Post Job Free
Sign in

Security Specialist Scrum Master

Location:
Austin, TX
Posted:
June 26, 2023

Contact this candidate

Resume:

Henry Ndam

Security Operations Center (SOC)

Analyst

Phone 803-***-****

Email *************@*****.***

Address Manor, TX 78653

CAREER OBJECTIVE

A resourceful, self-motivated, goal-driven, and result-oriented cybersecurity professional with great accomplishments in working network, endpoint, and phishing investigations. Performing Intrusion Detection, Vulnerability Assessment, Incident Response, and strategies needed to safeguard highly sensitive systems, data, and communications resources. EXPERIENCE

SECURITY OPERATION CENTER (SOC) ANALYST — Pitch Technologies Plano, TX, July 2019 - Present

Fully documenting assigned tickets to show all work performed and attach the required artifacts to pass SLRs

Assisting with the creation of the daily SOC reports and shift reports and pass down emails and tickets to the incoming shift team

Investigating traffic to suspicious domains and IPs and submitting blocks to the NOC per the investigation results

Using Firepower IPS/IDS and FireEye NX to investigate possible intrusion attempts

Conducting research on new and evolving threats and vulnerabilities using different OSINT sources

Researching new and evolving threats and vulnerabilities with potential to impact the monitored environment

Conducting log analysis using Splunk

Identifying suspicious/malicious activities or codes

Monitoring and analyzing security events to determine intrusion and malicious events.

Searching firewall, email, web, or DNS logs to identify and mitigate intrusion attempts.

Investigating VPN alerts and following up with users to determine legitimacy of such activity

Investigating possible brute-force attempts and followed up with mitigation strategies based on user feedback

Working in a 24x7 Security Operations Center

Continuous monitoring and interpretation of threats using the IDS and SIEM

Using Vulnerability Assessment tools such as Nessus to perform scheduled and manual scans as required

Investigating malicious phishing emails, domains and IPs using Open-Source tools and recommending proper blocking based on analysis

Rescanning mitigated systems for further infections using CrowdStrike and Symantec AV and commissioning systems back to the network

Creating, tracking, and working to resolution normal and standard job-related change Requests

Analyzing and resolve DLP alerts from McAfee DLP Manager and FireEye Smartvision and Escalating cyber privacy incidents to the Privacy Team.

Working incidents from initial assignment to final resolution. Investigating, analyzing, and processing retroactive and reported phishing email alerts from IronPort while following standard operating procedures.

Using O365 Threat Explorer to analyze, scope and determine the recipients of the phishing emails withing the company.

Evaluating and processing Web Site Review Requests from internal users to access blocked websites following organization policies and OSINT tools.

Assisting in building SOPs as needed or directed to facilitate SOC operations and processes

Investigated VPN alerts and reached out to users to confirm legitimacy of such activity

Performed real - time log monitoring in the Security Operations Center from different devices such as Firewalls, IDS, IPS, Operating Systems like Windows, Linux, Proxy Servers, Windows Servers, System Application, Databases, Web Servers, and Networking Device

Investigated phishing alerts up until containment and eradication

Leveraged analysis with the MITRE attack framework for confirmed incidents

Monitored the health of security devices and syslog instances and responded to anomalies as defined in the SOP

Performed email-based investigation and successfully contained phishing emails and potential email account takeovers

Performed threat intelligence including open-source investigations to identify current attacks that may target the client's industry

Provided support in identifying malicious network activity, threats impacting network operations and developing appropriate countermeasures, eliminating network threats and vulnerabilities

Investigated alerts and performed searches on Splunk SIEM CYBER SECURITY SPECIALIST — Trinitech Consulting

Beltsville, MD, April 2017 - July 2019

Performed the ongoing RMF/A&A/ATO projects in support of client security systems using FISMA and NIST SP 800-37 Rev 1 as a guide

Categorized Information Systems (using FIPS 199 and NIST SP 800-60 Vol 2 Rev 1 as a guide)

Selected and implemented applicable security controls (technical, operational and management) using NIST SP 800-53 Rev 4 as a guide

Created, updated, and revised System Security Plans, Contingency Plans, Incident Reports and Plan of Action & Milestones (POA&Ms)

Independently developed a variety of Security Authorization deliverables including; System Security Plans, Security Assessments Reports, Configuration Management Plans, Contingency Plans, and POA&M

Reviews Privacy Impact Assessment (PIA) document after a positive PTA is created and ensure PII findings are recorded in the System of Record Notice (SORN)

Generated, reviewed, and updated System Security Plans (SSP) against NIST 800-18 and NIST 800 53 requirements

Performed ongoing continuous monitoring using NIST 800-137 Rev 1 as a guide

Created Splunk dashboards to capture all customized logs generated by systems and applications

Assisted with compliance reviews and conduct audits to ensure information systems (IS) maintain the authorization baseline

Kept current with vulnerabilities, attacks, and countermeasures as well as devoting time to research and development activities

Implemented processes and manage tools used to identify vulnerabilities (Nessus) and track their remediation within thent

Analyzed penetration test results and engage with technology partners and business units in order to resolve identified vulnerabilities within SLAs

Reviewed and update Contingency Plans (CP) and participated in the Contingency Plan Tests (CPT)

Ensured that risk mitigation activities are taking place and appropriate documentation is provided from the project team(s), or customer

Managed the Vendor Due Diligence program which ensured all clients (PI) personal information stored by vendor's is secured/encrypted while being backed up and transferred over the internet

Created new risk assessment questionnaires requested by customer firms, partners, insurance companies based on types of information stored and current NIST standards EDUCATION

BACHELOR OF SCIENCE (B.S.) IN MATHEMATICS

— University of Yaoundé 1

Relevant Coursework

Minor in Physics

SKILLS

Malware Analysis/Endpoint Security

Network Security Protocols/TCP/IP

Jira ServiceNow Confluence

McAfee Web Gateway Bluecoat

FireEye Palo Alto/Cisco IronPort

Microsoft Office 356 SharePoint OneDrive

Firepower Cyber Kill chain Mitre Att&ck

Incident Response/Cyber Threat Intelligence

Cloud Computing

Splunk CrowdStrike Nessus

O365 Snort Firepower FireEye

Linux Windows Active Directory

Virus Total Domain Tools IP/URL void, IBM X-Force

Anyrun Threat Grid Sandbox

CERTIFICATIONS

CompTIA Security + Splunk Fundamentals 1

Professional Scrum Master 1



Contact this candidate