Joshua Stephen
Windsor Mill
Summary
Cybersecurity Engineer with over four years enhancing enterprise security across identity, endpoint, cloud, and network infrastructures. Improved incident response times by 20% and reduced false positives by 25%, driving operational efficiency. Hands-on expertise in SIEM/XDR platforms and IAM, with a focus on secure architecture and compliance.
Overview
5
5
years of professional experience
Work History
Systems Security Admin
Annapolis Police Department
Annapolis
01.2025 - Current
- Administer enterprise security solutions across Active Directory, Entra ID, Microsoft 365, and Intune, enforcing least privilege, RBAC, and Conditional Access for 240+ users and 600+ endpoints in a CJIS-regulated environment.
- Manage privileged access (PAM) using Entra PIM, including role elevation, access reviews, and secure administration of service and break-glass accounts; process 10+ weekly access/account requests.
- Support deployment and ongoing maintenance of endpoint security and device management solutions, including patching, compliance enforcement, imaging, workstation, and asset inventory.
- Provide hands-on support for network security (SonicWall VPN, firewall logs, ACLs) and cloud infrastructure (AWS IAM, GovCloud, EC2, Workspaces).
- Resolve 100+ monthly security and IT service requests with 95% SLA adherence, including identity access issues, endpoint protection, and network connectivity.
- Participate in security and architecture reviews, evaluating risk, documenting mitigation plans, and supporting changes aligned with NIST and CJIS frameworks.
- Contribute to automation improvements in AWS Workspaces, saving 10–15 hours per update cycle and improving operational efficiency.
SOC Analyst, Contract
Bantech Cyber
Glen Burnie
06.2024 - 01.2025
- Monitored multi-client environments using Microsoft Sentinel and Splunk; triaged alerts, reviewed logs with KQL/SPL, validated SIEM/EDR exceptions or exclusions, and escalated verified incidents through runbook procedures.
- Investigated 50+ monthly incidents using MITRE ATT&CK/TTP mapping, improving response time 20% and strengthening detection context for Tier 2/3 escalation.
- Tuned detection rules and alert correlation logic to reduce false positives by 25%, improving SOC efficiency and signal quality across monitored client environments.
- Supported endpoint protection and remediation with SentinelOne XDR and NinjaOne RMM; reviewed firewall logs, checked policies, and made limited hands-on SentinelOne Firewall Control changes.
IT Support Specialist, FLVS Contract
TITAN Technologies
Remote
01.2024 - 01.2025
- Supported 10,000+ remote users through ServiceNow, AWS Connect, phone/email, and remote tools; resolved identity/access, Windows endpoint, email, application, and connectivity incidents within SLA.
- Executed account lifecycle and access-control workflows, including password resets, MFA/SSO troubleshooting, onboarding/offboarding, group permissions, application access, and secure deprovisioning.
IT Support Specialist
Standard Integrated Supports
Baltimore
01.2021 - 01.2024
- Delivered endpoint, remote, and access support across Windows/macOS, Microsoft 365, AD, Zendesk, Jira, NinjaOne, SentinelOne, DNS/DHCP/TCP/IP, VPN, Wi-Fi, RDP, patching, imaging, backups, and secure access administration; reduced downtime incidents by 20%.
Education
B.S. - Cybersecurity & Information Assurance
Western Governors University
04-2026
Skills
- Microsoft Sentinel
- Splunk
- SentinelOne XDR
- Firewall Management
- SIEM triage
- Incident response support
- Log analysis
- Detection tuning
- Exceptions/exclusions
- MITRE ATT&CK
- KQL
- SPL
- Active Directory
- Azure AD
- Entra PIM
- Intune
- MDM
- MFA
- Duo
- Conditional Access
- RBAC
- GPO
- Least privilege
- Privileged groups
- Account auditing
- Patching
- Compliance Monitoring
- System Imaging
- Application Deployment
- Asset Management
- Vulnerability Assessment
- Open Source Security
- Risk Assessment
- AWS IAM
- Cloud Security
- Virtual Desktop
- EC2
- Windows Server
- Windows 10
- Windows Administration
- MacOS
- Linux
- TCP/IP
- DNS
- DHCP
- VPN Configuration
- Firewall logs
- Policy Enforcement
- Access Control
- RDP
- Incident Management
- Support Ticketing
- Jira
- PowerShell
- Python
- NIST compliance
- Data protection
Education Certifications
Western Governors University, B.S., Cybersecurity & Information Assurance, 04/01/26, CompTIA Security+, Network+, A+, CySA+, PenTest+, (ISC)2 SSCP, CCSP, ITIL v4 Foundation, Project+, CJIS, NCIC
Websites
Security Projects
Built SOC/network security labs with SIEM logging, KQL/SPL detection rules, Nmap/Wireshark analysis, Nessus/OpenVAS scans across a few assets/IPs, CVSS prioritization, remediation tracking, fix validation, and documented mitigations including firewall rules, ACLs, HTTPS/SFTP, WPA3, VPN, and MDM controls.
Technical Skills
Microsoft Sentinel, Splunk, SentinelOne XDR, SentinelOne Firewall Control, SIEM/EDR triage, incident response support, log analysis, detection tuning, exceptions/exclusions, MITRE ATT&CK, KQL/SPL, Active Directory, Entra ID/Azure AD, Entra PIM, Microsoft 365 Admin Center, Intune/MDM, MFA/Duo, Conditional Access, RBAC, GPO, least privilege, privileged groups, account audits, Manage Engine Endpoint Central, NinjaOne, patching, device compliance, imaging, software deployment, asset inventory, Nessus/OpenVAS labs, CVSS prioritization, AWS IAM, AWS GovCloud, WorkSpaces, EC2, Windows Server, Windows 10/11, macOS, Linux, TCP/IP, DNS, DHCP, SonicWall VPN, firewall logs/policy checks, ACLs, RDP, ServiceNow, Zendesk, Jira, PowerShell, Python, CJIS, NIST CSF/800-53/800-171
Timeline
Systems Security Admin
Annapolis Police Department
01.2025 - Current
SOC Analyst, Contract
Bantech Cyber
06.2024 - 01.2025
IT Support Specialist, FLVS Contract
TITAN Technologies
01.2024 - 01.2025
IT Support Specialist
Standard Integrated Supports
01.2021 - 01.2024
B.S. - Cybersecurity & Information Assurance
Western Governors University