Seun S A Oduneye
Kent
Summary
Proactive and solutions-focused Cyber Security Engineer with a strong understanding of enterprise security operations. Skilled in identifying, analysing, and mitigating security threats using tools like Microsoft Sentinel, Darktrace, and SOC Radar. Demonstrated ability to drive security improvements through the development of runbooks and SOPs, automation of workflows (RPA), and the implementation of robust security policies (Conditional Access, Anti-Phishing/Spam). Proven ability to manage multi-tenant Microsoft environments and enhance overall security posture.
Overview
6
6
years of professional experience
1
1
Certification
Work History
DATA SECURITY ANALYST “SC Cleared”
Cabinet Office
09.2024 - Current
- Triaged and investigated data security alerts from various sources (email, productivity tools, network, endpoints).
- Analysed systems, network traffic, and cloud environments to identify and assess the nature and extent of data security incidents.
- Collaborated with Data Protection, Security, and wider Corporate Services teams during incident response.
- Developed and implemented a Data Loss Prevention (DLP) alert triaging process in collaboration with senior management.
- Developed efficient SPL queries leveraging Google DLP InfoTypes to enhance threat detection accuracy and reduce false positives.
- Proactively searched logs and developed Splunk queries to identify DLP detections, facilitating their deployment to production through collaboration with Detection Engineers.
- Collaborated with the Cloud team to identify and propose potential DLP alerts within the Google DLP tool, such as mass download detection, contributing to improved security monitoring.
- Engaged with various business stakeholders to review, discuss and integrate DLP policies, fostering cross-functional collaboration and ownership.
- Implemented indexing strategies and query optimisation techniques to improve search performance and reduce query execution time.
- Regularly reviewed and updated detection rules to adapt to evolving threat landscapes and ensure ongoing effectiveness.
- Developed a Splunk query to detect unauthorised access attempts to sensitive systems, resulting in a 10% reduction in false positives.
- Implemented a SOAR workflow to automate incident response actions, reducing mean time to respond (MTTR) by 10%.
- Identified and implemented improvements to data security capabilities.
- Contributed to the development of security playbooks and knowledge base articles.
- Provided guidance and mentorship to junior security analysts around Data Leakage process.
- Led DLP incident response calls, coordinating with key stakeholders to analyse incident impact and provide recommendations for resolution.
- Engaged DPO and Security Engineering teams to facilitate comprehensive incident resolution.
- Experience using security tools (e.g., EDR, SIEM) to support investigations and incident response.
CYBER SECURITY ENGINEER
Cantium Business Solutions
03.2023 - 09.2024
- Ensure that technological security improvements are effective and are kept up to date within configuration management frameworks.
- Oversaw the security posture of four Microsoft 365 tenants by actively managing and improving their Secure Score, consistently maintaining a level of 75-80%.
- Analysed malware using dedicated tools and techniques, contributing to enhanced threat intelligence and incident analysis capabilities.
- Acted decisively on security alerts, incidents, requests, and events, ensuring timely and effective management of threats, vulnerabilities, and breaches to safeguard system and data confidentiality, integrity, and availability.
- Developed 15+ runbooks for standardising security alert and incident investigations and created SOPs for Secure Score and SOC Radar utilisation.
- Undertook thorough risk assessments to identify sensitive data and establish appropriate DLP policies and controls.
- Enhanced email security by modifying Microsoft Anti-Phishing and Anti-Spam policies, leading to improved detection of phishing attempts.
- Streamlined the Secure Score process by collaborating with the ServiceNow team to implement an RPA solution, reducing process flow by approximately 90%
- Collaborated with the ServiceNow team to enhance incident reporting fields, incorporating the MITRE ATT&CK framework for improved ticket logging.
- Good understanding of M365 security stack, Azure, MDE, Defender for Identity, Defender for Cloud, Security centre and advanced threat hunting employing the skill to manage security incident and monitoring.
- Enhanced tenant security by implementing a Conditional Access Policy enforcing MFA for guest users.
- Utilised Sentinel workbooks to visualise user sign-in behaviour, identifying potential targets and suspicious activity patterns.
