Improved the Incident Response capabilities.• Developed playbooks and their associated standard operating procedures• Performed incident response and digital forensics as part of the IR team• Coordinated response as an Incident Commander among multiple teams and locations• Performed deep-dive technical analysis to assist with investigations• Developed the operational incident response plan to help his team to respond moreeffectively• Focused on digital forensics• Log analysis and PCAP inspections • Windows forensic analysis• Memory analysis• Spent time doing OSINT analysis to learn more about adversary tactics, techniques, and their infrastructure

Built SIEM infrastructure (Splunk), onboarded log data, and focused on the use case development. Additionally, performed incident response and digital forensics.• Set up Splunk infrastructure• Evaluated existing technical capabilities to detect and respond to security incidents• Built detection capabilities in Splunk• Performed incident response and digital forensics as part of the IR team• Conducted in-depth, thorough analysis of network traffic and host activities across a wide array of technologies and platforms• Performed analysis using tools like Plaso, FTK, EnCase, Sleuth Kit, SIFT Linux, Volatility, Redline, and Rekall• Conducted after-action reviews to identify gaps and improve incident response practices

Focused on building the Security Operations Center.• Worked with the Engineering team to improve detection capabilities • New cases development • Existing cases tuning suggestions • Performed in-depth analysis • Log and PCAP analysis to identify vector of infection • Email analysis • Dynamic malware analysis • Performed data analysis to develop hypotheses about attacks• Served as a mentor and escalation point for junior analysts

Monitored a variety of events generated by IDS/IPS, endpoint agents, vulnerability scanners, web proxies, security analytics (metadata), Windows and Linux systems (Windows event logs and Syslog), load balancers, firewalls, and more.• Served as an escalation resource and mentor for other analysts • Helped to drive incidents to the end• Participated in incident response development• Performed investigation and escalation of high severity security threats and incidents• Performed deep dive log analysis to uncover and then investigate anomalous activity on thenetwork• Worked with SIEM Engineers and other security partners to develop and refine detection capabilities• Created SOC processes and procedures• Helped to define tool requirements to improve SOC capabilities