Incident Response Cyber Security
Resume:
Isam Al Rikabi
Bachelor’s degree in computer science, Training, and technical work experience, and 20+ years of experience, Ability to obtain Security+ certification within 90 days of hire. Experience working in dynamic team-based environment. Understanding software/application development processes, Degree in Software Engineering and familiarity with programming or scripting languages (Python), Strong problem-solving and troubleshooting skills
Tools
Microsoft Defender for Identity, Defender for Endpoint, Defender for O365, Azure Information Protection, Microsoft Information Protection, Azure Sentinel, Crowdstrike, Splunk Enterprise Security, SIEM IBM QRadar, JIRA, ServiceNow, Confluence, SolarWinds, SPLUNK, McAfee, Windows, Linux, Unix, LAN, WAN, VPN, IPSec
Python, PowerShell Scripting
Training
CySec-102-2020 Training, Security+ 2019 Training, Cyber Security Fundamentals 2019 Training Certificates, CCNA Training
Training: Analytical and problem-solving skills. Analyze & remediate security incidents, Reduce False Positives, Log source management.
Education
1- Granting institution : Montgomery College, Silver Spring, Maryland,
http://cms.montgomerycollege.edu/edu,
Non degree: Cisco CCNA Complete Training
Date of graduation: July 2012
2- Granting institution: Informatics Institute for Postgraduate Studies,Iraq\Baghdad
Higher Diploma Software Engineering (Degree) October
2000 equivalents to Master Degree, https://uoitc.edu.iq/
Contact Information: (+964) 078********, ady58u@r.postjobfree.com
Date of graduation: October 2000
3- Granting institution: University of Basra, College of Science, Iraq\Basra
https://en.sci.uobasrah.edu.iq/ Bachelor of Science in Computer,
Science (Degree), October 1995
Contact Information: ady58u@r.postjobfree.com
Date of graduation: October 1995
Professional Experiences
IOMAXIS, LLC, Lorton, VA Mar 2023 –June 2023
SOC\NOC Analyst Security Incident Response
Analyze information technology security events to discern events that qualify as legitimate security incidents as opposed to non-incidents/false positives.
Monitoring and analyzing events with SPLUNK Enterprise Security Information Event Monitoring (SIEM) system.
Support of network and security operations monitoring • Monitor/create custom search queries and dashboards in Splunk.
Discover and analyze all classes of malicious attacks on different networks/systems, providing analysis from logs and utilizing tools (automated and manual methods) to provide recommendations for remediation.
Provide Incident Response (IR) support when analysis confirms actionable incident.
Work with the team to mitigate, and respond to threats quickly, restoring operations and limiting impact.
Recommending tuning and filtering of events and information, creating custom views and content using all available tools following an approved methodology and with approval and concurrence from management
Provide Incident Response (IR) support when analysis confirms actionable incident.
Work with the team to mitigate, and respond to threats quickly, restoring operations and limiting impact.
IBM Remote - WI May 2021 – July 2022
Sr. Cyber Security Analyst and Incident Response
Experience analysis and containment of security incidents and eradication of threats during the Incident Response process using a range of tools: log analysis, Forensics Analysis, DLP, Wireshark network traffic analysis and Endpoint detection and response (EDR) solutions like Microsoft Defender, Azure Sentinel, CrowdStrike, Security Information and Event Management (SIEM) solutions like QRadar, Splunk, and other data sources. Escalation and review for complex and high-severity cases referred from the 24x7 SOC and other analysts, malware investigation/remediation and hold stakeholders accountable for remediation actions.
Triages, escalation, and assisting the response of cybersecurity, policy and privacy related events and incidents.
Perform investigation into user reported threats such as Proofpoint TAP phishing, machine compromise, advanced threats throughout SOC Tools.
Review security alerts and evaluate urgency and relevancy, perform initial security investigation and triage and manage containment and remediation efforts of affected assets, IOCs, and TTPs
Reviews compromised systems, messages, and reports to identify possible violations of security, gaps in controls and any unauthorized disclosure, modification, substitution, or use of sensitive data (e.g., keys, metadata, or other security-related information) or the unauthorized modification of a security-related system, device or process in order to gain unauthorized access and unauthorized software.
Experiences in a ticketing and monitoring systems, and maintains records of security monitoring and incident response activities, and ticketing technologies throughout ServiceNow.
Familiarity with Kusto Query Language (KQL) & Splunk Search Processing Language (SPL) and regex.
Communicates alerts to clients regarding compromises to their network infrastructure, applications, and operating systems.
