Perform detection and incident response to malicious code attacks, unauthorized access, unauthorized utilization of services, disruption, or hoaxes. Leverage aggregated cyber threat intelligence logs, network flow and anomaly data for analysis, research and the identification of potential compromise within infrastructure of applications. ▪ Perform detection and incident response to malicious code attacks, unauthorized access, unauthorized utilization of services, disruption, or hoaxes.▪ Leverage aggregated cyber threat intelligence, log, network flow, and anomalous data for analysis, research, and the identification of potential compromise within infrastructure or applications.▪ Perform root cause analysis to identify gaps and provide technical and procedural recommendations that will reduce exposure to cyber-risks.▪ Escalate detection of root-kit and Trojan methods, as well as evidence of hacking techniques and counter attack methodologies.▪ Assist in Incident Response events with investigation, mitigation and remediation.▪ Support the maintenance and creation of malware analysis platforms and tool sets. Identify requirements for new malware analysis capabilities and contribute to the development of new malware analysis tools and techniques.▪ Provide ad-hoc cyber intelligence briefings and threat summaries as needed.

Analyze security events in real-time and determine appropriate response and escalation tactics. Perform incident response according to established six-step guide for proper resolution. Initiate proactive investigation into threat response activities and promote security issue awareness to management. Conduct real-time analysis of ongoing Information Security/Computer Network Defense (CND) events for DTRA network, following all established protocols for active monitoring and response activities. Review security events in Security Information and Event Management (SIEM) system; determine and apply proper response and escalation as needed. Perform rapid incident response as established by the six steps of internal incident handling process (Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned). Analyze multiple network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine and apply proper remediation actions and escalation paths for each incident. Investigate and implement critical Kill Chain procedures and countermeasures for Computer Network Exploit (CNE) as necessitated by specific situation occurrences. Support transition of network defense configurations leveraging knowledge gained from previously-resolved incidents to prevent future occurrences. Promote proactive awareness of security issues among management to ensure reflection of sound security principles in the organization’s visions and goals.

Produced data analysis and documentation of findings, leading to the identification of appropriate response activities. Collected and parsed information from log assessments and data feeds to create relevant courses of action. Reported findings to management and recommended appropriate operational directives. Analyzed data collections, documented findings, and determined appropriate response activities.  Conducted thorough log assessments to determine root causes of suspicious and malicious activities via the deployment of various log management tools.  Parsed Splunk data feeds to create Splunk dashboard for McAfee IDS/IPS log events and signatures.  Gathered information on vulnerable systems/appliances within the network environment and provided analysis report to management; advised on the best course for patching methods to remediate existing threats. Analyzed and interpreted emerging threat feeds within the DHS HQ in accordance with NIST (800-137,800-92).

Performed extensive in-person and remote technical support on hardware and software, including troubleshooting, tracking, fixing, and replacing of equipment. Maintained tracking system for trouble tickets. Executed desk-side hardware and software technical support for all DHS employees, working with Dell Laptops, desktops, tablets, and Mobile Devices. Supported all remote DHS employees via professional, expedient communication using tools such as MS Communicator, MS Lync, and VPN.  Troubleshot, repaired, replaced, and deployed Dell laptops, desktop, and tablets for all DHS customers, tracking all activities throughout the ticket process; additionally, troubleshot and replaced Blackberries, Air cards, and MIFIs.  Handled all Remedy Ticket System Procedures including but not limited to: Updating and closing Incidents/tasks, maintaining CMDB Asset Management database for all deployed and returned assets, and producing descriptive and up-to-date customer tickets.  Gained extensive experience with Active Directory, Remedy Ticketing, and all desk-side support services.