SUMMARY:

• Incident Management | Secure Configuration on Management | Cyber Security Management Strategic Planning and Implementation | Regulatory Compliance | Threat and Vulnerability Management | Risk Management |Security Architecture| Project Management | Design Process Improvement | Change Management | Software Development Life Cycle Management Deployments and Migrations | Security Implementation Administration |Web Penetration Testing |
• A multifaceted professional, Experience and skills in threat and vulnerability management, information security analysis, information security architecture, information security policy design, risk assessment, security incident response, and security solution implementation and administration.
• Information Security Officer (ISO) - experience in Governance, Risk, Compliance & Audit - ISO 27001, PCI, HIPAA, McAfee, SOX etc. Information Security & Network security functions.
• Skilled at designing and implementing cyber security solutions for global petroleum, government and financial organizations that consistently reduce security costs while elevating the security status of the environment.
• Accomplished history with working with various private business and IT organizations to facilitate security architecture in order to further enhance the security stance of the company.
• Adept at security policies, developing solutions, assessing environments, and interpreting standards that constantly pass the security and regulatory audits.
• Successful in initiating six separate security programs which passed all third-party audits and all established laws and regulations.
• Comprehensive background in developing and implementing strategic technology and security road maps aligned with the needs of the business to deliver exceptional security and privacy solutions.
• Knowledgeable of penetration testing, vulnerability assessment, threat hunting, and security program development.
• Expert in Implementing & managing Symantec tools like Data Loss Prevention (DLP) and Secure Web Gateway (ProxySG).
• Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.
• Deliver niche technology projects such as DLP and forensics to catch and prevent fraud, manage overall operational aspect of DLP.
• Maintaining critical monitoring systems (Splunk - log management systems) measuring system errors logs performance and availability. Evaluation of log management solution Splunk plus open source Linux storage systems.
• Subject matter expert (SME) for DLP, Firewall, VPN, Archer, Vulnerability Management solutions, IDS/IPS/WIPS, SIEM and Endpoint Security.
• Expert at implementing network security, SIEM tools, new concepts, identity management, new security technologies, securing cloud architecture, and new security controls as well as in developing innovative security controls and processes that meet business and executive requirements in order to protect information.

TECHNICAL ACUMEN:

Security Solutions: Nexpose | Metasploit | NitroSIEM/McAfee ESM | Fireeye | Nessus | Splunk | Websense | | Arcsight | Cyberark | Cisco Umbrella |Open DNS| Cisco Firepower | RSA Envision Encase |RSA Netwitness | Beyond Trust | Logrythm |Alert Logic |Cylance | Prism | Sourcefire or FirePower IPS | Cisco Ironport | Barracuda Spam Devices | Data Loss Prevention (DLP) | Snort | Various NAC. IDS/IPS, HIDS, and SIEM solutions

Others: ICS | SCADA | Cisco network devices | SASS | Microsoft Windows | UNIX and Linux | SQL | Oracle | IIS | Apache | Python | NMap | ZMap |Masscan | Qualys | P KI Infrastructure and digital certificates | AWS | Azure | Bit 9 | Backtrack/Kali | McAfee | Symantec | Kaspersky | Java

Protocols: TCP/IP | UDP | HTTP | HTTPS | SSL | FTP | TFTP | Telnet | SNMP | ICMP | SSH | DNS | DHCP LDAP | WINS | NAT | SMTP | POP | IPSec | IMAP | SSL/IPSEC VPN | DNSSEC | iSCSI | PAT | NetBIOS | BACnet

PROFESSIONAL EXPERIENCE:

Sr. Cyber security Analyst

Confidential, Stamford, CT

Responsibilities:

