Support Specialist Incident Response

Ibrahim Jalloh

CONTACT: 571-***-**** EMAIL: ********@*****.***

PREFESIONAL SUMMARY

Seasoned IT professional with over 15 years of experience as an Information Assurance Audit Specialist, desktop, network, software and hardware support specialist offering expertise in Systems/Network Installation, Configuration, Upgrade, Maintenance, Troubleshooting and Problem Resolution, and in the last 4 years working security as operation analyst/Incident Response Analyst. With continuous monitoring, I can interpret and prioritize threats using Intrusion Detection/Prevention Systems; Security Information/Event Management (SIEM). I can analyze packets using various security tools and recognize potential, successful, and unsuccessful intrusion attempts and compromises through analysis and review of security events, logs, and network traffic. Above all, I can also perform static, dynamic, behavioral, and code - level malware analysis in an isolated virtualized environment. Experienced in working and coordinating with various teams, vendors, and end users in planning, implementing, and resolving security related issues. Excellent team player and communicator, able to quickly adapt to new technologies and able to work under minimum supervision

TECHNICAL SKILLS

•Security Incident Detection and Response

Security Incident and Event Management (SIEM)Tools (FireEye NX; ETP; HX); Cisco Sourcefire; IronPort; Google DLP; Splunk; McAfee DLP; Cisco Snort; McAfee Web Gateway Proxy; Trend Micro Deep Security

•Incident Response Plan (IRP)

•Lockheed Martin Cyber Kill Chain

•MITRE ATT&CK Framework

•Diamond Intrusion Model

•Phishing Email Investigation and Analysis

•Data Loss and Prevention Analyst (DLP)

•Endpoint / host compromised investigation

•Network traffic investigation and analysis

•Threat Intelligence and Threat Hunting

•Vulnerability Scanning and Analysis

•Malware Investigation and analysis

•Problem-solving, critical thinking with attention to detail.

•A collaborative team player with excellent communication skills.

•A passionate, fast learner with an intrinsic desire for continuous personal and professional growth.

CERTIFICATION & PROFESSIONAL TRAINING

•Certified CompTIA Security+ SYO-501

•Certified EC-Council Ethical Hacker v10

• Security Operation Analyst (SOC) Training

• Certified AWS Architect Solution

• Certified CompTIA Advanced Practitioner (CASP+)

•Security Operation Analyst (SOC) Training

•CompTIA Cybersecurity Analyst, CYSA+ (In progress)

EDUCATION

Master of Science, Communication Technology, Strayer University, Woodbridge, Virginia- 2007

Bachelor of Science, Information Technology, Strayer University, Arlington, Virginia-2000

WORK EXPERIENCE

VISUAL SOFT AUGUST 2022-PRESENT

CYBERSECURITY INCIDENT HANDLER

•Respond to cyber incidents, including responding to SOC IR phone calls and SOC emails from the client and customer POCs.

•Provide support in the detection, responses, mitigation, and reporting of cyber threats affecting internal and external clients’ networks.

•Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in the cyber security operation center.

•Develop documentation, reports, briefs, and review SOPs with customer to give an accurate depiction of the current threat landscape and associated risk that is affecting the clients’ networks.

•Provide analysis for correlated information sources to the client which is notified by the Cyber SOC Team Lead or the Government Watch Officer.

•Act as a Subject Matter Expert in investigations for potential incidents at the SOC Tier 1 Level.

•Analyze and report cyber threats as well as assist in deterring, identifying, monitoring, investigating, and analyzing computer network intrusions.

•Work with SOC federal staff, Shift Lead, Senior Analyst to analyze, triage, contain, and remediate security incidents.

•Follow Federal IRP, SOC SOPs and other prudent documentation procedures to work and be effective while having an eye towards process improvement/effectivity.

•Knowledgeable on multiple technology and system types.

•Experience with multiple types of attack types and attack vectors.

•Experience involving a range of security technologies that product logging data; to include wide area networks host and network IPS/IDS/HIPS traffic event review, server web log analysis, raw data logs and the ability to communicate clearly both orally and in writing.

•Experience utilizing Splunk SIEM 2 plus years, writing and creating Splunk Search Processing Language (SPL), creating, and running queries, and performing analytics examination of logs and console events, as well as creating advance queries methods in Splunk or advance Grep Skills, firewall ACL Review, examining Snort based IDS events, PCAPS, and web server log review.

