SUMMARY:

• IT professional with strong experience in Information Security solutions.
• Sound experience in administrating, monitoring and troubleshooting log management tools like Arcsight and Tripwire.
• Proficient experience with Identity and Access Management technologies practices and procedures.
• Proficient experience in Risk, Threat and technical vulnerability scans of network infrastructure.
• Well versed in implementing Tripwire monitoring and scans on servers and devices.
• Monitored and reported data metrics on several infrastructure monitoring tools including F5 Big Data, Netwitness, Checkpoint, SourceFire, Guardium, Vormetric, envision, ePo, and Tripwire and Splunk.

TECHNICAL SKILLS:

• Vulnerability Scanning
• ArcSight 6.5
• VMware
• Vulnerability Management Specialist
• Rapid 7 Nexpose
• Deep Security Deep Packet Inspection
• Tripwire File Change Management 8.0
• Threat Analyst
• Penetration Testing
• Virus Scanning
• HTML Programming
• Wireshark
• Cisco Router/Switch Configurations
• Windows Server 2003/2008
• Directory Services
• Firewalls Rules Management
• User Access Management
• Network Troubleshooter
• JavaScript
• Active Directory
• Sourcefire
• Symantec DLP

PROFESSIONAL EXPERIENCE:

Confidential

Information Security Risk Analyst/Vulnerability Management

Responsibilities:

• Reviewed Security Risk information in Archer eGRC Database.
• Reviewed Remediation Plan and Mitigating Controls
• Search on QIDs and IPs in Qualys and research assets not found in Qualys Remediation.
• Review Remediation Tickets in Qualys for False Positives, request evidence as needed.
• Batch close tickets in Qualys with approved remediation plan in place.
• Reassigns tickets to Requestor if more information is needed due to incomplete request.
• Close tickets in Qualys and approved risk exceptions for certain time periods in Archer.
• Met and discussed with host and application owners details of machine remediation.
• Determine if the remediation plan required Patching or an upgrade, granting an exception.
• Met with requestors to insure remediation plans are solidly on track.
• Troubleshoot and Analyze Qualys scan reports for scan host IPs and hosts not scanned.

Information Security Risk Analyst

Responsibilities:

• Research Risk findings in Archer Database
• Working with New, Current and Old Risk findings making Assessments, determine if Acceptances needed.
• Reviewed scans reports on vulnerabilities to determine cause of vulnerability
• Query Archer database for key specific information
• Drove risk findings to closure with evidence of remediation.
• Performed and categorized data in using root cause analysis into Protocols(S/FTP, HTTP/HTTPS, and SSL 1.0/2.0), Encryptions and Authorizations and Authentications, Servers, Scan exceptions, sensitive PAN data, data masking, PCI/PII data at rest/motion, Firewall and Proxy issues, and logging and monitoring efforts.
• Searched for Application ID in database for details, Application Owners, Security and Infrastructure Development and Patching

Security Center OPS Analyst

Responsibilities:

• Monitoring Client Networks for anomalies and breach attempts.
• Responded to incidents of possible security breach. Follow up and provide resolution ideas.
• Worked with business leaders and stakeholders to stop possible attacks.
• Review procedures to distinguish between known users and potentially unknown users identity.
• Attending Dell Secureworks Security Analyst University
• Analyzed raw data logs for potential port, vulnerability scans, cross site scripting and sequel injection
• Intermediate working knowledge of Remedy Ticket System.
• Investigated incidents of probing, attacks, breaches of security, scans, and penetration attacks based on priority and of importance to the client.
• Received Queue, New, and Reassigned Tickets to perform triage and ticket validation including remediation.
• Provides in depth information to other teams for possible remediation and/or resolution.
• Speaking directly with client representative on resolving tickets on escalated issues of host and server infections, outbreaks trojans, viruses, worms, malware and adware.
• Escalated tickets within established SLA time frames.
• Recognized known and unknown scans based on client network data and escalation policies.
• Created and implemented firewall rules, SIEM rules to block resolve suspicious traffic on Juniper, Palo Alto, Checkpoint, and Cisco ASA 5500 firewalls.
• Security+, Network+, Linux+, SQL database queries training.
• Created and implemented SIEM rules to block potentially bad traffic and tune out client specific regular traffic.

Security Analyst

Responsibilities:

• Monitored and reported data metrics on several infrastructure monitoring tools including F5 Big Data, Netwitness, Checkpoint, SourceFire, Guardium, Vormetric, envision, ePo, and Tripwire and Splunk.
• Recorded data metrics on from F5, Guardium S - Taps, Sourcefire engines.
• Recorded data from HP Gary Active Defense.
• Recorded data on the health and welfare of each system.

