Cybersecurity Analyst | Red Team

• Nov 2022 - Present

• Engaged in high complexity projects involving the application of cybersecurity frameworks: ISO 27001, CIS Controls, and NIST, conducting diagnostic and maturity evaluation in information security. • Led and supervised network infrastructure penetration testing (PenTest) utilizing the Penetration Testing Execution Standard (PTES) methodology. • Executed vulnerability analysis in network assets (Tenable) and web applications (Syhunt), generating detailed reports on identified vulnerabilities and proposing respective remediation. • Conducted specialized Information Security training. • Guided and oversaw web application penetration testing (PenTest) utilizing the PTES methodology. • Produced detailed technical reports with intrusion test results, offering recommendations to mitigate the risk of external and internal intrusions to clients' sensitive information. • Participated actively in Information Security incidents, helping coordinate response activities and mitigating potential impacts. • Developed Phishing campaign strategies, creating simulations to assess employee awareness and improve their response to attempted attacks. • Managed vulnerability lifecycle processes, incorporating threat intelligence feeds to prioritize remediation activities effectively. • Conducted client environment vulnerability analysis using the Nessus tool, facilitating proactive identification and management of potential risks. • Developed and executed action plans for vulnerabilities identified within environments, mitigating potential security risks and enhancing overall cybersecurity posture. • Engineered automation tools to streamline the reconnaissance phase of PenTest, improving efficiency and accuracy in identifying potential targets and vulnerabilities. • Managed incident response planning and execution, utilizing forensic tools for investigation and root cause analysis to prevent future occurrences. Show less

Cyber Security Analyst

• Jan 2020 - Nov 2022

• Administered ticket handling via ITSM, adhering strictly to the client-defined SLA.• Undertook incident triage via Elastic SIEM, utilizing advanced analytics to identify and manage security events.• Conducted thorough network traffic analysis for both internal and client networks to detect potential risks, vulnerabilities, and ongoing incidents.• Performed proactive threat hunting within client environments to identify hidden threats and reduce potential risks.• Executed client-requested intrusion testing, adhering to defined scope, leveraging both automated tools (open-source or otherwise) and manual techniques.• Crafted detailed technical reports post-intrusion testing, offering strategic recommendations to mitigate risks of unauthorized access to sensitive client information.• Analyzed Pcap data to identify potential system infections and devise appropriate remediation plans.• Generated detailed and concise client reports based on analysis findings, explicating potential risks and offering risk mitigation strategies.• Developed and implemented security playbooks to automate threat detection and incident response workflows, thereby enhancing security posture across environments. Show less

Information Security Intern

• Jun 2019 - Jan 2020

• Monitored internal and client network traffic analysis, identifying anomalies and potential security incidents.• Documented analysis procedures, contributing to the creation of robust standard operating procedures.• Executed proactive threat hunting within both internal and client environments, leveraging advanced tools and techniques to identify and neutralize hidden threats.• Documented identified vulnerabilities from analyses, creating a knowledge base to inform future detection and prevention strategies.• Actively participated in client meetings, facilitating transparent communication and strengthening the client relationship.• Contributed to network traffic analysis of Proof of Concepts (POCs), enabling proactive identification and resolution of potential issues.• Developed comprehensive reports on POC analysis, delivering key findings and recommendations to stakeholders. Show less

IT Intern

• Jul 2018 - Dec 2018

Technical Backup Operator

• Sep 2017 - Dec 2017