Manages and configures security monitoring tools and expert through the Incident Response life-cycle
Azure Security Center
Tools: Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, Data Loss Prevention, Microsoft Defender for Office and Azure Sentinel, Wireshark, SIEM
Dollar Tree – Chesapeake, VA Apr 2019 – Apr 2020
SOC Analyst Security Incident Response (Consultant)
Experience working as an Analyst Security and Incident Responder, familiarity with security tools (Vulnerability Management, SIEM, Endpoint Security), knowledge and experience with using cloud computing technologies including AWS and Azure, knowledge of TCP/IP networking, networking topology, protocols, and services, knowledge of Microsoft operating systems and Incident Response coordination processes, experience analyzing security logs from SIEM, Firewalls, and Vulnerability
Experience monitoring threat feed sources Experience authoring Incident Response Playbooks Knowledge of SOC tools like Virus Total, various Sandboxes, Malware Analysis, network and server administration
Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, Data Loss Prevention, Microsoft Defender for Office and Azure Sentinel
Endpoint detection and response (EDR) solutions like Microsoft Defender Security Information and Event Management (SIEM) solutions like Splunk, QRadar
SIEM monitoring, analysis, development, and maintenance. Research, analysis, and response for log alerts. Conduct analysis of network traffic and host activity across Wireshark platforms. Incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user, and remediation Proofpoint, AWS, ServiceNow.
SOC Analyst – security monitoring and triage Incident Response – investigating alerts and packet analysis.
Investigation and analysis reports for internal SOC consumption and delivery to management.
Track threat actors and associated tactics, techniques, and procedures (TTPs).
Hands-on experience on analyzing host, network, and application logs.
Experience with vulnerability and risk management, including performing security scans and risk assessments to identify potential vulnerabilities, track the remediation of findings to reduce risks.
Maintains security by monitoring and ensuring compliance with standards, policies, and procedures, conducting incident response analyses.
Ensures the enterprise’s security and privacy policies are followed and follow playbook/runbook for incident escalation
Medicare & Medicaid Services, Baltimore, MD Nov 2018 - Apr 2019
Threat and Vulnerability Management
Federal Contracting Experience, EIT AT CMS
Cyber SOC Security Analyst
Performs operational assessment, prioritization, and remediation of enterprise vulnerabilities and exposures.
Collects, assesses, and reports upon operational security metrics to measure the effectiveness of security controls and identify opportunities for improvement
Performs analysis and response to relevant alerts and events.
Security Automation Scripting, Pen Testing Tools, Security testing, Risk Assessment, conduct cyber security audit, backup, and patches testing, FedRAMP, NIST, HIPAA & FISMA, CFACTS.
Map findings from (Windows, Unix, Linux, DB, VMware, Web Application, URL) with various scenarios to SP 800-53Ar4 security control families, pull out the findings and risks then mapping the findings to a list of NIST SP 800-53Ar4 Security Controls, collecting, and analyzing output data from multiple sources.
Pen Testing Tools Zap, Burp Suite, Nmap, Nessus, and other tools to find the findings and map them to SP 800- 53Ar4 security control families
Risk Assessment.
NIST, HIPAA, FedRAMP, & FISMA: NIST SP 800-37r1, NIST SP 800-53Ar4, NIST SP 800-160, NIST IR 8011- 1,-2. Risk Management Framework (RMF)
Built, modified and run scripts to test (OSs, DBs, Applications), Scripting (Bash, Python, and PowerShell).
Ford Motor, Detroit, MI Mar 2015 - Oct 2018
Sr. Cyber Security SOC Analyst
•Professionals of QRadar SIEM log management, manages, network activity, assets, Log/Events/Flows analysis, searches, data extractions, reviews and analysis raw logs and payloads into SIEM (Logs/Flows) from Enterprise and various systems alerts, event traffic patterns, and development lead to parse the logs into QRadar, and develops regular expressions, RegEx, DSM, and LSX Parsing to parse the interested fields, SIEM content and use cases such as common rules test against both events and flow data and offenses, automation, configuration, integration, management, and documentation, QRadar Filters, Searches, Indexes.
•Builds, installs, develop, implement, architect, configures, maintenance, supports and integrates security tools that complies with vendor and customer requirements into large enterprise environment, assists with the proof of concepts and testing of new security tools into Development, QA Test, and Production Environments.
Johns Hopkins University, Rockville, MD Oct 2011 - Mar 2012
Security Engineer
•The LAN/WAN Administrator position is responsible for the administration of Windows 2003 & 2008 servers and AD, and CISCO switches VLAN configuration, manages the computing environment using Altiris, and SCCM 2012.
•Manages user Accesses and file/folder security and shares and manages projects for upgrades, migrations refreshes, Familiar with Firewalls, switches, routers, and basic network troubleshooting.
•Installs new software releases, Implement System upgrades. Evaluate and install patches.
•Manage projects for updates and maintenance.
•Maintain data files, documentation and monitor System configuration to ensure data integrity. Analyze and resolve problems associated with Server hardware and application software.
•Provide next level support for network, software, Desktop and peripherals to Help Desk support staff.
•Detects, diagnoses and reports problems for servers and workstations relating to security, hardware, and software.
•Environment: Windows 2003 & 2008 servers and AD, Unix Solaris 10, CISCO switches VLAN configuration, Altiris, SCCM 2012, Symantec Endpoint Protection, Exchange Server, SQL Server, IIS; DNS, DHCP, TCP/IP; NetBIOS.
IT Specialist Outside USA from Oct 2000 to Oct 2011
Installing, administration & maintenance of client networks and Installs MS Office, System upgrades, Evaluate and install patches.
Supported core Windows technologies (Windows server 2003 & 2008, Windows 7/XP)
Deploy Windows 7, and upgrade from Windows XP, Assisted in administering and supporting Active Directory environment.
Contact this candidate