SEARCH

Threat & Vulnerability Engineer Resume Example

Resume Score: 90%

Love this resume?Build Your Own Now
THREAT & VULNERABILITY ENGINEER
Career Overview
Threat & Vulnerability Engineer Threat & Vulnerability Engineer with over 12 years of experience and expertise in Information Technology including monitoring network-based IDS/IPS technologies and incident response for government contract information systems. Proven record using security technologies including Intrusion Detection and Prevention Systems (IDS/IPS), Security Information and Event Management tools (SIEM), Antivirus, Network Packet Analysis, TCP/IP, Incident Handling, Forensics, etc. Ability to determine appropriate response action(s) required to mitigate risks that may impact the network security posture and work independently on large-scale projects with a sense of urgency in a fast paced, high stress support environment.Extensive experience working with diverse customers and communicating technical concepts to non-technical audiences. A quick learner with the proven ability to learn new systems and concepts.
Qualifications
  • Intrusion Detection and Monitoring
  • Incident Response
  • Packet Capture and Analysis
  • Excellent written and verbal communication skills
  • Bachelor's Degree Information Technology
  • Multiple operating systems (Windows, *nix, OSX)
  • Threat Intelligence Analysis
  • Event correlation
  • Certificate in Information Systems
Accomplishments
  • Security Applications/Tools: IDS/IPS, Anti-Virus, HIPS, Full Packet Capture/Analysis, Host-based and Network Forensics, multiple McAfee products (NSM, ePO, MEG, DLP, and Nitro), Snort, ArcSight, Splunk, Netflow, TCPDump, Wireshark, Websense, Mandiant Incident Response (MIR), Vulnerability Scanner, Netwitness, Bro, Security Onion, Kali, NMAP, FTK, and numerous other commercial/open-sourced penetration testing, forensics, and security related applications and toolsets.
  • Operating Systems: Windows XP/Vista/7/8, Windows Server 2003/2008/2012, Linux, UNIX, OSX.
  • Networking: Packet capture and analysis, LAN/WAN, TCP/IP, UDP, FTP, etc.
Work Experience
Threat & Vulnerability Engineer, 06/2015CurrentLYONDELL BASELL INDUSTRIESHouston, TX
  • Created more than [Number] monthly inventory reports, sales reports and accounting reports. Developed an easy-to-use application in [Software Program] that allowed users to request new software and update inventory tables. Analyzed complex computer systems to assess vulnerability and risk. Identified, reported and resolved network security violations. Acted as primary contact for computer hardware and software problems, as well as network emergencies. Analyzes threat intelligence (e.g.
  • actors, hack tools, exploits, malware, etc.) and determine techniques, tactics, and procedures (TTPs) of Threat Actors, including detailed technical analysis of the TTPs.
  • Maintains knowledge base of current security threat level by monitoring related Internet postings, Intelligence reports, and other related documents as necessary.
  • Correlates security events into "use cases" that are implemented into the monitoring and analysis process.
  • Pro-actively and reactively monitors Intrusion Detection and Prevention Systems (IDS/IPS) and Security Incident Event Manager (SIEM) alerts for actionable events and advises other team members of Indicators of Compromise.
  • Created customized Splunk dashboards to analyze logs and other security events to find targeted attacks against network based assets.
  • Act as the primary first responder and conduct a preliminary analysis of the events before classifying them as an incident.
Security Analyst, 01/201506/2015DEFENSE POINT SECURITY Stennis Space Center, MS
  • Actively monitors Intrusion Detection and Prevention Systems (IDS/IPS) and Security Incident Event Manager (SIEM) alerts and conducts preliminary analysis of tool-based alerts before classifying them as an actionable event or incident requiring escalation to the incident response team.
  • Differentiate between a significant event, a true positive, or false positive by analyzing system logs, network data, etc., and other attack artifacts in support of incident investigations.
  • Perform Network traffic analysis and capture of Netflow, IDS, and other sensor traffic using industry standard tools (TCP Dump, Wireshark, etc.) to identify suspicious or potentially malicious network behavior and/or infected systems.
  • Proficiently use Splunk to analyze logs and other security events to find targeted attacks against network based assets.
