SUMMARY

• I am a Security Operations Center Analyst with an in - depth working experience on network, endpoint security, threat intelligence, forensics, as well as the functioning of specific applications and underlying IT infrastructure.
• I have identified and stopped intrusions by analyzing IOCS from phishing email headers and by analyzing attachment or links in these emails.
• I respond to events and act as a first responder to account/system attacks and compromises by determining threat vectors and providing initial remediation.
• I use a vast number of SIEM tools to monitor and analyze events or incidents and work with stakeholders to resolve these incidents and escalate incidents when necessary following policies and procedures.
• I do respond and investigate data loss prevention alerts, hunt and blacklist IOCs.
• Experience and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IDS technologies, proxy technologies, and antivirus, spam and spyware solutions.
• Experience converting intelligence into actionable mitigation and technical control recommendations.
• Strong time management and multitasking skills as well as attention to detail.
• Strong collaborative skills and proven ability to work in a diverse team of security professionals.
• A passion for research, and uncovering the unknown about internet threats and threat actors
• Ensure the SOC analyst team is providing excellent customer service and support.
• Excellent oral and written communications skills.

TECHNICAL SKILLS

Security Technologies: FireEye, IronPort, Sourcefire, McAfee Web Gateway, Splunk, Splunk Express, McAfee DLP, Nessus Security Center, Nmap, Wireshark, IDS/IPS; Log Management, Anti-Virus Tools; (Norton, Symantec).

Operating Systems: Unix-Based Systems (Solaris, Linux); Windows.

Networking: LANs, VPNs, Routers, Firewalls, TCP/IP

Software: MS Office (Word, Excel, Outlook, Access, PowerPoint)

Ticket Systems: Archer, ServiceNow, Remedy & JIRA

Open Source Site Check tools: URLVOID.COM, VirusTotal.com, zscaller.com etc.

PROFESSIONAL EXPERIENCE

Confidential

Security Operation Center (SOC) Analyst

Responsibilities:

• Continuously improve processes for use across multiple detection sets for more efficient Security Operations.
• Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed.
• Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.
• Provide forensic analysis of network packet captures, DNS, proxy, malware, host-based security and application logs, as well as logs from various types of security sensors.
• Use Splunk Enterprise Security (ES) to monitor and analyze network traffic, Intrusion Detection Systems (IDS) and security events logs.
• Use Cisco Sourcefire to monitor network traffic to ensure that malicious network traffic is dropped.
• Perform incident response to investigate and resolve potential security intrusions
• Lead and review root cause analysis efforts following incident recovery plans.
• Compose security alert notifications and other communications.
• Use McAfee DLP Manager to protect intellectual property and ensure compliance by safeguarding sensitive data such as PII and BII.
• Process Daily Threat Intel and blocking malicious MD5 hashes, IPs and Domains following standard operating procedure.
• Process Web Site Review Requests using McAfee Web Gateway GUI to grant temporal Web Access to users within the Company to websites that are being blocked for security.
• Block malicious domains, Hashes of Files and IPs following company's Standard Operating Procedures.
• Use Splunk to search and analyze email logs to confirm malicious emails were not delivered or is quarantined and malicious attachment is dropped.
• Stay up to date with current vulnerabilities, attacks, and countermeasures.
• Develop follow-up action plans to resolve reportable issues, and communicate with other Analysts to address security threats and incidents.
• Review and process accidental disclosure requests following standard operating procedures.
• Regularly develop new use cases for automation and tuning of security tools.
• Analyze, investigate and process Malicious/Phishing Email alerts from IronPort and FireEye following standard operation procedure.
• Contribute to security strategy and security posture by identifying security gaps, evaluate and implement enhancements.
• Prioritize and differentiate between potential intrusion attempts and false alarms.
• Assist with the development of processes and procedures to improve incident response times, analysis of incident, and overall SOC functions.
• Provide Incident Response (IR) support when analysis confirms actionable incident.
• Strong working knowledge of network security monitoring and incident response, as well as superior written and technical communications skills.

