and worked with the IR team to determine impact and eradication.

• Evaluated existing technical capabilities and systems to identify opportunities for improvement.

• Interpreted information provided by tools to form a sound hypothesis regarding the root cause of an event

• Investigated endpoints using SEPM and successfully terminated and deleted possible malicious file and processes

• Researched and tested new security tools/products and make recommendations of tools to be implemented in the SOC environment

• Investigated VPN alerts and reached out to users to confirm legitimacy of such activity

• Investigated phishing alerts up until containment and eradication

• Leveraged analysis with the MITRE attack framework for confirmed incidents.

• Working knowledge of security platforms and tools, such as firewall, CASB, proxy, SIEM, and SOAR

• Performed email-based investigation and successfully contained phishing emails and potential email account takeovers

• Performed threat intelligence including open-source investigations to identify current attacks that may target the client’s industry

• Provided support in identifying malicious network activity, threats impacting network operations and developing appropriate countermeasures, eliminating network threats and vulnerabilities

• Investigated alerts and performed searches on Splunk SIEM SOC Analyst L1 November 2019 – Sept 2020

• Prioritized and differentiate between potential intrusion attempts and false alarms.

• Performed Guardium monitoring in Splunk.

• Analyzed email logs to confirm malicious emails were not delivered or are quarantined and malicious attachments dropped.

• Performed real-time log monitoring in the Security Operations Centre from different devices such as Firewalls, IDS, IPS, Operating Systems like Windows, Linux, Proxy Servers, Windows Servers, System Applications, Databases, Web Servers, and Networking Devices

• Monitored the health of security devices and Syslog instances and responded to anomalies as defined in the SOP

• Assist analyst investigation and ticket creation efforts. Provide daily monitoring and alerting of events that occur within the near real-time environment.

• Manage the SOC mailbox and monitor and analyze the emails for threats including phishing and malware, and escalates per procedure.

• Monitor, evaluate, and assist with the maintenance of assigned security systems in accordance with industry best practices to safeguard internal information systems and databases

• Stay informed of current events in the security industry including the latest exploits and threats as well as preventative measures, remediation, and restoration techniques

• Identify improvements within processes, procedures, policies, staffing, training, and tools to improve efforts and daily operations.

• Triages alerts observed on different security tools to detect activities that consider as false positives.

EDUCATION & CERTIFICATIONS

• University of Yaoundé I B.Sc., Information Technology

• CompTIA Security+ SYO-601

• CISSP (in progress)



Contact this candidate