Danny Sare
Security Analyst
Summary
Security Operations Analyst skilled in advanced threat detection and incident response utilizing tools like Splunk and Microsoft Defender. Expertise in automating security operations, conducting thorough investigations, and collaborating with teams to design and implement effective security measures that mitigate risks.
Overview
12
12
years of professional experience
6
6
Information Systems and Defense Technology
Work History
Cybersecurity Analyst
General Electric
04.2022 - Current
- Conduct proactive investigations and lead incident response activities using endpoint security tools like CrowdStrike alongside Splunk and Microsoft Defender Stack, improving the organization's ability to handle security incidents effectively.
- Triage potential incidents such as phishing, malware, and network events using security tools to identify false positives, determine scope and impact, and collaborate with stakeholders to ensure prompt response, reducing incident response time.
- Collect, monitor, and analyze diverse log sources (Windows, Linux, Network, Cloud, IDS, SIEM, NDR, EDR) to identify potential intrusion attempts, enhancing the organization's threat detection capabilities.
- Research emerging threats and vulnerabilities with ThreatQ and Microsoft Defender, recommend mitigations, and track implementation, which reduces exposure to new risks.
- Develop, document, and work with Engineers to automate incident response procedures with Splunk SOAR and PowerShell scripts, enhancing the efficiency and effectiveness of security operations.
- Lead team efforts to improve security operations, analytics, threat hunting, and security orchestration and automation capabilities, resulting in a more robust security posture.
- Utilize tools such as Prisma, Nessus, and Tenable to ensure compliance with cloud security technologies and industry standards, enhancing the overall cybersecurity posture and reducing vulnerabilities.
- Work with customers to investigate potential phishing emails and take corrective actions, enhancing customer trust and reducing phishing-related incidents.
Cybersecurity Analyst
Convergenz - Supporting Food & Drugs Administration
02.2020 - 04.2022
- Identified security issues for remediation through monitoring and analysis of Security Information and Event Management (SIEM), enhancing overall security posture.
- Administered and configured SIEM and incident notification toolsets with automation tools integration, improving system reliability and reducing incident response times.
- Monitored and analyzed logs and alerts from various technologies (IDS/IPS, Firewall, Proxies, Anti-Virus) to enhance threat detection and response capabilities.
- Monitored SIEM alerts to minimize downtime and restore services, ensuring continuous operational availability.
- Resolved complex security cases by generating initial reports and recommending resolution activities, improving incident response efficiency.
- Examined and assessed firewall, email, and DNS logs to prevent intrusion attempts.
Security Analyst
Sprint
01.2017 - 02.2020
- Monitored SIEM for suspicious events and anomalous activity, leading to early detection and mitigation of potential security threats.
- Validate and thoroughly investigate all identified events using cloud consoles and APIs, ensuring prompt response and minimizing potential security breaches.
- Conducted search and analysis with Security Incident & Event Management system to enhance threat detection and response capabilities.
- Responded to escalated incidents and managed incident lifecycle to completion, improving incident resolution times and minimizing downtime.
- Maintained records of security monitoring and incident response activities using Jira and ServiceNow, streamlining case management and improving ticket tracking efficiency.
Technical Support Analyst
Carey International
09.2014 - 01.2017
- Resolved technical problems for operating systems and networking environments by performing all phases of troubleshooting, leading to improved system uptime and user satisfaction.
- Established reputation for resolving complex issues and delivering high-quality customer service, fostering client trust and satisfaction.
- Delivered on-call and remote technical support to internal personnel, enhancing computer system use and minimizing technical disruptions.
- Installed software and configured customer PCs, ensuring proper functionality and reducing downtime for users.
- Documented internal and external correspondence related to incident resolution, maintaining accurate records and streamlining future troubleshooting efforts.
Education
MS - Cybersecurity Technologies and Operations
University of Maryland University College
B.Sc. - Cybersecurity and Computer Networks
University of Maryland University College
Associate's Degree - Information Technology
Frederick Community College
Skills
- Cyber/ Information Security
- Incident Response
- Malware Analysis
- Phishing/Email Analysis
- Vulnerability & Risk Assessments
- Threat detection
- Security monitoring
- Cloud security
- Endpoint Security
- Data Loss Prevention
- Technical Writing
- Stakeholder Engagement
- Cross-Functional Collaboration
- Intrusion Detection and Prevention
- SIEM tools
- Security operations center
- Log analysis
- Security compliance
- System Administration
- Network monitoring
- Packet and File Analysis
- Cloud Security Technologies
- Cloud Consoles
- Automation Tools
- IDS/IPS
- Excellent Communication skills
- Customer Service Orientation
- Team Building & Leadership
- Social engineering prevention
- Incident response management
- Cyber threat analysis
- Phishing detection
- Endpoint protection
- Security information systems
Certification
- CompTIA Security SY0 701
- AWS Certified Cloud Practitioner - CLF-C02
- Microsoft Azure Fundamentals AZ-900
- Cloud Digital Leader
- Splunk Fundamentals I
- Splunk Fundamentals II
Security Platforms & Solutions
Anomali (ThreatStream), Axonius, Cisco, CrowdStrike, Cyberreason, Demisto (XSOAR), FireEye (HX, NX, EX), Guardicore, McAfee (EPO), Microsoft Defender Security Stack, RSA NetWitness, Splunk (SOAR, SIEM), SentinelOne
Email Security
Cofense Triage, Mimecast, Proofpoint, Trellix, Harmony (CheckPoint), Microsoft Defender
Network Security
Kibana (Elasticsearch), Splunk, Sentinel (Microsoft), WireShark, Google SecOps
IT Ticketing & Security Management
Jira, ServiceNow, Remedy
Vulnerability Management
BixFix, Cisco Vulnerability Management, Microsoft Defender Vulnerability Management, Prisma, Qualys, Rapid7, Tenable Nessus
Scripting & Automation
Powershell, Python, Kali Linux
Timeline
Cybersecurity Analyst
General Electric
04.2022 - Current
Cybersecurity Analyst
Convergenz - Supporting Food & Drugs Administration
02.2020 - 04.2022
Security Analyst
Sprint
01.2017 - 02.2020
Technical Support Analyst
Carey International
09.2014 - 01.2017
MS - Cybersecurity Technologies and Operations
University of Maryland University College
B.Sc. - Cybersecurity and Computer Networks
University of Maryland University College
Associate's Degree - Information Technology
Frederick Community College