SOAR subject matter expert

Subject Matter Expert of a large Splunk Enterprise deployment consisting of three environments including a FedRAMP environment, ingesting approximately 2 TB/day, management including but not limited to; ITSI, Enterprise Security, Splunk forwarders, infrastructure planning within AWS, Chef cookbooks for Splunk Core and Forwarders, Data ingestion, app development and installation, knowledge objects, FedRAMP driven audit proceedings, interaction with potential vendors.Providing support for SFTP transfers in and out of secure environmentsBusiness Continuity Plan and Incident Response team member; participating in table topexercises as IR analystSubject Matter Expert in Threat Intel and network monitoring using ES, including but notlimited to; insider investigations, tuning and optimization of correlation searches, threat hunting, general SOC monitoring of network and Akamai edge.

Adjunct instructor teaching infrastructure defense technologies to undergraduate candidates for the college.Prepare and deliver lectures, create and grade assessments and lab exercises, communicate any issues with students to program chair for assistance or remediation

Teaching Introduction to Linux and Linux for Systems Administrators to undergraduate candidates of the University Prepare and deliver lectures, create and grade assessments and lab exercises, communicate any issues with students to program chair for assistance or remediation

Associate analyst responsible for investigating possible attempts at infiltrating the client’s network – including but not limited to pivoting from email and ESM alerts, pulling user documents with EnCase and examination of registry keys, MFTs, network and system artifacts in pursuit of Indicators of CompromiseConduct investigations on employee laptops as requested by the client.Deploy and manage the necessary infrastructure needed for day to day business within the Security Intelligence Center including Cuckoo Sandbox, several Windows servers (WSUS), RHEL 7 Servers (Yum Repository, license servers, etc) and VMware updates/upgrades.Manage/Assist in SIC network architecture, and deployment of firewall for protection of SIC networkManage McAfee ESM for break/fix, upgrades, adding data sources, rule modifications, performance monitoring of each appliance, possible expanding of current system, etc.Manage contact with Vendors for updates and problems that arise on SIC infrastructurePerform static analysis on files downloaded by users on the network searching for malwarePerform dynamic analysis on malware that is found to determine the origin, attribution and possible Techniques, Tactics and Procedure for adversariesProvide technical insight into the security posture of the client network and advise the client on how best to improve this posture

• Service Delivery Manager for the Security Information and Event Management (SIEM) team• Manage and assist in multiple deployments for several clients using Juniper STRM, IBM QRadar or LogRhythm• Assist in the transition to Managed Security Services (MSS)• Behave as primary or secondary contact for several MSS clients • Escalated security threats deemed necessary through investigation• Write and maintain SIEM documentation pertaining but not limited to procedure, tuning and common issues• Basic training and knowledge of the National Institute of Standards and Technology Special Publication 800-53 (NIST SP800-53)• Add, modify, delete, and execute general configurations for Access Control Lists (ACL) and Virtual Private Network (VPN) accounts on Cisco, Proventia and Checkpoint firewalls• Deployed and troubleshoot Network Access Control (NAC) implementations for Forescout and Bradford

Responsible for monitoring network traffic in the Symantec Security Information Managers; escalated as needed to the clientActed as third level support for technicians troubleshooting Checkpoint Full Disk EncryptionMonitored McAfee E-Policy Orchestrators for malware and escalated as required by clientMonitored McAfee Network Managers to ensure sensors were communicating properlyActed as main line of communication for Engineering departments through Lotus Same TimeAlerted clients of vulnerabilities in software using Vulnerability Alert and Management ProgramRadioShack - Sales Associate September - November 2010Responsible for assisting customers needs in regards to cell phones and personal electronicsHandled customer questions and provided best solution for their needsExperience with running a POS system