Open to Security Engagements · New York, NY

Defending Systems.
Exploiting Weaknesses.
Securing Digital Infrastructure.

Senior SOC Analyst & Cybersecurity Professional with 10+ years protecting enterprise environments across healthcare, banking, and global IT. I find threats before attackers exploit them.

Sentinel · Splunk · QRadar KQL · SPL · Log Analysis Threat Hunting Incident Response Azure Cloud Security MITRE ATT&CK Vulnerability Assessment HIPAA · NIST · PCI-DSS
🎯 Hire Me ⚡ Get Security Audit 🛡 View Portfolio
Regan Gomes — SOC Analyst and Cybersecurity Professional based in New York, NY
Regan Gomes
SOC Analyst · Cybersecurity Professional
📍 New York, NY · gomesregan37@gmail.com
0
Years of Experience
0
SLA Compliance (Aetna)
0
Identity Incidents Reduced
0
Industry Certifications
// 01 — ABOUT & EXPERIENCE

The Analyst
Behind the Firewall

10+ years defending enterprise environments. Zero tolerance for blind spots.

Regan Gomes, Senior SOC Analyst with 10+ years of cybersecurity experience
Regan Gomes
Senior SOC Analyst · IT Security Engineer
📍New York, NY
📧gomesregan37@gmail.com
📞332-293-3618
🏢Aetna Inc. — Hartford, CT
🎓MSc Computer Science & Engineering

Certifications

Security+
CEH
CCNA
CompTIA A+

With 10+ years in cybersecurity, I specialize in real-time threat detection, alert triage, and end-to-end incident response across enterprise-scale environments. My career spans global healthcare insurance (Aetna), banking (Standard Chartered), and international IT managed services (Wipro, Accenture).

At Aetna, I monitor thousands of daily events in Microsoft Sentinel and Splunk, using KQL to validate correlated alerts, investigate identity-based risks via Azure AD Identity Protection, and map attack behaviors to the MITRE ATT&CK framework — contributing to 82%+ SLA compliance and an 11% reduction in identity-related incidents within one year.

EXPERIENCE TIMELINE

SOC Analyst
Aetna Inc. ● CURRENT
Sep 2024 – Present
  • Monitor Splunk SIEM & Microsoft Sentinel for Azure, Windows, and PHI-related healthcare systems
  • Validate alerts with KQL in Azure Log Analytics — failed MFA, impossible travel, risky sign-ins
  • Investigate endpoint detections via Defender for Endpoint and CrowdStrike Falcon
  • Map attack behaviors to MITRE ATT&CK — credential access, privilege escalation
  • Maintained 82%+ SLA compliance; reduced identity incidents 11% through dashboard tuning
IT Security Engineer
Wipro · Dhaka, BD
Nov 2017 – Jun 2023
  • Led security for "Wipro Global Cloud Migration" — NIST-aligned Azure workload hardening
  • Deployed Nessus scanners across distributed network segments; managed vulnerability backlogs
  • Developed PowerShell scripts to automate log collection across legacy Windows infrastructure
  • Identified malware beaconing via Wireshark — suspicious DNS queries from remote endpoints
IT Security Analyst
Accenture · Dhaka, BD
May 2015 – Oct 2017
  • Monitored live Splunk & Azure Log Analytics streams for unauthorized access attempts
  • Led "Project Identity-Secure" — AD permission audit to eliminate permission creep
  • Correlated VPN logs with auth timestamps to distinguish brute-force from user errors
  • Vetted phishing attachments via VirusTotal and AlienVault OTX
Microsoft Sentinel Splunk SIEM KQL CrowdStrike Falcon Defender for Endpoint Tenable.io / Nessus Wireshark VirusTotal AlienVault OTX MITRE ATT&CK ServiceNow Active Directory Azure AD PowerShell
// 02 — SERVICES

Security Services &
Engagements

Outcome-driven security engagements that reduce risk, meet compliance, and prevent breaches.

SIEM Monitoring & Alert Triage

Real-time security event monitoring using Microsoft Sentinel and Splunk — correlating logs from Azure, on-prem, and cloud applications with KQL/SPL to prioritize and validate high-severity alerts.

Sentinel Splunk KQL Azure Log Analytics
Impact: 82%+ SLA compliance. Surfaces real threats before damage occurs while eliminating false-positive noise.

