Matthew Parnham

Experience

• 

  Chapman University

  May 2019 - Sept 2021

  Information Security Support Analyst

  Aid with security operations and incident response for AD users, on-prem machines, and firewall by reading logs, tickets, and alerts and utilizing Azure, Sentinel, MCAS, and Cylance.Develop security automation runbooks in Azure using Powershell to handle scheduled events, compromised AD account hunting and remediation, password resets, malicious IPs, MFA enrollment, and security auditing and metrics, utilizing Azure Storage Tables, AzureAD, on-prem AD, and MS Graph API.Develop flows and power apps using the Power Automate platform to integrate automation between Azure, MCAS, Teams, and 3rd party applications.Set up and manage 3rd party infrastructure such as Palo Alto MineMeld, MISP, and elastic stack to gather and aggregate IOCs to pipe into Sentinel and MCAS.Handle annual metrics report, aggregating metrics from O365, firewall, and on-prem antivirus. Show less

• 

  Alteryx

  Oct 2021 - now

  Built end-to-end automation framework in Tines to support SOC Incident Response program with processes to normalize data, integrate tools across tech stack to cohesively enrich security incidents (Azure, Sentinel, AWS, GCP, Snowflake, Defender for endpoint and cloud, SentinelOne, ServiceNow, Jira, Confluence, KnowBe4, Virustotal, RiskIQ, AbuseIPDB, etc.), perform automated investigations and response, communicate automatically with end-users, gather data for logging and metrics, and communicate with the SOC automatically using chatbots via Email/Teams/etc.Built automation to handle phishing reports, eliminating 80% of previous labor.Built various static tools to allow SOC members to perform complex functions across multiple tools in our tech stack at the click of the button (e.g. CRUD app to interact with Snowflake infrastructure).Developed scheduled automation to perform a variety of InfoSec functions, relating to previously manual tasks as well as reporting and metrics.Developed comprehensive metrics for automation program, interacting primarily with ServiceNow and Snowflake.Developed GCP cloud functions to support data engineering program for tools like tines, PingOne, and SentinelOne.Developed Azure cloud functions to support logging for AWS infrastructure.Set up Azure Lighthouse to monitor multiple Azure tenants and set up detection platform for those tenants in Anvilogic.Ran POCs for multiple automation platforms and spearheaded onboarding of Tines. Show less Performed incident response as member of the SOC for an environment consisting of E5 AzureAD and M365, user endpoints, cloud applications, and cloud infrastructure in all major CSPs (Azure, AWS, GCP).Triaged and investigated security incidents, performing remediation where necessary (including engaging other teams such as IT for remediation support).Built detections in Azure Sentinel to cover zero days such as Log4J, integrating data from a variety of sources.Built automation in Azure Sentinel to support SOC functions, enriching security incidents with 1st party AD and endpoint detection data and 3rd party TI solutions such as VirusTotal and AbuseIPDB, auto-closing noisy FPs, automating repeated tasks, etc.Built automation and cloud infra in Azure to collect SOC metrics and reporting data. Show less

  • Security Engineer

    Feb 2023 - now

  • Security Operations Analyst

    Oct 2021 - Apr 2023