• Developed playbooks for implementing 5G networks and AI with a focus on Threat Detection/Threat Hunting• Apply Threat Hunt methodologies to conduct specific hunts (i.e. IOC, crown jewel, MITRE) by querying/analyzing multiple data sources leveraging SIEM (Splunk) and EDR (CrowdStrike) solutions.

• Utilize EDR (CrowdStrike) and Cloud (Azure) solutions to conduct malware analysis, host and network, forensics, log analysis, and triage in support of incident response.• Presented investigation findings and technical reports to client CISO and leadership on weekly meetings.• Performed forensic investigations for high level intrusions using Magnet Axiom• Assist Threat Hunt to perform queries and identify IOCs observed within the environment and taking appropriate Incident Response actions (mitigation/remediation).• Developed SOPs for various investigation types and trained analysts on how to perform the investigations.• Collaborated with various teams (Hunt, Engineering, Help Desk, etc) for investigating/remediating events.

• Served as the SOC Lead, which involves running the daily SCRUM, responding to clients/customers, and assisting the junior analysts with investigations and day-to-day operations/decisions.• Presented SOC metrics and noteworthy investigations to client leadership weekly – CTO, Security Director, etc.• Investigate security events, leveraging tools such as EDR with FireEye, McAfee suite, Splunk, and Palo Alto to identify, verify, and respond to malicious activity, utilizing the Cyber Kill Chain to classify activity.• Perform IR duties by reviewing Tier 1 + Tier 2 investigations and providing feedback, identifying root cause and taking additional actions where necessary (i.e. blocking IOCs). • Identify trends by looking at “the bigger picture” to submit tuning requests or identify campaigns.• Identify areas of improvement within the SOC and lead training sessions to better junior analysts as well as updating SOPs to ensure processes are efficient and update to date.

• Monitoring multiple SIEM's (ArcSight and Splunk) to investigate security events.• Creating and tuning SIEM content in the form of rules, dashboards, queries, and reports.• Responsible for maintaining knowledge on current threats and cyber related incidents throughout the world• Led daily stand ups with the client and collaborated with the client during investigations/incidents. • Served as the primary on-call for a federal client 24/7 for Incident Response and assisting junior analysts.• Responsible for covering the whole security stack from escalation to resolution while gathering, and collaborating with, the correct IT teams to remediate issues.

• Provisioned/de-provisioned, and modified user accounts/security groups across various clinical applications, and Active Directory, to ensure that the appropriate individuals have the necessary access (while adhering to HIPAA)• Analyzed proxy and IDS logs (websense, TrendMicro DDI) as part of the Incident Response Plan to identify, contain, and remediate issues by blocking domains and explicit URLs via Cisco ASDM.• Reviewed and assisted with remediating vulnerabilities based on scan reports from Nessus performed on servers and desktops at GWUH. • Performed audits on accounts regularly to make sure access is limited (investigating account lockouts, new accounts via LogRhythm SIEM). • Assisted Security Manager upgrade and implement new version of Anti-Virus (TrendMicro).• Performed email header review to determine legitimacy of an email (phishing, social engineering, drive by downloads etc.).

I was responsible for providing solutions to clients' technical issues and troubleshooting client devices while making sure they properly secure their information and accounts. I also informed clients of potential security risks if data/devices were not secure.