Requests
0
480
Keep in touch with meI'm using Intch to connect with new people. Use this link to open chat with me via Intch app
Work Background
ADTCyber Security Content Developer
Jul. 2024Chattanooga, Tennessee, United StatesCustom Content Development: • Design and build custom playbooks and workflows in Cortex XSOAR to automate incident response processes. • Develop Python-based integrations to connect third-party tools and APIs with Cortex XSOAR and XSIAM platforms. • Create tailored dashboards, reports, and data visualizations to address specific organizational and security needs. • Incident Response Automation: • Implement automated enrichment workflows to streamline threat investigation. • Develop reusable scripts to automate repetitive SOC tasks and improve operational efficiency. • Enhance incident detection and response capabilities through custom solutions. • Collaboration and Design: • Partner with SOC teams and other stakeholders to understand automation requirements and translate them into actionable deliverables. • Provide technical guidance on best practices for automation and content customization. • Quality Assurance and Testing: • Validate and test custom playbooks, integrations, and scripts to ensure reliability and effectiveness. • Debug and refine existing workflows to improve performance and address new requirements. • Documentation and Knowledge Sharing: • Document all custom content, including scripts, workflows, and integrations. • Provide training and support to SOC teams on the use of developed content and automation. Qualifications: • Proficiency in Python coding, with a focus on API integration and scripting. • Hands-on experience developing content for Cortex XSOAR and/or XSIAM. • Strong understanding of security operations, incident response workflows, and automation use cases. • Excellent problem-solving and collaboration skills.
Unemployed at this timeUnemployed
May. 2024 - Jul. 2024
UNCOMNSenior Cyber Security Engineer
Nov. 2021 - May. 2024O'Fallon, Illinois, United StatesCustom XSOAR Playbook Development
Create custom API integrations using Python for XSOAR
Work with department leads to develop processes for automation Architect, Develop and Train for Azure DevOps onboarding
Client facing interaction and project management responsibilities.
Acted as a SME for assisting on completing objectives on a NIST assesment.
Lead a team of two for risk remediation efforts and content development
SynchronyFirewall Security Administrator
Jan. 2021 - Nov. 2021Alpharetta, Georgia, United StatesArchitect migration from ASA port based rules to Palo Alto application based rules.
Define NIDS security profiles and determine which firewall rules will have NIDS on them based on security risk and tolerance for failure.
Setup and manage Palo Alto web content filtering
SynchronyCyber Security Content Developer
Jan. 2020 - Nov. 2021Alpharetta, Georgia, United StatesSplunk ES Content Development:
Create and tune Splunk ES detection rules in line with the business requirements.
Create intermediate to advanced dashboards for various groups in the Information Security department as requested. Palo Alto XSOAR Playbook Developer:
Develop automated playbooks that is requested by the business, in a development to production environment. This includes working closely with the business unit that requested it at all stages of the development life cycle to ensure consistency with the expectation. Symantec DLP Policy developer:
Develop DLP policies based on use cases that the business provides, ensure that all rules are tested first then enabled into production and consistent with the original use case. Palo Alto NGFW Security Administrator:
Develop Palo Alto security profiles based on business need and work with the firewall team to apply them to specific firewall rules.
Analyze proposed firewall rules and determine which rules would require Palo Alto IPS or IDS profiles based on risk of the rule, submit recommendations to the firewall team. Prisma SaaS policy developer:
Develop DLP policies for cloud based business assets to ensure DLP events are alerted on and triaged. G-Suite Security:
Mature the security posture of the cloud based G-Suite environment to ensure DLP, access control and SIEM logging has been established and is not interrupted.
Suncoast Credit UnionInformation Security Engineer
Jan. 2018 - Jan. 2020Tampa/St. Petersburg, Florida AreaForcePoint DLP Engineer and Administrator:
Support the DLP environment and address any server related issues that would arise to ensure stability and uptime of the platform.