Threat Hunting & IOC Analysis

Proactive threat hunting through endpoint telemetry and authentication logs — enriching indicators of compromise with VirusTotal and AlienVault OTX, mapped to MITRE ATT&CK techniques for root-cause identification.

VirusTotal AlienVault OTX MITRE ATT&CK Wireshark
Impact: Identifies stealthy attacker presence before active exploitation. Converts threat intelligence into actionable detection rules.

Incident Response & Containment

End-to-end incident handling per SOC playbooks — account isolation, password enforcement, endpoint quarantine, and tier escalation management. Complete ServiceNow documentation for HIPAA and NIST CSF compliance.

ServiceNow Defender for Endpoint CrowdStrike Azure AD
Impact: Reduces MTTD and MTTR. HIPAA and NIST CSF compliant documentation for all incidents involving sensitive member data.

Cloud Security Monitoring (Azure)

Monitoring Azure workloads via Defender for Cloud — reviewing conditional access policies, detecting risky sign-ins, impossible travel events, and identity-based misconfigurations across hybrid environments.

Defender for Cloud Azure Security Center Azure AD IP
Impact: Protects cloud migrations from misconfiguration exposure. Enforces least-privilege access and prevents credential-based attacks.

Vulnerability Assessment & Management

Enterprise-wide vulnerability discovery via Tenable.io and Nessus across all network segments — prioritized by exploitability and business impact with clear, executive-ready remediation roadmaps.

Tenable.io Nessus NIST CSF PCI-DSS
Impact: Closes critical patch gaps. Supports HIPAA, PCI-DSS, ISO 27001, and cyber insurance compliance requirements.

Network Traffic Analysis & EDR

Deep-packet inspection using Wireshark and TCPDump to confirm suspicious outbound connections and identify malware C2 beaconing via anomalous DNS — correlated with endpoint telemetry for evidence-based response.

Wireshark TCPDump CrowdStrike Falcon MDE
Impact: Confirms or eliminates threats with network-layer evidence. Significantly reduces alert fatigue from false-positive escalations.
// 03 — PORTFOLIO & LABS

Engagements &
Case Studies

Real SOC operations and security engagements — sanitized for confidentiality.

SOC OPERATION CRITICAL

Impossible Travel + PHI Access — Aetna Healthcare

Detected credential compromise via Azure AD Identity Protection — threat actor authenticated from two geographic locations 3 minutes apart targeting PHI systems.

  • Azure AD IP flagged impossible travel: NY → Eastern Europe, 3 min gap
  • KQL correlated 47 failed MFA attempts on PHI-related systems
  • Conditional access violation escalated to Tier 2 analyst
  • Account disabled · password reset · IR ticket opened in ServiceNow
✓ PHI access blocked. Contained in 18 min. HIPAA-compliant documentation filed.
SOC OPERATION HIGH

Brute-Force Campaign — 14K Failed Logins/Min

Splunk alert triggered on 14,000+ failed login attempts per minute from rotating residential proxy IPs — automated credential stuffing attack on member portal.

  • Splunk alert: auth failure rate 300× above daily baseline
  • IPs rotating through residential botnet proxy network
  • Breach database correlation: 12% credential overlap detected
  • GeoIP + device fingerprinting rules deployed in 22 minutes
✓ Attack blocked. 847 accounts protected. MFA enforcement immediately accelerated.
CLOUD SECURITY CRITICAL

Azure Misconfiguration — Global Cloud Migration (Wipro)

Security review during "Wipro Global Cloud Migration" uncovered exposed storage blobs and overpermissioned service principals creating privilege escalation paths.

  • Azure Security Center: 3 publicly accessible blob containers identified
  • Overpermissioned SP — potential lateral movement to production workloads
  • Conditional access gaps found for remote VPN sessions
  • NIST CSF deviations documented · remediation plan issued pre-launch
✓ All misconfigurations remediated before launch. Zero data exposure. NIST compliant.
SOC OPERATION HIGH

Malware C2 Beaconing — DNS Anomaly Detection

Wireshark packet analysis confirmed periodic DNS queries to newly-registered DGA domains — consistent with Cobalt Strike C2 beaconing on a VPN-connected endpoint.

