Threat & Vulnerability Engineer
Threat & Vulnerability Engineer with over 12 years of experience and expertise in Information Technology including monitoring network-based IDS/IPS technologies and incident response for government contract information systems. Proven record using security technologies including Intrusion Detection and Prevention Systems (IDS/IPS), Security Information and Event Management tools (SIEM), Antivirus, Network Packet Analysis, TCP/IP, Incident Handling, Forensics, etc. Ability to determine appropriate response action(s) required to mitigate risks that may impact the network security posture and work independently on large-scale projects with a sense of urgency in a fast paced, high stress support environment.Extensive experience working with diverse customers and communicating technical concepts to non-technical audiences. A quick learner with the proven ability to learn new systems and concepts.
Intrusion Detection and Monitoring
Packet Capture and Analysis
Excellent written and verbal communication skills
Bachelor's Degree Information Technology
Multiple operating systems (Windows, *nix, OSX)
Threat Intelligence Analysis
Certificate in Information Systems
Security Applications/Tools: IDS/IPS, Anti-Virus, HIPS, Full Packet Capture/Analysis, Host-based and Network Forensics, multiple McAfee products (NSM, ePO, MEG, DLP, and Nitro), Snort, ArcSight, Splunk, Netflow, TCPDump, Wireshark, Websense, Mandiant Incident Response (MIR), Vulnerability Scanner, Netwitness, Bro, Security Onion, Kali, NMAP, FTK, and numerous other commercial/open-sourced penetration testing, forensics, and security related applications and toolsets.
Operating Systems: Windows XP/Vista/7/8, Windows Server 2003/2008/2012, Linux, UNIX, OSX.
Networking: Packet capture and analysis, LAN/WAN, TCP/IP, UDP, FTP, etc.
Created more than [Number] monthly inventory reports, sales reports and accounting reports. Developed an easy-to-use application in [Software Program] that allowed users to request new software and update inventory tables. Analyzed complex computer systems to assess vulnerability and risk. Identified, reported and resolved network security violations. Acted as primary contact for computer hardware and software problems, as well as network emergencies. Analyzes threat intelligence (e.g.
actors, hack tools, exploits, malware, etc.) and determine techniques, tactics, and procedures (TTPs) of Threat Actors, including detailed technical analysis of the TTPs.
Maintains knowledge base of current security threat level by monitoring related Internet postings, Intelligence reports, and other related documents as necessary.
Correlates security events into "use cases" that are implemented into the monitoring and analysis process.
Pro-actively and reactively monitors Intrusion Detection and Prevention Systems (IDS/IPS) and Security Incident Event Manager (SIEM) alerts for actionable events and advises other team members of Indicators of Compromise.
Created customized Splunk dashboards to analyze logs and other security events to find targeted attacks against network based assets.
Act as the primary first responder and conduct a preliminary analysis of the events before classifying them as an incident.
Security Analyst, 01/2015 － 06/2015DEFENSE POINT SECURITY － Stennis Space Center, MS
Actively monitors Intrusion Detection and Prevention Systems (IDS/IPS) and Security Incident Event Manager (SIEM) alerts and conducts preliminary analysis of tool-based alerts before classifying them as an actionable event or incident requiring escalation to the incident response team.
Differentiate between a significant event, a true positive, or false positive by analyzing system logs, network data, etc., and other attack artifacts in support of incident investigations.
Perform Network traffic analysis and capture of Netflow, IDS, and other sensor traffic using industry standard tools (TCP Dump, Wireshark, etc.) to identify suspicious or potentially malicious network behavior and/or infected systems.
Proficiently use Splunk to analyze logs and other security events to find targeted attacks against network based assets.
Responsible for training, mentoring, and developing the skill sets of less senior team members.
Provided leadership and direction while being an escalation point for less senior team members.
Focused Operations Analyst, 01/2014 － 01/2015SOULTIONS BY DESIGN II/ASAP RESOURCES － Stennis Space Center, MS
Digital Forensics/Incident Response) Performed Tier-IV incident response, handling, and analysis of security events and incidents per established documentation as needed, including SOPs and directives.
Detect unauthorized devices through network and log-centric analysis in a multiple operating system environment (Windows, *nix, OSX ) while maintaining familiarity through virtualization.
Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention Systems (IDS / IPS) and forensic tools.
Knowledgeable of Computer forensics concepts and procedures, investigations, collections, evidence handling, analyzing and preserving digital evidence and live response techniques to include file-system analysis and carving.
Analyzed and researched information from variable sources while utilizing commercial and open source toolsets to gain awareness of potentially suspicious activity.
Produced and delivered monthly performance metrics/reports of incident trends based on classification and priorities.
Performed shift lead duties while providing leadership and direction to less senior team members.
Maintained and enhanced the documentation standard for discovery and reporting of malicious tactics, techniques, and procedures.
Created and maintained security incident and event procedures and reports.
Security Operations Center Analyst, 09/2012 － 01/2014KFORCE/CSC － Stennis Space Center, MS
Created and maintained event and incident identification, response and handling procedures to isolate and investigate potential information system compromises.
