Research and develop threat detection content on EDR, SIEM, and SOAR products to identify potential cyber incidents to the Geico network. Proactively tune existing detection content to minimize false positives and maximize CSIRT analyst capabilities. Manage detection content documentation using the Alerting-Detection Strategy (ADS) Framework to facilitate ease of analysis. Proactively validate detection content for efficacy and fidelity before deployment. Build SIEM/SOAR automation content to expedite the incident response process.

Provide support for projects that enhance the Sony SOC’s ability to detect and respond to threats. Lead log onboarding engagements with Sony business units for monitoring critical assets. Research, design, and implement ideas that will improve the overall Sony monitoring effort. Produce and maintain Splunk dashboards and other tools used by the Incident Response team. Represent the SOC’s interests at cross-department project meetings. Perform log reviews, making sure that security data is fit for use in the Sony monitoring program

Perform security monitoring and incident response investigations on Sony’s Global enterprise network, spanning several hundred countries and multiple business units. Analyze security events and provide remediation recommendations for thousands of attacks against Sony users and systems across multiple domains, including network, host, email, and cloud. Assume a leadership role in high impact and high visibility security incidents. Ensure the analysis phase of an incident is accurate, thorough, and efficient for other analysts worldwide. Provide quality control during the escalation and remediation phase of an incident.

Served as a last stop to the State Department's 24x7 IR team, aiding in the detection, tracking, eradication, and remediation of computer security incidents. Engaged in enterprise threat-hunting against a network of over 100,000 hosts across nearly every country in the world. Utilize intelligence reporting on the TTPs of nation state actors in order to guide the incident response, cyber defense, and hunting efforts.

Duties required include: - Performing static and dynamic analysis as well as code reverse engineering on malicious Windows portable executables, document files (MS Office, PDF), suspicious emails, and websites in order to determine the extent to which the malware was executed, the severity of the system’s compromise, and the total capabilities of the malware specimen- Developing indicators of compromise (YARA rules and IPS signatures) and providing support for incident response. - Researching current trends in malware in order to guide enterprise mitigation strategies. - Writing detailed documentation and technical reports of malware analysis findings. - Performing In-depth dead system and live memory forensic analysis on Windows workstations and servers following suspected intrusions to determine the extent of the compromise and recommend appropriate recovery and prevention methods. - Carefully following proper evidence collection, storage, and transfer best practices in order to preserve the forensic and legal integrity of computer equipment and associated data following a security incident.

Writing, analyzing, modifying, and managing threat signatures for McAfee host and network based IPS systems. Creating signatures in both McAfee syntax and Snort syntax. Reducing false positives resulting from signature triggers.Researching new threats and vulnerabilities for which to create signatures.