• Wrote and configured custom Splunk correlation searches to search log data and improve the security posture.• Tuned Splunk Security Essentials queries after integrating them into Splunk Enterprise Security Notable events for custom application to the environment to improve their security posture.• Created complex dashboards to monitor specific security events from common data sources such as Mcafee EPO or Symantec Endpoint protection (SEP) which improves the visibility of security data for analysts and senior management.• Created multiple custom Splunk Apps to customize the Splunk interface for the Security Engineering team to make it efficient to manage and view custom dashboards and retain information during backups and reinstalls.• Created calculated fields to match up log data from Mcafee EPO and the Splunk Malware Data Model.• Mapped Splunk custom and standard correlation searches to the Mitre ATTACK Framework and Kill Chain which enhances both the Incident Response process and knowledge sharing capabilities for the Security team. • Coordinated with SOC Analysts to customize and tune Splunk Correlation Searches to improve their efficiency and the security posture.• Wrote Splunk Notable Event handling guide for SOC Analysts to teach and remind the analysts the proper way to handle Splunk Notable Events. • Worked with multiple teams to onboard into Splunk the Mcafee Epolicy Orchestrator (EPO) Endpoint and DLP (Data Loss Protection) Logs to improve the visibility of the security monitoring and correlation features of Splunk.• Attended 2021 Cybersecurity Symposium and gained information regarding the 2021 Cybersecurity Threat Landscape to stay up to date on the Zero Trust model and Supply Chain Risk Management.

• Provided subject matter expertise regarding cybersecurity technology integration, enterprise security architecture optimization, and incident response tool improvement, which includes the following support tasks:• Reviewed cybersecurity architecture of the facility and assessed the effectiveness of security log auditing policies, log forwarding and collection capabilities, and mechanisms used for log generation and collection.• Provided technical recommendations for improved security logging and auditing controls.• Worked directly with network infrastructure and system administrator teams to reform insufficient infrastructure and security tool configurations and controls to improve the cybersecurity posture of the environment.• Provided support in developing documentation required to satisfy all Confirmation Management requirements to make changes to existing systems and to deploy new systems into the ESOC operational environment.• Assisted with developing and improving the security logging and auditing policies for improved visibility, monitoring, and security analysis.• Reviewed the incident response tools used to support digital forensics, malware detection and analysis, endpoint inspection, incident management, and device imaging.• Provided technical recommendations and implemented improvements to address technical and procedural insufficiencies in incident response tools.• Worked directly with vendor professional service engineers to ensure security products are deployed for optional efficiency and performance.• Assessed the architecture of the enterprise, identify potential gaps in visibility, and provide recommendations for architecture improvements for increased visibility.• Conducted market research and provided recommendations on alternative solutions to increase capabilities and/or lower operational costs.• Stays up to date with current threats by attending classified security briefings, online intelligence briefings and multiple conferences.

• Architected/Stood Up Security Operations Center (SOC) and Network Operations Center (NOC)- After standing up Tools/People/Processes I acted as Team Lead of both interfacing with other team leads and the customer.• Created SOC Implementation Strategy – Wrote Implementation Plan, Timeline via: Dependency Map/Gantt Chart/MS Project.• Planned SOC Cybersecurity Strategy – Planned strategy for the SOC to lead Cybersecurity Incident Response (Splunk Enterprise Security, Sourcefire), Endpoint Security (McAfee EPO), Vulnerability Management (Tenable), Continuous Monitoring (Splunk Enterprise Security), User Behavioral Analysis (Splunk) and Log Management (SysLog).• Attended Splunk Live/Splunk Analytics SIEM Workshop – Attended vendor event to create relationships and to increase knowledge with Splunk and Splunk ES SIEM.• Performed Gap Analysis – Discovered existing tools and processes, discovered shortcomings and provided suggestions to improve organizational security.• Became Proficient With New Security Tools – Researched and self-studied unfamiliar tools and became proficient to optimize and use.• Wrote Justification Documents - Justified a SOC Space that is used by the SOC/NOC Team. • Splunk/Splunk Enterprise Security – Optimized tool to discard low information alerts and prioritize critical and high alerts.• Reviewed Resumes – Decided which candidates to have in for in-person interviews.• Performed Phone Screens and In-Person Interviews – Initial screens for applicants and conducted in person interviews and decided which candidates would be extended job offer.• On-Boarded New SOC/NOC Employees – Introduced new employee to coworkers, worked with teams to gain access and computer hardware for new employee.• Planned NOC Processes - • Created Presentations – Created PowerPoint presentation to senior government leadership to give progress and project status.• Gained Certified Splunk Admin Certification.

