Provided expert-level consultation for SOC security tool initiatives in Orange County, encompassing new security tool acquisition, implementation, testing, and delivery.Designed and implemented a comprehensive SIEM diagnostic and tuning standard, significantly enhancing the SOC's monitoring capabilities by improving visibility into the SIEM's health. This process also facilitated the identification of potential gaps in logging, enabling proactive measures to ensure comprehensive security coverage.Worked closely with the Sr. SAIC Program Architect to deliver strategic security program guidance, aimed at enhancing Orange County's overall security posture.Manage SOC Tools team personnel, projects, and security program agendaFacilitate an open collaborative environment while promoting productivity and quality standardsRepresent SAIC for the security tools posture to C-level client executives during the transition and operational phases of the contract

Operational support of all security tools, including advanced administration, configuration and tuning LogRhythm SIEM and all associated data sourcesResponsible for shift staff attendance, End of Shift (EOS) reports, and turn overFollow the security incident lifecycle to completion including investigation, response, and follow-up actionsGuiding and training Tier 1 AnalystsDevelop advanced SIEM correlation rules to detect new threats

Perform deep dives in SIEM dashboards and channels to discover new threats that are currently beyond current SIEM AI Engine detection capabilitiesAssist in content development and data enrichment efforts to enhance the analyst’s threat hunting effortsMonitor the impact of deploying new content to the health and performance of the SIEMCreate technical documentation around the content deployed to the SIEM

Identify security threats and investigate incidents to meet defined service level agreements (SLA)Document all activities during an incident and provides leadership with status updates during the life cycle of the incidentUnder general supervision, monitor, replay, and interpret events using SIEM technologies, LogRhythm

Identified and classified key threats to client's network environments through log collection and aggregation.Providing Tier I support for remote clients via digital artifact collection for suspicious events and/or network traffic involving indications of compromise (IOC)Initial TriageTriage of daily host-based events for threats, potential intrusions and false positives via Kibana log analysis and leveraging of proprietary softwareRecognize patterns or inconsistencies that could indicate complex cyber-attacks

-Participated in the DevOps cycle with a focus on IT and Q&A by providing operation specific insights while also hunting and isolating bugs for our client facing applications-Delivered technical support using proven troubleshooting steps to identify, isolate, and remediate technical issues-Responsible for evaluating the security posture of computers and networks in accordance to PCI-DSS-Configured firewall and router rules to ensure the security of the network.-Recovered corrupted transaction data through SQL database table manipulation

-Efficient handling of maintenances and testing for network architecture and interconnectivity systems which successfully solved 90% of technical concerns-Strategic oversight of all aspects of the entire system which effectively helped 100% success rate of various operations-Point of escalation for issues related to Network and Hardware components-Developed and implemented technical and physical security controls to protect sensitive government data