CONSTANTINE TIENGWIA
Cleveland,OH
Summary
Highly skilled Cyber Security Analyst with extensive experience in monitoring and analyzing security events, incident response, and threat analysis. Proficient in utilizing advanced tools like SIEM solutions, SOAR platforms, and various forensic analysis techniques. Proven ability to manage and resolve security incidents, provide technical guidance, and collaborate with cross-functional teams to enhance security measures. Holds multiple certifications including CompTIA Sec+, Splunk Enterprise Security, and Microsoft Certified Security Operations Analyst. Currently pursuing an M.S. in Cyber Security Technology. Dedicated to maintaining high security standards and implementing proactive measures to safeguard critical infrastructure.
Overview
12
12
years of professional experience
1
1
Certification
Work History
SOC Cyber Security Analyst
Department of Health and Human Services
09.2022 - Current
- Monitors and analyzes security events from diverse sources including network devices, firewalls, IDS/IPS, and SIEM solutions (Microsoft Sentinel, Splunk, LogRhythm, etc.)
- Utilized Triage for intelligent phishing analysis, performing automated front-line analysis, and fine-tuning processes for improved detection and response to phishing attacks
- Efficiently triaged security incidents performing in-depth forensic analysis, and meticulously documenting findings contributing to incident resolution and future prevention
- Regularly analyze malware reports to track adversary behaviors and support the construction of a TTP repository, analyze HTOC reports from DOD, DHS, and CISA to identify IOCs and take necessary actions
- Acts as the SME, resolving tier 1 and 2 escalations, providing coaching, and training to tier 1 and 2 SOC/NOC analysts, and works as part of the Incident Management Team
- Circulates incident status and resolutions with internal and external stakeholders, advisement support concerning penetration testing outcome, and forensic analysis
- Ensuring the collection and maintenance of current technical documentation covering not only standard operating procedures but also policies and protocols for incident response processes within the organization
- Configured correlation rules, alerts, and automated response actions within SIEM platforms to detect and respond to security incidents in a timely and effective manner, leveraging the platform to set up alert thresholds, escalation policies, and incident response workflows to prioritize and address critical security events
- Analyzed and take necessary actions on IOCs from Ad hoc Notification (Weekly Snapshot) A Joint Cybersecurity Advisory (AA24-016A) -Known Indicators of Compromise Associated with Androxgh0st Malware-The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) who release this joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware
- Multiple, ongoing investigations and trusted third party reporting yielded these IOCs and TTPs and provided information on Androxgh0st malware’s ability to establish a botnet that can further identify and compromise vulnerable networks
- Implemented proactive cybersecurity measures by blocking all Indicators of Compromise (IOCs) identified in joint Cybersecurity Advisory reports, by (CSA), (FBI), (HHS), and (MS-ISAC) effectively enhancing network defense against the Black Basta ransomware variant
- Coordinated with federal and industry cybersecurity entities to stay updated on emerging threats, ensuring timely and comprehensive protection for critical infrastructure sectors against ransomware attacks
- Leverage Triage for intelligent phishing analysis, performing automated front-line analysis, and fine-tuning processes for improved detection and response to phishing attacks
- Carried out network security monitoring, forensic analysis, and incident response to ensure the security posture of Marketplace systems, utilizing tools such as Splunk and TrendMicro Control Manager
- Provided technical cybersecurity support within data centers and systems applications as part of the CMS Marketplace Security Operations Center (MSOC).
L2 SOC Analyst
Capital One Bank
03.2019 - 08.2022
- Performed detailed functional analysis of the adversary's data to include identification and the tactics, techniques, and procedures (TTPs) used in malware, actions in cyberspace, and successful and attempted exfiltration events to develop adversary profiles
- Leverage and enrich cybersecurity data from multiple data streams to produce new insights and analysis
- Monitored and analyzed, network traffic (e.g., PCAP) analysis, and log analysis to detect what was important for later follow-up investigation versus typical false alarms, and insider threats including APT detection capabilities that only show advanced threats that have made it inside or attempted to breach security
- Stayed updated on newly developing cyber threats and emerging vulnerabilities within the market scenario and analyzed their impact potential on organization security
- Develop proactive recommendations and strategies to fortify organizational security posture to evade these emerging threats
- Performed routine threat-hunting activities to pre-emptively detect and address potential security vulnerabilities
- Leverage Security Orchestration, Automation, and Response (SOAR) or Security Information and Event Management (SIEM) tools to identify threat patterns, enrich investigations, and build automation-supported workflows
- Routinely identify gaps in detection and collaborate with teams across the Cyber organization to mitigate risk, including blocking malicious indicators, tuning vendor signatures, and instrumenting custom detection rules
- Circulates incident status and resolutions with internal and external stakeholders, providing advisement support concerning penetration testing outcome, and forensic analysis.
