Navigated Splunk using advanced filtering options and analytics. 00 20Managed the Splunk environment, including monitoring and alerting on system
performance and availability.
00 20Provided technical expertise to other IT staff regarding best practices for managing
the Splunk environment.
00 20Used regex to construct searching commands in Splunk.
00 20Configured Splunk to get logs from Sysmon, firewalls and EDRs. 00 20Utilized Splunk to spot WMI (Windows Management Instrumentation) related activities
and identify legitimate
and illegitimate use of WMI.
00 20Worked on a Wireshark PCAP to import/export, remote capture, and apply various
types of filters. 00 20Captured and analyzed files and other data by using Wireshark. 00 20Collaborated with different teams to follow up on user requests. 00 20Monitored networks using Splunk (SIEM Security Information Event Management) to
detect malicious activity
00 20Monitored networks using QRadar (SIEM Security Information Event Management) to
detect malicious activity
00 20Monitored networks using Crowdstrike (SIEM Security Information Event
Management) to detect malicious
activity
00 20Prepared briefings and detail-oriented reports of analysis methodology and results 00 20Work with Tech specialists in field agencies to remediate escalated events by
processing alert data into
actionable information
00 20Analyze logs and tools for false positives and possible tuning opportunities
00 20 Triage, analyze and remediate all alerts within established SLAs
00 20Research and contribute to SOC Metrics.
00 20Monitor and report trends from dashboards and other sources like firewall signature
analysis, scanning attempts,
malware alerts, login failures.
00 20 Leverage Information provided by Threat Intel to secure data and safeguard from
emerging threats.
00 20Participated in regular meetings such as daily stand up and handover meetings to
discuss trends within the
environment