Cyber Security Information
Resume:
NOAH J ONIMISI
Hanover, Maryland, 21076
**************@*****.***
DoD: TS/SCI
Cyber Security Analyst for 7 years of experience in cyber security, information security, and IT operations. Threat and vulnerability analysis. Investigating, documenting, and reporting on any information security (InfoSec) issues as well as emerging trends. Analysis and response to previously unknown hardware and software vulnerabilities.
PROFESSIONAL EXPERIENCE
GDIT 02/02/2023-present
Department of State
Cybersecurity Analyst
I Was part of a new 24/7 SOC monitoring, analyzing network traffic, and alerts for one of a kind Commercial Software for Classified (CSfC) solution network.
Search for the callback traffic and after traffic of the alert with Splunk index search queries looking for user’s login out of geofencing Zone.
Used Splunk and Fluid Mobility to monitor Geofencing alerts for mobile devices being out of bounds.
Did logs transfer every 4 hours from multiple networks to syslog server for central management and analysis of all logs.
Works with the engineers to make sure all the tools are up to date and running perfectly.
Made sure all the firewalls and IDS were working properly.
Used Splunk to validate all the users IPS and VPN connections were displayed on the Splunk dashboard.
Monitored multiple networks with ScienceLogic making sure all infrastructure was up working properly.
Investigate intrusion attempts and perform in-depth analysis of exploits.
Trained new employees on the environment and mentored less experienced team members.
Created and updated playbooks and SOP’s
Provided upper-level management reports when required or requested.
USCOURTS 04/15/2020 – 02/02/2023
SOC Analyst/Incident Response
Remote
Monitor and analyze network traffic and alerts, search for the callback traffic and after traffic of the alert with Splunk index search queries looking for indications of compromise. And use SIEM tools to check the IOC.
Investigate intrusion attempts and perform in-depth analysis of exploits.
Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident.
Conduct proactive threat research.
Use MITRE ATT&CK and Cyber Kill Chain methodology, looking out for IOC and examine the type attacks, if is reconnaissance movement that means is in the initials stage I will sinkhole the domain or block the IP, If is a lateral movement I will contain the machine then run a scan on the affected machine.
Perform Tier II initial incident triage.
Document all activities during an incident and providing leadership with status updates during the life cycle of the incident.
Create a final incident report detailing the events of the incident.
Provide information regarding intrusion events, security incidents, and other threat indications and warning information to US government agencies.
Data Endure July 2019– April 2020
Cyber Security Analyst
Washington D.C
Working as a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC) analyst.
Experience with Anti-Virus, Intrusion Detection Systems, Firewalls, Active Directory, Web Proxies, Vulnerability Assessment tools and other security tools found in large enterprise network environments; along with experience working with Security Information and Event Management (SIEM) solutions.
Familiarity with various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and host-based intrusion detection systems, and other security software packages.
Performing monitoring and analysis, analyzing network traffic (i.e., PCAP) and log analysis, prioritization and differentiation between potential intrusion attempts, determination of false alarms, insider threat and APT detection, and malware analysis
RemotewebNET March 2016– June2019
Cybersecurity Operations Analyst/IDS Analyst
Leesburg, VA
Perform daily Intrusion Detection Sensor (IDS) monitoring to ensure that all sensors are active.
Review the Security Information Management (SIEM) tool interface, as the tool correlates and aggregates alert data from multiple IDS sensor types and additional security devices.
Review alerts and packet-level data collected from sensors daily and report findings to the government Watch Officer (WO).
Provide incident response functions when appropriate and coordinate activities with field site personnel when directed by the government WO.
Support the government WO in publishing incidents, alerts, advisories and bulletins as required.
Assist the government WO with telephone calls when the WO is away from the Operations Center or handing a caller on another line.
Conduct research pertaining to the latest viruses, worms, etc. and the latest technological advances in combating unauthorized access to information.
Provide guidance and understanding into the Malicious or unauthorized Wireless.
Activities.
Provide visualization, situational awareness and an up-to-date snapshot of wireless cyber events that are ongoing within the facilities.
Provide surveillance and monitoring of the Wireless Intrusion Detection System within Facilities.
Provide Wireless rogue detection.
Provide performance reporting and trending functionality.
Submit an End-of-shift Report summarizing activities for the shift.
EDUCATION
UNIVERSITY OF ABUJA,
Bachelor of Science, Computer science
WES, May 2016
CompTIA Security+ CE
CASP+ CE
Nigeria, Abuja
ADDITIONAL SKILLS
(RCA) Root Course Analysis. Updating ticket by getting responds from Per POC
MS Office; MS Outlook; Symantec Backup Exec; HBSS; McAfee; BMC Remedy; DAR; Guardian Edge, Symantec Endpoint Protection, Microsoft Office 365, ScienceLogic, fluid mobility. Arcsight, Splunk; Bit9, CarbonBlack, AirDefense, Triton(websense), FireEye (Ex,Nx,Ax),
ServiceNow ticketing system, HPE, Wireshark, ThreatStream, PGP, Marimba, TripWire, Tenable Nessus scanning, ScienceLogic, Splunk, CMRS, IAVM
RSA security analysis (NetWitness), Exchange365, DLP(Titus/Symantec), TCP / IP; Citrix.
Blue coat reporter, Azure cloud, Windows Defender, Cloud App Security. Azure Sentinel, Microsoft defender 365
Security Center, FireEye (Trellix) suite of products, Domain Tools, IDS/IPS, and OSINT tools.
SOAR Phantom
Contact this candidate