• Performed real-time proactive Security monitoring and reporting on various Security enforcement systems, such as Splunk (SIEM), Anti-virus, Carbon Black, Malware Analysis, Firewalls, IDS& IPS, Web Security etc.
• Provide Level 2 Operations support for end user resolution investigating RSA SIEM events to determine any true intrusions.
• Identifying and remediating any threats and vulnerabilities as a Security Monitoring (SOC), Triage and Escalation to T2
• Network and host DLP monitoring and logging.
• Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, ArcSight, Solutionary, LogRhythm, SCCM, Altiris, LanDesk, BigFix, and McAfee/Symantec.
• Responsible for DLP Policy creation, testing and implementation to protect client data.
• In-depth experience with Symantec DLP in an enterprise environment
• Experience with architecting Symantec DLP Platforms.
• Configuring rules and maintaining Palo Alto firewalls & analysis of firewall logs using various tools.
• Migration of the rule base from ASA to Checkpoint Firewalls with Algosec Firewall Analyzer.
• Experience skills in implementing Java, Java script, Node.js.
• Blacklist/whitelist malicious email addresses/domains
• Execute on appropriate mitigation strategies for identified threats.
• Perform penetration testing for internal network and follow-up end to end with security vendor for the web application PT and make sure that vulnerabilities are addressed.
• Managing all client systems from endpoint perspective using McAfee ePO tool which includes managing Agent, VSE, pushing client tasks.
• Configuring rules and maintaining Palo Alto firewalls & analysis of firewall logs using various tools.
• Responsible for security risk analysis process which includes identification, assessment, evolution, control monitoring and testing.
• Experience converting Palo Alto VPN rules over to the CISCO ASA
• Implemented vulnerability management (VM) processes and Nexpose Rapid 7, BurpeSuite and security solutions.
• Symantec DLP and RSA DLP architecture and implementation for enterprise level companies.
• Performed Symantec DLP environments management and support configuration as well as data security environments used in testing and configuring client sites prior to installation.
• Expertise in writing Splunk searches, Splunk Infrastructure and Development expert well-versed with Splunk architecture and design
• Experience converting Palo Alto VPN rules over to the CISCO ASA solution. Migration with both Checkpoint and CISCO ASA VPN experience
• Administrating Carbon Black to do host based monitoring.
• Created script in Python for calling REST APIs.
• Involved in representation of the system in hierarchy form by defining the components, subcomponents using Python and developed set of library functions over the system based on the user needs.
• Symantec DLP and RSA DLP architecture and implementation for enterprise level companies.
• Monitored Security Management Console for Security Operation Centre (SOC) for ensuring confidentiality, Integrity and Availability of Information systems.
• Experience with Risk assessment using Industry standards like NIST Rev5, HIPPA, PCI/DSS and develop Security policy as per these standards. projects that installed, deployed and/or maintained multiple security solutions for security tools such as Nexpose Rapid 7, Comodo, Qualys, threat stop
• Used HTML, CSS, JavaScript with security Tool.
• Prepared system plans and executed Arc Sight architecture modifications.
• Managed, upgraded and maintained operational data flows and Arc Sight platforms.
• Maintained and modified hardware and software components, content and documentation.
• Created and documented reports, rules, trends and Dashboard.
• Analyzed Arc Sight and related tools and resolved IT security failures.
• Provided guidance for equipment checks and supported processing of security requests.
• Experience in Network Intrusion detection/Intrusion Prevention System and Firewalls.
• Expertise in Installing VMWARE, ESX Servers, vSphere Client and VCenter Server
• Utilize Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), McAfee Endpoint Encryption Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tool.
• Determine what emails are legit to whitelist and malicious to blacklist
• Used Palo Alto Dashboard to monitor servers and status of firewalls.
• Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Regex, Dashboards, Clustering and Forwarder Management
• Developed Splunk infrastructure and related solutions as per automation toolsets
• Experience in Splunk GUI development creating Splunk apps, searches, Data models, dashboards, and Reports using the Splunk query language
• Collected information about Internet-based malware-related malicious activities and the attackers behind them
• Security Incident handling, SIEM (ESEM) using RSA Envision/Arc Sight products.
• Vulnerability assessment, penetration testing, Risk assessment, Threat management, Security advisories, compliance audits, IT security assessment.
• Hands on experience for Implemented Zone Based Firewall and Security Rules on the Palo Alto Firewall.
• Excellent exposure to Database, VPN technologies, and Firewall
• Important Skills learnt during this phase:
• Defending against Cyber-Attacks:
• Using Qualys Vulnerability Management tool to aid in manual pen-testing in red teaming work.
• Working with Red team to do application testing, Web application testing etc.
• Administrating Carbon Black to do host based monitoring for red team.
• Working in SOC to keep an active defense against various threats and working with red team.
• Red Team Skills:
• Using tools including but not limited to Kali Linux, Burp Suite professional, Metasploit, IDA pro etc.
• Malware Analysis - full spectrum analysis of malicious code both dynamically and statically using tools such as Wireshark, RegShot, Process Monitoring tools, and debugging tools such as IDA pro and Olly debugger etc.
• Developed predictions about cyber attackers and their activities based on previous malicious attempts
• Working in SOC to keep an active defense against various cyber-attacks while working with red team.
• Static Code analysis using Valgrind, Flaw finder and manually checking the code flow
• Kill Chain Management:
• Working with red team in SOC to apply security awareness to Cyber Kill Chain management as well as using moving target defense approach.
• Important Red- Teaming skills:
• Scripting: Basic Shell scripting and Python
• Knowledge of Vulnerabilities and Exploits Outside of Tool Suites
• Willingness to learn and practice more every day.
• Understanding X86/64 architecture & assembly code.
• Knowledge of networking protocols.
• Soft skills - such as creating reports, public speaking, presentation.
• Social Engineering skills.
• Lock picking skills.

