CHARLES MENSAH

SECURITY OPERATIONS CENTER ANALYST

SUMMARY
 Having 3+ years of IT knowledge in the field of SOC as Analyst to provide all levels of IT support to thousands of users at
large companies including Manufacturing Confidential
 Experienced SOC Analyst with a strong background in incident investigations, utilizing SIEM, automation, and ServiceNow
technologies.
 Skilled in analyzing and escalating critical information security incidents, actively contributing to process improvement
and challenging existing procedures.
 Proficient in executing comprehensive vulnerability scans and conducting initial analysis of alerts to prioritize response
efforts.
 Utilizes automated means for efficient malware analysis and manages incident intake, ticket updates, and reporting.
 Demonstrates expertise in identifying and documenting indicators of compromise (IOCs) for proactive threat hunting.
 Works collaboratively in Wix environments, triaging, investigating, and escalating alerts for cross-functional collaboration.
 Monitors and analyzes SIEM data, swiftly addressing security issues and sharing knowledge with internal teams.
 Actively participates in training to enhance technical security knowledge and recommends improvements to standard
procedures.
 Maintains accurate records of incidents, generates end-of-shift reports, and provides knowledge transfer to subsequent
analysts.
 Provides vital support in a 24/7 Security Operations Center, displaying a strong understanding of operating systems,
infrastructures, protocols, and applications.
 Applies working knowledge of cyber threat actor tactics, techniques, and procedures (TTPs) to troubleshoot cybersecurity
incidents effectively.
 Follows operational processes for detecting, triaging, and responding to cybersecurity threats, ensuring compliance.
 Conducts thorough reviews of alerts, alarms, dashboards, and reports, assessing the relevance and urgency of threats and
vulnerabilities.
 Proactively identifies, evaluates, mitigates, and reports on security vulnerabilities in systems and software.
 Utilizes various technologies including SIEM, AV, IDS, IPS, email gateways, and web gateways for threat detection and
response.
 Collaborates effectively with internal teams, sharing knowledge, and coordinating response efforts to assess risk levels.
 Maintains up-to-date knowledge of vulnerabilities, attacks, and countermeasures, contributing to Security Awareness
training programs and supporting SOC objectives.

SKILLS
Languages: Linux Shell, Windows DOS, PowerShell and Python
Penetration and Security Tools: Metasploit, Nmap, John the Ripper, MS Venom, Hydra, SQL Injection, Burp Suite,
Elastic Stack (ELK), Wireshark, Splunk, Snort, Cryptography and IDS
Other Tools: SharePoint, Teams, Zoom Meeting, Git and GitHub
Cloud Capabilities: Azure, Docker, Containers, Ansibles and YML
Methodologies & Operating Systems: SDLC, Linux (Kali & Ubuntu) and Windows

EDUCATION
Cyber Security in Certificate of Training | Jun 2019 - Dec 2019
University of Utah, UT

Bachelors of Science in Computer Science | Sep 2010 - July 2014

Certifications:
Security+ | Apr 2022
Splunk Fundamentals | Nov 2021
EXPERIENCE
SOC Analyst | Jan 2021 - Present
Uber, TX
 Conducted incident investigations using SIEM, automation, and ServiceNow technologies.
 Analyzed, escalated, and assisted in the remediation of critical information security incidents.
 Actively contributed to improving and challenging existing processes and procedures in a dynamic and agile information
security environment.
 Executed vulnerability scans, ensuring comprehensive coverage of systems.
 Conducted initial analysis and investigation into alerts, prioritizing based on potential impact.
 Utilized automated means for performing malware analysis to expedite incident response.
 Managed incident intake, ticket updates, and reporting of cyber events.
 Identified, researched, and documented indicators of compromise (IOCs) for proactive threat hunting.
 Triage, investigated, and escalated alerts in Wix environments, fostering cross-functional collaboration.
 Monitored and analyzed SIEM data to identify and address security issues promptly.
 Collaborated with internal security and critical incident response teams, actively sharing knowledge and best practices.
 Actively participated in internal and third-party-provided training to enhance technical security expertise.
 Provided insights and recommendations for changes to standard operating procedures and documentation.
 Ensured accurate recordkeeping and tracking of incidents in compliance with SOC requirements.
 Prepared end-of-shift reports for effective knowledge transfer to subsequent analysts.
SOC Analyst (Intern) | Jan 2020 - Dec 2020
McKesson, TX
 Played a vital role in a 24/7 Security Operations Center, providing analytical and operational security support.
 Demonstrated a strong understanding of operating systems, infrastructures, protocols, and applications.
 Leveraged working knowledge of cyber threat actor tactics, techniques, and procedures (TTPs) for effective
troubleshooting of cybersecurity incidents.
 Followed established operational processes for detecting, triaging, and responding to cybersecurity threats.
 Conducted thorough reviews of alerts, alarms, dashboards, and reports to assess the relevance and urgency of
cybersecurity threats, vulnerabilities, and incidents.
 Proactively identified, evaluated, mitigated, and reported on security vulnerabilities in systems and associated software.
 Utilized various technologies including SIEM, AV, IDS, IPS, email gateways, and web gateways to detect and respond to
cybersecurity threats.
 Documented and communicated relevant alerts and information for escalation to appropriate teams.
 Collaborated effectively with other teams to assess risk levels and coordinate response efforts.
 Conducted extensive research to differentiate between potential intrusion attempts and false alarms.
 Created and tracked security investigations to resolution, ensuring thorough incident management.
 Provided valuable guidance and assistance to incident responders in identifying, containing, and remediating computer
security incidents.
 Maintained up-to-date knowledge of current vulnerabilities, attacks, and countermeasures.
 Contributed to the development and delivery of comprehensive Security Awareness training programs.
 Demonstrated flexibility and the ability to work in a shift schedule to ensure continuous SOC coverage.
 Performed additional duties as assigned to support overall SOC objectives.

PROJECTS
RED VS BLUE TEAM
Assessment, Analysis, and Hardening of a vulnerable system. This project report includes a Red Team Security Assessment, a Blue
Team Log Analysis, and Hardening and Mitigation Strategies.
https://github.com/CharlesMensah5/Red-Vs.-Blue-Team-Project
AUTOMATED ELK STACK DEVELOPMENT PROJECT
Creating a complete Azure Cloud Virtual Network with ELK Stack Deployment. This is the topology for an Azure cloud
environment including an ELK Stack, JumpBox and 3 Web VMs
https://github.com/CharlesMensah5/Automated-ELK-Stack-Deployment-Project
FINAL ENGAGEMENT
Configured Kibana alerts to monitor WordPress installation, performed Host Discovery with Netdiscover, identified exposed ports
with Nmap, enumerated site with WPScan and Nikto, identified Remote Code Execution vulnerability and used Code Injection
exploit to open Reverse Shell with Ncat listener, conducted network forensic analysis with Wireshark.
https://github.com/CharlesMensah5/Final-Engagement