Information Security Analyst

FABIO HENRIQUE SANTOS

Information Security Analyst

*************@*****.*** +1-437-***-**** Mississauga, ON

LinkedIn: linkedin.com/in/fabiohenrique-santos Blog: medium.com/@fsantos094tmc

PROFESSIONAL SUMMARY

Information Security Analyst with three years of experience in SOC operations, malware analysis, and threat hunting. Mentored by industry veterans to identify attack patterns, improve response times, and implement robust security controls. Demonstrates a positive mindset focused on continuous improvement and collaboration.

SKILLS

SIEM - QRadar & Splunk Analysis • EDR - SentinelOne & CrowdStrike • Windows Forensics & Incident Response • AWS & Microsoft Azure • Effective Communication • Emphasis on Teamwork • Threat Hunting • Powershell 7 (Remoting, & Triage) • Python for Cybersecurity • Prompt Engineering for LLM tasks

PROFESSIONAL EXPERIENCE

SOC Analyst CyberNowLabs, Sterling, Virginia September 2024 - Present

Orchestrated SIEM operations with QRadar, conducting advanced log analysis and streamlining incident response through custom Hive ticketing in dynamic SOC environments.

Performed in-depth network forensics with Wireshark, creating custom filters and performing PCAP analysis for enhanced threat detection and response.

Conducted vulnerability management initiatives with Nessus and Acunetix to proactively identify and mitigate risks based on OWASP TOP 10, reducing the attack surface.

Managed endpoint security with SentinelOne by conducting thorough investigations and documenting remediation steps via Hive and Jira while fortifying networks with NGFW Fortigate.

Actively monitored and analyzed SIEM alerts from Splunk, QRadar, SentinelOne, and Proofpoint to identify security anomalies while providing actionable recommendations to technical teams.

Contributed to regular weekly SOC shifts and wrote Hive tickets to track and manage security incidents.

SPECIALIZED TRAINING & PROJECTS

In-Depth Digital Forensics and Threat Hunting maltrak.com

Built a PurpleTeam cloud lab on AWS with AtomicRedTeam installed to generate scenarios for advanced threat hunting methodologies and creating Sigma Rules.

Conducted digital memory forensics with Volatility3, performing threat hunting with Splunk & ELK, and analyzing TCP/IP with Wireshark and Zeek logs.

Certificate: credential.net/835ab1c8-2d88-4cdb-a7d8-1419f390f41e

Malware Incident Response Training

Analyzed file formats and Windows API calls in adversary tactics.

Performed basic static analysis with tools such as PEiD, pestudio, and CFF explorer VIII.

Conducted dynamic analysis by setting up sandbox and using tools like Process Monitor.

Applied reverse engineering basics with IDA Pro and identified obfuscation and packing techniques.

Certificate: credential.net/247e89f8-1d3d-4211-a6df-e97bf838ca05

Cybersecurity Projects

Microsoft Azure Security Implementation

Configured Log Analytics workspace in Azure to ingest custom logs from internet facing VMs, leveraging PowerShell scripting and APIs to generate geographical mapping of unknown IPs.

Created Azure Active Directory environment, performed credential scanning with Nessus, and implemented automated STIG remediation across workstations.

Developed Sentinel workbooks to visually represent RDP brute force attempts with geographic distribution, enhancing security monitoring capabilities.

Generative Open AI to Create Sigma Rules for Threat Detection

Used CTI to extract MITRE attack techniques from recent reports and simulated attacks with Living Off the Land binaries and RedCanary's Chain Reactor in homemade lab.

Collected osquery and Sysmon log data into an embedded database with SigmaHQ repository detection rules to create a database using ChromaDB for language model training.

Implemented OpenAI with Langchain interface to generate custom Sigma rules tailored to specific environment and attacks.

Red Teaming: APT and Adversary Emulation

Crafted email phishing campaigns and bypassed MFA with Evilginx2.

Used Terraform to automate and host cloud-based red team infrastructure on AWS.

Wrote backdoors in C++ to simulate attacks in lab environments.

Applied obfuscation with Caldera to bypass IDS/IPS, NDR, and Machine Learning-based tools.

Certificate: credential.net/d6e08b42-882a-48f7-9667-ed9d073af80b

CERTIFICATIONS

CompTIA Security+ Certification (Issued Dec 9th, 2024)

Certified Defense Security Analyst from CyberNowLabs

AZ-500: Microsoft Azure Security Technologies

IBM QRadar SIEM Foundations

Fortinet Certified Associate

Maltrak Master's Program, www.maltrak.com

Machine Learning A-Z: AI, Python + ChatGPT Prize (2024), Udemy

Data Anomaly Detection, Codefinity

(more @ https://www/credly.com/users/fabio-santos.15b37426)

EDUCATION

CyberNowLabs Sterling, Virginia September 2024 - Present

Hands-on security operations with live traffic from institution's cloud environment.

Active monitoring and analysis of SIEM alerts and security tools.

Regular contribution to SOC shifts with incident tracking and management.

Toronto School of Management Cybersecurity Specialist Co-op Toronto, ON September 2021 - September 2022

Operating Systems and Data Management, Practical Implications of Encryption, Penetration Testing.

OSI layer, secure network protocols, subnet segmentation using Cisco Packet Tracer.

Windows Server administration (ADDS, DHCP, FOC, WDS, VPN, NAT, RAID, GPO, VDI) and principle of least privilege.

Contact this candidate