Eric Schwartz6003 West Maplewood Drive, Littleton, CO 80123303-904-8523 | eschwartz@usa.net

Skills:

Experienced Cyber Security Professional with skills ranging from Windows Forensics, network infrastructure, and Incident Response as well as SOC team development.

Understanding of Microsoft Windows and Linux operating systems and command line tools. Network monitoring experience (packet/protocol analysis). Knowledge of and ability to identify web attack vectors, host compromise, and malware injection

techniques. Ability to work independently or with a team, prioritize tasks, effectively manage time to ensure

customer SLA’s, and expectations are met. Excellent communication (oral and written), interpersonal, organizational, and presentation skills. Knowledge in current security threats, trends, and mitigations. Able to multi-task, prioritize, and resolve multiple inquiries at once. Experience conducting Data Leak Prevention operations. Ability to read and understand system data including, but not limited to: security event logs, system

logs, proxy logs, network traffic logs, and firewall logs. Bilingual: native English and can communicate effectively in Spanish.

Security Tools:

GBProtecta. Arcsite (SIEM)-Utilized for analyzing Firewall, Window/Linux syslogs and IPS/IDS logs as well

as a case management systemb. LogRythm (SIEM)-Another SIEM tool used analyze Firewall, Window and Linux syslogs and

also used as another case management systemc. Palo Alto-To view more specific detailed log such as packet captures and viewing detailed

Firewall logs as well as tuning signatures and URL filteringd. Source Fire-Signature based IPS/IDS tool

Maximusa. McAfee ePO (McAfee ePolicy Orchestrator)-Centralized console for administering McAfee security

such as updating virus signature on end-points, encrypting hard drives, installing agents and writing rules to mitigate executables from running that contained malware behavior

b. McAfee Enterprise Security Manager (SIEM)-Implemented new signatures and tuned noisy signatures

First Dataa. Splunk (SIEM)-Utilized Splunk to write queries to find specific data to pinpoint security

anomaliesb. ISS Site Protector-IDS/IPS-Monitored events for security anomalies as well as tuned deprecated

signature and administered new signaturesc. Palantir-Security analysis tool to view attack vector patternsd. Mandiant-Memory forensic tool to view memory dumps, kernel hooks, URL history and running

processes.e. FireEye-Malware forensic tool to view malware payloads, execution stages and system calls

such as dll usage and kernel hook

f. Imperva-Data loss prevention-analyzed data at rest, data in motion and data exfiltration eventsg. NetWitness-PCAP analysis

Experience:

Sr. Analyst – Security Operation CenterGBProtectJanuary 2016 – Present

Monitor real-time status of internal and customer security events and systems to determine operational status and performance

Perform security analysis, event investigation and problem resolution on internal and customer security equipment and systems

Utilize Arcsite and LogRythm SIEM tools to review security device logs to analyze security event replays, customer reports and real-time data monitors to ensure the security and integrity of customer data

Initiate internal and customer security incident notifications, case tracking management, recovery and remediation

Develop, define and generate customer security reports Provide Tier III security event analysis support providing to identify malware infections,

data loss prevention, bruteforce attacks and general log interpretation interpretations mitigation and root cause analysis.

Assist Engineering with installation, configuration and maintenance of security equipment for customer networks and services

Train Security Operation personnel on security analysis tasks Perform on-call duty to help in the resolution of security incidents Assist with the evaluation and implementation of new products and services

Sr. Analyst – Security Compliance OperationsMAXIMUSJuly 2015 – December 2016 (5 months)

Manage implementation of McAfee ePO and VirusScan; Troubleshoot communication issues with Windows clients and servers. Provide reporting and metrics on trends and risk levels within the environment. Assist in the integration of McAfee products including SIEM into the enterprise. Operate and maintain endpoint encryption tools; Investigate security incidents and actively participate in all stages of incident response- Preparation,

identification, containment, eradication and lessons learned. Assist in scheduling of vulnerability assessments; Assist in the operations of Data Loss Prevention tools. Contribute to the certification and accreditation of systems using industry leading vulnerability tools. Work with Network Operations staff on secure design and monitoring of MAXIMUS assets using Secu-

rity Incident Management Tools Assist in design and testing of new security technologies

Cyber Security Analyst First Data Corporation-Greenwood Village, CO 2013-2015

Examine and correlate raw data from IDS/IPS sensors in order to gauge threat levels and mitigate risk. Analysis of firewall and proxy logs for evidence of suspicious activity leading to effective incident

remediation.

Development of Splunk dashboards allowing for further visibility into the current environment, allowing for a deeper understanding of as-is risk and risk mitigation techniques.

Researching and investigating new and emerging threats in order to create actionable intelligence in the form of IOCs.

Primary analysis roles include full incident response from discovery to remediation. Working knowledge of Splunk, ISS Site Protector, Netwitness, Palantir, Mandiant, FireEye, EnVision,

Landesk, Archer, Remedy, and Webpulse , Proofpoint, Active Directory, Carbon Black and Imperva WAF

Analyzed malware for indicators of compromise on First Data assets using analysis tools Netwitness, Palantir, Mandiant, FireEye, ThreatStream and Isight.

Supported First Data’s Phishing Inbox and analyzed E-mail for potential threats and vulnerabilities Maintained availability, integrity and confidentiality of client information by ensuring appropriate

standards are in compliance with First Data’s security policies.

Intrusion Detection AnalystFirst Data Corporation-Greenwood Village, CO 2007-2013

Maintained ISS Site Protector Security signatures across the First Data Enterprise Implemented new ISS Protector Security signatures on multiple platforms throughout First Data’s

Network Analyzed anomalies and threats of compromise examining ISS Site Protector Console acting as a First

Responder before the Security Operations Center was developed.

Investigation of HIDS and NIDS alerts and events to provide analysis of the threat landscape. CertificationsCompTia A+ and currently working towards CompTia Security+ and studying to become CISSP.

Maintained situational awareness by reading and studying threat vectors on a daily basis including Federal Government Information Security Reports for new and emerging threats

Education & Training Bachelor of Arts (BA), UNIVERSITY OF NORTHERN COLORADO, Greeley, COAdditional coursework in Security practices, Database administration and UNIX system administration at Metro State College