Conducted investigations to understand the root cause of the incident and recommended and perform appropriate remediation plans.
Actively monitored Intrusion Detection and Prevention Systems (IDS/IPS), conducted traffic analysis, incident handling and remediation process through expert analysis, which included escalation to the senior members of the incident response team if required.
Performed and evaluated vulnerability and network scans with Nessus and interpreted results, also analyzed and reported on contractual Service Level Agreements to management while ensuring operating systems are in compliance with baseline standards.
Utilized industry standard tools to monitor Antivirus Definitions, Intrusion Detection Systems alerts, Security Incident Event Manager (SIEM) alerts, and for rouge/unauthorized wired and wireless devices in a multiple operating system environments.
Performed Tier I & II incident response/handling for security incidents/events.
IT Support Specialist II, 06/2011 － 09/2012ARCATA ASSOCIATES － Stennis Space Center, MS
Provided mid-level IT customer support by diagnosing and troubleshooting of computer hardware and software issues via telephone, web inquiries, and e-mail to over 30,000 NASA customers.
Displayed strong understanding of general IT architecture infrastructure, web application, and internet security along with an understanding of common operating systems, networking protocols, database, and application development.
Supported end users Public Key Infrastructure (PKI) requests, Entrust software/administration, RSA key fob/token distribution/administration, and Directory Resource Administration.
Performed password resets and domain account activations in Active Directory.
Utilized BMC Remedy to record and track and escalate technical issues.
Developed and maintained articles in knowledge based database, provided assistance in usage of business systems and applications.
Geek Squad Agent, 03/2006 － 06/2011BEST BUY － Hattiesburg, MS
Performed software/hardware upgrades and maintenance in accordance with standardized procedures.
Diagnosed and analyzed issues on customer systems including component testing and repair.
Utilized and maintained computer repair priority tracking system, reduced customer return time to less than 48 hours, 24 hours below the district standard saving over $800 a day in labor Expenses.
Provided ongoing advice and guidance to less experienced staff members.
Provided IT customer support and service to new and returning customers, included development and implementation of solutions for issues.
Airfield System Technician / System Administrator, 07/1993 － 09/2010UNITED STATES AIR FORCE － Luke AFB, AZ
Managed staff of eight Airfield System Technicians while performing the duties of Non-Commissioned Officer in Charge.
Served as main technical support point of contact to 15 squadron computer system administrators and over 700 end-users of all levels including system set up software and hardware diagnostics including replacing and repairing system components.
Managed Automated Data Processing Equipment account that consisted of 302 PC's with a total value of over $1.5 Million while maintaining an uptime of 99 percent for two years.
Created and tested automated help desk database, ensured 100 percent accountability of over $48k of IT equipment in less than two hours.
Developed, tested, and implemented computer/printer repair tracking process which reduced equipment downtime from 14 to 3 days.
Promoted from Functional System Administrator to Client Support Administrator Supervisor increasing responsibility from 150 users to over 700 users and an increase of 275 PC's.
Developed and distributed training aides on server management policies and procedures ensuring 100% compliance and understanding.
Saved unit over $35k by diagnosing system problems and replacing faulty parts on out of warranty equipment.
Designed training program for unit computer managers on using Microsoft's System Management Server, reduced customer wait time by 30 percent.
Performed testing of standardized desktop configuration (SDC) implementation on all unit computers before prior to Air Force wide implementation.
Saved unit over $5k by performing self-help project, wired and connected 12 additional LAN drops, ensured short notice deployments laptops were fully patched and compliant at all times.
Deployed hard drive cloning device, reducing the network ready time of a new system from three hours to less than 45 minutes saving 282 man-hours during a refresh of 125 desktops.
Developed training plan and materials used by new Airmen on a daily basis, increased proficiency, enabling them to work unsupervised 2 months earlier than projected.
Education and Training
2015CAPELLA UNIVERSITY － Minneapolis, MN, United StatesBachelor of ScienceInformation TechnologyInformation Technology
2012UNIVERSITY OF ADVANCING TECHNOLOGY － Tempe, AZ, United StatesNetwork SecurityNetwork Security
2006ESTRELLA MOUNTAIN COMMUNITY COLLEGE － Avondale, AZ, United StatesCertificate of CompletionLinux System Administrator
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
Companies Worked For:
LYONDELL BASELL INDUSTRIES
DEFENSE POINT SECURITY
SOULTIONS BY DESIGN II/ASAP RESOURCES
UNITED STATES AIR FORCE
UNIVERSITY OF ADVANCING TECHNOLOGY
ESTRELLA MOUNTAIN COMMUNITY COLLEGE
Job Titles Held:
Threat & Vulnerability Engineer
Focused Operations Analyst
Security Operations Center Analyst
IT Support Specialist II
Geek Squad Agent
Airfield System Technician / System Administrator
Bachelor of Science Information Technology Network Security Certificate of Completion Linux System Administrator
Create a job alert for [job role title] at [location].