- Collaborated with the enterprise team to onboard Windows Virtual Desktops (WVDs) to Microsoft Defender and Darktrace.
- Integrated Darktrace with Sentinel utilising the Content Hub, enabling centralised management of security alerts for improved threat response.
- Investigated and responded to DLP alerts, conducting forensic analysis to pinpoint the root cause of incidents.
- Utilised Tenable.io, a cloud-based vulnerability management platform, to identify, prioritise, and remediate vulnerabilities within the organisation's IT infrastructure.
- Managed and maintained the SOCRadar XTI platform, a comprehensive suite including External Attack Surface Management (EASM), Digital Risk Protection Services (DRPS), and Cyber Threat Intelligence
- Leveraged SOCRadar's DRPS functionality to monitor the dark web, social media, and other online sources for threats targeting the organisation, enabling early detection and mitigation.
- Analysed and integrated actionable cyber threat intelligence (CTI) from SOCRadar into security processes, informing threat hunting and incident response activities.
- Provisioned the "Report Phishing" button within Microsoft Outlook for shared mailboxes, empowering users to report suspicious emails and enhance phishing detection.
- Successfully managed SSO integration for organisation-wide applications, MDM implementation, and Endpoint Compliance initiatives.
SOC Analyst
Charles Taylor PLC
03.2022 - 03.2023
- Monitored and analysed security events and incidents using Microsoft Azure Sentinel and Defender tools.
- Utilised Microsoft security technologies to identify and mitigate security risks, vulnerabilities, and threats within the organisation's environment.
- Developed and maintained security monitoring and detection rules, use cases, and playbooks within Azure Sentinel.
- Performed log analysis, threat intelligence analysis, and vulnerability assessments using Threat Intelligence tool such as SOC Radar
- Collaborated with cross-functional teams to implement and configure security controls and ensure compliance with industry standards and regulatory requirements such as Microsoft Secure Score.
- Created and delivered security reports, including incident reports, vulnerability assessments, and recommendations for remediation.
- Participated in security incident response activities and contributed to incident response plans and processes.
- Managed the daily assessment of vulnerabilities identified by Qualys and created vulnerability reports.
- Worked closely with the M&A team to identify and mitigate security risks during the due diligence process.
- Ensure efficiently manage the incident queue, triaging false positives for fine-tuning and document true positive for policy review and recommendations.
- Monitored network traffic using Cisco Meraki to identify abnormal activity.
- Administered and maintained security policies in Microsoft Cloud App Security (MCAS) and Cisco Umbrella, configuring rules for data access, application usage, and threat prevention.
- Identified and responded to data leakage (DLP) incidents.
- Configured the Darktrace Connector REST API to push relevant security data to Microsoft Sentinel.
- Produced high-quality presentations and management reports, and metrics for technical and non-technical audiences.
- Utilised KQL queries to proactively search Sentinel data for threats, including identifying anomalous login attempts and potential malware activity.
- Automated security tasks and incident response workflows using Azure Logic Apps, streamlining operations, and improving efficiency.
- Developed custom dashboards and reports in Azure Sentinel to provide real time visibility into organisational security posture.
- Collaborated with Microsoft security engineers to troubleshoot complex security issues and implement mitigation strategies.
Cyber Security Analyst
Saunderson House/ Rathbones Group
02.2021 - 03.2022
- Identified and monitored users posing a risk to the organisation by analysing behaviour, access privileges, and user relationships.
- Performs open-source intelligence research on IOA and IOC for use as part of triage instance.
- Utilised ATT&CK tactics, techniques, and procedures (TTPs) to inform incident response plans, enabling rapid detection, containment, and eradication of cyber threats.
- Monitor SIEM and network devices for potential security incidents (malware, unauthorized access attempts, etc.).
- Analyse security alerts, prioritising incidents based on severity, potential impact, and established escalation procedures.
- Monitor and analyse platform results, identifying potential vulnerabilities and misconfigurations.
- Perform initial investigation of low-complexity incidents, following established procedures for containment and mitigation.
- Collaborate with clients to address identified vulnerabilities and improve security posture using Nessus Vulnerability Scanner
- Conducted initial assessment of potential false positives and false negatives.
