+ Familiarity with security detection frameworks such as MITRE ATT&CK, Lockheed Martin Cyber Kill Chain, and NIST.
+ Working knowledge of common enterprise technologies and their logging capabilities including firewalls, Active Directory, antivirus/EDR, IDS/IPS, and web proxies.
+ Experience writing Regular expressions (RegEx)
+ Programming/scripting in Python, PowerShell, Bash, Javascript, and Java.
+ Ability to read and understand logs from various sources.
+ Advanced knowledge of writing SPL/KQL queries and investigating alerts in Splunk, ArcSight, and Microsoft Sentinel.
+ Windows/Linux/Docker/ESXI/AWS administration.
+ Understanding of cyber security and IT disciplines including networking, operating systems, authentication protocols, general enterprise network architecture, and incident response.
+ Packet inspection and network traffic analysis (Wireshark, & Zeek/Bro).
+ Working knowledge of CI/CD Pipelines & DevOps practices.
+ Excellent writing/communication skills.
+ Ability to work and learn with limited supervision.
+ Positive and uplifting attitude!
Detection Engineer
+ Security Monitoring & Response
+ Building/tuning/modifying detections using various query languages.
+ Threat Research
+ Utilizing CI/CD pipeline to manage detection content as code.
+ Creating automations for various workflows.
+ SIEM Management
+ Data Ingestion (normalization/parsing/enrichment)
Cyber security Analyst I
+ Investigated security alerts and analyzed detected events to understand attack targets and methods using our SIEM platforms. Determined the impact of an event, conducting continuous security monitoring of the network.
+ Automated investigation tasks using PowerShell scripting
+ Created SPL queries that streamlined investigations and shared them with fellow analysts.
+ Monitored for unauthorized personnel, connections, devices, and software.
+ Assessed detection processes for continuous improvement of internal security procedures.
+ Monitored external data sources to maintain currency of threat landscape to determine which security issues may have an impact on the enterprise.
+ Communicated detected cyber security events to the appropriate parties, categorized security incidents, and escalated events as a security incident where appropriate.
Systems Administrator / Data Center Manager
+ Deployed, managed, and configured virtual machines using VMware ESXI platform, as well as SAN storage, NFS shares, datastores, and virtual networks.
+ Managed firewalls, email security gateways, WSUS server, spam filters, endpoint antivirus, content filtering proxy server, and managed other security configurations.
+ Managed organizations environment using automation, group policies, active directory, PowerShell. Managed workstations/servers (Windows and Unix/Linux systems) and provided technical support.
+ Organized Cyber security training for end users and helped develop processes and policies to contribute to the organizations security standards.
Junior System Administrator (Intern)
+ Configured Cisco Meraki firewall to block malicious IP addresses and limit frivolous bandwidth usage by company employees. Also deployed switches and routers into production.
+ Monitored email gateway for potential malicious activity & created rules to mitigate threats.
+ Managed users & permissions w/ Active Directory and provided technical support.
+ Performed new hire on-boarding orientation (Computer setup, AUP, and cybersecurity overview).