Cyber Security Engineer
Booz Allen Hamilton
Total years of experience :14 years, 0 Months
Provide recommendations and implement changes to optimize Splunk products in the customer environment and install and configure Splunk products for clients to harden security systems by over 75%
Develop filters to aid in the identification of significant events to decrease security incidents by 80%.
Serve as point of escalation for 5 engineers and provide guidance and mentoring to enhance resolution efficiency.
Create innovative solutions to automate and reduce the timeframe for operational changes by 75% and initial installation of the security monitoring platform by 100%.
Conduct site surveys, data gathering, and research and analysis for deploying and implementing security tools.
Coordinate and conduct event collection, log management, event management, compliance automation, and identity monitoring activities on the Splunk platform to increase monitoring efficiency by over 50%.
Integrate data feeds into Splunk and perform content development to properly identify data feeding to security information and event management (SIEM) systems and correlation of events to enhance resolution efficiency.
Perform systems administration, including installation and configuration, system performance and availability monitoring, upgrades, and troubleshooting with strict attention to detail.
Installed and configured Splunk products for 2 clients, and designed, engineered, configured, and administered Splunk content to increase monitoring efficiency by over 75%.
Developed and consolidated daily Splunk metric reports, and created queries, reports, alerts, and dashboards to enhance reporting efficiency by over 50%.
Provided recommendations and implemented changes to optimize Splunk products in the customer environment.
Created process documentation for colleagues to follow proper steps in maintaining Splunk implementations.
Developed, implemented, and documented configuration standards, policies, and procedures for operating, managing, and ensuring the security of the Splunk infrastructure.
Consulted with customers to customize and configure Splunk to meet their requirements.
Maintained data loss prevention software and implemented policies and response rules based on client needs.
Delivered incident management, response, and reporting for 1 client, and tracked trends, statistics, and key figures for each assigned client to reduce security incidents by over 75%.
Wrote and developed custom scripts and programs as needed to increase system efficiency by 60%.
Analyzed a variety of network and host-based security appliance logs to determine the correct remediation actions and escalation paths for 200+ incidents per month.
Provided information regarding intrusion events, security incidents, and other threat indications and warning information to the client to increase early detection by over 40%.
Played a key role in the development of processes and procedures to improve incident response times by 80% and enhance analysis of the incident and overall security operations center (SOC) functions.
Documented all activities during an incident and provided status updates during the life cycle of the incident.
Reviewed security events populated in a SIEM system, and followed procedures to contain, analyze, and eradicate malicious activity.
Backed up the firewall, security appliance, and other security devices on a weekly basis to ensure system integrity.
Generated formal documentation such as reports, training material, slide decks, and architecture diagrams for a client to enhance operational efficiency by over 90%.
Managed and maintained government-owned virtual platforms, operating systems, and applications supporting enterprise scanning solutions, ensuring maximum system uptime.
Supported emergency response remediation services for over 100 security incidents per month.
Reviewed current incidents and determined appropriate threat levels based on the identification of current risks in the enterprise program to reduce security incidents by over 60%.
Trained over 10 information security professionals in conducting impact analysis and vulnerability analysis.
Reviewed and analyzed historical and current data from various vulnerability reporting sources to identify trends, provide information on ongoing risks and security situational awareness, and process improvements in incident response to device infections and the overall security program to increase detection efficiency by over 80%.
Aided in creating and documenting standard processes for information security professionals to analyze various vulnerability data, conduct trending and impact analysis, and consult various customers on the meaning of the data and its impact on the enterprise or their regions to decrease security incidents by over 60%.
Collected and analyzed event information and performed threat analysis in a Department of Homeland Security (DHS) SOC, to harden security by over 75%.
Monitored threats, vulnerabilities, and security control effectiveness, analyzed data collected and report findings, and determined the appropriate response to increase response times by over 75%.
Identified suspicious or anomalous events and generated security event notifications to aid in early detection.
Monitored security events; correlated information; identified incidents, issues, threats, and vulnerabilities, and determined the root cause of attack vectors.
Promoted awareness of security issues among management and ensured sound security principles were reflected in the organizations’ visions and goals.
Assisted in deployment and configuration of security software and maintained and managed assigned systems and Splunk related issues and administration.
Created and configured management reports and dashboards in Splunk for application log monitoring and assessed logs with various log management tools to determine the cause of suspicious malicious activity.
Collected and analyzed event information and performed threat analysis for the Federal Emergency Management Agency SOC, reducing security incidents by over 50%.
Conducted initial triage, categorization, documentation, and escalation for suspicious events and indicators, and intrusion detection system event monitoring and analysis, security incident handling, incident reporting, and threat analysis for over 200 incidents per month.
Monitored and analyzed network traffic and aided in the deployment and configuration of system monitoring software to enhance system security levels by over 60%.
Performed vulnerability analysis, reviewed false positives and risk acceptance requests, and provided recommendations for acceptance or denial of requests to ensure system integrity.
Developed assessments and reports for upper management to aid in decision-making activities.
Managed and executed first-level responses and addressed reported or detected incidents.
Managed the helpdesk of a DHS developed project providing support to over 2000 end users on content-related questions.
Uploaded 20 new site profiles on an as-required and when-directed basis and handled over 100 help desk phone calls and emails per day.
Identified and validated user’s qualification and provided appropriate system-level access to enhance efficiency.
Performed problem diagnosis and resolution for an internet application, and provided administrative support, including user management, to user groups.
Collected and reported on help desk statistics and assisted in deploying applications to enhance user productivity.
Performed thorough application testing using manual processes to determine any application flaws.
Under minimal supervision, provided technical software, hardware and
network problem resolution to all computer users.
•Performed question/problem diagnosis by guiding users through step-by-step solutions and clearly communicating technical solutions in a user-friendly and professional manner
•Provided one-on-one end-user training as needed
•Assisted Network Technicians; troubleshoot network printer problems. Conducted hardware and software inventory database maintenance and reporting; and performed related work as required.
•Worked with EDC Technology implementing a student information database
(CampusAnyware).
•Developed materials for end-user frequently asked questions (FAQs). Provided student mail server maintenance and support.
•Performed minor desktop hardware repair for PC computer equipment and
peripherals.
•Assisted in troubleshooting Microsoft Office products (Word, Excel, PowerPoint, Outlook, OneNote, and SharePoint).
Responded promptly to 15 management requests per week for technical assistance.
Installed and configured peripherals to ensure the proper working condition of all assets.
Completed and diagnosed over 5 projects as directed by management for complete assurance of proper functionality.
courses: Cyber Crime Investigation and Digital Forensics Monitoring, Auditing, Intrusion Detection, Intrusion Prevention, and Penetration Testing Prevention and Protection Strategies in Cybersecurity Human Aspects in Cybersecurity: Ethics, Legal Issues and Psychology Cyberspace and Cybersecurity
,