  • Responsible for training, mentoring, and developing the skill sets of less senior team members.
  • Provided leadership and direction while being an escalation point for less senior team members.
Focused Operations Analyst, 01/201401/2015SOULTIONS BY DESIGN II/ASAP RESOURCESStennis Space Center, MS
  • Digital Forensics/Incident Response) Performed Tier-IV incident response, handling, and analysis of security events and incidents per established documentation as needed, including SOPs and directives.
  • Detect unauthorized devices through network and log-centric analysis in a multiple operating system environment (Windows, *nix, OSX ) while maintaining familiarity through virtualization.
  • Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention Systems (IDS / IPS) and forensic tools.
  • Knowledgeable of Computer forensics concepts and procedures, investigations, collections, evidence handling, analyzing and preserving digital evidence and live response techniques to include file-system analysis and carving.
  • Analyzed and researched information from variable sources while utilizing commercial and open source toolsets to gain awareness of potentially suspicious activity.
  • Produced and delivered monthly performance metrics/reports of incident trends based on classification and priorities.
  • Performed shift lead duties while providing leadership and direction to less senior team members.
  • Maintained and enhanced the documentation standard for discovery and reporting of malicious tactics, techniques, and procedures.
  • Created and maintained security incident and event procedures and reports.
Security Operations Center Analyst, 09/201201/2014KFORCE/CSCStennis Space Center, MS
  • Created and maintained event and incident identification, response and handling procedures to isolate and investigate potential information system compromises.
  • Conducted investigations to understand the root cause of the incident and recommended and perform appropriate remediation plans.
  • Actively monitored Intrusion Detection and Prevention Systems (IDS/IPS), conducted traffic analysis, incident handling and remediation process through expert analysis, which included escalation to the senior members of the incident response team if required.
  • Performed and evaluated vulnerability and network scans with Nessus and interpreted results, also analyzed and reported on contractual Service Level Agreements to management while ensuring operating systems are in compliance with baseline standards.
  • Utilized industry standard tools to monitor Antivirus Definitions, Intrusion Detection Systems alerts, Security Incident Event Manager (SIEM) alerts, and for rouge/unauthorized wired and wireless devices in a multiple operating system environments.
  • Performed Tier I & II incident response/handling for security incidents/events.
IT Support Specialist II, 06/201109/2012ARCATA ASSOCIATESStennis Space Center, MS
  • Provided mid-level IT customer support by diagnosing and troubleshooting of computer hardware and software issues via telephone, web inquiries, and e-mail to over 30,000 NASA customers.
  • Displayed strong understanding of general IT architecture infrastructure, web application, and internet security along with an understanding of common operating systems, networking protocols, database, and application development.
  • Supported end users Public Key Infrastructure (PKI) requests, Entrust software/administration, RSA key fob/token distribution/administration, and Directory Resource Administration.
  • Performed password resets and domain account activations in Active Directory.
  • Utilized BMC Remedy to record and track and escalate technical issues.
  • Developed and maintained articles in knowledge based database, provided assistance in usage of business systems and applications.
Geek Squad Agent, 03/200606/2011BEST BUYHattiesburg, MS
  • Performed software/hardware upgrades and maintenance in accordance with standardized procedures.
  • Diagnosed and analyzed issues on customer systems including component testing and repair.
  • Utilized and maintained computer repair priority tracking system, reduced customer return time to less than 48 hours, 24 hours below the district standard saving over $800 a day in labor Expenses.
  • Provided ongoing advice and guidance to less experienced staff members.
  • Handled low level administrative/technical managerial issues preventing elevation to upper management.