•Experience tracking incidents against a framework such as MITRE ATT&CK or Cyber Kill Chain methodology.

•Forensic investigation of emails for phishing campaigns, spam emails and malware analysis experience/exposure.

•Experience with multiple vendor technologies, such as Azure Sentinel, Microsoft 365 Security Center, FireEye (Trellix) suite of products, Domain Tools, Industry name Firewall/IPS, and OSINT tools.

•Experience using Helpdesk ticket capturing tools such as HEAT & ServiceNow.

•

GDIT DECEMBER 2018-PRESENT

INCIDENT RESPONSE / SOC ANALYST

Review and analyze security event alerts and identify IOCs at the level of the network, application, and endpoint to determine if they are false or true positives.

Create, update incident tickets with artifacts and close tickets for security incidents using ServiceNow (SNOW) ticketing system.

Investigate, analyze, process, and resolve network security event alerts using SIEM tools; FireEye NX, Cisco Sourcefire, Splunk Enterprise (Search & Reporting) and OSINT tools.

Investigate, analyze, process, and resolve phishing email alerts using SIEM tools; FireEye ETP, Google Admin, and Splunk Enterprise (Search & Reporting).

Execute detailed email header analysis to verify email authenticity and anti-spoofing.

Investigate, analyze, process, and resolve DLP alerts using SIEM tools (Google Admin, and Google DLP) and escalate cyber privacy incidents to the Privacy Team.

Investigate, analyze, process, and resolve endpoint security event alerts using SIEM tools; FireEye HX, McAfee Antivirus, and Splunk Security (Search and Reporting).

Actively take part in incident response to endpoint compromise such as host triage, dynamic malware analysis, remote system analysis, end-user interviews, and remediation efforts.

IP/URL/Domain/Hash analysis with Standard Operating Procedure (SOP) approved OSINT tools to determine online reputation.

Block malicious IOCs at the McAfee Web Gateway using company-approved SOP.

Utilize Splunk Logs to search, analyze, and investigate machine-generated alerts from the company’s network, application, and endpoint devices.

Analyze log data (firewall, network flows, IDS, IPS, System logs) to perform root cause of security incidents – to include all stages of the cyber kill chain as appropriate.

Evaluate, process, and resolve Web Access Requests (WAR) from internal users.

Perform Threat Intelligence by reviewing reports on threat actors, identifying IOCs and checking for hits in our systems before blocking the malicious IOCs using McAfee Web Gateway following company approved SOP.

Follow, create, and update changes to SOPs and other similar documentation.

Participate in threat hunting activities and vulnerability analysis across the network, leveraging intelligence from multiple internal and external sources, as well as cutting-edge security technologies.

Collaborate with peers and multiple teams to identify improvements and areas for tuning use cases or signatures to enhance monitoring value.

Participate in technical meetings and working groups to address issues related to malware, threats, vulnerabilities, and cybersecurity preparedness

CSRA /Security and Exchange Commission Washington DC

Senior IT Specialist/VTC Support May 2015- December 2018

Provide advice and assistance to customers, troubleshoot complex and unusual problems, and provide support in a manner that minimized interruptions in customers' ability to carry out critical business activities

Provide technical support and expertise in settingup all audio-visual equipment and WebEx for large and small conference rooms for meeting and testimony events

Provide advanced support on desktop application deployment, network connectivity, network printing and any other hardware/software issues.

Repairer infected systems using McAfee Anti-Virus and malware removers.

Prepare standard login scripts and establishing network access protocols to enable customers to gain local or remote access.

Support all issues and configurations with Cisco IP Phones and smart phone devices.

Overseeing IT Support ticketing system activities.

Set-up and configure new, replacement laptops/computers and setup email accounts in MS Exchange Server.

Provide technical support and expertise in resolving the most complex customer problems e.g. by re-imaging customer workstations and correcting other workstations affected by similar problems, Coordinating device files for software applications.

Trained and mentored junior level desktop engineers in attention to detail, customer service, oral communication and problem solving.

Planning and delivering customer support services via telephone, e-mail and in office visit, including PC installations, configurations, troubleshooting, customer assistance, and training environment in response to customer requirements.

Researching workstation hardware and software to ensure compatibility with customer requests and recommend purchase of new tools to enhance the delivery of customer support services.

