Cyber Security Analyst
Current● Monitoring cybersecurity threat detection systems.● Monitoring agency systems and daily log events to identify potential security threats. Sources include, but not limited to, sensor alert logs, firewall logs, content filtering logs, and Security Event Manager.● Collecting, analyzing and reporting threat information.● Responding to alerts and reports of suspicious cyber events.● Reviewing all incoming alerts, investigating, and ticketing all identified potential security threats using agency incident response-ticketing platform.● Initiates daily SOC tool checks, using alert triage & analysis to operate efficiently amongst monitor logs in Splunk ES and IBM QRadar (SIEM Security Information Event Management) to solutions, and provide recommendations to oversite teams via JIRA ticketing systems.● Analyze endpoint security alerts through SentinelOne and Crowdstrike EDR solution to identify security anomalies and provide suggestions to technical teams.● Investigate and remediate spam and phishing alerts using Proofpoint email security solution.● Efficient in investigating cases such as Phishing, Malware, Brute Force, DDoS, and Unauthorized Access● Leverage OSINT tools such as VirusTotal, JoeSandbox, Hybrid Analysis, URLScan, AbuseIPDB, CentralOPS to analyze and determine the reputation of files, domains, emails, and IP addresses.