Security engineer within the EPP team at Amazon.

Building out the next generation insider threat and traditional detection engineering solutions.

Built detection, hunt, and content development for a tech/telecommunications Insider Threat team. Developed the strategy to build a detection platform on top of ES Splunk without native UEBA. Prioritized and facilitated data onboarding based on insider threat kill-chain. Used advanced dashboard building within Splunk to allow for faster response times and made it easier to find the bad.

Closely worked with Fortune 500 company to understand and document Incident Response and Monitoring processes. Built Incident and Monitoring cyber fusion center blueprint. Assisted in building Incident Response runbooks. Researched knowledge management solutions to determine best courses of action. Coordinated runbook consolidation into OneNote to mimic future ServiceNow solution for knowledge management. Built monitoring runbook.

Responded to potential threats within a commercial client’s network through monitoring of security alerting portal. Investigated and triaged potential incidents using open-source intelligence (OSINT) and Cyber Threat Intel. Coordinated escalation and response actions within the network. Led large-scale removal of potentially malicious or exploitable software from systems on the network. Assisted in the development of a knowledge management system on Confluence. Coordinated fusion processes between Incident Response, Cyber Threat Intelligence, Threat Defense Operations, Tier 1 Monitoring, Vulnerability Management, and Team leads. Built scripts and logic to automate metric gathering to allow for enhanced awareness of inter and intra-team efficiency and overall mean time to respond for a large pharmaceutical client.

Created advanced Splunk knowledge to coalesce data sources within environment for better user attribution. Developed insider threat dashboards within government clients network to detect possible insider threats. Utilized INSA, CERT, and NIST frameworks to develop use cases. Performed hunt and monitored Splunk dashboards to detect possible insider threats.

Performed retroactive hunt and triage within confidential clients network. Utilized client systems to triage alerts. Analysis incorporated the use CrowdStrike’s endpoint tool, RSA’s Security Analytics tool, and open source intelligence (OSINT) collections. Used the information from the platforms to create tickets detailing facts about the connection type, destination reputation, network anomalies. Leveraged a local Splunk installation to provide visibility and correlations on traffic obtained from the PaloAlto firewalls.

Developed standard operational procedures (SOP) for client. These SOPs included response to SQL injection attacks, data exfiltration, malicious IP investigation, and critical systems takedowns, empowering the client to triage and respond to security and network incidents. Developed Splunk queries and data correlations to allow real-time alerting and hunting.

Developed multi-threaded python tool to enable Tier 1 cyber threat intelligence (CTI) analysts to better perform their job through automation of web scraping and reporting metrics, optimizing resources spent on a managed service activity by reducing total time spent from three hours per day to fifteen minutes per day. Monitor Splunk alerts for potential threats, and take necessary actions. Review log information from Splunk and escalate ticket dependent on information reviewed. Investigate other proprietary sources of information from Splunk dashboards to determine if action is needed. Stay up to date on major security blogs and news sites for new threats and vulnerabilities. Assist in forensic investigations. Build out tools to enable Tier 1, 2 and 3 analysts to better perform their hunting.

• Researched drones and live aerial mapping systems to determine market and products for live aerial mapping, including live video overlays, with team of 6 other interns• Programmed Graphical User Interface (GUI) interface for combining live video feed with a mapping overlay to provide customer with a competitive and cost effective product using multiple languages including: Python, Java, and C++• Coordinated the Graphical User Interface, Video Processing, and Hardware groups’ single visions into a unified project which was executed and delivered for the SIG Booz Allen internship• Presented final prototype to 200+ Booz Allen Hamilton employees and interns, offering a creative and cost effective solution