●Created an interview process, from reviewing resumes, to technical questions and slides presented to candidates.●Improved operational efficiency by communicating with the internal team to design a more streamlined ticketing and alerting process.●Lead a team of 8+ analysts and coordinated with 3+ engineers.●Integrated the Cyber Threat Intelligence team and the Security Operations Center to work closer together.●Assisted in developing cost–effective monitoring solutions for clients, to monitor alerts and important data.●Designed a content development program to enrich the SIEMs and alert potential of managed clients.●Taught the team to explain security findings in terms of risk and potential impact.●Designed playbooks and various standard operating procedures and established an assisted personal development of analysts working under me.●Reduced risk by finding security misconfigurations involving password misusage, SMB, HTTP, and other protocols.●Used Wireshark to hunt threats and misconfigurations in depth and discovered 15+ incidents.• Attained ATO by meticulously aligning and implementing security controls according to NIST Special Publication 800-171 (NIST 171) standards, and guided other departments within a clients environment to do the same. • Collaborated with cross-functional teams to implement necessary security measures, conduct security training, and fortify cloud products (AWS, Azure, Wiz) for full NIST 171 compliance. • Spearheaded the implementation of advanced threat detection mechanisms within cloud environments (AWS, Azure, Wiz) to proactively identify and respond to potential security breaches, aligning with NIST Special Publication 800-171 controls for enhanced risk mitigation. • Maintained continuous monitoring and improvement of cloud security measures to sustain compliance with NIST 171 requirements post-ATO. • Spearheaded the creation and development of a highly efficient cloud incident response team from scratch.

●Monitored and analyzed HTTP and SSH traffic on a honeypot to identify potential cyber threats and vulnerabilities.●Analyzed captured network traffic to identify attacker tactics, techniques, and procedures (TTPs) and reverse-engineered malware and other tools used by attackers.●Collaborated with other security professionals to investigate and respond to threat actor behavior and developed and maintained expertise in emerging threats, vulnerabilities, and security technologies.●Communicated complex information clearly and effectively by creating reports, blog posts, and other communications to share information and recommendations with the broader security community.●Maintained a self-motivated and independent work style, while being comfortable working in a fast-paced and dynamic environment.

●Identified and analyzed cyber security incidents to determine the nature and scope of the incident and the appropriate response.●Led or participated in incident response activities, including containment, investigation, remediation, and reporting, to ensure the security and integrity of the bank's systems and data.●Collaborated with other security professionals to implement security measures and develop incident response plans to prevent future incidents.●Maintained knowledge of emerging threats and vulnerabilities and developed and implemented strategies to address them.●Ensured compliance with regulatory and legal requirements related to incident response and reporting, while communicating complex information clearly and effectively to leadership.

●Analyzed over 200 alerts a day in the largest healthcare provider in the United States, estimated at over 900,000 endpoints.●Worked closely with the content development team to develop a process to deal with large scale log4shell injection attempts.●Built custom dashboards and developed extremely detailed Splunk queries to optimize workflow and minimize time spent per investigation.●Prevented the spread of ransomware, and other malicious activity and performed Incident Response in tools such as CrowdStrike, Tanium, and Splunk.●Reviewed alerts in a large variety of cloud products such as AWS, GCP, Azure, and Prism.

●Used tools such as Splunk Enterprise Security, Splunk Phantom, and various FireEye products to identify malware, phishing campaigns, and data exfiltration.●Designed a forensics script using PowerShell and Sysinternals to safely gather endpoint information for malware analysis.●Used threat hunting techniques to discover large misconfigurations, command & control activity, and insider threat cases.●Performed various investigations surrounding web applications on healthcare.gov using Akamai.

●Utilized various Security Information and Event Management (SIEM) environments to monitor over 35 clients alone on shift. These SIEMs included AlienVault, Splunk, ELK, LogRhythm, and QRadar.●Performed client health checks to determine broken log sources. This task involved reviewing logs and event data to identify anomalies and inconsistencies that may indicate a security breach or issue.●Managed AWS and Azure resources and source code related to an IoT certificate generation project.