Senior Consultant
Mclean, Va, Us
•Performed standard computer network defense and monitoring Via ArcSight ESM and Logger.•Trained SOC personnel on a wide array of tools and techniques such as HBSS (ePO), ArcSight ESM and ArcSight Logger.•Interfaced with other network team members to identify security issues or other matters of concern, as well as assist them where possible to resolve issues. Supported a Computer Emergency Response Team (CERT) organization protecting the network. •Analyzed data derived from system traces of malware and system compromise, including viruses, Trojans, worms, rootkits, spyware, unauthorized keyloggers, and Web-based attacks. •Correlated data from multiple sources, including IDS, IPS, HIDS, HIPS, ArcSight Logger, ESM, HBSS, and DoD DMZ logs. Acquired data associated toolkits, packet capture, situational awareness data sources, vulnerability repositories, and cyber threat reports that may impact the organization and prioritize events for incident handling. •Assessed the scope of malware infestation, system compromise, network compromise, violations, and associated damage; mitigated and stopped damage from malware including eradication, and restored all data and software to its original pre-infestation state. •Provided information and recommendations for the development of custom IDS signatures and detection capabilities and tuning of IA tools for the purpose of identifying unauthorized activity based on analysis of network and host level activity, and ensures information is tracked. Provided required reporting in accordance with policies such as, opening an incident and escalating an incident also communicated incident handling requirements, procedures, and directives to all CNDSP subscribers.