SAM HOSSEINI, MCSE, MCSA, MCTS, MCP, MCT (2014), CTT (2015), Net +, A+, ArcSight,

SecureData, Atalla, Sophos (Cyber Security Certs)

ISO 9001:2008 Certified Lead Auditor, Toastmasters Int’l Competent Communicator Award (CC-2015)
4201 Elm St. Cedar Park, TX 78613
Phone (512) 674-1639, [email protected]
www.linkedin.com/in/SamSHosseini
Security Clearance, ITAR security clearance
PROFESSIONAL SUMMARY :
I bring 15+ years of solid and proven experience in administering SIEM/ESM /Security Engineering and ArcSight,
Splunk, QRadar, CyberArk, Secure Data, Attala Consultant / Technical Training (ESM security SW and Storage),
PC/Mac / Network / Help Desk support, LAN/WAN/SAN administration/ management / Engineering, security,
Wireless LAN, PC/Server, DevOps, Hardware/ Software/ Network troubleshooting / Email Disaster Recovery,
Storage, Data center technologies, AWS (Amazon Web Services), KRI. KPI Reporting and Cyber security positions
in public, very secure / Defense Contractor environments, state of Texas MOSAIC and US Army, In local and
international companies, customer service and team work to apply for the position of Cyber Security Engineer
Splunk (Ver. 7.1.1-8.2.0) SOAR (Lantern)/ ArcSight / QRadar Consultant.

Please, refer to the enclosed data sheets for details of my education and experience. I have 12 years of
experience in Network (Windows 2019/2016/2012/2008), Novell multi-servers and Exchange 2013/2010/2007,
Outlook 2007/2010/2013/GroupWise) administration of Engineering / Financial Corporations / Banks / city
government(s) information systems, including Active Directory PAM, FDS, AZUR, AWS, MFA, using PowerShell
4.0, 5.0, HW/SW trouble shooting, maintaining computer network servers, ServiceNow(SNOW/CMDB)
administration, E-mail and backup systems, Internet, remote computing/clients, Firewalls, Cisco
Routers/switches, Metasploit, Rapid7 IDR, Rapid7 Nexpose, SCSI / iSCSI, RAID, TCP/IP, DHCP, DNS, VPN, MYSQL,
SAN, NAS, VMware (ESXi 5.1, vSphere, Vcenter), Linux/Win 7, Win 8, Win 10, MS office 2007/2010/Office 365 /
Office 2016, Telephone, telecommunication systems, T1 / T3 / OC-3 (Fiber), as a Net Admin. or supervisor some
of my contributions to the IT/engineering teams included, engineering/managing projects, CADD management
(incl. Utilities and mapping), network troubleshooting and supervising projects from schematics to finished
product. Managing a $800,000 to $ 2 Million PC/Network budget, vulnerability assessment, progress reports,
cost studies, MTBF studies, inventory reports and HW/SW purchasing.

Furthermore I have worked with Credit unions & banks, I have very strong NIST, NERC, SOX, ITGC, CSF, FFIEC,
SEC & FDIC audits, including ISO 27001, ITGC Audits using Resolver SW, KRI, KPI, NERC metric Reporting skills,
drafting/CADD and document control systems background, have 5 years’ experience working in high volume
mechanical assembly lines, and am well familiar with quality control SPC and JIT/QOS/JIRA processes.

I hold certifications on HPe ArcSight, Splunk, Atalla, Voltage Security SW, Dell Compellent / EqualLogic SAN
technologies, and ISO 9001:19011 Lead Certified Auditor and have been working with these products for the last
8-10 years.

EDUCATION:
University of Texas, Austin, Texas
Bachelor of Science (Physics)
ITS PROFESSIONAL DEVELOPMENT / CERTIFICATIONS:
Microsoft Certified Systems Engineer (MCSE)
Microsoft Certified Systems Administrator (MCSA)
Microsoft Certified Trainer (MCT- 2013)
Microsoft Certified Technology Specialist (MCTS – 2012)
Certified Technical Trainer (CTT+)
CompTIA Net+ and A+ Certification
Completed Planet 3 Certified Wireless LAN/WAN Network CWNA Program
Completed Exchange 2010 Certification training Program
ISO 9001:2008 / ISO 19011 Certified Lead Auditor
 Dell EqualLogic and Compellent Storage SW (Certified)
SIEM / SOAR: HPE ArcSight (Certified), Atalla, Voltage (Certified), Splunk, QRadar

PROFESSIONAL EXPERIENCE :

WSP Global – Sr. SOC Security & Audit Analyst – Global Security Operations 02/08/2022 - Present

Sr. SOC Audit Analyst Support Global SOC + Operations teams related to / for SIEM (Including Microsoft
Sentinel & Splunk) Security Operations, SOC vulnerabilities, Pen Testing, Network Security, SOX related
legislation (US or Canadian) and keeping track quarterly of documentation and IT General Computer
Controls (ITGC). Advanced knowledge of SIEM, IT Audits / SOX.ISO.

