Moe Bagheri
Sanford,FL
Summary
A Security Operations Center (SOC) Analyst with a strong passion for Cybersecurity and Penetration Testing. Actively engaged on platforms like Rangeforce, TryHackMe, and Portswigger, gaining valuable experience through community-contributed activities. Proficient in SIEM systems, packet capturing tools like Wireshark and TCPdump, threat detection, IDS/IPS, and hold CompTIA verified CASP+ and Security Plus (SEC+) certification. Over the past years, I have resolved many security incidents, implemented numerous security improvements, and contributed to various IT projects. Committed to ongoing professional development and teamwork, I embrace additional responsibilities to help achieve team objectives.
Overview
4
4
years of professional experience
1
1
Certificate
Work History
SOC Analyst
CYDEO SOC | MC Lean
06.2023 - Current
- Conducted proactive monitoring and escalated security events during SOC shifts: Monitored security alerts and incidents, taking immediate action to escalate and respond as necessary
- Assisted in analyzing, escalating, and remediating critical security incidents: Played a key role in the analysis, escalation, and resolution of critical security incidents, ensuring a swift response
- Executed vulnerability scans to identify potential weaknesses in the network: Carried out vulnerability scans to identify potential weaknesses or security gaps in the network infrastructure
- Performed initial analysis and investigation of security alerts: Conducted preliminary analysis and investigation of security alerts to determine their severity and impact
- Conducted preliminary malware analysis using automated tools: Used automated tools for initial analysis of malware to identify characteristics and potential threats
- Effectively managed incident intake, ticket updates, and reporting: Managed the intake of security incidents, regularly updated incident tickets, and provided detailed reporting
- Proficiently identified and researched indicators of compromise (IOCs): Expertly identified and researched indicators of compromise to enhance threat detection and response
- Engaged in various ransomware detection and prevention techniques: Participated in the implementation of various techniques to detect and prevent ransomware attacks
- Utilized Splunk API for security event analysis and response: Leveraged the Splunk API to access and analyze data within Splunk for real-time threat detection, investigation, and incident response
- Managed Suricata rule sets for effective network threat detection: Responsible for configuring and maintaining Suricata rules, which are essential for detecting and preventing network-based threats
- Developed, tested, and maintained Suricata IDS rules for improved security: Key role in creating, testing, and managing Intrusion Detection System (IDS) rules using Suricata, for the security posture
- Utilized Wireshark to perform in-depth packet analysis and identify network anomalies: Used Wireshark for deep packet inspection, identifying network irregularities and potential security issues
- Acquired proficiency in YARA rule writing and generation for malware detection: Became skilled in writing and generating YARA rules, crucial for identifying and classifying malware and malicious files
- Demonstrated agility in improving and challenging existing security processes: Actively sought to enhance existing security processes and procedures in a fast-paced security environment
- Regulatory Compliance Monitoring: Monitored and ensured compliance with relevant cybersecurity regulations and standards (e.g., GDPR, HIPAA, NIST), conducting periodic assessments and audits to identify and rectify non-compliance issues
- Security Policy Development and Revie Actively participated in the development and review of security policies and procedures to align with evolving threats and organizational needs, ensuring that security measures are up-to-date and effective
- Incident Reporting and Documentation: Established procedures for consistent and thorough incident reporting, including documenting incident details, actions taken, and lessons learned, ensuring a comprehensive historical record for future reference and analysis.
SOC Analyst
MEE LLC, All About Burger LLC
10.2021 - 06.2023
- Worked with YARA rule management to enhance threat detection efficiency: Contributed to the effective management and maintenance of YARA rules for improved threat detection
- Gained expertise in using regular expressions in YARA for advanced pattern matching: Demonstrated proficiency in using regular expressions within YARA to create advanced pattern-matching rules for threat detection
- Collaborated with team members to detect and prevent phishing attacks: Worked collaboratively with team members to detect and prevent phishing attacks targeting the organization
- Contributed to anticipatory measures against Ransomcloud attacks: Likely involved in proactive measures to prevent and mitigate Ransomcloud attacks, a significant cybersecurity threat
- Incident Response Plan Development: Led the development and maintenance of the organization's incident response plan, including tabletop exercises and regular testing
- Participated in a Threat Intel Challenge, enhancing threat analysis skills: Engaged in a challenge to enhance expertise in threat intelligence analysis and understanding emerging cyber threats
- Security Tool Evaluation: Assessed new security tools for their suitability in enhancing security operations
- Developed and implemented a threat intelligence strategy: To proactively identify and mitigate emerging threats, including Ransomcloud attacks, through advanced threat hunting and analysis
- Security Awareness Training Coordination: Facilitated and organized security awareness training sessions for employees to enhance their understanding of cybersecurity best practices, creating a more security-conscious workforce.
