SUMMARY:

• Nearly 7 Years of Overall Experience as a Software professional in information Technology, with 5 + years of extensive experience in Security information and Event management (SIEM) tools like, ArcSight, RSA Envision and also on QRadar.
• Experience working in Banking and Financial, Energy, HealthCare Product and Engineering domain.
• Experience in Developing and testing of Content (Correlation rules, Reports, Dashboards and Asset modelling) and integration and testing of multiple feeds like databases, Applications and network and Security devices logs to SIEM tools for threat detection.
• Develop and test, flex connectors for unsupported devices by Arcsight.
• Develop and test UDS Parsers in XML for unsupported devices and Business applications by the RSA Envision tool.
• Excellent communication and presentation skills & ability to work independently or as a part of a team.

TECHNICAL SKILLS:

Programming Language: C, C++, Java

Operating Systems: MS - DOS, Windows, Linux

Scripting Languages: Shell, SQL

Security Monitoring Tools: HP ArcSight, RSA Envision, Splunk, IBM Qradar and Tripwire

Other: LDAP, Networking Knowledge, Cryptography knowledge, TCP/IP, SNMP

DBMS: Oracle, Microsoft SQL Server, MS Access, MySQL

Other tools and Technologies: Apache, Crystal Reports, Remedy, HP Service Manager

Tools: Used: Tufin,IPAM-Inflobox

Office tools: Excel programing,CSV.

PROFESSIONAL EXPERIENCE:

Confidential

SIEM Engineer,Security Consultant

Environment: Arcsight SIEM, Windows.

Responsibilities:

• Installation of Connectors and Integration and testing of multi-platform devices with Arcsight ESM, Develop and test Flex Connectors for unsupported devices and Business applications
• Integration of IDS/IPS to Arcsight and analyse the logs to filter out False positives and add False negatives in to IDS/IPS rule set.
• Configuring and testing of log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases and applications.
• Creating alerts and reports as per business requirements and Threat modelling with specific security control requirements.
• Develop and test Arcsight asset modelling, it is used to populate asset properties in Correlation rules and reports.
• Monitoring and identify any suspicious security events using the Arcsight ESM console and raise a ticket in the soc portal.
• Investigate and identify events, qualify potential security breaches, raise security incident alerts and perform technical & management escalation.
• Recommended security strategies based on real time threats.
• Managing Assets in the Organization using tools like IPAM.
• Reconciling all the networks in the organization and making a master list of networks.

Confidential, CA

Security Consultant

Environment: Arcsight SIEM, Windows, Linux.

• Configuring log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases and apps.
• Categorize the messages generated by security and networking devices into the multi-dimensional Arcsight normalization schema.
• Installation of Connectors and Integration of multi-platform devices with Arcsight ESM, Develop Flex Connectors for the Arcsight Unsupported devices / Custom Apps
• Develop content for Arcsight like correlation rules, dashboards, reports and filters, Active lists and Session list.
• Creating alerts and reports as per business requirements and Threat modelling with specific security control requirements.
• Arcsight asset modelling implementation, it is used to populate asset properties in Correlation rules and reports.
• Collection of Evergreen data for 60+ applications from the business and they used in correlation Rules for monitoring and alerting and reporting.
• We on-boarded 15000+ devices (Windows, Linux, IIS, DNS, DHCP, NPS, Main frame, firewall, VPN, bluecoat proxies) to Arcsight ESM for monitoring.
• Integration of IDS/IPS to Arcsight and analyse the logs to filter out False positives and add True Positives in to IDS/IPS rule set.
• Troubleshooting the issues which are related to Arcsight ESM, logger, DB and Conapps performances.

Confidential,CA

Security Consultant

Environment: QRadar SIEM, Splunk, Windows and Red hat Linux.

• Worked in this project as Security Consultant.
• Maintain Qradar components like Console, Event Processors, Flow processors, Event Collectors, Flow collectors to Environment for Log collection and monitoring.
• Integrate the devices like Juniper Network Secure Access, Aruba Mobility Controllers, Bluecoat, Fire Eye, ISS site protector, Checkpoint, Palo Alto, Source fire, VMware Vcenter, Symantec End point, AD servers with QRadar SIEM.
• Integrate Qualys guard scanner to Qradar to populate vulnerability information to associate internal assets.
• Recommended and configure Correlation rules and reports and dashboards in QRadar Environment.
• Configure Network Hierarchy and Back up Rention configuration in QRadar SIEM.
• Extract customized Property value using the Regex for devices which are not properly parsed by QRadar DSM.
• Monitoring of day to day system health check-up, event and flow data backup, system configuration backup.
• Analysis of Offenses created based on different device types of logs via Correlation rules.
• Integrate different feeds to Splunk Environment.
• Enhancement and fine tuning of Correlation rules on Qradar based on daily monitoring of logs.
• Integration of different devices data to Splunk Environment and also created dashboards and reports in Splunk.
• Recommended and Configure Daily and weekly and monthly reports in Qradar and Splunk based on Compliance requirements.