Key Member of the Global Security Team

• Access rights / provisioning / deprovisioning/segregation of duties/ reviews. PAM
• Privileged access rights challenges (AD, GPOs, MFA, Direct access to databases or data files, Different
access levels/Operating System/Application/Web Application/Database/Active Directory), DevOps
• SME in SIEM, IT Audit, SOX, ISO, CyberArk ver. 11 & 12
• ISO 27001 Auditing – Per Global SIEM operations
• Strong knowledge regarding Networks SIEM / Azure / cloud/on-prem -hybrid
• change management, and documentation
• Batch job processing, Python, PowerShell, Power Query
• Endpoint’s security (antivirus/antimalware/data loss prevention) – Global operations
• Projects related to US/Canadian legislation for SIEM, SOC, SOX, NIST, ISO related Audits

General Dynamics IT / GDIT – Remote 12/11/2020 – 02/07/2022

Sr. Cyber Security Engineer SME – Splunk Administrator - Federal Projects

Splunk Enterprise / Enterprise Security (ES) - Performing complex system development, design,
modeling, analysis, integration, and sustainment of Splunk systems for new or existing computer
systems within an Enterprise. PAM, CyberArk ver. 11 & 12.

 Developing dashboards, data models, reports and performance optimization, DevOps.

 Designing and customizing complex search queries and promoting advance searching, forensics, and
analytics. - Developing and documenting configuration standards, policies, and procedures for
operating, managing and ensuring the security of a Splunk infrastructure.

 Participating in incident, problem, and change management processes related to Splunk.

  Providing Splunk O&M and User access.

 Planning and directing upgrades and system enhancements.

 Developing and implementing testing strategies and documenting results.

 Developing documentation on new or existing systems.

 Providing system/equipment/specialized training and technical guidance.

 Serving as liaison with clients, participating in meetings to ensure client needs are met.

 Providing guidance and work leadership to less-experienced staff.

 Communicating with customers and teammates clearly and concisely.

 Maintaining current knowledge of relevant technology as assigned and may have supervisory
responsibilities.

 Participating in special projects as required.

 HCL America – Dallas / Austin, Texas 07/05/2019 – 11/25/20

SIEM / SOC Threat Engineer – Texas Dept. of Transportation

 Participate in a SOC team, IR, EDR (Endpoint Det., Response), PAM, UEBA (Behavior Analytics),
Remedy providing twenty-four (24) hours a day and seven (7) days a week services and ensure
client SOC/Threat Hunting, Forensics, for over 250,000 Devices using Splunk 7.2.3 / 7.2.6.
Wrote the DR documentation for many sites, including training local analysts on disaster recovery
procedures
 Raising Incidents to be managed by the next level of support for risk remediation. Ongoing triage,
diagnosis and resolution of Incidents
 Manage Splunk Root Cause Analysis with identification of the root cause, and an action plan and
estimated time to complete remediation using Splunk use cases I developed
 ServiceNow (SNOW/CMDB) administration, Providing Splunk (ver. 7.2.3 & Splunk Cloud 8.0.2),
QRadar, incident management, CyberArk ver. 11
 Delivering incident hunting & remediation incl. report with analysis and recommendations
 Support risk mitigation or issue resolution following an event or incident
 Maintain customer’s SIEM (Splunk 7.2.3) in accordance with customer policy and best practices,
including patching and policy management, SIEM administration, data management, user accounts,
backups, Plan for Disaster recovery & customize searching for ease of use, as well as service
management processes and objectives, created over 120 use case and over 300 Splunk SPL scripts
for web security analysis, Malware hunting & remediations etc. for the customer & other Analyst).
 Deliver Threat Hunting, Incident Response, AWS EC2, Cloud application testing for security and
Splunk / SIEM related services in accordance with client’s contractual obligations, upholding
 contracted service levels, ensuring constant security monitoring, triage, analysis, alert, and incident
response.
 Monitor the customer network, including monitoring and configuring site to site VPN tunnels,
DevOps, monitoring Firewall infrastructure, and monitoring IPS infrastructure, including reporting
of any incidents to Customer’s service desk
 Conduct relevant risk mitigation, Extensive vulnerability assessment and testing of WAN devices.
 Resolve security-related incidents or breaches detected within enterprise IT environment by liaising
with other Customer Contractors, hardware manufacturers, and other resolver support teams as
required using ServiceNow, CMDB (configurations, Security)
 Participate in quarterly security tabletop, red team v. blue team exercises, and live training drills of
incident run books with Customer staff to facilitate brainstorming, improvement, and creativity in
incident response
 TAC 202, NIST 800-53, ISO 9001, CSF, NERC, FFIEC

