Team Lead, Security Detection and Response

• Apr 2020 - Present

- Lead the development of the Security Incident Response and Detection Engineering programs, hiring members and setting program vision and direction - Collaborate across the org with primary stakeholders (Legal, SRE, Leadership, etc.) - Guide security incidents through detection, resolution, and retrospective - Create processes and standards that align with common detection and response frameworks, fitting a cloud-native environment and remote workforce - Evaluate and develop… Show more - Lead the development of the Security Incident Response and Detection Engineering programs, hiring members and setting program vision and direction - Collaborate across the org with primary stakeholders (Legal, SRE, Leadership, etc.) - Guide security incidents through detection, resolution, and retrospective - Create processes and standards that align with common detection and response frameworks, fitting a cloud-native environment and remote workforce - Evaluate and develop detection and response tooling - Log analysis and threat hunting for cloud environments (e.g. AWS Cloudtrail/GuardDuty, Graylog, Okta, GSuite, etc.) - Guiding development of the Vulnerability Management program - General Security Engineering (Serverless design, automation workflows, Terraform IaC, EKS/K8s, Docker, etc.) - Plan and facilitate tabletop exercises spanning leadership strategy to shorter developer-focused technical scenarios Show less - Lead the development of the Security Incident Response and Detection Engineering programs, hiring members and setting program vision and direction - Collaborate across the org with primary stakeholders (Legal, SRE, Leadership, etc.) - Guide security incidents through detection, resolution, and retrospective - Create processes and standards that align with common detection and response frameworks, fitting a cloud-native environment and remote workforce - Evaluate and develop… Show more - Lead the development of the Security Incident Response and Detection Engineering programs, hiring members and setting program vision and direction - Collaborate across the org with primary stakeholders (Legal, SRE, Leadership, etc.) - Guide security incidents through detection, resolution, and retrospective - Create processes and standards that align with common detection and response frameworks, fitting a cloud-native environment and remote workforce - Evaluate and develop detection and response tooling - Log analysis and threat hunting for cloud environments (e.g. AWS Cloudtrail/GuardDuty, Graylog, Okta, GSuite, etc.) - Guiding development of the Vulnerability Management program - General Security Engineering (Serverless design, automation workflows, Terraform IaC, EKS/K8s, Docker, etc.) - Plan and facilitate tabletop exercises spanning leadership strategy to shorter developer-focused technical scenarios Show less

Staff Information Security Analyst

• Apr 2019 - Mar 2020

- Develop, monitor, and retool alerts and contextual content for our SIEM (Splunk Enterprise Security) based on feedback from our analysts, threat intelligence staff, and false positive rate - Research IOCs in order to develop new alerts for modern threat actors - Lead the Firewall Working Group, vetting any network firewall or router ACL changes to our TechOps environments and providing SOA guidance where necessary - Trained other network and security staff on the Firewall Working… Show more - Develop, monitor, and retool alerts and contextual content for our SIEM (Splunk Enterprise Security) based on feedback from our analysts, threat intelligence staff, and false positive rate - Research IOCs in order to develop new alerts for modern threat actors - Lead the Firewall Working Group, vetting any network firewall or router ACL changes to our TechOps environments and providing SOA guidance where necessary - Trained other network and security staff on the Firewall Working Group review process to provide global coverage, improve turnaround times, and reduce the expected SLA for firewall requests - Assisting in escalated investigations for the CSIRT - Lead company-wide remediation projects resulting from Red/Purple Team exercises - Onboard security-relevant logs into Splunk, working with teams from around the globe - Administer our Splunk Deployment Servers, Apps, and Forwarder infrastructure - Evaluate and implement PoCs for Network Intrusion Detection for global data centers and cloud service architectures - Run internal investigations related to current employees - Lead projects to virtualize our Security Team infrastructure to AWS and OpenStack - Create and modify AuditD rules to reduce log noise in various production environments - Assisted in designing the network security standards and network visibility layout for a net-new data center

Senior Information Security Analyst

• Dec 2016 - Mar 2019

IT Support Technician, Level II

• May 2015 - Dec 2016

- Provided vulnerability remediation guidelines to IT Admins for production systems - Authored a Powershell script to migrate hundreds of PCs to a new domain while keeping their respective user profile data and settings intact - Automated the placement of new-hire AD user objects into their correct OU, eliminating manual intervention and reducing errors - General Troubleshooting, Basic Active Directory Administration, and Powershell Scripting - Provided vulnerability remediation guidelines to IT Admins for production systems - Authored a Powershell script to migrate hundreds of PCs to a new domain while keeping their respective user profile data and settings intact - Automated the placement of new-hire AD user objects into their correct OU, eliminating manual intervention and reducing errors - General Troubleshooting, Basic Active Directory Administration, and Powershell Scripting