Develop content for a complex and growing Splunk infrastructure by combining the collection, management, and analytics capabilities/ correlation of the different data-sources: IDS, Proxy, DNS, FireEye and email logs.Create, enhance, and continuously improve an integrated set correlation searches, reports, dashboards, in response to new threats.Develop processes for application use by all Splunk users.Perform threat research/analysis in order to enhance SOC rule sets.Automate and Integrate threat intelligence from commercial vendor and other government agencies.Review and analyze escalated security events, logs, network traffic to identify security incidents. Products include Splunk SE, Crowdstrike, proofpoint, Swimlane, Mandiant MSV, Sourcefire, Palo Alto IDS, Bluecoat...

Researched new cyber threats, actors, and technologies that impact Raytheon Customers and proactively hunt for malware in different customers’ environments.Correlated threat data from various sources. Conduct research and evaluate threat intelligence to develop in-depth analysis and assessment on threats to critical networks and infrastructure components.Reviewed alerts generated by detection infrastructure for false positive alerts and tune alerts as needed.Assisted VSOC engineers creating ArcSight, Splunk ES, RSA Analytics, Sumo Logic, Qradar and IDS content in response to customers’ needs

Reviewed and analyzed escalated security events, logs, network traffic to identify security incidents. Products include ArcSight SEIM, McAfee NSM, TippingPoint, McAfee ePo.Performed triage to validate and prioritize potential security incidents and false alarms.Followed up and provided recommendation on the remediation steps needed for incident processing.Created and fine-tuned ArcSight Active channels, filters, trends, dashboards, queries, queries viewers, drill-downs, and field sets in order to enhance the SOC detection mechanism.Performed threat research/analysis in order to enhance SOC rule sets.Managed an internal CIF (Collective Intelligence Framework) environment and ensured the different Intel logs are properly updated.

Provide expert information and network security services supporting the U.S. Department of Homeland Security (DHS Onenet) SOC. Create, deploy and monitor IDS/IPS/SIEM rules for emerging threats.Monitor and analyze security events, logs, network traffic, registry values, processes, and file names to identify security incidents. Products include ArcSight SEIM, FireEye, Sourcefire, Enterasys Dragon, BigFix, Fidelis XPS, NetWitness, Encase Forensic and others.

Monitor network traffic via Intrusion Detection Systems (IDS), Security Information Event Management (SIEM) to identify security related events.Perform triage to validate and prioritize potential security incidents and false alarms.Created shell scripts and ArcSight rules to automate the detection of malicious logic and intrusions in Juniper and PIX firewall log data.