Create DLP policies and content to support business need. Forcepoint Web Content Gateway Engineer and Administrator:
Support the environment and address any server related issues that would arise to ensure stability and uptime of the platform.
Address any web category issues or troubleshoot proxy related website issues with the business to resolution. Securonix SIEM Engineer, Analyst and Content Development:
Support the infrastructure, create data modules of on boarded security syslogs into the SIEM.
Normalize syslogs to ensure consistency of field parsing using regular expressions (regex).
Develop SIEM and UBA rules based on business need. Darktrace Network Forensic Administrator:
Analyze and tune data models to maintain high fidelity alerting. Create new data models based on requirements and ensure it has a low false positive rating. Carbon Black Endpoint Security Engineer and Administrator:
Ensure 99% of all endpoints has endpoint protection installed and enabled.
Tune EDR policies to ensure low false positive rating
Troubleshoot EDR issues to resolution with the business. Cyber Security Incident Response:
Assist with IR processes and procedures when needed Security Software Deployment Administrator(SCCM):
Deploy security software to the company when required. Demisto (XSOAR) Engineer:
Supported the Hybrid environment and ensured high availability of the XSOAR on premises engine.
Tuned XSOAR playbooks
Assisted in development of XSOAR playbooks
Enhanced playbook functionality when the opportunity presented itself.
Worked with third party support to create new playbooks. Azure Security Engineer:
Assisted on the initial implementation of Azure security in the environment.
BlueCross BlueShield of TennesseeCyber Security Engineer
Aug. 2017 - Jan. 2018Chattanooga, Tennessee AreaTwo factor authentication Administrator
Application Security Administrator
IT Risk Remediation Coordinater
Splunk Operational Support
Private FirmData Loss Prevention implementation Specialist
Jun. 2017 - Aug. 2017Chattanooga, TennesseeProvide strategic planning and deployment of small, medium and large scale implementations, upgrade, and customization of Symantec Data Loss Prevention services.
The Depository Trust & Clearing Corporation (DTCC)Cyber Security Analyst
Jul. 2016 - Jun. 2017Tampa/St. Petersburg, Florida AreaPerform day to day monitoring of information security appliances, including reviewing, analyzing and interpreting cyber-alerts and events from various systems to identify cyber intrusions or data loss,
• Escalate confirmed suspicious events and / or system compromises for review and follow-on escalation for containment, eradication, and recovery, • Services monitored include, but are not limited to SIEM, IDS/IPS, Firewall, Cloud Environments, and Data Loss Prevention (DLP) SMTP and Web. • Performing static analysis on phishing emails and associated malware, • Conduct tuning engagements with security engineers to develop/adjust SIEM rules and analyst operating procedures, • Create and implement standard operating procedures and processes to help streamline investigations, daily monitoring and analysis research to ensure all analysts are effective and following the same guidelines, • Keep abreast of emerging cyber threats and vulnerabilities to maintain situational awareness and apply lessons learned to current procedures, • Perform content development for new alerting within different tools to include development, testing, and documentation • Perform host based forensics using Fire Eye HX. • Participate in Red Team / Blue Team exercises to test cyber defenses. • Utilize Wire Shark to perform packet capture analysis Conduct insider Risk investigation via various security tools working with various departments.
The Depository Trust & Clearing Corporation (DTCC)Data Loss Prevention Admin / Engineer
Jan. 2015 - Jun. 2017Tampa/St. Petersburg, Florida AreaProvide onsite Symantec ™ DLP technical service and support to a Large Enterprise customer base. Provide guidance, recommendations, best practices, etc. for DLP operations, update rules and reports as needed.
Tune DLP policies as needed.
Liaise with Symantec Support, Engineering, Product Management, and other areas within Symantec.
Provide single point of contact and hands-on escalation and remediation for
critical issues.
Provide regular status reports for critical incidents, projects and proactive services.
Highly motivated with the ability to work with limited supervision in a
highly competitive environment.
Consult with clients to identify requirements for security engagements.
Associate technical security controls with security programs, policies and frameworks.