IT Project Manager
SMHB Technology LLP, Polito Inc
01.2020 - 12.2022
- Stakeholder Relations and Team Leadership: Cultivated key relationships, supervised teams, and designed application testing processes
- Collaboration with Senior Leadership and Strategic Planning: Worked directly with senior leadership to drive collaboration, build strong relationships, and contribute to the company's overall growth, aligning cybersecurity strategies with the organization's business goals and risk management framework
- Data Security and Technology Implementation: Utilized cybersecurity tools for data security and executed projects involving AWS and Google technologies
- Security Tool Management: Oversaw the management of multiple security tools, not just Splunk and Suricata, and ensured they were effectively utilized to protect the organization's assets
- Streamlining Operations: Utilized a proven and demonstrated knowledge of the field to identify and implement operational efficiencies, resulting in improved processes and cost savings
- Multitasking and Technical Expertise: Managed multiple systems and provided comprehensive expertise in network communications
- Incident Coordination: Took charge of incident coordination efforts, working closely with other teams (e.g., IT, legal, and management) to ensure a well-coordinated response to security incidents
- Team Leadership and Management: Led and managed a diverse and talented team of 30+ individuals, effectively delegating workloads, providing training, and fostering a collaborative work environment that promoted growth and productivity.
Education
Bachelor of Science - Information Technology (IT, business administration, IT in Health
GMU (George Mason University)
Fairfax, VA5.2023
Associate of Science - Computer Science and Programming
NVCC (Northern Virginia Community College - NOVA)
Annandale, VA5.2021
Skills
- PROFESSIONAL SKILLS AND TOOLS:
- Hard Skills:
- Security Tools: Familiarity with various security tools (Splunk, Suricata, Wireshark, CrowdStrike, QRadar)
- IT Skills: Familiarity with IT fundamentals, (Windows and Linux environments, scripting, and server protection)
- Network Security: Understanding of network security controls and principles, including firewall rules, routing, and network protocols
- Security Analysis: Ability to determine on severity, impact, and appropriate response
- Malware Analysis: Knowledge of malware analysis (identifying, classifying, and mitigating)
- Threat Detection: Ability in identifying and detecting threats (malware, phishing attacks, and network anomalies)
- Threat Intelligence: Understanding of emerging cyber threats, threat actors, and threat landscapes
- Phishing Detection: Proficiency in identifying and responding to phishing attacks and email-based threats
- Risk Assessment: Ability to assess cybersecurity risks and recommend appropriate security measures
- Soft Skills:
- Documentation Skills:
- Incident records, reports, findings, security documentation, and compliance to management and regulatory agencies
Certification
- Comptia CASP+
- Comptia Security+
Timeline
SOC Analyst
CYDEO SOC | MC Lean
06.2023 - Current
SOC Analyst
MEE LLC, All About Burger LLC
10.2021 - 06.2023
IT Project Manager
SMHB Technology LLP, Polito Inc
01.2020 - 12.2022
Bachelor of Science - Information Technology (IT, business administration, IT in Health
GMU (George Mason University)
Associate of Science - Computer Science and Programming
NVCC (Northern Virginia Community College - NOVA)
Accomplishments
- Threat Intelligence Gathering: Ability to gather threat intelligence from external sources to strengthen security
- Strong problem-solving and critical thinking skills: To address complex security issues
- Collaboration: Effective communication and teamwork skills for collaborating with various internal teams and external contacts, including vendors and regulatory agencies
- CompTIA Security Plus (SY0-601)
- CompTIA CASP+ (CAS-004)
- Adaptive Project Leadership
- Agile at Work Driving Productive Agile Meetings
- Learning Git and GitHub
- Badges (RangeForce):
- SOC Analyst 1
- SOC Analyst 1 Elite
- Ransomware Hunter
- Ransomware Ready
- Cybersecurity Essentials Elite
- Cybersecurity Essentials