Soc Analyst Incident Response

ABDUL KAHAR AHMED SUALLAH

************@*****.*** 202-***-**** Stafford, USA 22554

Summary

Accomplished Snr. SOC Analyst with a proven track record at Amazon, adept in leading incident response teams and conducting advanced threat analysis. Excelled in leveraging SIEM for optimal incident identification, demonstrating exceptional teamwork and communication skills. Skilled in Python programming and effective incident prioritization, enhancing organizational cybersecurity posture.

Technical Abilities

Python, TCP/IP, LANs, VPNs, Routers, Firewalls, Wireshark

Nmap, Azure Sentinel, Microsoft 365 Defender, Azure AD

Splunk, QRadar, Qualys, Log Management,

Anti-Virus Tools, Sourcefire, McAfee Web Gateway

McAfee DLP, Norton, Symantec, Cisco ASA

Cisco Firepower, VirusTotal

URLVoid, Metadefender, URLscan, AbusIPDB, PVoid

LookingGlass, MxToolbox, Joe Sandbox, Hybrid Analysis

CyberChef, Zscaler, Active Trust, Cloud Security

Firewall configuration, Access control, Endpoint security

Security policies, Operating system security

Data loss prevention, Encryption techniques

Social engineering, Malware analysis, Wireshark usage

Web security, Security analysis, Python programming

Intrusion detection, SIEM management, Reverse engineering, Network Monitoring

DNS management, Incident response, Threat intelligence, Penetration testing, TCP and IP protocols

Experience

Snr. SOC Analyst Amazon - Virginia 04/2022 - Current

Leadership and Training: Led and mentored Tier 1 and Tier 2 incident responders, fostering teamwork and skill development to investigate and resolve computer security incidents effectively

Technical Lead: Served as the primary technical lead during incident events, offering hands-on investigation expertise and support

Intrusion Investigation: Spearheaded investigations into network intrusions and various cybersecurity incidents, determining the root causes and extent of attacks

Effective Communication: Summarized events and incidents in both written and verbal forms, tailoring communication for diverse audiences, including legal counsel, executive management, and technical staff

Incident Response Ownership: Took ownership of incident response based on escalation and handoff procedures from junior or mid-career team members

SIEM Utilization: Leveraged the Security Incident Event Management (SIEM) platform for incident identification and response

Continuous Monitoring: Conducted ongoing reviews of SIEM dashboards, system and application logs, Intrusion Detection Systems (IDS), and custom monitoring tools

Advanced Threat Analysis: Performed sophisticated malware detection and in-depth threat analysis

Incident Prioritization: Effectively prioritized and distinguished between potential incidents and false alarms, optimizing incident response efforts

Collaborative Teamwork: Collaborated with cross-functional teams including DLP Engineers, Splunk Engineers, NOC, Threat Intel Team, Red Team, Hunt Team, Forensic Investigators, and Database Analysts

Evidence Handling: Maintained the chain of custody for all evidence collected during incidents, ensuring the integrity of data for security and forensic investigations

Information Security Analyst Walmart - Virginia 04/2017 - 01/2022

Employ MITRE ATT&CK and Cyber Kill Chain methodologies to proactively conduct threat research

Monitor and analyze network traffic and alerts for potential security threats

Perform Tier II initial incident triage, swiftly identifying and prioritizing security incidents

Investigate intrusion attempts and conduct in-depth analysis of exploits to assess their impact and scope

Offer guidance on network intrusion detection to support timely incident declaration and effective decision-making

Conduct a thorough analysis of phishing emails to identify tactics, techniques, and indicators of compromise

Manage vulnerability assessments and coordinate the remediation of security vulnerabilities within the organization

Maintain meticulous documentation of all incident-related activities and deliver regular status updates throughout the incident lifecycle

Prepare comprehensive final incident reports outlining the sequence of events and lessons learned

Collaborate with US government agencies to provide critical information on intrusion events, security incidents, and emerging threat indicators and warnings

Help Desk Assistant Ghana Telecommunication - Ghana 04/2014 - 01/2017

Supported internal and external users through troubleshooting, issue escalation, and deploying hardware/software

Assisted with installations, upgrades, and provided advanced troubleshooting for Windows and Mac OS

Identified and recommended upgrades to IT and communications infrastructure

Collaborated with unit personnel on infrastructure development

Addressed performance and capacity issues

Provided onsite and remote technical support

Managed equipment installations, removals, and monitored network infrastructure

Utilized ticketing systems Remedy and ServiceNow for documentation and issue resolution

Education

University of Education Winneba 08/2014

Bachelor of Science: Computer Science

Ho Technical University 08/2011

Higher National Diploma: Computer Science

Certifications

CompTIA Security+

Certified Ethical Hacker Certification (CEH)

Certified Information Security Manager (CISM)

Technical abilities

Windows, Linux, Mac OS, Service Now, JIRA/Confluence, Spiceworks, Archer, Remedy, SIMS Ticketing, Java, Python, TCP/IP, LANs, VPNs, Routers, Firewalls, Wireshark, Nmap, Snort, Azure Sentinel, Microsoft 365 Defender, Azure AD, Splunk, QRadar, Qualys, Log Management, Anti-Virus Tools, Fire Eye, IronPort, Sourcefire, McAfee Web Gateway, McAfee DLP, Wireshark, Norton, Symantec, Cisco ASA, Cisco Firepower, Metadefender, VirusTotal, URLVoid, URLscan, AbusIPDB, IPVoid, LookingGlass, MxToolbox, Joe Sandbox, Hybrid Analysis, CyberChef, Zscaller, Active Trust

Contact this candidate