  • Provided IT customer support and service to new and returning customers, included development and implementation of solutions for issues.
Airfield System Technician / System Administrator, 07/199309/2010UNITED STATES AIR FORCELuke AFB, AZ
  • Managed staff of eight Airfield System Technicians while performing the duties of Non-Commissioned Officer in Charge.
  • Served as main technical support point of contact to 15 squadron computer system administrators and over 700 end-users of all levels including system set up software and hardware diagnostics including replacing and repairing system components.
  • Managed Automated Data Processing Equipment account that consisted of 302 PC's with a total value of over $1.5 Million while maintaining an uptime of 99 percent for two years.
  • Created and tested automated help desk database, ensured 100 percent accountability of over $48k of IT equipment in less than two hours.
  • Developed, tested, and implemented computer/printer repair tracking process which reduced equipment downtime from 14 to 3 days.
  • Promoted from Functional System Administrator to Client Support Administrator Supervisor increasing responsibility from 150 users to over 700 users and an increase of 275 PC's.
  • Developed and distributed training aides on server management policies and procedures ensuring 100% compliance and understanding.
  • Saved unit over $35k by diagnosing system problems and replacing faulty parts on out of warranty equipment.
  • Designed training program for unit computer managers on using Microsoft's System Management Server, reduced customer wait time by 30 percent.
  • Performed testing of standardized desktop configuration (SDC) implementation on all unit computers before prior to Air Force wide implementation.
  • Saved unit over $5k by performing self-help project, wired and connected 12 additional LAN drops, ensured short notice deployments laptops were fully patched and compliant at all times.
  • Deployed hard drive cloning device, reducing the network ready time of a new system from three hours to less than 45 minutes saving 282 man-hours during a refresh of 125 desktops.
  • Developed training plan and materials used by new Airmen on a daily basis, increased proficiency, enabling them to work unsupervised 2 months earlier than projected.
Education and Training
2015CAPELLA UNIVERSITYMinneapolis, MN, United StatesBachelor of ScienceInformation TechnologyInformation Technology
2012UNIVERSITY OF ADVANCING TECHNOLOGYTempe, AZ, United StatesNetwork SecurityNetwork Security
2006ESTRELLA MOUNTAIN COMMUNITY COLLEGEAvondale, AZ, United StatesCertificate of CompletionLinux System Administrator
Publications
Certifications: Security+, A+, Network+, CEH, CNDA, GCIH, CISSP
Skills
Active Directory, administrative, Air Force, Analyst, Antivirus, application development, business systems, hardware upgrades, computer hardware, hardware, computer repair, customer support and service, customer support, Client Support, Data Processing, database, desktops, direction, documentation, e-mail, Event Management, Functional, hard drive, help desk, IDS, Information Technology, internet security, LAN, laptops, leadership, Linux, managerial, materials, mentoring, Windows, monitors, Network, Networking, operating systems, operating system, PC's, policies, printer repair, protocols, repairing, reporting, Service Level Agreements, Supervisor, System Administrator, system analysis, technical analysis, technical support, telephone, troubleshooting, verbal communication skills, Excellent written, articles
  • Sales Software: Salesforce.com, TapScan
  • Public Relations Software: Bacon's Mediasource, Factiva
  • Desktop Publishing Software: Photoshop, Illustrator, HTML
Build Your Own Now

DISCLAIMER

Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.

Resume Overview

Companies Worked For:

  • LYONDELL BASELL INDUSTRIES
  • DEFENSE POINT SECURITY
  • SOULTIONS BY DESIGN II/ASAP RESOURCES
  • KFORCE/CSC
  • ARCATA ASSOCIATES
  • BEST BUY
  • UNITED STATES AIR FORCE

School Attended

  • CAPELLA UNIVERSITY
  • UNIVERSITY OF ADVANCING TECHNOLOGY
  • ESTRELLA MOUNTAIN COMMUNITY COLLEGE

Job Titles Held:

  • Threat & Vulnerability Engineer
  • Security Analyst
  • Focused Operations Analyst
  • Security Operations Center Analyst
  • IT Support Specialist II
  • Geek Squad Agent
  • Airfield System Technician / System Administrator

Degrees

  • Bachelor of Science Information Technology
    Network Security
    Certificate of Completion Linux System Administrator