Cybersecurity Engineer SOC – SADOM
March 2025 – Current
Information Security Vulnerability Management
- Review and process Known Exploitable Vulnerabilities (KEVs) to strengthen the agency’s security posture and prioritize remediation.
- Analyze DHS and USCIS bulletins and technical advisories, translating them into actionable remediation tasks for stakeholders.
- Manage change records supporting vulnerability remediation while maintaining policy compliance and operational stability.
- Build and maintain Splunk searches to track ISVM status and remediation, improving visibility and reporting accuracy for leadership.
- Own the Cisco data call report with weekly updates on vulnerability status and trends for DHS stakeholders.
- Participate in weekly coordination meetings to improve open vulnerability awareness and response alignment.
Accounts and Access Management
- Complete onboarding, offboarding, and team change requests, ensuring secure and timely account transitions.
- Process and validate access requests while enforcing least privilege and approval workflows.
- Resolve ServiceNow tickets related to account provisioning and removal, reducing backlog and misprovisioned access.
- Update GitHub documentation and runbooks, improving accuracy and ramp-up time for new team members.
- Develop SOPs for core workflows to preserve continuity during absences and role transitions.
- Troubleshoot access and account issues for end users, improving first contact resolution.
Additional Contributions
- Support operational response tasks including IP and domain blocks, malicious email trace and purge actions, and USB exception requests.
- Process quarterly phishing exercise results in Splunk and maintain dashboards used for awareness and training.