Professional Documents
Culture Documents
US Citizen
Contact: 214-875-6618 Email: njihenry9@gmail.com
EXPERIENCE SUMMARY:
• Over the past 5 years, I have worked in the field of Information Technology as
Information Assurance Analyst and as Security Operation Center (SOC) Analyst.
• My skill sets revolve around networking, Threat Intel, Endpoint protection and
monitoring as well as data loss prevention using different SIEM tools.
• I have experience in utilizing SIEM tools to monitor/analyze incidents and work with
stakeholders to resolve incidents and escalate incidents when necessary following
policies and procedures.
• I possess a deep understanding of hacker techniques, vulnerabilities, attacks and
countermeasures.
CERTIFICATION
CompTIA Security+, Splunk Fundamental I & SCRUM MASTER
EDUCATION
PROFESSIONAL EXPERIENCE:
Technalink, Inc. ( Dept. of Labor) 5/2020 to Present
Security Operation Center (SOC) Analyst
• Analyze, investigate and process Malicious/Phishing Email alerts from IronPort and
FireEye following standard operation procedure.
• Contribute to security strategy and security posture by identifying security gaps, evaluate
and implement enhancements.
• Prioritize and differentiating between potential intrusion attempts and false alarms.
• Assist with the development of processes and procedures to improve incident response
times, analysis of incident, and overall SOC functions.
• Provide Incident Response (IR) support when analysis confirms actionable incident.
• Strong working knowledge of network security monitoring and incident response, good
written and technical communications skills.
• Provide continuous monitoring of Security defenses and functions for the Agency.
• Provide triage analysis and initial preventive response in significant incidents including
basic response analysis, quarantine and escalation.
• Assessing the security impact of security alerts and traffic anomalies on customer
networks.
• Creating comprehensive security write-ups which articulate security issues, analysis and
remediation techniques.
• Analyzing and escalating security incidents to clients and stakeholders both written and
verbally.
• Responding to technical security questions and concerns from clients.
• Maintain a strong awareness and understanding of the current threat landscape.
• Conduct research on emerging security threats and potential customer impact.
• Provide incident data gathering, quality control and validation of required data via tickets.
• Correlate data analysis from different sources for escalation or validation.
• Prepare and maintain SOPs for triage and escalation of most common types of incidents.
• Escalate cybersecurity incidents to Tier 3/CSIRT for further forensic analysis.
• Detect and track critical and high vulnerabilities and Verifies and validates remediation.
• Use Splunk Enterprise Security (ES) to monitor and investigate alerts from different data
sources.
• Use Cisco Stealth watch to provides continuous real-time monitoring and pervasive
views into network traffic.
Duties included:
• Provide 24/7/365 real-time monitoring of security tools, dashboards, and email alerts.
• Provide continuous monitoring of Security defenses and functions for the Agency.
• Provide triage analysis and initial preventive response in significant incidents including
basic response analysis, quarantine and escalation.
• Assessing the security impact of security alerts and traffic anomalies on customer
networks.
• Creating comprehensive security write-ups which articulate security issues, analysis and
remediation techniques.
• Analyzing and escalating security incidents to clients and stakeholders both written and
verbally.
• Responding to technical security questions and concerns from clients.
• Maintain a strong awareness and understanding of the current threat landscape.
• Conduct research on emerging security threats and potential customer impact.
• Provide incident data gathering, quality control and validation of required data via tickets.
• Correlate data analysis from different sources for escalation or validation.
• Prepare and maintain SOPs for triage and escalation of most common types of incidents.
• Escalate cybersecurity incidents to Tier 3/CSIRT for further forensic analysis.
• Detect and track critical and high vulnerabilities and Verifies and validates remediation.
• Use Splunk Enterprise Security (ES) and QRADAR to monitor and investigate alerts
from different data sources.
• Use Cisco Stealth watch to provides continuous real-time monitoring and pervasive
views into network traffic.
• Conduct forensics and investigations as needed using security tools such as Splunk,
FireEye, Cisco IPS, OSINT, etc.
• Use Cisco Sourcefire/Firepower to monitor and investigate SourceFire alerts.
• Perform incident response to investigate and resolve computer security incidents.
• Lead, perform, review or track security incident investigations to resolution.
• Analyze and resolve DLP alerts from McAfee DLP Manager, escalate cyber privacy
incidents to the Privacy Team.
• Process Daily Threat Intel and blocking malicious MD5 hashes, IPs and Domains
following standard operation procedure.
• Process Web Site Review Requests using McAfee Web Gateway GUI to grant temporal
Web Access to users within the Company to websites that are being blocked for security.
• Use Splunk to search and analyze email logs to confirm malicious emails were not
delivered.
• Develop follow-up action plans to resolve reportable issues and communicate with other
Analysts to address security threats and incidents.
• Review and process accidental disclosure requests following standard operation
procedures.
• Analyze, investigate and process Malicious/Phishing Email alerts from IronPort and
FireEye following standard operation procedure.
• Contribute to security strategy and security posture by identifying security gaps, evaluate
and implement enhancements.
• Prioritize and differentiating between potential intrusion attempts and false alarms.
• Assist with the development of processes and procedures to improve incident response
times, analysis of incident, and overall SOC functions.
• Provide Incident Response (IR) support when analysis confirms actionable incident.
• Strong working knowledge of network security monitoring and incident response, good
written and technical communications skills.
TECHNICAL SKILLS
• Security Technologies:
• FireEye, IronPort, Sourcefire, McAfee Web Gateway, Splunk, Cisco Steathwatch, O365,
Proofpoint,Cylance,QRADAR,Cisco Threat Grid,Cisco ePO Manager,McAfee DLP,
Nessus Security Center, Nmap, Wireshark, IDS/IPS; Log Management, Anti-Virus
Tools; (Norton, Symantec).
• Operating Systems: Unix-Based Systems (Solaris, Linux); Windows.
• Networking: VPNs, Routers, Firewalls, TCP/IP
• Software: MS Office (Word, Excel, Outlook, Access, PowerPoint)
• Ticket Systems: Archer, Outlook, Remedy & JIRA
• OSINT: URLVOID.COM, VirusTotal.com, zscaller.com etc.