Performs Cyber Systems Design and Implementation Procedures for a DoD Enterprise NetworkCompiles sensors for Virtual Intrusion Detection SystemsCreates and Reviews A&A Documentation Performs Site Surveys for New Network Sensor Implementation and Tap PlacementCompiles and Configures Linux-based Tools and Servers for Intrusion Detection Performs Research and Engineering Activities for Security Operations Center Management

Reported daily SOC activities to management level personnel at the SEC SOC Directed daily tasks for the SEC SOC shift as requiredCreated and implemented incident response, forensic, and cyber analysis processes Created standard operating procedures for required SOC activitiesMonitored security devices for intrusion attempts, vulnerabilities, and exploitsPerformed forensic analysis on live systems for malware investigations Configured proxy settings for allowance or disallowance of web trafficAnalyzed network packets (PCAP data) for anomalies or malicious attemptsConfigured data loss prevention settings for PII leakage or compromiseResearched different and new types of malware, phishing emails, and exploitsEnsured hosts were compliant with authorized software and up-to-date patches Examined host logs and events for host level intrusion and exploit attempts

Worked in a DoD CERT as an Incident Responder & Watch Analyst to detect, prevent, and analyze compromised systemsMaintained network flow collection, analysis, and notification system log collection, correlation, and analysisAnalyzed alerts from IPS/IDS and other host-based and network based detection systemsDetected suspicious and malicious file typesWrote detailed reports of analysis for trackingPerformed packet data analysisEnsured hosts are compliant with authorized software and up-to-date patches Regularly researched different and new types of malware, phishing emails, and exploitsPerformed basic computer forensic analysis on files and compromised systemsEvaluated and remediate findings from vulnerability scans in a multi-platform, enterprise environmentTechnical knowledge of IP networking, networking protocols and related technologiesPerformed product evaluations, recommend and implement products/services for network securityProvided first level investigation to determine if the anomalies are false positive or require further investigationProvided first level troubleshooting and report findings to the tool maintenance personnelIdentified enterprise level trends using log dataRecommended improvements to process and infrastructureContinuously evaluated emerging external information security incidents to maintain situational awareness and apply lessons learned to current procedures

Performed quality assurance testing of ESX servers and RAID drivesVerified component requirements based on network architecture in accordance with network and system requirementsConducted Pre-Acceptance Testing of configured units using various network devices which include CISCO routers and switchesAnalyzed system hardware and software for potential failures using tools and proceduresReplaced defective device components and reassessed for system readinessProvided input for hardware integration into production systemsAssisted management team and customers with maintenance, troubleshooting, updating, and managing of the STG Internet website based on evolving goalsProvided technical written procedures to support program requirementsAnalyzed network traffic using tools such as Ethereal and Wireshark