Lead Cyber Security Defense Specialist
Current-Lead NSOC team, managing operations while providing expertise and guidance-Trained all new NSOC team members-Active systems and network monitoring using Splunk for Enterprise SIEM-Configure and create Splunk reports and alerts-Configure and maintain black and white lists on the Web Proxy environment as well as monitoring of user traffic.-Configure devices to be monitored and customize monitoring capabilities of Network Monitoring Tool (Solarwinds)-Configure scan zones and conduct various internal and external scans of the organization’s networked devices by means of the Vulnerability management tool (Security Center).-Conduct internal network scans of organization’s networked devices using the vulnerability management tool (Core Impact).-Conduct analysis of files and/or organization’s networked devices utilizing Encase Forensic software.-Configuring policies, maintaining up to date rule sets and monitoring intrusion events alerted on by the ID/PS (Sourcefire).-Configuring log sources and rule sets, maintaining system software and monitoring SIEM (QRadar) offenses.-Creating reports on suspicious/malicious traffic and alerting the respective Regional Cyber Security Officer in a timely manner.-Review reports and advisories for indicators and process accordingly.-Working with a nationally distributed team and collaborating with team members as well as other internal/external customers, business partners, management, and vendors.-Deliver appropriate and accurate metrics to management.