Computer Technician
SIMs Recycling Solutions
01.2015 - 01.2016
- Performed a variety of key tasks such as maintaining and repairing technological equipment, sustaining security systems, installing new hardware/software systems, and upgrading firmware, software, and outdated hardware systems
- Detected and solved network, connectivity, and server issues
- Ensured maintenance of computer systems by installing updates
- Set up and installed new hardware and software systems
- Upgraded firmware, software, and outdated hardware systems
- Diagnosed and troubleshot computer issues
- Monitored and sustained security systems and installed updates
- Setting up new computer systems and installing, maintaining, and troubleshooting the software
- Ensuring that internet security software is up-to-date and running smoothly
- Testing, troubleshooting, and implementing new software programs within a company.
Technical Systems Analyst
Petroleum Certification Consulting
03.2012 - 10.2013
- Provided technical guidance and training to operations shift team members as a subject matter expert
- Supporting users by identifying hardware and software problems, troubleshooting, and arranging for service desk dispatch of necessary vendors or major incident specialists
- Diagnosing and resolving network connectivity problems raised by tier-2 and 3 agents ensuring minimal downtime
- Directed ticket queue ensuring all issues are assigned accordingly and that all SLAs are met
- Management of user accounts including control of access rights and permissions per security policy
- Working with cross-functional teams to test and implement new technologies or functionalities of the system
- Maintained the documents created with processes, procedures, and troubleshooting steps within the IT knowledge base
- Implement and maintain effective and regular security protocols such as MFA, DLP, PAM, IAM, SSO, and even conditional access policies for data-centric protection and compliance
- Facilitated the development and implementation of technical strategies to achieve business goals
- Leverage and enrich cybersecurity data from multiple data streams to produce new insights and analysis
- Analyze systems in search of inefficiencies and offer new solutions that will improve the overall experience.
Education
M.S. in Cyber Security Technology (in progress) -
University of Maryland University College
Bachelor of Science in Computer Networks and Cybersecurity -
University of Maryland University College
A.A.S in Cyber Security -
Prince Geoge’s Community College
Skills
- MITRE ATT&CK Framework
- Penetration Testing
- NIST & ISO framework
- Splunk
- Microsoft Sentinel
- APT
- Rootkits
- DDoS
- MitM
- Zero-Day Exploits
- SQL Injection
- Credential Stuffing
- CrowdStrike
- Carbon Black
- MS Defender
- Microsoft 365 Admin
- PhishMe
- SIEM Analysis
- Cyber/Unified Kill Chain Analysis
- Threat Hunting
- Nessus Tenable
- Nmap
- Metasploit
- Wireshark
- Splunk Enterprise Security
- Cloud Security
- AWS Architecture
- Azure
- Linux
- Windows Servers
- VMware
- BurpSuite
- IDR
- PowerShell
- DNS
- DHCP
- Incidence Response
- OSI model
- VirusTotal
- AbuseIPDB
- Scamalytics
- Ipvoid
- Who;is
- IP2location
- Ipteoio
- Urlscan
- Anyrun OWASP
- Palo Alto Firewall/Proxy
- IAM
- Active Directory
- AlienVault
- MS Sentinel
- Malware Analysis/Endpoint Jira/Confluence
- ServiceNow
- Log Analysis/ Forensic Analysis
- Incident Handling and Reporting
- Phantom/SOAR
- Trend east, west, micro and Mag
- Akamai WAF
- Zscaler
- Palo Alto
- FireEye
- PhishMe & Triage
- Cofense
- PhishMe & Triage
- Trellix
- Anomali
Certification
- CompTIA Sec+ (CompTIA)
- CompTIA Net+ (CompTIA)
- CompTIA ITF+ (CompTIA)
- CompTIA A+ (CompTIA)
- Splunk Enterprise Security
- SC-200 Microsoft Certified Security Operations Analyst (Microsoft)
Timeline
SOC Cyber Security Analyst
Department of Health and Human Services
09.2022 - Current
L2 SOC Analyst
Capital One Bank
03.2019 - 08.2022
Computer Technician
SIMs Recycling Solutions
01.2015 - 01.2016
Technical Systems Analyst
Petroleum Certification Consulting
03.2012 - 10.2013
M.S. in Cyber Security Technology (in progress) -
University of Maryland University College
Bachelor of Science in Computer Networks and Cybersecurity -
University of Maryland University College
A.A.S in Cyber Security -
Prince Geoge’s Community College