- Monitored and resolved security issues in Sentinel.
- Established scheduled analytics rules and playbooks in Sentinel.
- Assigned administrative roles with Microsoft Entra PIM for privileged access.
- Handled second-level data leakage incidents, coordinating remediation.
- Managed phishing attack remediation using templates and simulations.
- Implemented CAP rules for BYOD and Legacy devices in Azure.
Cyber Security Analyst
Plan International UK
07.2019 - 02.2021
- Identified and monitored users posing a risk to the organisation by analysing behaviour, access privileges, and user relationships.
- Successfully contained and remediated security incidents, minimising business impact and data loss.
- Performs open-source intelligence research on IOA and IOC for use as part of triage instance.
- Utilised ATT&CK tactics, techniques, and procedures (TTPs) to inform incident response plans, enabling rapid detection, containment, and eradication of cyber threats.
- Monitor SIEM and network devices for potential security incidents (malware, unauthorized access attempts, etc.).
- Analyse security alerts, prioritizing incidents based on severity, potential impact, and established escalation procedures.
- Monitor and analyse platform results, identifying potential vulnerabilities and misconfigurations.
- Perform initial investigation of low-complexity incidents, following established procedures for containment and mitigation.
- Collaborate with clients to address identified vulnerabilities and improve security posture using Nessus Vulnerability Scanner
- Conducted initial assessment of potential false positives and false negatives.
- Monitored and resolved security issues in Azure Sentinel.
- Established scheduled analytics rules and playbooks in Sentinel.
- Assigned administrative roles with Microsoft Entra PIM for privileged access.
- Collaborated with stakeholders to address cyber security concerns, providing valuable recommendations for future improvements.
- Generated comprehensive reports catering to both technical and non-technical stakeholders, facilitating informed decision-making.
- Configured multi-factor authentication (MFA) and conditional access policies to strengthen user authentication and access control.
- Monitored and audited user activity to identify suspicious behaviour and potential security risks.
- Collaborated with security teams to investigate and respond to potential insider threats.
- Proactively monitored and responded to "phishing" emails and "pharming" activities, minimising potential threats.
- Assisted in creating, maintaining, and delivering cyber security awareness training for colleagues, promoting a culture of security consciousness.
- Provided expert advice and guidance to staff on issues including spam, unwanted emails, and potential security risks.
Education
MSc - Project Management
Anglia Ruskin University
09.2022
Skills
- SIEM Expertise (Azure Sentinel, Splunk)
- Incident Response & Escalation Management
- Threat Hunting & Intelligence Analysis
- Vulnerability Management & Remediation
- KQL & SPL Language
- Excellent Communication & Collaboration Skills
- Cloud security implementation
- Identity and Access management
- Threat intelligence analysis
- Data loss prevention strategies
Certification
- SANS Foundation GFACT, SANS
- Tenable Certified MSSP Practitioner, Tenable
- Azure 500, SC 200, Microsoft
Timeline
DATA SECURITY ANALYST “SC Cleared”
Cabinet Office
09.2024 - Current
CYBER SECURITY ENGINEER
Cantium Business Solutions
03.2023 - 09.2024
SOC Analyst
Charles Taylor PLC
03.2022 - 03.2023
Cyber Security Analyst
Saunderson House/ Rathbones Group
02.2021 - 03.2022
Cyber Security Analyst
Plan International UK
07.2019 - 02.2021
MSc - Project Management
Anglia Ruskin University
Similar Profiles
Krish MakaniKrish Makani
No10 Executive to Director of Policy Unit at Cabinet OfficeNo10 Executive to Director of Policy Unit at Cabinet Office
Keely EdwardsKeely Edwards
Business Operations Manager at Cabinet OfficeBusiness Operations Manager at Cabinet Office
Les CleggLes Clegg
Learning and Development Manager at Cabinet OfficeLearning and Development Manager at Cabinet Office
Ashlee HeacockAshlee Heacock
Dental Front Office Coordinator at Meridian Valley Dental CenterDental Front Office Coordinator at Meridian Valley Dental Center
Kaitlynn HannaKaitlynn Hanna
Crew Member at Taco Time NWCrew Member at Taco Time NW