124

Appen

My professional experience as an Information Technology Security Analyst

InstagramLinkedIn

Professional Experience

Appen

Position: Information Technology Security Analyst (Contract)
Duration: Jan 2022 – Sep 2022 (9 months)
Location: Kirkland, Washington, United States (Remote)

Key Responsibilities:

  • Security Operations Center (SOC) Monitoring & Threat Detection: Monitored enterprise security events in a SOC environment, analyzing logs and alerts using Splunk Enterprise Security (ES). Investigated anomalies, triaged security incidents, and conducted threat analysis following the MITRE ATT&CK framework.
  • SIEM Log Collection & Data Aggregation: Integrated Syslog, SNMP, and NetFlow data sources into Splunk SIEM to correlate network traffic, system logs, and security events. Configured log ingestion pipelines to normalize and enrich event data for improved detection capabilities.
  • Splunk Query Development & Log Analysis: Created and optimized Splunk SPL (Search Processing Language) queries for deep log analysis. Designed custom dashboards, correlation rules, and alerts to identify security threats and malicious network behavior.
  • Network Traffic Analysis & Forensics: Monitored NetFlow traffic to detect anomalous activity, unauthorized connections, and potential lateral movement. Utilized Grafana for real-time network visualization and anomaly detection.
  • Incident Response & Threat Hunting: Investigated security alerts and suspicious activities, leveraging SIEM event correlation, Syslog data, and NetFlow analysis to detect IoCs (Indicators of Compromise). Assisted in escalation and remediation processes to mitigate cyber threats.
  • Security Device & Infrastructure Monitoring: Configured SNMP-based monitoring for critical infrastructure, including firewalls, IDS/IPS, and routers. Integrated network telemetry data into SIEM for real-time alerting and performance monitoring.
  • SOC Playbook Development & SIEM Optimization: Assisted in the creation of incident response playbooks, defining standard operating procedures (SOPs) for handling phishing attempts, malware infections, and suspicious logins. Tuned SIEM correlation rules to reduce false positives and improve detection accuracy.
  • Compliance & Risk Management: Ensured log retention policies and security monitoring aligned with ISO/IEC 27001, NIST 800-53, and GDPR requirements.

This document highlights the professional expertise of Tarson Marcelo Florencio, founder of Oxe Collective, demonstrating a strong background in SOC operations, SIEM log management, Syslog/SNMP/NetFlow integration, threat detection, security governance, cloud security, and IT security operations.