John Paul Madrid
Cyber Security Incident Response Analyst
Quezon City
Summary
I'm an information security analyst and part of the Cyber Security Incident Response Team (CSIRT). I work with a team of experts to protect client and company data from cyber threats. I have experience in cyber incident response, data loss prevention, security operations, and security management. I am also CompTIA Security+ certified, demonstrating my knowledge and skills in cybersecurity fundamentals and best practices.
Overview
2
2
years of professional experience
4
4
years of post-secondary education
9
9
Certifications
3
3
Languages
Work History
Cyber Security Incident Response Analyst
Smart Communications, Inc
04.2024 - Current
- Review and Triage security alerts generated by SIEM tool
- Escalate the alert to the custodian for verification and recommendations
- Manage the Security Operations Center (SOC) mailbox and monitor and analyze the emails for threats including phishing and malware and escalates per procedures.
- Review and analyze the malicious IP's on the network for Inbound and Outbound attack.
- Investigate malware alerts by checking the hash, the pattern, the attack tree, and the affected assets and etc, including quarantine and isolation of the device.
- Review and analyze social engineering attacks, including phishing, vishing, and smishing.
- Create weekly reports for the alerts detected required by the SOC.
- Vulnerabilities management including updating and patching.
Cyber Incident Response Data Loss Prevention
Accenture
10.2022 - 04.2024
- Monitor security alerts generated by DLP tools
- Review the alerts and identify the type of data sent, copied, uploaded, or transmitted
- Escalate true positive alerts to the project to verify if the resource is allowed or not to send the data outside the organization or personal accounts
- Understand and follow the incident response process through event escalations
- Incident handling (guiding the client or customer, directing resources through an intelligence-based response process)
- Addressing the project's inquiries about the tool's reasons for flagging the resource
- Making sure all incidents are up-to-date
- Making sure all incident details are correct for the Archer tool.
Global Infrastructure Services Intern
Trend Mirco INC.
04.2022 - 07.2022
- Help clients troubleshoot endpoint security errors and bugs
- Update and fix Windows and Linux vulnerabilities through patching
- Create and update client and employee accounts
- Customer service, VMware, Windows Server, Linux Server.
Education
Bachelor of Science in Information Technology - Information Technology
Polytechnic University of The Philippines San Juan
San Juan City 06.2018 - 11.2022
CompTIA Security+ (SY0 -601) Training -
5 Days of Training Covering Information Security, Cyber Security, Networking, Social Engineering, Basic Hacking Techniques, And Incident Response
Illinois, United States 04.2023 - 04.2023
Skills
Archer Tools
OneHub
Symantec Data Loss Prevention
Digital Guardian (DLP)
Inbound and Outbound Attack
Microsoft Azure
Data Security
Bruteforce Attack
Cybereason
Social Engineering (Phishing, Vishing, Smishing)
HARDWARE Troubleshooting
Windows/Linux Operating System
SIEM Wazuh
Virtual Box / VM ware
Microsoft DLP
Malware Analysis
Information Security Awareness
Multiple failed logon
Certification
CompTIA Security+ ce Certification (SY0-601), CompTIA, 2023
Timeline
Cyber Security Incident Response Analyst
Smart Communications, Inc
04.2024 - Current
CompTIA Security+ (SY0 -601) Training -
5 Days of Training Covering Information Security, Cyber Security, Networking, Social Engineering, Basic Hacking Techniques, And Incident Response
04.2023 - 04.2023
Cyber Incident Response Data Loss Prevention
Accenture
10.2022 - 04.2024
Global Infrastructure Services Intern
Trend Mirco INC.
04.2022 - 07.2022
Bachelor of Science in Information Technology - Information Technology
Polytechnic University of The Philippines San Juan
06.2018 - 11.2022