Manal Malik

· Continuously monitor security systems such as Splunk, Assured Compliance Assessment Solution (ACAS/Tenable), and McAfee ePO to identify potential threats and vulnerabilities

· Refine Standard Operating Procedures (SOP), Tactics, techniques and procedures (TTPs) and internal processes regarding cyber security tools and Security Operations Center (SOC) operations

· Continuously monitor and validate Request for Configuration change (RFCs) and Change Control Board meetings within organization

· Refine and verify all scan zones and established scans across Cloud and On-Prem environments within Integration, Unclassified Test Bed, Classified Test Bed and Production

· Create credentialed scans for monitoring and reporting vulnerabilities within the organization

· Perform Credential Manager role within Tenable

· Build and document patch plan with corresponding teams to patch vulnerabilities in the organization

· Report and document cyber security violations and incidents

· Build SCAP STIG scans for new infrastructure in the environment

· Manage Nessus scanners, scan zones and repositories

· Knowledge of NIST SP 800-171, NIST SP 200-53, and CUI handling DoD 5200.48

• Developed strategic recommendations based on thorough analysis of geopolitical trends and developments
• Assisted in the identification of potential threats by monitoring global events and analyzing patterns
• Applied structured analytic tradecraft to test assumptions and validate findings
• Gathered intelligence from a wide range of inputs—including open-source, and classified—and fuse multiple disciplines (SIGINT, HUMINT, OSINT, GEOINT)
• Briefed situation update briefs (SIT brief), current intel briefs (CIB) and intel preparation of battlespace briefs (IPB) to commander
• Analyzed adversary capabilities and threats to air, ground and naval airspace

· Monitor the organization's networks and systems to detect and prevent intrusions

· Use of forensic software applications such as Tanium, ePO, Menlo, and Forescout to detect and investigate incidents

· Use of forensic tools and on-site sandbox for dynamic and static analysis of files inside potential malware cases

· Define protocols for communication with the organization and with law enforcement should a security incident occur

· Respond to potential incidents identified by cyber analysts

· Investigate reported suspicious emails

· Refine and develop security tools, such as Trellix, Forescout, Tanium, ACAS for Incident Response

· Assess the nature and severity of security incidents and classify them based on their impact and urgency

· Implement containment measures to prevent further damage or data loss during active incidents

· Keep up-to-date with the latest cybersecurity threats, vulnerabilities, and incident response best practices

· Respond, track and complete Cyber tickets within Cyber queue in ServiceNow

• Installed, configured, and maintained secure computer systems, networks, and peripheral devices to ensure operational readiness in high-demand environments
• Administered Active Directory, user accounts, and group permissions; managed access control to safeguard sensitive information
• Diagnosed and resolved hardware, software, and network issues, minimizing downtime and maintaining service level standards
• Created and maintained technical documentation, standard operating procedures, and training materials for end-users and IT staff
• Established VOIP, NIPR and SIPR encrypted connections on the field
• Configured switches, taclanes and routers

· Collaborate with network admins, cyber defense teams, VOIP Comms team, service desk managers, licensing and other enterprise teams to resolve and triage incidents using ServiceNow

· Monitoring queues and assign tickets to appropriate teams for troubleshooting and ticket resolution

· Perform quality checks on tickets and triage to meet the SLA

· Member of service desk escalation team: ensuring the correct routing and troubleshooting of tickets once they are worked upon by Tier II technicians, engineers, system administrators, government authorities and other teams

· Assist in OPM, BI and CAF migration to DCSA efforts

· Stay up to date on approved software lists, troubleshooting methods and transition of new software onto DCSA network from migrating agencies

· Responsible for disseminating communications regarding migration, agency transition and network changes or additions to Tier II

· Provide troubleshooting assistance to Tier II technicians on case by case basis i.e providing HIPS logs, account creations, email correspondence, share drive issues and training

· Install, upgrade, maintain and support applications

· Phone support for technical issues with hardware, network, account management and escalations

· Provide infrastructural support to clients by responding to all incoming service requests on unclassified and classified networks

· Backup and restore user PKI certificates on unclassified network

· Maintain documentation for system installations, configurations, upgrades and resolutions to common issues

· Create and administer user accounts and share drives using Active Directory, Microsoft Management Console, Remedy, Smart IT, PowerShell, MS Lync Server, and Defense Enterprise Provisioning Online

· Handle VIP requests in proficient and timely manner

· Provide remote support for end users experiencing issues with VPN, software, application, shared drive access and OS difficulties using Dameware

· Manage classified account creations, account lock/unlocks, shared drive access and classified Defense Enterprise Provisioning Online

· Identifying and escalating McAfee firewall blocks on user computers using HIPS

· Track and execute agency wide OS upgrades every October-up to 2000 users

· Maintain end user computer compliance, communication between SCCM client, McAfee server and Bitlocker management with Active Directory