• Splunk Enterprise– Created custom dashboards, queries and alerts to monitor networks and servers.• Splunk Enterprise Security (ES) SIEM – Created security dashboards, queries and alerts to keep a view of the security events and network.• Splunk Professional Services – Worked with Professional Services for 5 weeks to optimize Splunk configurations in our environment.• Tenable SecurityCenter - Nessus Vulnerability Scanner - Configure, and monitoring of security vulnerabilities and system configurations.• Attended Development and Operations Meetings – Attended and gave security opinions and suggestions to keep software and network secure.• Dell Sonicwall Firewall (UMA) – Reviewed daily logs and completed security investigations of intrusions/attacks.• Cisco ASA Firepower – Reviewed daily logs and completed security investigations of intrusions/attacks.• Mcafee Vulnerabilities Scanner – Scanned and created reports for compliance and security suggestions.• Created Scanning Schedule/Program - to optimize performance and keep with best practices.• Provided Security Guidance to Operations, Network, and Development teams to create and implement software with best security policies.• Evaluated and wrote Security Reports for new software and new versions to be used on department networks.• Splunk Training and Certifications:Splunk Certified User CertificationSplunk Certified Power User CertificationSplunk Fundamentals I – TrainingSplunk Fundamentals II – TrainingSplunk Data Administration – TrainingSplunk Using Splunk Enterprise Security – TrainingCertified Splunk Admin CertificationArchitecting Splunk Enterprise – TrainingAdministering Splunk Enterprise Security – Training

• SolarWinds Log & Event Management (SIEM) - Set up, configured, real-time monitoring of security incidents and reports.• Palo Alto Firewall – Set up, configured, transferred Checkpoint FW config with real-time monitoring of security incidents and reports.• Checkpoint Firewall – Monitoring and Creation of rules for both incoming and outgoing traffic to core firewall.• SecurityCenter (Nessus Vulnerability Scanner) – Installation, configuration, monitoring of security vulnerabilities for two networks.• Bromium Virtualization-based security - Deployment, management of policy and end clients.• Belarc BelManage System Management - Installed and configured daily vulnerability and software/hardware version tracking. • McAfee Epolicy Orchestrator (EPO) - Management of Mcafee Antivirus programs-agent, virusscan, definitions.• Python and Bash Scripting – Automating repetitive tasks to make cyber security decisions more efficient and effective.• VMware ESXI - Installed/Configured ESXI and VMs (Linux Server and Windows Server).• Damballa – Monitoring Advanced threat protection for enterprises, C&C and data exfiltration protection. • Stealth Watch - Monitor and get into details on network alarms and traffic analysis .• Active Directory – Created/Managed Domain Groups and Users.• PDQ Deploy/Inventory - Remote patch install/removal, fix file vulnerabilities, system administration.• Windows Server Update Services (WSUS) - Administration adding computers, changing groups and policies.• SQL Server Management Studio - Installed/Configured - Run queries, update database schema. • HPE ProLiant DL380 Gen9 Server – Installed/Configured – Set up RAID Levels and networking.• CISCO and DD-WRT VPN Client and Server – GRE, PPTP, L2TP.• Ivanti Patch (Shavlik) – Software patch and update scanner and distribution. Evaluated, deployed, updated recommended.

• McAfee Epolicy Orchestrator (EPO)-Set up and managed server on Windows Server. • McAfee Agent systems - Set up and managed Centos Linux machines.• DISA HBSS, Security Manager and Nessus scanner - Installed, configured and operated.• SCC Automated Vulnerability scanner - Configured and used as well as manual verification checks for vulnerabilities of Linux Systems.• Linux Administration- Created and managed user accounts and file permissions for basic users.• Enterprise Mission Assurance Support Service (eMASS) DIACAP management- POAM entry and management.• Worked with software vendors to close security controls and document process.• Engineering/Documentation tasks for vendor software to gain IATO.

• Coordinated/Managed test teams through check out and problem solving during NIE (Network Integration Event) 13.2 test event.• Network Worthiness Accreditation – Scanned, tested and filled out documentation for completion for Army test equipment.• Managed and engineered the process of collecting network data from Army Test Systems.• Tripwire - Installed and managed enterprise intrusion detection systems.• Installed and managed system monitoring software during a network test.• DISA STIG (Security Technical Implementation Guide) Hardened Linux and Windows server and client Operating Systems.• Designed and managed Virtualized test environment for proprietary network data collection.• CISCO IOS - Configured Cisco 2960 switches needed to capture network traffic.• Software integration and test of developmental software at common control node at various locations• Designed and Implemented local security protocols for securing Windows and Linux operating systems and software.• Hardware Testing at Electromagnetic Interface lab radio frequency.• IA CCB creating and implementing policy changes.

• IA Team lead creating and implementing policy issues.• Supported system documentation, inventory during certification/accreditation process for a new system/network to meet DIACAP requirements.• DISA (Defense Information Systems Agency) STIG (Security Technical Implementation Guide) Linux and Windows Operating Systems (server/client).• Monitored user access and periodically reviewed logs.• Windows Firewalls configured inbound/ output rules.

• Served global clients as Tier II Technical Support.• Troubleshot disk array and server hardware cases.• Answered calls and completed support tickets for different user problems.• Communicated with other co-workers to formulate solutions to users’ problems.• Obtained training in Unix/Solaris/Linux Operating Systems• Obtained training in Sun Microsystems Disk Hardware and Software• Applied interpersonal communication skills in working with other Sun Microsystems employees and global clients• Trained setting up and using array management software: Veritas Volume Manager, Common Array Manager (CAM), SANtricity, and Solaris Volume Manager (SVM)

• Applied people skills in interacting with application developers who were writing and debugging applications in Visual Basic• Installed beta software on a test server that keeps track of problems users encounter with software• Wrote and entered documentation for new software applications• Attended department meetings with topics ranging from bi-weekly staff meetings to software planning decision meetings