Senior Cybersecurity Consultant with TS/CI Clearance
Resume:
Emmanuel Redji
Cybersecurity Consultant
Active Top-Secret Clearance
Cellphone 240-***-****
********.*******@*****.***
Professional Summary
Results oriented with many years of cyber threat & analysis, incident response, threat intelligence research, Internet security, network security monitoring & risk mitigation, monitoring data centers, firewalls, IDS/IPS logs, end users network activities as well Windows logs and InfoSec. Skills
Splunk, IPS/IDS, Sentinel, MDe, MCAP, CrowdStrike, MEd, MDM, DevOps, Terraform, Open-Sourcefice 365 ATP, Azure ATP, AD Identity Protection, Tanium, Swimlane, Carbon black, FireEye HX, RSA Net witness, Wireshark, Packet Analysis, SCCM, Nessus, Web inspect, Case Management, ECOP, ServiceNow, Remedy, Jira, RSA Archer, Offense Triage, Ticketing Systems, Firewall/Proxy, Active Directory, Log Analysis, Event Logs, DLP Correlations and Analysis, ArcSight, Qradar, VMware, Python, Cuckoo Sandbox, Kali, Metasploit, Cisco, Analytics, Snort, Bro IDS, PowerBI Virtualization, PowerShell, KQL, Sourcefire, Palo Alto, McAfee Web Gate, McAfee ESM, Websense, Symantec, Tenable, Nmap, Encase, Digital Guardian, SIEM/SOAR, Social Media Analyst, OSINT. Security Operations Center Sr. Consultant Microsoft Nov 2021 – Present
• Working in the Security Operations Center supporting the Army EITaas and TSA.
• Lead meetings with customers and partners to understand business requirements.
• Use business, industry, and technology strategies to map customer/partner requirements to the adoption and optimization of Microsoft technology solutions.
• Engage team members appropriately to understand and define customers’ requirements.
• Collaborate with our customers to design and implement security postures for all crucial business Apps.
• Participate in project planning and develop project documents by identifying the risks and dependencies.
• Identify technical and business risks in programs and propose mitigations.
• Assist project managers/architects in preparing for steering committee (e.g., developing artifacts).
• Generate and deliver Work Breakdown Structure (WBS) and provide training and support to team members on SIEM and other security tools’ functionalities.
• Implement solutions and may provide oversight and leadership on workstreams across domains while adhering to Microsoft Services, procedures.
• Constantly testing SIEM / SOAR platform to identify and remediation gaps in IPS and IDS coverages.
• Maintain tools with up-to-date skills and availability and align solutions with the intent of the architecture.
• Manage escalations, analyze situations, and coordinate appropriate resources to resolve issues by following delivery practices, considering cost implications, and engaging in conversations with internal and external stakeholders (e.g., Customer Service/Support, Project Managers, Solution Architects, etc.)
• Collaborate with account team members to support and ensure One Microsoft approach.
• Identify opportunities to expand or accelerate the adoption and consumption of cloud and MS Tech.
• Constantly learning new technologies and services based on business demands and industry trends.
• Complete operational tasks and readiness and ensure timeliness and accuracy.
• Proactively manage executive-level customer/partner/stakeholder relationships to identify and contribute to the drivers of satisfaction and dissatisfaction, determine the root cause, and establish recovery actions. Security Operations Center Sr. Cyber Threat Analyst Quadrant, Inc. May 2021 – Nov 2021
• Worked in a 24x7x365 Security Operations Center supporting the Federal Aviation Administration (FAA).
• Performed information systems security (ISS) monitoring and event detection for FAA National Airspace System (NAS) assets.
• Monitored numerous sources of collected security data including system security event logs, system Internet Protocol (IP) data flows, Intrusion Detection System (IDS) alerts and payload, and system performance monitoring services.
• Leveraged CrowdStrike to fully managed services for detection and response (MDR), threat hunting, and digital risk protection.
• Coordinated with other NAS monitoring entities to obtain all required event information and full situational awareness.
• Monitored the FAA network to detect threats and stop attacks from impacting on our business.
• Performed security event correlation and risk determination functions to define event response needs.
• Performed NAS system security event response functions.
• Used information provided via event monitoring and detection to coordinate FAA responses to resolve detected events.
• Established and maintained security event tickets throughout the event lifecycle.
• Coordinated with the FAA Intelligence Organizations to obtain relevant external threat Intelligence from various sources via secure means as required by information classification process acquired Intelligence into actionable information that has relevance to NAS operations & define required mitigation actions.
