Henry Ndam
Security Operations Center (SOC)
Analyst
Phone 803-***-****
Email *************@*****.***
Address Manor, TX 78653
CAREER OBJECTIVE
A resourceful, self-motivated, goal-driven, and result-oriented cybersecurity professional with great accomplishments in working network, endpoint, and phishing investigations. Performing Intrusion Detection, Vulnerability Assessment, Incident Response, and strategies needed to safeguard highly sensitive systems, data, and communications resources. EXPERIENCE
SECURITY OPERATION CENTER (SOC) ANALYST — Pitch Technologies Plano, TX, July 2019 - Present
Fully documenting assigned tickets to show all work performed and attach the required artifacts to pass SLRs
Assisting with the creation of the daily SOC reports and shift reports and pass down emails and tickets to the incoming shift team
Investigating traffic to suspicious domains and IPs and submitting blocks to the NOC per the investigation results
Using Firepower IPS/IDS and FireEye NX to investigate possible intrusion attempts
Conducting research on new and evolving threats and vulnerabilities using different OSINT sources
Researching new and evolving threats and vulnerabilities with potential to impact the monitored environment
Conducting log analysis using Splunk
Identifying suspicious/malicious activities or codes
Monitoring and analyzing security events to determine intrusion and malicious events.
Searching firewall, email, web, or DNS logs to identify and mitigate intrusion attempts.
Investigating VPN alerts and following up with users to determine legitimacy of such activity
Investigating possible brute-force attempts and followed up with mitigation strategies based on user feedback
Working in a 24x7 Security Operations Center
Continuous monitoring and interpretation of threats using the IDS and SIEM
Using Vulnerability Assessment tools such as Nessus to perform scheduled and manual scans as required
Investigating malicious phishing emails, domains and IPs using Open-Source tools and recommending proper blocking based on analysis
Rescanning mitigated systems for further infections using CrowdStrike and Symantec AV and commissioning systems back to the network
Creating, tracking, and working to resolution normal and standard job-related change Requests
Analyzing and resolve DLP alerts from McAfee DLP Manager and FireEye Smartvision and Escalating cyber privacy incidents to the Privacy Team.
Working incidents from initial assignment to final resolution. Investigating, analyzing, and processing retroactive and reported phishing email alerts from IronPort while following standard operating procedures.
Using O365 Threat Explorer to analyze, scope and determine the recipients of the phishing emails withing the company.
Evaluating and processing Web Site Review Requests from internal users to access blocked websites following organization policies and OSINT tools.
Assisting in building SOPs as needed or directed to facilitate SOC operations and processes
Investigated VPN alerts and reached out to users to confirm legitimacy of such activity
Performed real - time log monitoring in the Security Operations Center from different devices such as Firewalls, IDS, IPS, Operating Systems like Windows, Linux, Proxy Servers, Windows Servers, System Application, Databases, Web Servers, and Networking Device
Investigated phishing alerts up until containment and eradication
Leveraged analysis with the MITRE attack framework for confirmed incidents
Monitored the health of security devices and syslog instances and responded to anomalies as defined in the SOP
Performed email-based investigation and successfully contained phishing emails and potential email account takeovers
Performed threat intelligence including open-source investigations to identify current attacks that may target the client's industry
Provided support in identifying malicious network activity, threats impacting network operations and developing appropriate countermeasures, eliminating network threats and vulnerabilities
Investigated alerts and performed searches on Splunk SIEM CYBER SECURITY SPECIALIST — Trinitech Consulting
Beltsville, MD, April 2017 - July 2019
Performed the ongoing RMF/A&A/ATO projects in support of client security systems using FISMA and NIST SP 800-37 Rev 1 as a guide
Categorized Information Systems (using FIPS 199 and NIST SP 800-60 Vol 2 Rev 1 as a guide)
Selected and implemented applicable security controls (technical, operational and management) using NIST SP 800-53 Rev 4 as a guide
Created, updated, and revised System Security Plans, Contingency Plans, Incident Reports and Plan of Action & Milestones (POA&Ms)
Independently developed a variety of Security Authorization deliverables including; System Security Plans, Security Assessments Reports, Configuration Management Plans, Contingency Plans, and POA&M
Reviews Privacy Impact Assessment (PIA) document after a positive PTA is created and ensure PII findings are recorded in the System of Record Notice (SORN)
Generated, reviewed, and updated System Security Plans (SSP) against NIST 800-18 and NIST 800 53 requirements
Performed ongoing continuous monitoring using NIST 800-137 Rev 1 as a guide
Created Splunk dashboards to capture all customized logs generated by systems and applications
Assisted with compliance reviews and conduct audits to ensure information systems (IS) maintain the authorization baseline
Kept current with vulnerabilities, attacks, and countermeasures as well as devoting time to research and development activities
Implemented processes and manage tools used to identify vulnerabilities (Nessus) and track their remediation within thent
Analyzed penetration test results and engage with technology partners and business units in order to resolve identified vulnerabilities within SLAs
Reviewed and update Contingency Plans (CP) and participated in the Contingency Plan Tests (CPT)
Ensured that risk mitigation activities are taking place and appropriate documentation is provided from the project team(s), or customer
Managed the Vendor Due Diligence program which ensured all clients (PI) personal information stored by vendor's is secured/encrypted while being backed up and transferred over the internet
Created new risk assessment questionnaires requested by customer firms, partners, insurance companies based on types of information stored and current NIST standards EDUCATION
BACHELOR OF SCIENCE (B.S.) IN MATHEMATICS
— University of Yaoundé 1
Relevant Coursework
Minor in Physics
SKILLS
Malware Analysis/Endpoint Security
Network Security Protocols/TCP/IP
Jira ServiceNow Confluence
McAfee Web Gateway Bluecoat
FireEye Palo Alto/Cisco IronPort
Microsoft Office 356 SharePoint OneDrive
Firepower Cyber Kill chain Mitre Att&ck
Incident Response/Cyber Threat Intelligence
Cloud Computing
Splunk CrowdStrike Nessus
O365 Snort Firepower FireEye
Linux Windows Active Directory
Virus Total Domain Tools IP/URL void, IBM X-Force
Anyrun Threat Grid Sandbox
CERTIFICATIONS
CompTIA Security + Splunk Fundamentals 1
Professional Scrum Master 1