US Department of Veterans Affairs – Washington DC 12/10/2018 – 06/25/2019

Office of Information Security (OIS)
Cyber Security Incident Response (CIR) – VA’s Network Encounters over 45 Million incidents daily
Sr. Cyber Security Analyst

 Monitor various security tools (Splunk, Splunk Enterprise Security (Splunk Cloud 8.0.2), Palo Alto
Networks, SourceFire, Cisco ASA, Cisco Firepower, TACACS), McAfee ePO to identify potential
incidents, network intrusions, and malware events, etc. to ensure confidentiality, integrity, and
availability of VA architecture and information systems are protected. IR, EDR (Endpoint Det.,
Response), PAM, UEBA (Behavior Analytics) activities, Forensics in addition to Cyber Ark.
 Use Splunk ES SIEM to (IR) respond to incidents detected on the VA network (over 1 million devices)
MY duties included DR preparation documentation & training other analyst on DR preparations and
documenting all procedures
 Reviewing and analyzing log files to report any unusual or suspect activities including Threat hunting
& writing use cases to solve issues such as Malware attacks, user behavior issues & IIS, Apache
servers slowness issues & slow user web access related.
 Use intrusion testing, threat analysis, incident response, Web application pen testing, use-case
workflows to follow established and repeatable processes for triaging and escalating
 Generate trouble tickets and performing initial validation and triage to determine whether
incidents are security events.
 Complete investigations in to identified cyber events and hand over as appropriate
 Follow established incident response procedures to ensure proper escalation, analysis and
resolution of security incidents
 Develop and maintain Incident Response procedures and Security SOPs.
 Analyze and correlate (IR) incident event data to develop preliminary root cause and corresponding
remediation strategy
 Communicate effectively to all customers and stakeholders
 Work with other contract teams to effectively respond to cyber incidents
 Provide technical support for new detection capabilities, recommendations to improve upon
existing tools/capabilities to protect the VA network, and vulnerability assessments for High Value
Assets
  Wrote over 400 Splunk use cases including complete documentation and solutions to each case.
Developed Splunk Event sequencing procedures to reduce tickets & reduce false positive events,
trained other analysts on how to view & solve incidents “the smart way”
 Use McAfee, Symantec Enterprise Antivirus,
 CSF, FISMA, NIST 800-53, FFIEC, ISO 9001 - I participated in Auditing done by FDIC & SEC of our
FFIEC audits

Colonial Williamsburg Foundation – Williamsburg, VA 05/1/2018 – 12/06/2018

Network Cyber Security Engineer
(Federated AD – 1700+ Clients & 300+ Servers)

 Respond to Splunk ver. 7.1.1 / computer security incidents according to the Computer Security
Incident Response Policy (CSIRP)
 Deploy security related systems and security in business systems, including VMs, POS and TERMs
 Enforce policies and procedures to govern systems access, usage, data access and security of digital
assets using GPO, SCCM, SCEP, ServiceNow, CMDB
 Monitor security tools (Splunk ver. 7.1.1, QRadar, NEXPOSE, Rapid7, Tripwire and Malwarebytes,
MacAfee ePO across the enterprise and respond to alerts accordingly
 Identify, analyze and communicate information security vulnerabilities using daily reports, JIRA
 Managed Splunk Licensing & license servers. Updating Splunk Indexes, forwarders and writing over
400 use cases to solve difficult to solve issues
 Responds to Splunk security service requests, user issues, troubleshoots system/user issues and
supports change management procedures, including device updates & backups.
 Wrote complete step by step procedures for Splunk Event sequencing to reduce resolution time on
the part of Analysts & automized many event responses to reduce number of tickets.
 Administer network security technologies (Cisco Firepower, Firewalls (Fireeye), IDS, IPS, log
management, Endpoint Protection, patch management, etc.).
 Performs scans using Rapid7 NEXPOSE to assess vulnerability and take corrective action for data
security risks, Preparing KRI, KPI Cyber Security metrics Reporting using MS SCCM, plus KRI, KPI
Reporting
 Manage third-party encryption certificate distribution (SSL, Code-signing, etc.) 
 Plan and lead the tasks required to ensure regulatory compliance (PCI, HIPPA, etc.)
 Threat hunting, threat analysis, vulnerability assessments, Analyze current security practices and
make enhancements to increase their effectiveness to strengthen our security shields.
 Collaborated with enterprise team for FFIEC audits done by SEC & FDIC of banking offices
 Write and maintain security documentation and reports / JIRA.

