Stephen Lincoln Email and Phone Number

- Automate detection engineering pipelines to map AttackIQ content to detection frameworks such as Sigma and YARA- Develop internal and opensource machine learning/LLM cybersecurity applications- Develop attack simulations mapped to MITRE ATT&CK to emulate real-world adversaries and the latest TTPs with Python- Assist customers in creating customized attack simulation use cases and reporting for various security controls & SIEMs such as Crowdstrike, Palo Alto, Cylance, Windows Defender, Splunk, etc.- Research adversaries and TTPs to ensure AttackIQ platform stays up-to-date with latest attacks from threat actors across different verticals- Identify, develop, and communicate potential improvements and new features to the AIQ platform based on internal testing and customer feedback- Perform internal red team exercises to improve and validate AttackIQ security posture

Responsibilities include, but not limited to:- Direct lead/manager for Cyber Threat Analytics Cell team- Increase threathunting capabilities across clientbase for NuHarbor Security- Track various threats/APT trends across clientbase and develop new detection methods around data- Research new threat groups, 0days, IOCs, and exploits to provide immediate detection capabilities across client base- Utilize machine learning and user & endpoint behavior analytics (UEBA) to expand detection capabilities and reduce noise- Provide direct support and development goals to CTAC team members, and help team members achieve company and personal goals.- Ensure success of the CTAC team, as well as NuHarbor security and its clientbase- Improve efficiency and detection capabilities across clientbase- Act as senior knowledge resource for Splunk and general security monitoring & data sources- Lead incident response efforts across clientbase- Automate investigations, processes, and threat hunting with SOAR to improve SOC efficiency and detection capabilities- Map attacks, TTPs, detections, reports, and threat intelligence to MITRE ATT&CK- Manage and maintain threat intelligence/SOAR platform- Create visualizations and reporting around attack metrics to provide clear, actionable data and recommendations to management teams at client organizations

Responsibilities include, but not limited to: - Installation, configuration, and administration of Splunk deployments for various clients - Development, implementation, and tuning of detection capabilities for SOC in Splunk. - Development of Spunk apps and dashboards for security monitoring/metrics - Incident response support via Splunk - Increase maturity of SOC and threat detection capabilities - Recommend security appliances and controls to clients based on security event/log review in Splunk- Mapping detections, events, and reporting to MITRE ATT&CK Framework

Utilizing machine learning in Python, Julia, and Lisp to model and manipulat biological processes and systems

- Create Security Applications website to host applications used by the security team and other members of ITS with PHP, Javascript, and Python - Splunk Administration and monitoring, including managing users and roles, log ingestion, dashboard creation for various ITS staff and security team, and analysis of logs in Splunk for security events - Working with law enforcement officials to provide evidence and analysis for criminal activity and life safety events, as well as maintaining chain of custody for ensuring integrity of admissible evidence - Performing vulnerability scans as well as in-depth penetration tests on various University networks and systems- Incident response and analysis for remediating and containing compromised systems and applications utilizing Rekall, Volatility, F-Response, and a wide variety of other security tools - Installing and maintaining MFA software on ITS critical systems and creating scripts to automatically install MFA on RHEL systems - Managing and rewriting firewall policies to improve University’s security posture - Advising ITS and University staff and faculty on how to implement solutions to enhance security posture in various areas - Creating and managing NetFlow plugins with Perl and Python for alerting on suspicious network activity for botnets, data exfiltration, and network scanning - Managing student employees, including teaching security tools and concepts, and delegating tasks appropriately - Sponsor for UConn School of Engineering Senior Design competition where team of students built framework for automatic threat detection and incident response (placed 3rd overall)