- Reviewed and analyzed security data within the SIEM and network traffic such as full packet captures and/or Netflow data in order to detect traffic anomalies, identify infected systems and threat actor related activity based on known tactics, techniques, and procedures.- Monitored various security blogs, alerts and notifications, RSS feeds and forums in order to keep abreast of the latest security news, attacks, threats, vulnerabilities and exploits.- Created content feeds to detect malicious traffic based on known or detected indicators of compromise.- Created automated log correlations in Splunk, ELK, or a similar tool to identify anomalous and potentially malicious behavior.- Acted in concert with Cyber Threat Intelligence to understand threats and to determine what risk these threats present to the client. Incorporated CTI findings into threat hunting activities and workflow.- Contributed to incident response teams, maintaining relevant communication in emails, ticket summaries, analysis and reporting. Worked with Incident Handlers to provide recommendations for remediation of compromised systems and any relevant counter-measures.- Contributed to the development of advanced threat actor profiles unique to clients and based upon analysis of acquired malware samples and incident artifacts.- Reviewed, created or documented standard operating procedures, recommendations, project specific documents and resource guides as needed.

- Authored analytical reports in support of Nationally tasked missions and detailed reports based on technical review for senior leadership.- Analyzed and reverse-engineered complex malware samples using dynamic and static analysis techniques. Tools included IDA Pro, Ghidra, x64dbg, x32dbg, PEStudio, InetSim, the SysInternals Suite, Kali, REMnux, Volatility, and others.- Utilized forensics tools such as FTK and Autopsy to identify and investigate compromised devices.- Designed and implemented signature-based intrusion detection and prevention methodologies to detect malicious activity with tools such as Yara and others.- Demonstrated understanding of advanced malware techniques such as self-defending malware, polymorphic malware, rootkits, exploit kits, ransomware, and memory-resident malware.- Participated in meetings and provided ad hoc briefings with internal and external customers, other government agencies, and Foreign SIGINT partners to advise, support, and collaborate with NSA representatives.***(Case Number: RES-2023-04843)***

- Performed advanced analysis of collection and OSINT data to discover high-value targets, maintain target continuity, and profile target techniques, tactics, and procedures.- Conducted intelligence analysis using a variety of Intelligence Community tools and databases in support of gathering data from targets and adversary networks.- Conducted real-time analysis of incoming network traffic to identify potential threats. Regularly used tools such as Snort, Wireshark, and Kibana.- In depth knowledge of TCP/IP, HTTP/HTTPS, DNS, FTP, and other network protocols.- Created an OSINT Threat Discovery process to proactively search for emerging threats.***(Case Number: RES-2023-04843)***

· Spearheaded network analysis and cybersecurity operations, ensuring theprotection of sensitive information and communications integrity.· Led a team of eight military members, contractors, and civilians in detectingand neutralizing cyber threats.· Conducted in-depth analysis of network traffic, identifying vulnerabilitiesand recommending critical system improvements, resulting in enhancednetwork resilience.· Collaborated with cross-functional teams to develop and implementinnovative cybersecurity strategies, safeguarding Navy computer networks andDoD Systems from potential cyber-attacks.· Successfully managed and maintained secure communications systems tosupport critical national security objectives.· Trained and mentored junior Sailors, providing comprehensive knowledgetransfer and fostering a culture of continuous learning and development.