Confidential,Sacramento,CA

Security Consultant

Environment: ArcSight SIEM, Windows, Linux.

• Installation of Connectors and Integration and testing of multi-platform devices with Arcsight ESM, Develop and test Flex Connectors for unsupported devices and Business applications
• Integration of IDS/IPS to Arcsight and analyse the logs to filter out False positives and add False negatives in to IDS/IPS rule set.
• Configuring and testing of log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases and applications.
• Categorize and test the messages generated by security and networking devices into the multi-dimensional Arcsight normalization schema.
• Develop and testing of content for Arcsight like correlation rules, dashboards, reports and filters, Active lists and Session list.
• Develop and test Arcsight asset modelling, it is used to populate asset properties in Correlation rules and reports.
• Debugging the issues which are related to Arcsight performance, reporting, collection of logs from various devices.
• We on-boarded 9000+ devices to Arcsight ESM for Threat detection.
• Created installation and configuration documents for each specific device Connectors.
• Monitoring and identify any suspicious security events using the Arcsight ESM console and raise a ticket in the soc portal
• Investigate and identify events, qualify potential security breaches, raise security incident alerts and perform technical & management escalation.
• Identification of the false positive/ True positive events and take action accordingly as per KOPs.
• We use to receive Spam email from the DB users and we use to co-ordinate with messaging team to block mail ids.
• We use to receive the Virus alert for outbound and inbound and use to co-ordinate with Antivirus team.
• Recommended security strategies based on real time threats.

Confidential,CA

Security Consultant

Environment: Arcsight, SPLUNK.

• Installation of Connectors and Integration of multi-platform devices with Arcsight.
• Configuring log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases and apps.
• Integration of IDS/IPS to Arcsight and analyse the logs to filter out False positives and add False negatives in to IDS/IPS rule set.
• Categorize the messages generated by security and networking devices into the multi-dimensional Splunk normalization schema.
• Creating alerts and reports as per business requirements and Threat modelling with specific security control requirements.
• Develop content for Arcsight like correlation rules, dashboards, reports and filters, Active lists and Session list.
• Created Arcsight asset modelling, it is used to populate asset properties in Correlation rules and reports.
• Troubleshooting the issues which are related to Splunk, logger, Oracle and Conapps performances.
• Develop Flex Connectors for the Arcsight un supported devices and Business apps.
• On-boarded 6000+ devices to Splunk for monitoring.
• Integration of different devices data to Splunk Environment and also created dashboards and reports in Splunk.
• Created installation and configuration documents for each specific device Connectors.
• Recommended security strategies based on real time threats.

Confidential

Security analyst

Environment: RSA Envision, Windows

• Integration and testing of multi-platform devices with RSA Envision.
• Configuring and testing of log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases and applications through the collectors (LC,RC).
• Categorize and test the messages generated by security and networking devices into the multi-dimensional RSA Envision schema.
• Integration of IDS/IPS to RSA Envision and analyse the logs to filter out False positives and add False negatives in to IDS/IPS rule set.
• Develop and testing of content for RSA Envision like correlation rules, dashboards, reports and filters, list.
• Debugging the issues which are related to RSA Envision performance, reporting, collection of logs from various devices.
• Develop and test UDS Connectors via XML for the RSA Envision un supported devices and Business applications.
• We on-boarded 2000+ devices to RSA Envision for Threat detection.
• Attending weekly client meetings in that need to discuss about on boarding and content testing results status.
• Created installation and configuration and test case scenarios documents for each specific device Connectors.
• Recommended security strategies based on real time threats.

Confidential

SAP Security Consultant.

Environment: SAP ECC

• Transport between Development, Quality /Test and Production systems of R/3 using STMS.
• Role modifications, creations, according to the business needs with proper documentation.
• Accessed User info system (New user, Roles, Authorizations, User, T-Codes etc.) through SUIM regularly.
• Involved creating mass users, deleting mass users, locking and unlocking mass users.
• Troubleshoot R/3 security problem by using different scenario such as system trace.
• Responsible for day to day technical support and resolution of security issues.
• Resolve user’s daily problems (lock, unlock, and reinitialize passwords, no access to a transaction).
• Assist users with access problems and questions using SUIM and SU53.
• Monitoring the online background jobs and resolved the issues if any background job failed.
• Working on Remedy, CQ and work request for role modifications.
• Involved in external and internal Auditing for my project.
• Involved in system up gradation, cutover activities.
• Generate the reports based on business request.
• SOD annual review and User access quarterly review.
• Generate and share monthly monitoring reports.
• Locking and unlocking activities.
• Provide the FF access and generate the logs.
• DR testing activities for application data backup.