  • 30-second interval DNS requests to algorithmically-generated domains
  • Wireshark confirmed encoded payload in DNS TXT record responses
  • VirusTotal IOC match — known Cobalt Strike staging infrastructure
  • Endpoint quarantined · CrowdStrike forensic image captured
✓ C2 channel severed. Full forensic evidence preserved. Threat actor evicted in 40 min.
VULNERABILITY HIGH

Vulnerability Assessment — Healthcare Windows Servers

Tenable.io scan across provider portal infrastructure discovered EternalBlue-vulnerable legacy Windows Server hosts processing member and claims data.

  • 14 Windows Server 2012 hosts missing MS17-010 (EternalBlue) patch
  • Nessus identified 3 critical CVEs on pharmacy benefits database server
  • Insecure RDP config flagged on 7 administrative workstations
  • Prioritized remediation report issued to infrastructure team
✓ All critical patches applied within 72 hours. HIPAA compliance gap closed before audit.
SOC OPERATION MEDIUM

Phishing Campaign — Macro-Enabled Attachment Analysis

Investigated 23 phishing emails with macro-enabled .xlsm attachments reported via security mailbox — correlated with AlienVault OTX to an active BEC campaign.

  • 23 phishing emails with macro-enabled .xlsm attachments reported
  • VirusTotal: 34/72 engines detected embedded VBA dropper payload
  • AlienVault OTX linked domain to ongoing BEC campaign from Eastern EU
  • Email gateway rules updated · organization-wide user awareness alert sent
✓ Zero successful execution. Campaign fully blocked organization-wide.
// 04 — SKILLS & TOOLS

Technical Proficiency

SIEM & Log Management
Microsoft Sentinel + KQL97%
Splunk SIEM + SPL92%
Azure Log Analytics94%
Alert Correlation & Triage96%
Threat Detection & IR
Incident Response & Playbooks95%
MITRE ATT&CK Mapping93%
IOC Analysis (VirusTotal/OTX)94%
Network Packet Analysis88%
Cloud & Endpoint Security
Azure Security / Defender for Cloud91%
CrowdStrike Falcon / MDE87%
Vulnerability Assessment (Nessus/Tenable)89%
Active Directory & Identity Security92%
TOOLSET
📊
Sentinel
SIEM
🔎
Splunk
SIEM
☁️
Azure
Cloud
🦅
CrowdStrike
EDR
🛡️
Defender MDE
EDR
🦈
Wireshark
Network
🧪
Tenable.io
Vuln
🔬
Nessus
Vuln
🔏
VirusTotal
Intel
🛰️
AlienVault OTX
Intel
🎯
MITRE ATT&CK
Framework
📋
ServiceNow
ITSM
// 05 — CERTIFICATIONS

Professional Credentials

Industry-recognized certifications validating expertise in cybersecurity, networking, and ethical hacking.

Security+
CompTIA Security+ — Cybersecurity Fundamentals & Threat Management
CompTIA
CEH
Certified Ethical Hacker — Offensive Security & Penetration Testing
EC-Council
CCNA
Cisco Certified Network Associate — Network Infrastructure & Security
Cisco Systems
CompTIA A+
CompTIA A+ — IT Support, Systems, & Security Fundamentals
CompTIA
🎓
MSc in Computer Science & Engineering
Stamford University Bangladesh
GPA: 3.77 / 4.00
📚
BSc in Computer Science & Engineering
Stamford University Bangladesh
GPA: 3.50 / 4.00
// 06 — CONTACT

Hire Me or Get a
Security Audit

Ready to strengthen your security posture. All engagements include technical reports and executive summaries.

Let's Secure Your Environment

Whether you need SOC advisory, incident response support, vulnerability assessment, or cloud security monitoring — I deliver outcomes that reduce real risk. Based in New York, NY. Available for remote and on-site engagements.

📧
// EMAIL gomesregan37@gmail.com
📞
// PHONE 332-293-3618
💼
// LINKEDIN linkedin.com/in/gomesregan
🐙
// GITHUB github.com/regan-gomes-sec
📄 Download Resume (PDF)
🔴 RESPONSE TIME

All inquiries answered within 24 hours. Emergency incident response available 24/7.

🔐 All communications are strictly confidential. NDAs available upon request.