Security Analyst Cyber Incident

Technical and Security Analyst Professional Summary

PROFESSIONAL PROFILE

Technical and Security Analyst with more than 15 years of IT and cybersecurity experience. Holds an MS in Computer Forensics from George Mason University and a TS/SCI clearance. Core skills include intrusion detection, monitoring, forensic activities such as capturing and intercepting digital evidence, analyzing logs, deciphering network traffic, and generating detailed reports. Accomplishments are underscored by multiple certifications: CHFI, CEHv11, CEHv8, Security+, and ITIL.

PROFESSIONAL EXPERIENCE

Raytheon/NightWing for DHS/CISA – Arlington, VA (02/2021–07/2025) (Employed)

Incident Management and Cyber Case Management:

5+ years of direct experience in cyber incident management and cybersecurity operations.

Comprehensive knowledge of incident response and handling methodologies.

Familiarity with the NCCIC National Cyber Incident Scoring System for effective incident triage and prioritization.

Understanding of attack stages, including foot printing, scanning, enumeration, gaining access, privilege escalation, maintaining access, network exploitation, and covering tracks.

Monitoring multiple incident data sources (email, phone, web portals) and assigning cases to appropriate Tier 2 support teams.

Ensuring complete incident lifecycle execution through proactive follow-up with internal CISA staff and external stakeholders.

Documentation and Process Improvement

Drafting and maintaining organizational documentation such as Standard Operating Procedures (SOPs) and Work Instructions (WIs).

Identifying opportunities to enhance the efficiency of incident reporting and handling processes.

Threat Analysis and Reporting like Sitrep

Analyzing trends in cyber, physical, and communications incidents.

Correlating and associating potential threat activities.

Providing insightful reports to inform senior leadership.

Stakeholder Engagement and Continuous Improvement

Ensuring timely and effective communication and response with internal and external partners.

Focusing on the continuous improvement of information quality, productivity, and sharing related to the incident reporting lifecycle.

Compliance and Reporting

Defining and reporting Key Performance Indicators (KPIs) for the CISA incident lifecycle.

Supporting compliance with laws such as the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA).

Preparing reports for Congress on CIRCIA metrics.

AT&T – Purcellville, VA (04/2019–06/2020) (Employed)

Cyber Defense Analyst II

Utilized Splunk for monitoring and analyzing network traffic, Intrusion Detection Systems (IDS), security events, and logs.

Prioritized and differentiated between potential intrusion attempts and false alarms.

Created and tracked security investigations through to resolution.

AIG Technology – Reston, VA 12/2018– 04/2019(contract)

Cyber defense analyst

• Investigate potential cyber-attacks and intrusion attempts, eradication, recovery, and analysis of actual incidents.

• Using Darktrace, Cybereason tools to gather forensic evidence for analysis, investigation, disciplinary action or criminal investigation.

• leverage aggregated cyber threat intelligence, log, network flow, and anomaly data for analysis, research and the identification of potential compromise within CLIENT's infrastructure or applications.

• Prioritize incoming requests to minimize risk exposure and ensure the timely completion of critical tasks and the escalation of time-sensitive issues.

• Investigate escalations from the Alert Validation team. Accept or refute escalations, performing incident response to accepted events.

• assess and mitigate the risks posed to CLIENT by identified threats.

• Input an Incident Response process definition and support the development and maintenance of documents.

• Create detailed incident and analysis reports and provide concise summaries.

US DEPARTMENT OF HEALTH & HUMAN SERVICES - Rockville, MD 06/2017– 05/2018(Fed.contract and Public trust)

Computer Security Analyst

Used security center to evaluate vulnerability data across your organization, prioritizing security risks and providing a clear view of your security posture.

Performed host intrusion prevention and vulnerability assessment using NAC management.

Utilized Splunk to identify incidents and alerts and incident handling.

Performed forensic analysis using Security Analytics to view comprehensive network activity and highest priority alerts.

Utilized Palo Alto for IDS and IPS including the following:

oIdentify applications regardless of port, protocol, evasive tactic or Secure Sockets Layer

oIdentify and control users regardless of IP address, location or device

oProtect against known and unknown application-borne threats

oFine-grained visibility and policy control over application access/functionality

oMulti-gigabit, low latency, in-line deployment

Analyzed threats using FireEye CM series management platform to identify and block advanced attacks.

Proactively inspected email in real-time for to detect anomalies to block attacks using FireEye EX.

Used checkpoint tools to identify and prevent cyber-attacks.

