• Consistently monitoring and working on alerts generating on Splunk• Investigating, analyzing, and processing phishing email alerts from IronPort and FireEyeEX following standard operating procedures.• Assisting in creating Splunk dashboards to capture all customized logs generated by systems and applications.• Evaluating and processing Web Site Review Requests from internal users to accessblocked websites using OSINT tools.• Assisting in creating new use cases and performing SOC testing• Creating and updating SOC run books as required.• Performing endpoint investigations using Endpoint security tools• Investigating attachments and links for imbedded malware using FireEye ETP, IronPort and Threat Grid• Giving client recommendations on how to securely resolve escalated issues.• Training new employees on how to handle investigations and safely deal with phishing emails.• Developing follow-up action plans to resolve reportable issues and communicating with other IT teams to address security threats and incidents accordingly.• Escalating incidents to tier 3 and incident response analysts for further analysis.• Supporting Incident Response till resolution following Standard Operation Procedures (SOP)• Prioritizing and differentiating between potential intrusion attempts and false alarms.• Assisting with the development of processes and procedures to improve incident response times, analysis of incidents, and overall, SOC functions.• Responding to computer security incidents by collecting, analyzing, preserving digital evidence, and ensuring that incidents are recorded and tracked in accordance with organizational SOC requirements.• Using McAfee DLP to protect intellectual property and ensuring compliance by safeguarding sensitive data.• Analyzing email logs to confirm malicious emails were not delivered or are quarantined and malicious attachments dropped.• Monitoring and analyzing network traffic, Intrusion Detection Systems (IDS), security events

• Monitored the local threat ops channels/SIEM/AV/DLP Policy violation consoles and notifying the client/stakeholders of any suspicious/malicious activity within agreed SLA timelines.• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), sniffers and malware analysis tools.• Performed security operations, abuse detection, incident management, reverse engineering, security analysis and testing.• Generated daily Tableau queries and present daily, weekly, and monthly cyber findings to clients.• Utilized Dynatrace to monitor client IP space tracking security events with internal applications looking for suspicious activities.• Conducted security vulnerability and risk assessments using social engineering to identify system liabilities and develop remediation plans and security procedures.• Followed the investigation, track and analyze advanced persistent threat (APT) groups, cyber threats and security reporting and open source intelligent (OSINT).• Recommended security standards to management.• Captured suspicious emails going to external senders from our internal users whose email was flagged for ethical red flags or certain words configured to be.• Utilized Symantec endpoint tools to determine if embedded links within incoming emails are malicious.• Facilitated as well as actively participated in critical incident management.

• Submitted recommendations to improve the efficient use of the system and respond to special requests for system data.• Resolved employees related technical software and hardware problems.• Performed timely workstation hardware and software upgrades.• Maintained and updated system files necessary to control all aspects of system operations and access.• Installed, tested, and configured new workstation peripheral equipment and software.• Troubleshooted IT Incidents reported by employees and supervisors. • Educated new employees on how to prevent or minimize cyber security attacks.• Compiled daily database reports to identify possible vulnerabilities.• Ensured compliance with internal and external email safety standards.• Ensured organizational compliance with information security programs.• Assigned users and computers to proper groups in Active Directory