• Supported cyber security Tabletop Exercises (TTX) on-site and remotely and participate in After Action Reviews (AAR).
Security Operations Center Sr. Cyber Threat Analyst Base One Technologies Inc. Jan 2019 – Apr 2021
• Worked in a 24x7x365 Security Operations Center at the Department of Homeland Security (DHS).
• Utilized Splunk SIEM to correlate events and identify indicators of threat activity.
• Investigated intrusion attempts and performed in-depth analysis of exploits.
• Drove creation and implementation of SIEM content (e.g. rules, alerts, dashboards, etc.)
• Deployed new detections or automations within azure SIEM / SOAR platform.
• Performed detailed analysis of phishing emails, sites & other fraud types (Vishing,419 Scams, Pharming).
• Delivered metrics and analytics pertaining to performance and security on a daily and weekly basis.
• Developed SOPs and maintained technical documentation for retaining institutional knowledge.
• Conducted malware analysis of attacker tools providing indicators for enterprise defensive measures.
• Maintained situational awareness of cyber activity by reviewing open-source reporting for new vulnerabilities, malware, or other threats that have the potential to impact the organization.
• Worked on the full ticket lifecycle; managed every step of the alert, from detection to remediation.
• Delivered status reports, briefings, recommendations, findings to management & executives as required.
• Provided performance statistics and reports to the Senior Applications Engineer.
• Researched our customers’ existing infrastructure for signs of malware, and malicious events not detected by our existing security controls.
• Thorough investigation of security alerts generated by our detection mechanisms (IDS, users’ activity reports, custom alerts, etc.).
• Worked within the team to ensure engineering features and enhancements for security requirements.
• Promoted and drove research, implemented automation, and processed efficiencies.
• Daily consumption of domestic and international news from multiple sites, awareness of the differing biases / slants in presentation of the sites, able to conduct additional research for historical context into international situations to drive analysis.
• Hands-on cybersecurity experience (Protect, Detect, Respond or Sustain) within a Computer Incident Response organization.
Security Operations Center Jr. Security Analyst Prime Technical Solutions Jan 2015 – Dec 2018
• Worked in a 24x7x365 Security Operations Center supporting the Food and Drug Administration (FDA).
• Analyzed reports to understand threat campaign(s) techniques, lateral movements, and extract IOCs.
• Conducted malware analysis of attacker tools providing indicators for enterprise defensive measures.
• Maintained situational awareness of cyber activity by reviewing open-source reporting for new vulnerabilities, malware, or other threats that have the potential to impact the organization.
• Performed cyber threat intelligence analysis, correlate actionable security events, perform network traffic analysis using raw packet data, net flow, IDS, IPS, custom sensor output as it pertains to the cyber security of communication networks, participate in the coordination of resources during incident response efforts.
• Researched, evaluated, and recommended improvements in SOC playbooks and processes.
• Reviewed massive log files, pivoted between data sets, and correlated evidence for incident investigations and recommended IDS alarm to eliminate false positives.
• Demonstrated understanding of the life cycle of cybersecurity threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures (TTPs).
• Utilized Splunk SIEM to correlate events and identify indicators of threat activity.
• Recommend sound remediation and recovery strategies, suggest defensive policy enhancements and information technology procedures.
• Delivered status reports, briefings, recommendations, findings to management & executives as required.
• Analyzed a variety of network and host-based security appliance logs (Firewalls, NIDs, HIDS, sys Logs, etc...) to determine the correct remediation actions and escalation paths for each incident.
• Identified issues, opportunities for improvement, and communicated them to an appropriate Sr. member. Certifications
• CompTIA SEC+ Certified
• CompTIA CASP+ Certified
• CompTIA CNVP Certified
• ITILv4 Foundation Certified
• SMU-Certified CMMC Professional
• MS Certified: Azure Administrator Associate
• MS Certified: Azure AI Fundamentals AI-900
• MS Certified: Security Operations Analyst SC-200
• EC-Council Certified Ethical Hacker C EH v10
• EC-Council Certified Network Defender C NDA
• EC-Council Certified Security Analyst v10 C SA v10
• EC-Council Certified Security Analyst (Practical) ECSA
• ISC2 Certified Information Systems Security
Professional (CISSP)
Education Western Governors University BS - Cybersecurity & Information Assurance – Projected 2025
Contact this candidate