David Rivera
Stafford,VA
Summary
Security professional with strengths and experience in team building, creating and optimizing SOC's, and driving positive results. Motivating leader with dedication and passion to building high-performance organizations focused on security operations, risk management, incident response, and cyber threat intelligence.
Overview
3
3
years of professional experience
1
1
Certification
Work History
Global Security Operations and IR Lead
MediaMonks (S4 Capital)
01.2023 - Current
- Oversee and act as a point of contact for the CSIRT team in an organization of over 9000+ users
- Respond to security incidents classified as high or critical and produce formal incident reports for stakeholders and executive leadership
- Manage and delegate projects for the Global Security Operations Initiative to the Incident Response team in an effort to mature the organizations security posture across all regions
- Create and grow a Security Operations Center (SOC) in an effort to protect the organization from active and emerging threats
- Created a formal threat hunting procedure in an effort to maximize down time by proactively looking for threats using the MITRE ATT&CK framework and hypothesis-based hunting methodology
- Create and update playbooks for Security Operations, Incident Response, and IT Security resulting in efficient onboarding training and SLA requirements fulfilled in a timely manner
- Operationalize OneTrust risk and incident management platform by logging incidents and converting lessons learned into risks for the Information Security Team to prioritize treatment plans, resulting in attack surface reduction and fulfilling requirements for SOC2 and ISO certifications
- Coordinate post-mortems with Information Security Compliance Leads and stakeholders in order to highlight immediate action items from incidents and document lessons learned
- Create proposals for SOC and IR tooling to executive leadership in an effort to increase detection capabilities and remediation capabilities
- Create custom IOC/IOA policies using EDR technology and ensuring they are properly scoped in an effort to reduce false positives while maintaining a tight security posture at the host level
- Maintain and audit allow/deny lists across all security and IT tools such as email, secure web gateways (SWG), firewalls, and cloud applications (AWS and GCP)
- Triage AWS and GCP Security Command Center (SCC) alerts; Escalate findings to project owners to verify activity and tune alerts
- Lead meetings with key IT personnel and collect updates on projects that contribute to global and local SOC2/ISO audits
- Interface with auditors on the organizations Incident Management and Incident Response policies and procedures; Provide documentation and evidence of incident reports, tickets, SIEM logging, email security configuration, EDR agents being deployed to endpoints/servers, etc.
Security Analyst L1
BlueVoyant MSSP
02.2021 - 05.2022
- Monitor and analyze security events and alerts from multiple sources including SIEM, network and host-based IDS, EDR, and firewall logs
- Initiate tickets, document, and escalate to higher level analysts to resolve alerts and incidents
- Present incident of the week deep dive during SOC weekly all hands to increase awareness of the current threats being seen in client environments and break down TTP’s using MITRE ATT&CK
- Communicate and build relationships with client IT teams to inform them of issues, help them remediate, and ensure continued business operations across many industry's and environments
- Utilize several EDR software to blacklist, whitelist, quarantine, or contain assets and files per client documentation in an effort to remediate threats without disruption to the business
- Create visualizations utilizing Splunk and SNOW software to identify key performance indicators (KPI’s) on a team basis, resulting in positive metrics and client satisfaction.
Threat Intelligence Analyst Intern
Splunk Inc.
07.2020 - 01.2021
- Collected and analyzed Tactics, Techniques, and Procedures (TTPs) from intelligence vendors that are relevant to Splunk and its assets, resulting in an informed security posture
- Created and briefed Tactical Intelligence Product using information obtained from intelligence vendors and presented weekly to the Splunk Global Security team to inform them on data breaches, active and emerging threats, indicators and warnings, trend reports, and potential risk with incoming cloud customers
- Collaborated with analysts in the SOC to create detection use cases from tactical and technical intelligence, to increase Splunk’s detection capability, resulting in quicker responses to potential security risks or incidents
- Lead threat hunts using Splunk to search for potential threats that cannot be detected via security solutions, resulting in new detection use cases or future hunts
- Fulfilled RFI’s (Request for Information) from C-Suite and senior leadership to provide detailed context on specified intel, resulting in clear communication and execution of objectives by senior leadership.
Education
Cyber Security And Information Assurance -
Western Governors University
12.2024
Cyber Security Training -
Year Up / Northern Virginia Community College
01.2021
Cyber Operations Training -
Per Scholas
07.2020
Skills
- Spanish
- English
- KQL
- SQL
- EDR Technology
- SIEM Technology
- Threat Intelligence Platforms (TIP's)
- Atlassian Suite
- Tenable
- AWS Security Stack
- GCP SCC
Accomplishments
Created the Security Operations and Incident Response program at MediaMonks, a large media enterprise with a complex environment composed of many mergers and acquisitions
Certification
- CompTIA CySA+
- Splunk Core Power User
- Microsoft SC-200
- CSAP
Awards
National Cyber League: Top 150 out of 953 for single and team game (April 2020)
Hobbies
- Gaming
- Lifting
- Hiking
- Gardening
Languages
English
Native or Bilingual
Spanish
Native or Bilingual
Timeline
Global Security Operations and IR Lead
MediaMonks (S4 Capital)
01.2023 - Current
Security Analyst L1
BlueVoyant MSSP
02.2021 - 05.2022
Threat Intelligence Analyst Intern
Splunk Inc.
07.2020 - 01.2021
Cyber Security And Information Assurance -
Western Governors University
Cyber Security Training -
Year Up / Northern Virginia Community College
Cyber Operations Training -
Per Scholas
Similar Profiles
Yaroslav KharchenkoYaroslav Kharchenko
Senior PHP Engineer at MediaMonksSenior PHP Engineer at MediaMonks
Aastha KaliaAastha Kalia
Creative Lead at MediaMonksCreative Lead at MediaMonks
Vanessa CalderónVanessa Calderón
HR Business Partner at MediaMonksHR Business Partner at MediaMonks