$ Work History

Cybersecurity professional with 4+ years experience in security analysis and risk management. I am driven by curiosity and constantly look for opportunities to grow, develop new skills, and enhance the enterprise's security posture through strategic risk assessment and mitigation.

• Enhanced the enterprise's security posture by identifying essential security standards and controls for our IT, OT, and cloud products.
• Reviewed changes to OT devices and applications to ensure alignment with established security patterns and prevent potential security risks.
• Oversaw the risk acceptance process within RSA Archer to ensure risks were documented and accepted at the correct levels of the organization. Validated remediation plans were in place to reduce risk where possible. Managed cycle to reassess accepted risks, obtain sign-off, and provide reporting.
• Performed both internal, and third party risk assessments to ensure compliance with security standards and address potential risks.
• Served as a resource for evaluating and remediating security issues while facilitating effective communication between teams.
• Coordinated vulnerability management program, assessing risk priorities and working with AWS teams to expedite remediation timelines.

• Monitored and analyzed security alerts using Microsoft Defender and Darktrace to detect, investigate, and respond to potential threats.
• Managed comprehensive phishing awareness program using KnowBe4, designing campaigns, tracking user engagement metrics, and generating reports on security awareness trends.
• Led email security operations by analyzing malicious emails, implementing blocking rules in Microsoft Defender, and coordinating threat containment measures.
• Coordinated vulnerability management program by assessing security findings, prioritizing remediation efforts, and collaborating with asset owners.

• Collaboratively detected and responded to information security incidents, maintaining SLAs for security event alerting.
• Monitored, researched, classified, and analyzed security events on client networks.
• Identified threats and threat vectors affecting security events.
• Performed network traffic and log analysis using enterprise-level SIEM tools (LogRhythm, Splunk).
• Outlined remediation procedures for compromised endpoints.