Micro Focus – Austin, TX 12/27/2017 – 04/25/2018

Arcsight Content System Engineer
 Participate in the operation of a Global ArcSight Security Information and Event Management system, to
include ArcSight ESM, Splunk (ver. 7.2.6), Oracle, Connector appliances, SmartConnectors, Logger
appliances, Windows and Linux servers and a variety of network and security related devices
 Reviewed / modified all Indexers, forwarders, and heavy forwarders for good health and settings.
 Occasionally responsible for providing a detailed technical design for enterprise solutions. Wrote over
200 use cases for the issues common at customer sites
 Splunk IR, EDR (Endpoint Det., Response), UEBA (Behavior Analytics). Wrote over 100 use cases for many
of the company’s customers
  Collaborate with Micro Focus Engineers in order to provide part or all of a detailed technical design
which meets customer requirements.
 Provides planning and design support for the development of solution architectures that will be
implemented in a multiple system environment.
 Develop and deploy content for a complex and growing Splunk 7.2.6 / ArcSight infrastructure; including
use cases that involve Dashboards, Indexes, forwarders, Active Channels, Reports, Rules, Filters, Trends,
and Active Lists
 Developed procedures to design, deploy and configure an Splunk / ArcSight ESM Architecture for high-
availability (HA) and failover.
 Tune ArcSight / Splunk performance and event data quality to maximized system(s) efficiency.
Documenting procedures including backups and HA procedures
 Perform routine equipment checks and preventative maintenance FOR Splunk (Enterprise).
 Provide optimization of data flow using aggregation, filters, etc.
 Develop custom Flex Connectors as required to meet use case objectives
 Apply Configuration Management disciplines to maintain hardware/software revisions, ArcSight content,
security patches, hardening, and documentation
 Supporting the establishment, enhancement, and continual improvement of an integrated set of
correlation rules, alerts, searches, reports, and responses.
 Coordinating and conducting event collection, log management, event management, compliance
automation, and identity monitoring activities, in addition to Preparing NERC, KRI, KPI Cyber Security
metrics Reporting

Microsoft / Vexcel – Austin, TX 07/25/2017 – 12/23/2017

Microsoft Dynamics 365 / CRM Consultant
 Provide technical Consulting including State of Texas / Louisiana / New Mexico MOSAIC for WIC
application(s) during converting many applications from Legacy (DOS) to GUI working on Win 10 /
Microsoft Servers. Collaborating with IT / Development engineers to troubleshoot multiple
migration issues and adding new feature for smooth transition to GUI (Win 10) Operating system
platform.
 Managed Splunk administration, including installing indexes, forwarders, patches and updates in
addition to DR / HA procedures.
 Conduct consultation / collaboration with Desktop support team for MOSAIC application to help
clinic staff using the application serving customers during Migration to finished product. IDS/IPS +
Forcepoint, Carbon Black (Cloud Based), Splunk ver 7.1.1, QRadar, and application / Website
security.
 Development and review of new consultation / training materials by analyzing many engineers and
team member feedback to provide a better Training and lab material.
 Advise senior leadership / managers on clinics performances and State of Texas team members
experiences and Recommend actions for improvement strategies during final phases of the project.

HP Enterprise – Austin, TX 11/22/2015 – 06/27/17

ESM / Arcsight Engineering / Security Content Development
 Provide technical Consulting / training including HPE ArcSight, Atalla and Voltage (Secure Data) (as
ESM /SIEM solutions) to HPE customers (gov./ Internal / Global – in US and International), in person and
virtually. Including Python scripting, ArcSight Logger, ArcMC, and ArcSight Activate.
 Ensure effective delivery of big data analytics solutions to support the highest competence level for
better security against current security threats.
  Conduct consultation to adjust HPE SW to serve as Cybersecurity shield for customers, mostly Microsoft
Networks containing Active Directory (AD), DNS/DHCP, using PowerShell and Linux, Exchange, Hyper-V,
SQL and Linux. IDS/IPS, IBM Qradar, Forcepoint threat intelligent monitoring.
 Development and review of new consultation / training materials by analyzing team member feedback
to provide a better return on their investment.
 Advise senior leadership / managers on classroom performance and HPE team member experiences and
Recommend actions for improvement strategies as SME for Microsoft / Financial / ESM / SIEM products
portfolios.
 Collaborate with Cyber Security Experts, Technical Writers, and Education Services to insure accurate
 Contents are delivered to meet government / local / military / global customer needs.

