Marcus Jefferson
Certifications
Offensive Security Certified Professional+Offensive Security Wireless ProfessionalCompTIA Linux+CompTIA Security+CompTIA Network+
Experience
Penetration Tester
Leidos Dynetics
- Performed source code review on PHP, Python, and JavaScript web applications catching security issues that we’re over looked by Burp and Snyk
- Performed infrastructure and application penetration tests utilizing TTPs and flow of operation from the MITRE ATT&CK framework where the result was a comprehensive security overview of the system and the continuous enhancement of currently implemented security tools.
- Conducted web application & API penetration tests consisting of automated and manual testing based on OWASP standards then communicated the proper mitigation for the existing vulnerabilities to the customer.
- Wrote exploits to automate the testing of vulnerabilities in systems for various CVEs targeting web applications, linux systems, and windows systems.
- Performed comprehensive security assessments of active directory environments uncovering misconfigurations that could lead to privilege escalation or lateral movement within the domain.
- Worked closely alongside a blue team developing threat emulation automations which allowed them to more easily tune their detection rules.
Mid Level Cybersecurity Analyst
Leidos Dynetics
- Provided 10 customer sites with detection & response services utilizing Red Canary and Elastic Cloud for performing log analysis utilizing a variety of data sources and threat response.
- Provided Splunk engineering services to 3 different lab sites – designed and implemented the Splunk instance on site, implemented security controls for NIST compliance, and built robust threat hunting dashboards utilizing SPL queries from large data sets.
- Implemented DOD STIGs for NIST SP 800-171 Compliance across Windows and Linux host.
Junior Cyber & Software Engineer
Brockwell Technologies Inc.
- Spearheaded the creation of a virtualized sandbox for running automated and man lead cyber security training exercises.
- Utilized Ansible for orchestration to automate and execute attacker TTPs from the MITRE ATT&CK framework against various dynamically configured windows and Linux host.
- Led the development of an ELK SIEM utilized for threat hunting post engagement.
- Conducted 15 live product demos including presenting at the Huntsville Cyber Summit.
- Developed a Django web application for management of ESXi hosted virtual machines. Features of this inluded, restarting the machines to clean state post training engagement and starting and stopping virtual machines for cyber security training exercises
Cybersecurity Engineering Intern
Leidos Dynetics
- Provided 10 customer sites with detection & response services utilizing Red Canary and Elastic Cloud for performing log analysis utilizing a variety of data sources and threat response.
- Provided Splunk engineering services to 3 different lab sites – designed and implemented the Splunk instance on site, implemented security controls for NIST compliance, and built robust threat hunting dashboards utilizing SPL queries from large data sets.
- Implemented DOD STIGs for NIST SP 800-171 Compliance across Windows and Linux host.
Education
Bachelor of Science in Information Systems
University of Alabama in Huntsville
Master of Science in Information Systems
University of Alabama in Huntsville
Related Coursework: Networking & IT Infrastructure, Network Defense & Security, and Computer Forensics
Technical Skills
- Network Penetration Testing
- Windows Security
- Linux Security
- Web Application Security
- Web Application Penetration Testing
- API Security
- API Penetration Testing
- Wireless Security
- Wireless Penetration Testing
- Python
- Bash Scripting
- PowerShell Scripting
- Ansible
- Splunk Engineering
- ELK Stack Engineering
- Threat Emulation
- Detection Engineering