Security Analyst

Responsibilities:

• Monitored and annotated events in ArcSight through an active channel
• Provided immediate response to possible attacks.
• Responding to various incidents of possible breach and attacks.
• Worked with engineers and business owners to resolve incidents.
• Investigated many incidents of outside penetration testing and malware attacks as well as possible security breaches.
• Created active channels on events and alerts for investigation.
• Created ArcSight cases on USE cases to be escalated to proper business units
• Collaborated and provided other business units with information on alerts and events
• Searched and investigated events using IP, hostname, URL, Source, Destination IP and ports
• Created cases, Bridge calls for high priority events with potential to harm network
• Created database of Blacklisted IPs and Domains in ArcSight
• Created lists of assets to check for availability
• Received updated information on various suspicious events identified as possible Trojans, worms, and viruses
• Worked with Remedy Ticketing Systems create/update change request for black/white lists of suspicious IPs, Hosts, and URLs
• Used Networking Tools such as URL Query, IPVoid, IP and URL Scanners for investigation
• Analyzed events with high priority for Confidential and company business data leakage.
• Created Remedy tickets for medium and high priority changes to Security Monitoring Tools such as ArcSight
• Determined if internal sources are sending data out of network and finding the destination of a possible sensitive data leakage.
• Escalated and created facets cases on high priority events and sent to forensics team for investigation and resolution.

Tripwire Analyst/Administrator

Responsibilities:

• Search assets in multiple database listings
• Policy tagged over 2400 servers, network devices
• Ensured 100% Tripwire availability on the servers, routers, switches, and firewalls
• Provided support for enterprise installation groups, upgrades, validating configurations and resolved installation related issues
• Implemented Tripwire monitoring and scans available on over 2400 servers and devices and reporting to the appropriate device monitors
• Accessed network through Global VPN
• Provided Tripwire status reports at daily, weekly, monthly management meetings

Monitoring Analyst

Responsibilities:

• Monitored and troubleshoot offline agents using ArcSight
• Monitored for possible incidents of breach and attacks, follow through and follow up to resolution.
• Monitored ArcSight USE Cases to automatically create cases and analyze data
• Investigated many incidents of malware attacks on client systems and follow up to resolution.
• Checked Arc Sight for external scans and suspicious users
• Created incident response investigation and follow through.
• Analyzed ArcSight logs for suspicious payloads and prepare report on findings
• Recognized and identified potential threats to the network
• Investigated potential security risks and breaches
• Downloaded Arc Sight Loggers logs in Excel for analysis of destination and source address, URLs, ports, and custom strings
• Met strict company compliance guidelines under CMM, ITIL, Six Sigma, PCI, Sarbox, GBLA, and HIPPA
• Monitored ArcSight connectors, agents, and other performance databases
• Identify users with privileged and root users.
• Analyzed and monitored database entry and movement of data using database queries.
• Checked databases for top authentication of login failures and analyzed their trends
• Monitored Arcsight dashboard for web application, scanning and probing, and malicious IP attacks
• Monitored ArcSight for Imperva, Sourcefire, Deep Security malicious events
• Monitored ArcSight active lists for malicious users and databases created
• Created Active Channels on events that appear suspicious and added events to cases
• Created cases in ArcSight for suspicious activity which are escalated to the L2 Analyst for further analysis
• Security Tools Experience:
• Tripwire Monitoring
• Found discovered offline nodes in Tripwire, validate, check status and generate report
• Performed base lining operations on discovered nodes
• Created cases on unvalidated changes
• Source fire Defense Center Monitoring Experience
• Checked Dashboard for disk usage, CPU system load, and memory usage
• Checked Virus and worm outbreaks, DNS attacks, brute force attempts, and DDS attacks
• Performed Packet Analysis suspicious events
• Researched true client IP address found in packet analysis
• Symantec CSP Monitoring Experience
• Monitored for infrastructure nodes offline
• Attempted refresh of nodes offline, created a case to have nodes restarted.
• Provided installation support for Symantec monitoring and virus scanning of nodes.
• Monitored 2000+ nodes, servers, and other network devices.
• Updated and Updated Agent software, signatures and provided rule recommendations and changes.
• Threat Vulnerability Management Experience:
• Performed Threat Vulnerability Management scans through Qualys Guard and Nexpose, as well as App Scan
• Configured QID, Ports For each scan.
• Performed port, host, UDP/TCP/IP scans individually for remediation
• Performed multiple server scans to determine if vulnerabilities are fixed or active
• Rescanned servers to determine if hosts are alive or if new vulnerabilities appear
• Provided reports to engineering teams on recommendations to fix vulnerable hosts
• Monitored email for vulnerability reports
• Verified and Maintained resolved vulnerabilities with a rescan, and closed Remedy tickets and other documents