Los Angeles, California, United States
• Developed advanced detection logic using KQL within Microsoft Sentinel to identify complex lateral movement patterns which successfully reduced the organization's mean time to detect critical security threats by over thirty-five percent. • Utilized SIEM integrations and basic automation concepts to streamline high-volume alert triaging which helped eliminate manual repetitive tasks and improved the security operations center efficiency. • Conducted host-based analysis using CrowdStrike Falcon to neutralize malware variants while ensuring all incident documentation met strict NIST incident response lifecycle reporting standards. • Engineered secure cloud architecture transitions by implementing AWS GuardDuty and identity-centric Zero Trust policies which effectively mitigated unauthorized access attempts and secured sensitive data assets. • Lead proactive threat hunting operations by mapping internal telemetry against the MITRE ATT&CK framework to uncover hidden visibility gaps and proactively deploying Sigma rules. • Managed comprehensive vulnerability management lifecycles using Nessus and Qualys to prioritize critical CVEs based on exploitability risk scores which resulted in a consistent twenty-five percent reduction in the total attack surface.
• Monitored enterprise-wide security events via Splunk SIEM to perform real-time correlation and alert triage while maintaining a ninety-nine percent accuracy rate in distinguishing between benign activities and genuine security incidents. • Facilitated regular internal control audits and user access reviews to ensure continuous compliance with ISO 27001 and SOC2 standards while collaborating with cross-functional teams. • Executed detailed network traffic analysis using Wireshark and Zeek to identify anomalous protocol behaviors and potential exfiltration attempts which secured the internal corporate network. • Performed technical phishing investigations by analyzing email headers and malicious attachments to develop custom YARA rules that blocked coordinated social engineering campaigns. • Created specialized Python scripts to automate the parsing of diverse firewall and proxy logs which significantly accelerated the identification of malicious indicators of compromise. • Collaborated on the deployment of multi-factor authentication and privileged access management solutions to enforce strict segregation of duties and strengthen identity security.