Confidential

Database security DBA

Responsibilities:

• Provided physical and logical database support as needed for all the Applications specified by Client.
• Performed Database Audits to identify and evaluate design considerations, propose design best practices, perform database code reviews and propose performance changes.
• Led database issues until resolution. Serve as a liaison between the applicable third-party vendor technical support team and Client if a problem case is submitted to the third-party vendor.
• Coordinated with Application teams or other teams to resolve database issues even though the issues are not directly related to the databases.
• Performed database housekeeping designed to ensure that the databases are functioning optimally and securely.
• Maintained compliance with Client Standards and Client Rules, including those related to the databases (e.g. access management, direct grant, db links, etc.).
• Performed performance tuning and/or stress testing in the non-production environment for application releases as necessary to ensure database infrastructure is configured optimally.
• Provided after business hours and weekend support in Client's production and contingency environments in accordance with the applicable Application release schedules. In addition, provide on-demand support for the lower environments as requested by Client.
• Maintained the databases to meet performance standards, maximize efficiency, and minimize outages.
• Monitored database usage, transaction volumes, response times, and concurrency levels, and measure and report its performance against the applicable Service Levels.
• Generated reports based on the data in the databases and reports related to the performance and integrity of the databases.
• Developed/maintained/enhanced database monitoring scripts designed to ensure the stability, security, and performance of the database queries.
• Identified, reported and managed data security issues. Provided audit trails and forensics to Client or its designee when necessary.
• Developed and documented all database processes, structures, changes, issues and solutions for future reference.
• Supported Database, Systems and Application audit to meet SCA and STIG compliance requirements.

Confidential

Database Administrator ( DBA)

Environment: RHEL 5.X, 6.X; HPUX, AIX, Windows X; Oracle 10g, 11g, OEM 11g/12c, RAC, DATAGUARD, Goldengate etc. More than 50 servers with more than 400databases)

Responsibilities:

• Automated hourly, daily, weekly system health reporting using Crontab, and Oem cloud control
• Performed Hot Backups, Cold Backups, as well as incremental backups using Recovery Manager(RMAN)
• .Managed recovery catalog related tasks: synching targets, configuring rman backup configurations;.
• Over saw DR testing operations (as a backup strategy) on numerous Data Guards, physical/logical
• Standby configurations. Resolved archivelog gaps and other related problems. Affected switchover manually and using DMGDGR
• Used Data Pump for export and import to support deployment efforts and projects.
• Reviewed and modified generic backup scripts for Backup of databases, maintenance archive logs for databases
• Database Refreshing / Replication from production to testing using Expdkp/Impdp.
• Resolved alerts in a timely manner as required by our SLA
• Extensively performed performance tuning of the database instances - SQL Tuning, Used Tuning utilities like EXPLAIN PLAN, AWR, ADDM, Sql Tuning tools and Tuning of SGA, distribution of disk I/O
• Used cloud Control extensively. Configuring and troubleshooting of agent related issues, set up Rules for alert notification and schedule RMAN backups with Failure notification
• Installation of the Oracle software using both GUI and silent feature and also manual database creation
• Patch numerous rac environments, applied the latest PSUand upgraded as required
• Supported & maintained the Production/Test/Development databases on various servers
• Extensive troubleshooting and resolution of Databases backup related issues; space consumption and deletion policy implementation
• Monitored different databases and application servers using Oracle Enterprise Manager (OEM) 12cGrid Control.
• Upgrade and pushed out the cloud control agents to the various targets
• Performed Schema refreshes as well as whole database refresh
• Managing and creating User accounts, profiles, roles etc
• Provided support to my team. Handling of team escalation and On-calls
• Performed team mentoring and administrative duties, daily, weekly and monthly reporting
• Troubleshoot performance issues using AWR, and ADDM reports