Director Manager SOC at RedCoNet LLC |Threat hunter | Blue team | DFIR

● Develop and present use cases to Management to improve security posture to effectively mitigate advanced threats● Perform cyber security threat engineering activities with specific focus on countermeasure Tactics, Techniques and Procedures (TTPs)● Help analyze findings in investigative matters, and develop fact-based technical reports detailing events over specified periods of time● Knowledge of proper forensic investigation techniques when working with compromised system images or files● Design and Implement various splunk components in clustered and distributed environment including: Enterprise Security Search Head, Monitoring Console, Search Head Cluster, Deployer Server, Cluster Master, Deployment Server, License Master, stream● Define correlation queries, reports, alerts, dashboards, and workflow● Developing Splunk queries and dashboards targeted at understanding application performance and capacity analysis● Tuning and configuration of Splunk App for Enterprise Security (ES).

responsible for detecting and assessing cybersecurity events and incidents across the Lowe’s environment. I am working among a team of skilled technicians to address complex or difficult problems as needed within a 24x7 Security Operations Center (SOC) environment. I responsible for following processes and procedures as identified by the IRT (Incident Response Team) and the SOC Leadership to ensure the continuous improvement to monitoring, detection, and mitigation capabilities. RESPONSIBILITY STATEMENTS : • Monitors security incident and event management (SIEM) and logging environments for security events and alerts to potential (or active) threats, intrusions, or compromises • Assists with triage of service requests from customers and internal teams • Escalates cybersecurity events according to Lowe’s Incident Response Plan • Assists with containment of threats and remediation of the environment during or after an incident • Documents event information for further investigation • Collaborate with technical teams to identify, resolve, and mitigate events● Assists with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions● Investigates available tools and countermeasures to remedy the detected vulnerabilities, and recommends solutions and best practices● Use threat intelligence to hunt for indications of compromise in log data and utilizing endpoint security tools● Drive monitoring of security events using a ELK and other feeds, looking for significant events, and processing reports of unexpected network activity● Use threat intelligence to hunt for indications of compromise in log data and utilizing endpoint security tools● Responsible for reviewing malware infections and taking pertinent Incident Response (IR) Actions to mitigate Security Incidents.

● Assists with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions● Investigates available tools and countermeasures to remedy the detected vulnerabilities, and recommends solutions and best practices● Use threat intelligence to hunt for indications of compromise in log data and utilizing endpoint security tools● Drive monitoring of security events using a ELK and other feeds, looking for significant events, and processing reports of unexpected network activity● Use threat intelligence to hunt for indications of compromise in log data and utilizing endpoint security tools● Responsible for reviewing malware infections and taking pertinent Incident Response (IR) Actions to mitigate Security Incidents.

● Professional level understanding of TCP and UDP including the ability to identify root cause of elusive problems through packet capture analysis● Deployed, configured, managed and implemented Sophos, Fortigate Firewalls● Implementing and managing Fortinet Web Application Firewall to block intrusion attempts ● Configured, managed, monitored and analyzed IDS/IPS Signatures Attacks, Firewalls log, Systems, Applications and Security Event Log for comprehensive security monitoring and vulnerability management.● Concentrated on the design of the bank's Network/Network Security, as well as troubleshooting and/or debugging network-related problems● Optimized project scheduling to reduce cycle time; organized cross-functional teams, and resolvedengineering design and test problems.