Dell Inc. – Round Rock, TX 6/23/2013 – 10/07/2015 (Dell – 2 Years)

Technical Training Senior Advisor
 Deliver technical Consulting / training including Dell Equallogic, Compellent / Microsoft Networking
Storage, SIEM / Cyber Security to Dell customers (Field Engineers/ Administrators), Team members
through A combination of blended Cyber Security solutions. IDS / IPS, QRadar, Splunk ver. 6.1,
Forcepoint.
 Execute and share best practices for ensuring excellence in consulting / training and performance.
 Ensure effective delivery of Security solutions / Splunk use cases to support the highest competence
given the level of knowledge and skills for mostly Microsoft Networks containing Active Directory (AD),
DNS/DHCP, Exchange, PowerShell 3.0, Hyper-V, SQL.
 Provide consulting and adjust materials to better serve as security shield for customers for mostly
Microsoft Networks, Linux, AWS and Virtual Servers.
 Development and review of new training materials by analyzing team member feedback and providing
feedback for recommended revisions to course curriculum.
 Advise senior leadership / managers on classroom performance and Dell team member experiences and
recommend actions for improvement strategies
 Provide subject matter expertise (SME), advice and program delivery.
 Collaborated with enterprise team for FFIEC audits done by SEC
 Sought after for contributions to the development of new techniques and strategic planning expertise

Calendar Holdings LLC – Austin, TX 05/2013 – 6/2013

Network Administrator II
 Administered the day-to-day operations of a network (Three 300 nodes) including 40 Microsoft
Windows (2003/2008/2012), Linux, and Virtual servers (VMware) including hardware/software
troubleshooting, design and implement data connectivity for LAN/WAN/VLAN/WLAN systems.
 Managed wireless communication between 3 large campuses (Three 300 nodes).
 provided network and remote connectivity, Hardware and Software support
 Maintain LAN/WAN network diagrams, installed, designed, configured, and maintained CISCO
routers, switches.
 Track Security issues & Analyze - using IDS/IPS, Firepower tools
 Support and maintain both physical and virtual network servers and appliances
 Maintain and troubleshoots the Storage Area Network (SAN) (HP storage works)
 Administered AD, DNS, DHCP, VOIP, VPN, MS SQL 2008, Exchange server 2010
 Perform daily server tape backups
 Administered Lansweeper, McAfee e-policy orchestrator centralized tools to manage all issues,
manage firewalls and network security
  Provided services and support to consultants/web developers/software engineers providing internet
and intranet user support.
CyberTex Institute of Technology, Austin, TX 04 /2012-04/2013
Sr. Technical Trainer, Network Administrator,
Administer a 35+ users multi Domains LAN/WAN (Windows 2000/2003 servers, multi DNS servers, DHCP,
Switches, Routers, Firewalls, Windows 2K prof./XP Prof. clients), Wireless Network, Active Directory,
troubleshoot HW/SW issues including numerous SW applications, Routers, Hubs and Switches. E-mail
(MS Outlook), Internet, cyber security, anti-virus systems, Backup system. Setup/ config. Numerous
applications against Internet threats. Technical Training for MCSE, MCSA, Network Infrastructure, LAN /
WAN, CompTIA, Linux programs.

US Army – Fort Hood Signal University, Fort Hood, TX 4/2011-4/2012

Lead Microsoft Instructor /Advisor
 Provide consulting / training of Microsoft Windows 2003/2008/CompTIA certification classes,
including server configurations, setting up small to large network infrastructures customized for the
military/DoD regulations, Vista, Win 7 configuration/Win 7 Enterprise desktop support, AD, DNS,
DHCP, TCP/IP, configuring military class routers/switches, Network Security, Firewalls, Network
software and hardware troubleshooting.
 Designed and built Networking lab environments on which Soldiers could learn and practice.
 Manage CISCO routers, switches
 specifications.

Austin Community College, Austin, TX (EVENING JOB) 5/2008 -06/2014

Technical Instructor
 Deliver Microsoft/CompTIA (A+, Net+, MCSA) certification classes including: Windows 2003/2008/2012
server configurations, setting up small to large network infrastructures, XP/Vista, Win 7, 8, AD, DNS,
DHCP, TCP/IP, configuring routers, switches, Wireless /CWNA technology, Firewalls, Network software
and hardware troubleshooting.