Principal Engineer

• Sep 2023 - Present

• Leading a team from start to finish implementing Azure Sentinel along with the entire Defender 365 E5 tool suite: Microsoft Entra Id, Microsoft Defender for Endpoint, Microsoft Office 365 Defender, Microsoft Defender for Identity, Microsoft Purview, Microsoft Defender for Cloud Apps, PowerBI • Architected, designed, implemented, maintained and operated Sentinel • Achieved a Defender Cloud Security Score of over 90% via key recommendations and configurations • Supervising and training analysts in remediation of Sentinel and Defender alerts • Supervising and training engineers in the administration and maintenance of Sentinel and Defender. • Created clear and concise documentation for continued operational success • Analyzing and recommending security controls and procedures regarding acquisition, development, and lifecycle of information systems, while providing oversight to ensure compliance. • Reporting directly to CISO Show less

Azure Sentinel and Defender 365 SME

• Feb 2023 - Present

• Subject matter expert on cloud native SIEM Azure Sentinel. • Subject matter expert on additional Azure Cloud security technologies: Azure Identity, Defender for Cloud, Defender for endpoint. Day to Day: • Perform the initial deployment and expansion of Azure Sentinel and Defender for Endpoint, leading the initial technical investigations for security incidents, overseeing process improvements, developing new SIEM use cases and giving life to new security capabilities with automation. • Ingest various data sources: Syslog, CEF, Palo Alto, F5, Okta, Windows logs, Linux logs, etc. • Integrate other Microsoft security tools into Azure Sentinel: Azure Identity, Defender for Cloud, Defender for endpoint. • Work with Cloud Architects and other security partners to develop correlation rules and ensure a Zero Trust Framework. • Perform investigation and remediation for complex and high severity security threats. • Coordinate data gathering, documentation, and review security incident reports. • Create and develop new SOC SIEM use cases. • Define and assist in the creation of operational and executive security reports and dashboards. • Create and manage deployment documentation, for proper resource tracking. Qualifications: • Detailed practical knowledge of Internet protocols, firewalls, proxies, and intrusion detection/prevention systems. • Ability to conduct multi-step breach and investigative analysis to trace the dynamic activities associated with advanced threats. • Strong communication skills. • Advanced event analysis leveraging Azure Sentinel SIEM. • Deep knowledge of M365 security toolsets. • Deep knowledge of Splunk. • Solid knowledge of Qradar. • Expertise in Azure Logic Apps. • Advanced log parsing and analysis skill set • Proficient in Linux configuration and common administration tasks. Show less

Splunk Security Engineer

• Mar 2021 - May 2023

• Fortified both ICS and OT environments. • Assist in leading PCI and NERC compliance efforts. • Responsible for ingesting all logs into Splunk, building use cases to detect threats on-prem and the cloud (AWS and Azure), building security content around said data. • Perform Linux and Windows system administration to ensure all SIEM components are healthy and running correctly. • Develop and implement Splunk apps & knowledge objects such as: dashboards, reports, and data models. • Responsible for supporting architecture changes, tool deployments and advanced security content development. • Analyze attacker tactics, techniques and procedures (TTPs) from security events. Show less

Azure Sentinel Security Engineer, Level 3 (night shift)

• Sep 2021 - Nov 2022

• Assist in leading PCI, NIST, TGC, TAC compliance efforts. • Mitre ATT&CK and Mitre D3FEND • Responsible for centralized log collection and parsing of cloud and on premises data. • Responsible for Azure Sentinel KQL rule logic to detect, alert, and mitigate potential threats • Provision cloud infrastructure as needed (VM’s, VMSS’s, VNET’s, Express Routes, Azure Light House, etc.). • Developed both Azure logic apps and Azure function apps to automate tedious tasks (Powershell). • Provision and manage Azure Active Directory • Developed playbooks and documentation for clear and concise alert remediation. • Provide cybersecurity recommendations to leadership based on significant threats and vulnerabilities. • Work with provided security policies to design and implement network and security rules and configurations across various security platforms. • Provide daily summary reports of network events and activity relevant to cyber defense practices. • Train and mentor analysts on a weekly cadence Show less

SIEM Engineer

• Jan 2021 - Mar 2021

• Provided thought leadership for all design, implementation, and maintenance activities related to the SIEM (primarily Splunk and QRadar) and IDS/IPS platforms.• Log source integration, real-time troubleshooting, and payload field extraction within Splunk. • Utilized Splunk to pull health metric data from client’s SIEMs. Provided recommendations to optimize infrastructure, SIEM technology, and alert content from pulled data. • Developed custom alerts, in Splunk, to detect unwanted component degradation and failures.• Consult clients on Splunk's CIM (Common Information Model). Ensured indexes, data models, accelerated data models, macros, calculated fields, and workflow actions were optimized for maximum value return. Show less

Cyber Security Analyst

• Jan 2019 - Jan 2021

• Worked as an extension to 43 customer security teams. Had visibility of their unique environments, provided actionable security consultation to their teams based on observed enterprise network activity. • Performed daily investigations and hunts into malicious events, aided customers with various remediation tactics. Researched trends and current countermeasures for vulnerabilities and exploits. • Create, optimize, and continuously evaluate security monitoring content on the SIEM• Design and create new detection techniques and improve/tune existing ones.• Identify gaps in existing security capabilities.• Aided in the creation and customization of customer content SIEM rules, to better identify and separate malicious activity from benign false positives. All rules were tuned to increase productivity (removing false positives and SIEM overload) and catch all iterations of malicious activity. ACHIEVEMENTS• Increased the performance of a Fortune 500 customer’s CrowdStrike instance by 26.33% via recommended key configurations which reduced their internal workload by 35.45%. • Won two internal ReliaQuest challenges. The first challenge involved participants troubleshooting a Splunk instance on a Linux server. After fixing the instance we were to perform an analysis on a true positive web exploit event. The second challenge consisted of investigating a successful malware breach within Carbon Black Threat Hunter. • Mentored 25 new hire analysts on how to conduct efficient and purposeful Splunk Search Processing Language queries. Show less

12 Bravo Combat Engineer

• Jan 2015 - Dec 2020