Chicago, Illinois, United States
A highly analytical and critical-thinking cybersecurity professional currently seeking new opportunities, with extensive experience in security operations, incident response, and threat analysis. Adept at managing day-to-day security monitoring, threat detection, and risk mitigation to strengthen an organization’s overall security posture. Proficient in implementing and operating cybersecurity tools, EDR, and SIEM solutions (Splunk, Microsoft Sentinel, QRadar), as well as secrets management to enhance threat detection and response. Skilled in analyzing security events, performing SIEM product administration, and conducting periodic vulnerability assessments to identify and mitigate risks. Experienced in handling incident response for security alerts from multiple sources, including IPS, web security, endpoint protection, and event logs. Strong track record in educating employees on security awareness and best practices to foster a security-conscious workforce. Recognized for effective communication and collaboration across all organizational levels to drive security initiatives. Passionate about threat intelligence, forensic analysis, cloud security, and proactive threat hunting to safeguard critical assets. Now looking to bring this expertise and dedication to a new role where I can continue to grow and contribute to a team’s success. Some of the areas where I really excel include: Security Analysis Project Management Risk Assessment & Mitigation Network Design & Analysis Penetration Testing Vulnerability Management Information Gathering Reporting & Documentation Linux, Python, PowerShell
Operate in a global 24/7 SOC (in-house and outsourced), monitoring AWS and Azure environments using Microsoft Sentinel. Analyze logs and SIEM alerts to detect threats, respond to security incidents, and investigate anomalies. Integrate threat intelligence feeds, perform vulnerability assessments, and collaborate on remediation efforts. Maintain documentation and provide reporting on security incidents, trends, and overall cloud security posture.
• Responsible for working in a global 24x7 Security Operation Center (SOC) environment which consists of an in-house and outsourced SOC. • Monitor Cloud infrastructure for security events, anomalies, and suspicious activities. This includes reviewing logs, alerts, and other relevant data from cloud service provider (AWS – Microsoft sentinel –Microsoft Azure…) • Identify unauthorized access, data breaches, or other malicious activities and respond promptly. • Integrate threat intelligence feeds into the security monitoring process. Stay informed about the latest threats and vulnerabilities relevant to the organization cloud environment. • Analyze logs generated by cloud services, applications, and infrastructure components. Correlate information to identify patterns or indicators of compromise. • Conduct vulnerability assessments and ensure that cloud assets are regularly scanned for vulnerabilities. Collaborate with other teams to prioritize and remediate identified issues. • Provide regular reports on security incidents, trends, and the overall security posture of the cloud environment. Maintain documentation for incident response procedures and security configurations.
Determine enhancement within processes, procedures, policies, staffing, training, and tools to optimize efforts and daily operations. Adapt skills and approaches to effectively secure cloud environment. Understand cloud-specific security challenges, and staying informed about cloud service provider offering, and implementing best practices for securing cloud assets. ● Analyze and track the cyber threat landscape, including identifying and investigating cyber threat actors and their activities to enhance cyber security posture. ● Perform security monitoring, security event triage, and incident response using SIEM solutions. Analyze alert patterns to provide recommendations for policy improvement. ● Create content (queries, dashboards, reports, etc.) in security tools like Splunk SIEM, DLP & others. ● Respond to daily security incidents following established incident response methodology. ● Ensure continuous improvement of security operations processes and procedures. ● Conduct incident response activities as appropriate including triage, root cause analysis, kill chain analysis, escalations, notifications, and communication with the relevant parties. ● Perform threat hunting across the network for proactive detection of anomalous events and possible intrusions/attacks.
Responded to network-related trouble calls. Utilized software management tools to keep track of network's health. Implemented network-related maintenance, operating system upgrades, install new applications, server upgrades, and installations. Supported Senior Network Specialist in testing new technologies and techniques, maintained accurate records of network components, server, configurations IP address schemes, network schematics and drawings, and disaster recovery activities as well as managed backup images and documentation of recovery methodology.