Research IOCs provided by other DOE departments or gathered from open source intelligence to determine if they are malicious. Search network traffic for hits. Block IOCs that are determined to be malicious.Process unblock website requests for federal customers as well as contractors. Determine if the site requested is malicious and would pose a threat to the network if accessed. Provide security recommendation to federal management for approval.Gather information and file reports for lost/stolen devices, PII compromise, attempted intrusions and reconnaissance activity.Assist with tuning of Vectra Threat Detection implementation. Investigate events, determine if legitimate or false positive, and provide recommendations on whether to mark as fixed or triage to prevent future events from triggering.Attend weekly SOC calls with CISA to learn about new threats and vulnerabilities. Perform research on links provided for any necessary actions.Create and track tickets through Service Now, Bugzilla and Kanban boards. Keep detailed notes for team members or management to review when needed.Assist 24x7 desk personnel with monitoring email for requests, training new hires, and additional research when needed.Conduct research and queries using Bro, Nitro, Palo Alto and Splunk to analyze traffic and make determination on any action that needs to be taken.

o Use QRadar to monitor and manage offenses, including add relevant notes based on research findings, analyze payloads and activity contained in offenses and search user data. Run queries on activity for specified items, based data pulled from offenses or requests from other departments. o Conduct research and analysis on activity and data using numerous sources including Anomali ThreatStream, Spamhaus, DNSLytics, Cisco Talos, VirusTotal, among others. Use this information to identify cyber threats and anomalies. Take necessary action to mitigate risk o Use data gathered to perform vulnerability and malware analysis. Use network security tools to block malicious IPs on Firewall and Cisco IPS and block malicious URLs using ForcePoint Proxy based on findings from analysis. Collaborate with Advanced Threat and Threat Intelligence teams if vulnerability or malware appears to be severe or widespread. o Begin CIRT protocol if there is believed to be an active attack. This includes opening and conducting a technical bridge, alerting management, and working with cyber and technical teams to isolate and mitigate the threat. o Use Resilient to track progress on incident response. This includes update any new users assisting in the research process, add notes and attachments for further understanding. Create new tickets based on queries and requests from management and other departments. Close tickets once the event is considered to be a false positive or resolved. o Use Symantec Endpoint Protection Manager to run scans on company systems that have possibly been compromised. Use Symantec Data Loss Prevention to determine if sensitive data was sent to a personal email or downloaded onto USB drive. o Use tools such as Cisco Firepower Management and Stealthwatch to monitor IPs that have a heavy amount of activity, and do further research on IPs that appear to be malicious in nature.

o Identified and referred products and services to customers based on needs uncovered during conversations.o Managed five employees, including making schedules, delivering and maintaining disciplinary action, holding monthly progress meetings, and providing weekly feedback on teller goals.o Provided transactional training, as well as full training to new tellers.o Worked closely with Operations Coordinators and upper management to facilitate a high-profile branch merge.o Created and maintained Excel spreadsheets to track data in multiple areas.o Ensured the branch was up-to-date on current operations standards and was able to pass annual branch audit, as well as quarterly observations.