Updated FISMA Reports for OPDIV POC validation data.

oUpdating NISTSP 800-60, 53, 30, 18, 70, 37

oUpdating core components

oUpdating the accounts, email, Platform, Network/other input, output devices, security, servers.

OFFICE OF THE CHIEF TECHNOLOGY OFFICER - Washington, DC 05/2016– 03/2017(contract)

SOC Analyst

Used Nitro SIEM Dashboards to perform real-time analysis of security alerts and Nitro Dashboards generated by network hardware and applications.

Used Dameware remote tool to log into user desktops and laptops to remove infected files and scan drives using McAfee anti-virus.

Used LANDESK to scan for vulnerability detection and remediation.

Managed devices and identified network connectivity (DNS Protocol, DHC, and IP Addresses) using Infoblox.

Identified, managed, and responded to security issues and threats using McAfee ePO.

NATIONAL GUARD - Falls Church, VA 06/2015 – 12/2015(contract)

Junior SOC Analyst

Identified SIPR, USCERT, and OSINT alerts using ArcSight and BlueCoat logs.

Managed all detected incidents appropriately and update “High Side IOCs” Excel document.

Update Advanced Threat Brief document with any needed data.

Monitored ArcSight mandatory channels and author incidents accordingly.

Identified Network Security Manager (NSM) that sent the alert to malicious file transfer ArcSight channel.

Utilized ArcSight identify systems over BitTorrent with the P2P BitTorrent Met-info retrieving signature.

Monitored alerts from McAfee NSM (coming from ArcSight) to detect systems communicating with a known botnet command and control IP.

Viewed alerts & PCAPs to open Threat Analyzer.

Troubleshot SPAM and phishing events and reviewed active ITSM tickets for updates and ensure all ITSM tickets are assigned.

Update CND SharePoint documents including Incident reports and awareness items.

LIBRARY OF CONGRESS - Washington, DC 01/2015 – 06/2015(contract)

Tier I and II Analyst

Responsible for Tier II technical support and troubleshooting based on priority of events and documented events.

Used SCCM to manage user accounts for any update on patches, Active Directory to perform account resets, and Proxy to scan for malware.

XO COMMUNICATIONS INC - Herndon, VA 06/2000 - 02/2009(Employed)

Desktop Support Analyst (06/2001 – 02/2009)

Accessed registry to store configuration information and used Windows Registry hives to analyzed malicious Windows programs.

Changed user’s passwords and set up user permissions/access.

Managed user data on Windows 2003 file servers to maximize drive space.

Help Desk Representative (06/2000 – XX/2001)

Provided LI support for network, hardware, and software via email and phone.

Opened and tracked tickets with the Remedy Tracking system.

Researched and analyzed technical issues and routed tickets to respective support group.

Responsible for database documentation.

TECHNICAL SKILLS…

SOC: Security center, Cisco NAC, Splunk, Security Analytics, Palo Alto, Checkpoint SmartConsole SmartEvent R80, FireEye CMS – NX/EX/FX, FireEye HX, FireEye EX, Checkpoint SmartConsole SmartSuite, SIEM, Dameware, LANDesk, Infoblox, McAfee ePO, ArcSight, Syslog, Bluecoat logs, SIPR, ITMS, open sources, PCAP, grep, NSM, ArcSight Logger

Imperva, Sandbox, Whitehat, Netscout, sonic, sourcefire.

Computer Forensic: Encase Forensic and Enterprise, FTK, Helix, BackTrack, Paraben, Internet Evidence Finder, DarkTrace, Cybereason,

Enterprise Software: MS Office, MS Exchange (Outlook) & OCS, Lotus Notes 6.5, Document Management systems.

Operating Systems: VMware Workstation and Server, Windows, Variety of Linux and Unix Distributions, iOS and Android

Security Tools: Backtrack, Nmap, Snort, IPS/IDS, Wireshark (Ethereal), Metasploit Framework, Ettercap, Firewall Administration, Nessus, WebGoat, and Burp

Programming Experience: Java, C, Python, MySQL, sh, PHP, Oracle, WMIC, VB

EDUCATION…

MS COMPUTER FORENSICS - GEORGE MASON UNIVERSITY – 2012

BS Information System, Web Development - Strayer University - 2010

CERTIFICATIONS & TRAINING…

CHFI 2020 (ECC0169852743)

CEHv112019 (ECC8043571962)

CEHv8 (ECC83999279147)

Security+ (COMP001020306954)

ITIL-Foundation

Network Monitoring certificate

Center for Development of Security Excellence certificate of training

Contact this candidate