Incident Response Soc Analyst

Clifford Ajong

**** ***** ** **********, ** *****

Tell: 240-***-****

*****-*************@*****.***

Summary

SOC Analyst with over 5 years of experience and deep expertise in threat detection and incident response within fast-paced environments. Skilled in proactively monitoring networks and analyzing threats using leading SIEM and EDR tools to ensure the confidentiality, integrity, and availability of information systems. Demonstrated success in reducing incident response times and strengthening security postures. Proficient in vulnerability management and endpoint protection, utilizing industry’s best practices and frameworks such as NIST and CIS. Known for meticulous attention to detail, advanced analytical skills, and collaborative teamwork.

Technical skills:

Wireshark, Splunk, Nessus, Rapid7 (InsightVM & Nexpose) ServiceNow, Proofpoint, Darktrace, Microsoft defender for endpoint, Microsoft Sentinel, Microsoft Azure, OSINT (Virustotal, urlscan, anyrun, abuseip etc)

Palo Alto (Firewall) SIEM/Logging, Vulnerability Management, Endpoint Protection, Firewall Management

Certifications & Training:

CompTIA Certified Security

EDUCATION:

Bachelor’s Degree: Computer Science – 12/2016

University Of Buea

PROFESSIONAL EXPERIENCE:

SOC ANALYST – AMTRAK

MARCH 2022 - CURRENT

Conduct proactive monitoring, investigation, and mitigation of security incidents.

Perform alert triaging from multiple alerts triggered by our security tools

Perform MITRE ATT&CK analysis on incoming security alerts from multiple security tools.

Remain informed on trends and issues in the security industry, including current and emerging technologies.

Perform Vulnerability scans and provide detailed reports including remediation procedures.

Analyze security event data from the network (IDS, SIEM).

Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough

reviews and analyses of relevant event detail and summary information.

Ensure the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.

Conduct investigations and prepare comprehensive reports with timely escalations to Network or Security Engineer, for review.

Research new and evolving threats and vulnerabilities with potential to impact the monitored

Environment.

Identify suspicious/malicious activities or codes.

Worked in a 24x7 Security Operations Center

Monitoring and analysis of security events to determine intrusion and malicious events.

Investigate malicious phishing emails, domains and IPs using Open Source tools and recommend proper blocking based on analysis.

Investigate phishing emails reported by our email protection tool proofpoint and emails reported by users.

Assist in conducting user’s awareness training from proofpoint.

Escalate potential security incidents to clients recommending further actions and operational improvements.

Work from our azure portal investigating users sign-ins activities, impossible travel activities and many other alerts observed.

Update or Standard operation procedures (SOP)

Perform vulnerabilities checks (newly released vulnerabilities, zero-days exploits) in our environment and take action based on findings.

Developed and refined security incident response playbooks, improving response time for critical alerts by 25%.

SOC ANALYST - BAVIN CORP CONSULTING BURTONSVILLE MD

APRIL 2019 – FEBRUARY 2022

I was mainly responsible for collecting raw data as well as reviewing alarms and alerts.

I confirmed, determined or adjusted the criticality of alerts and enrich them with relevant data.

Did triage to identify whether alerts were justified or a false positive,

An additional responsibility I had at this level is identifying other high-risk events and potential incidents.

I collaborated in team problem-solving efforts to identify and mitigate potential threats or events.

I did Partnered with Security Engineers to understand and improve monitoring, logging, and alert prioritization to enhance SOC investigation and response.

I monitored SIEM logs (Microsoft Sentinel) for undetected events, equally created tickets for malicious logs, reporting information security concerns and problems, when necessary.

I monitored security events correlating information from data center feeds and functional areas to identify incidents, issues, threats, and vulnerabilities.

Analyzed network traffic files (PCAP) differentiating between potential intrusion attempts and false alarms and acting on these logs as needed.

Assist in the creation and update of SOPs, information security policies, and other technical documentation.

Investigated a variety of phishing email and make determination on whether they are malicious or not with email protection tools (ProofPoint).

Perform research on new threats happening and vulnerabilities using security blogs and news outlets and checking my environment using security tools.

Investigate malicious IPs, Domains, and URLs using Open-Source tools and escalate to the network team for blocking using ticketing tool (ServiceNow).

Proactively hunted for and mitigated advanced persistent threats (APTs) through threat intelligence analysis and anomaly detection, reducing false positives by 15%.

Utilize vulnerability scanner (Rapid7, Nessus) to analyze discovery scan data and vulnerability data to determine unusual use configurations, discovery of aged software, and proper identification of high-severity vulnerabilities.

REFERENCE(S): Will be provided upon demand & Open to work for any employer

Contact this candidate