Assisting in the completion of IT assessments, security assessments, and other workload data to recommend configuration changes for maximizing the effectiveness of installed technology.

Providing operations, maintenance, management, and support of business continuity laptops in partnership with managed host data center provider.

Pay great attention to details per each request to serve the customers need on a daily basis.

Reviewed 200 client complaints, rectified issues and liaised with appropriate departments to handle complex issues in a bid to provide more effective solutions within two days

Develop strong customer relationships in order to ensure smooth flow of work thus high customer satisfaction.

U.S. Securities and Exchange Commission (Contractor)

Senior IT Specialist May 2013 – Apr 2015

Provide advice and assistance to customers, troubleshoot complex and unusual problems, and provide support in a manner that minimizes interruptions in customers' ability to carry out critical business activities.

Provide advanced support on desktop application deployment, network connectivity, network printing and any other hardware/software issues.

Repairer infected systems using McAfee Anti-Virus and malware removers.

Prepare standard login scripts and establishing network access protocols to enable customers to gain local or remote access.

Support all issues and configurations with Cisco IP Phones and smart phone devices.

Maintain accurate documentation in Remedy for all user requests, repairs and reported issues and ensure Service Level Agreements (SLA) are met.

Set-up and configure new, replacement laptops/computers and setup email accounts in MS Exchange Server.

Provide technical support and expertise in resolving the most complex customer problems e.g. by re-imaging customer workstations and correcting other workstations affected by similar problems.

Trained and mentored junior level desktop engineers in attention to detail, customer service, oral communication and problem solving.

Planning and delivering customer support services via telephone, e-mail and in office visit, including PC installations, configurations, troubleshooting, customer assistance, and training environment in response to customer requirements.

Researching workstation hardware and software to ensure compatibility with customer requests and recommend purchase of new tools to enhance the delivery of customer support services. .

Assisting in the completion of IT assessments, security assessments, and other workload data to recommend configuration changes for maximizing the effectiveness of installed technology.

Providing operations, maintenance, management and support of business continuity laptops in partnership with managed host data center provider.

Pay great attention to details per each request to serve the customers need on a daily basses.

AECOM/URS, (Security and Exchange Commission contractor,) Washington DC

Information Assurance Audit Specialist Apr 2011 –Mar 2013

Perform security testing and security control assessments on federal applications to ensure compliant with the NIST SP 800-53a and agency specific requirements.

Developed and review System Assessment and Authorization (SA &A) packages for compliance with NIST guidance, including System Security Plans, System Categorization documents using FIPS 199, Risk Assessment, POA&M, Contingency Plans, and Private Impact Assessments (PIA), Incident Response Plans (IRP), and other tasks and specific security documentation in accordance with NIST SP800-37.

Work with IT system owners to document security weaknesses in Plans of Action and Milestones (POAMs), as well as to initiate and support and provide quarterly report on corrective action.

Responsible for performing vulnerability and compliance scanning to aid client in assessing the vulnerability portfolio, and posture of its assets and reducing the attack surface for exploitation.

Deliver and interpret the results of the penetration tests, vulnerability scans, patch assessments and build compliance scans using Qualys guard.

Ensure that protective measures are in place and operate effectively to counter any identified IT security threats to confidentiality, integrity and availability.

Inform the Authorizing Official (AO) on a range of risk decisions for Assessment & Authorization (A&A) and FISMA compliance.

PSAV Washington, DC

Network Technician May 2008 - Feb 2011

Provided audiovisual and event technology network services to client sites such as hotels and organizations.

Demonstrated effectiveness in implementing basic set up and operation of large and small-scale audiovisual systems for live events while ensuring the utmost in client satisfaction.

Proven capability deploying reliable and robust High Speed Internet Services at client sites for a seamless guest experience.

Applied proper standards for security, storage, and maintenance of technology systems.

ADT Security Services, Inc. Springfield, Virginia

Electronic Security System Coordinator April 2007– May 2008

Performed security analysis to identify security vulnerabilities and to assess equipment needed at the customer site.

Programmed access controls via IP address to activate and deactivate sensors, motion detectors, and smoke alarms.

Interacted and provided consultation to customers to determine needs and discuss the desired level of protection

Resolved security vulnerabilities regarding equipment at customer site. Which resulted in 25% overall savings.

Executed on-site field evaluations of interior space, located the assets being protected and examined intruder movement from perimeter weakness to the asset.

Contact this candidate