Ian Marrero


A dynamic position that will capitalize on my multicultural background and technical expertise to provide a foundation for a highly successful and impactful career in Information Security.


Technically-knowledgeable and accomplished cyber security professional with experience in cyber engineering, incident response, and threat hunting gained through my responsibilities as cyber engineer, cyber security analyst, system administrator, and military background. My experience will demonstrate that I am an analytical organizer/problem solver who combines both big-picture awareness with a detail-oriented approach that is focused on information security, national security, and business operations. I am a persuasive, articulate, and perceptive communicator, who maintains messaging that is aligned with business objectives.


Principal Cyber Engineer, Forcepoint
February 2020 – Present

Provided engineering, implementation, configuration, and integration of cyber security products and solutions running Linux and Windows on virtual and physical hardware environment.

Deployed, maintained and troubleshooted Windows, Linux and Mac agent/monitoring software.

Assisted customer with Assessment and Authorization(A&A) activities for cybersecurity systems following NIST SP 800.37, 800.53, 800.137 guidelines, and DOD Risk Management Framework (RMF).

Developed threat detection policies, audits, reports, dashboards, and custom PowerShell & BASH shell scripts for specialized cybersecurity systems.

Identified potential conflicts with implementation of any cybersecurity tools within the enterprise and develops recommendations to remediate these conflicts.

Performed maintenance and troubleshooting on Kubernetes container orchestration and Oracle databases.

Prepare and maintain technical documentation to include Visio drawings, network topology layout, customer requirements, and Standard Operating Procedures.

SYSTEM ARCHITECT (Cyber Security Analyst), U.S. Army Cyber Command
September 2018 – February 2020

Performed the duties of team’s lead host cyber analyst.

Monitor and analyze aggregated event logs from host and network devices using Splunk to identify compromised devices, insider threat, network anomalies, host and network intrusions using Bro/Zeek, snort and other tools.

Configured and deployed host and networked-based intrusion detection systems and intrusion prevention systems (IDS/IPS) at client’s site for data collection.

Conducted incident response and cyber threat analysis for collection of cyber threat intelligence of advanced persistent threats (APT) used to provide threat attribution that could be used for offensive cyber operations (OCO).

Collected and analyzed forensic data to identify potentially compromised systems using SIFT Workstation, Volatility, Rekall, Forensic Tool Kit (FTK), and other tools.

Conducted cyber threat emulation using Kali and Cobalt Strike to create threat modeling analytics and train junior team members on threat hunting using Security Information and Event Management (SIEM) platforms.

Performed static and dynamic reverse engineering on potential malware samples using IDA, sandboxing, and other tools.

Created security assessment reports (SAR) based on the findings from defense cyber operations, vulnerability and compliance assessment scans using Tenable’s Security Center and Nessus (ACAS) to provide clients awareness of their current security posture.

Developed and maintained a cyber range composed of Linux hosts configured with Syslog and Windows hosts configured with Sysmon, in an integrated Active Directory environment used for fine tune threat modeling analytics and train junior team members on the threat identification and analysis process.

Configured switches, firewalls, and virtual private network (VPN) appliances to integrate our tools into the client’s network, and allow for split-based remote operations.



Master Certificate in Cybersecurity Management and Policies, 2019.

Master of Science in Cybersecurity, 2019.

z Bachelor of Science in Computer and Information Science, 2015.


Awards: Department of Commerce Bronze Medal 2017

Certifications: CISSP, GCIH, Security+, Network+, A+

Skills: ACAS, AWS, Bro/Zeek, Cisco Switches, Cyber Threat Emulation, Digital Forensics, Docker, DNS, Endgame, Endpoint Detection and Response (EDR), Firewalls, Incident Response, IDS, Insider Threat, IPS, Kali, Kubernetes, Red Hat Enterprise Linux, Malware Analysis, Microsoft Windows, Nessus, PowerShell, Red Seal , Shell Scripting, Security Onion, Snort, Splunk, TCP/IP, VLAN

Languages: Fluent English, Fluent Spanish (both written and spoken)

Security Clearance: Top Secret / Sensitive Compartmented Information (TS/SCI) with Counter-Intelligence (CI) Polygraph

-references furnished upon request-