Excellent problem solving and troubleshooting skills.
Utilize Symantec Enterprise Vault Discovery Accelerator for legal searches as needed.
Monitor communication on enterprise mobile devices
Manage a team of two Data Loss Prevention analysts
Built the DLP team from the ground up.
Build response rules and escalation workflow as needed by management
Used Q-radar to monitor user web-usage and to analyze payload information.
PharMericaSystems Security Specialist
Jan. 2014 - Jan. 2015Tampa/St. Petersburg, Florida Area● Provision accounts across multiple systems the company uses including active roles.
● Maintain McAfee Web Gateway appliance for web access issues to business related sites.
● Maintain user access to Microsoft CRM and troubleshoot access issues.
● Run daily termination reports and de-provision and delete accounts for terminated employees
● Run daily name reconciliation reports to maintain unique user names across all systems for each employee.
● Export outlook pst files for terminated employees and archive the data at a offsite storage location per company policy.
● Collect company owned equipment from terminated employees and archive the data on them and process chain of custody forms accompanying the returned equipment.
● Perform after hours on call availability with other specialist on a two weeks a month rotation for critical after hours security issues.
● Analyze security incident tickets sent over from the Help Desk and resolve the issue within the determined SLA.
● Process security request for access to NTFS share folders for various users in the company.
● Adjust share folder NTFS permissions based on business needs.
● Troubleshoot iSeries user account access and permissions issues.
● Maintain and meet project deadlines for various IT Projects
● Provision SAP user accounts and troubleshoot access issues
● AS400 Security
● SAP Security
● Dayforce Security
● CRM Security
● Active Directory Access Management
● SOX Audit
PharMericaIT Helpdesk
Mar. 2013 - Jan. 2014Provide front line support for all PC desktop technology and host computer skills
• Prioritize and analyze customer’s requests, referring problems or concerns to a Customer Support Analyst.
• Responsible for providing Peer Review feedback throughout the year for the Service Desk Staff in a timely and professional manner.
• Ensure compliance with Service Level Agreements.
• Assign help desk cases to the appropriate group as defined in the IT Service Level Agreement escalation procedures
• Follow up with support staff and with customer to ensure timely and satisfactory issue resolution.
• Provide basic personal computer troubleshooting and defined resolution support.
• Log and track all calls, emails or faxes using the Help Desk automated software management tool therefore maintaining historical reports on individuals and issues.
• Maintain Help Desk automated software management tool by updating contact and product records
• Communicate System Problems/Downtime to team members in a timely manner.
• Maintain compliance with Help Desk work instructions, processes and procedures.
• Recognize and report to management any trends requiring customer notification, training needs or procedure enhancements.
• Receive a minimum 95% rating from PharMerica end users for service provided (Customer Survey Results) as defined by the Help Desk KPI.
• Works with multiple IT Department Employees to transition trouble tickets while maintaining total contact ownership with the end user or customer, following up on incident tickets with the appropriate functional technician/engineer if the call cannot be resolved at first contact.
• Resolve a minimum of 75% of calls taken as defined by the Help Desk KPI.
• Works with PharMerica IT Support Representatives and Management to perform approved changes to End User systems as needed to resolve IT issues, and recommend approved system modifications to reduce future End User service interruptions.
GalactekMedical Helpdesk Analyst
Oct. 2012 - Mar. 2013Brooksville FLAssist private practices in troubleshooting and assistance in the Eclipse EHR software program, as well as setting up their network to work with eclipse.
Educate users on HIPPA laws
Intch is a Professional Networking App for the Future of WorkSee more people like Kevin on Intch
300k+ people
130+ countries
AI matching
Get Intch if you'd like to
453430 people
18
Technologist, Project/Program Manager
24
Data Scientist Intern @ Newell Brands
16
Program Manager @ DISH Network
25270 people
17
Major Crimes Det/CFCSI (Ret.) Business Owner, MBA @ CID / U of A / Rahbuilds.com
16
Programmer @ Castro Studios
23
Director