Senior Security Engineer

Confidential, Dayton, Ohio

Responsibilities:

• Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, ArcSight, Solutionary, LogRhythm, SCCM, Altiris, Rapid 7, LanDesk, BigFix, McAfee/Symantec.
• Push configurations and updates to multiple Splunk Enterprise instances via the Splunk Deployment Serve.
• Monitors and evaluates client networks for hacking attempts and the presence of malicious threat actors
• Experience converting Palo Alto VPN rules over to the CISCO ASA solution. Migration with both Checkpoint and CISCO ASA VPN experience
• Static Code analysis using Valgrind, Flaw finder and manually checking the code flow
• Monitor Carbon black Manufacturing Equipments like Rotary dryer, Reactor, Mixer Pelletizers, Bucket Elevators.
• Performed static malware analysis to search for malicious indicators of client-submitted payloads, and escalated for dynamic analysis as needed
• Performing DLP inventory scans
• Created DLP role-based access controls, DLP device policies, DLP application file access protectionLocate and assimilate new information to provide context for security events.
• Programming in Python as well as Perl
• Monitor the performance of Splunk via the Splunk Monitoring Console.
• Black endpoint security platform detecting malicious behavior and prevents malicious files, Anti-Malware defense Experience with Carbon.
• Implementation of Energy Management program and Origination of Carbon offsets for Moores Industrial Calgary
• Configure and administer security rules and policies to either permit or deny user traffic based on company's security policies on checkpoint and Palo Alto firewall.
• Expertise in writing Splunk searches, Splunk Infrastructure and Development expert well-versed with Splunk architecture and design
• Administrating Carbon Black to do host based monitoring.
• Update Tanium sensors and packages using VB scripts (backup SME)
• Design and developed various Business Application using both Keylight and Archer eGRC platform.
• Integrate vulnerability standard Principals like CVE, OWASP in to organization security policy.
• Analyze business requirement and requirement based on new trends and standards.
• Co-ordination pen testing and application security testing audits with Pen Test Tools like Metasploit, NMAP, Wireshark and Kali on Linux/Unix operating system.
• Administer Business Continuity Program including disaster recovery plans developments and coordinating disaster recovery testing activities
• Created SCCM server baselines to secure all enterprise servers to remedy finding in a security audit
• Complete testing steps listed in SOX audit IT work papers to gather evidence to support documented IT processes.
• Analyzed email lures to confirm campaign incidents, collected relevant data and notified organization of malicious indicators
• Responsible for DLP Policy creation, testing and implementation to protect client data.
• In-depth experience with Symantec DLP in an enterprise environment
• Experience with architecting Symantec DLP Platforms.
• Wrote Python scripts to parse XML documents and load the data in database.
• Generated property list for every application dynamically using Python
• Developed the UI using HTML, JSX, JSP and JavaScript. c
• Monitor daily backups and EPO logs
• Manage EPO for Servers and Desktops/laptops company wide. Apply updates as needed. Resolve client issues, and perform routine updates to client systems.
• Provide backup support for web filtering solution-white/black lists to ensure traffic is protected.
• Managed Cyber Security threats through prevention, detection, response, escalation and reporting
• Queries alerted by ArcSight Performing Vulnerability Assessments and taking the required counter actions and measurements to ensure the security of the IT infrastructure / systems.
• Monitoring and remediating daily security alerts generated by end users with the tools like Intel/McAfee SIEM, Force Points Websense, and Intel/McAfee EPO and also responsible for effectiveness of tools and scans, as well as assessing and tracking risk of exposure.
• Installing, patching and maintaining McAfee EPO 5.X and DLP, utilizing McAfee Orchestrator, and able to deploy DLP and reporting and working knowledge in ENS 10.
• Identifies, analyzes, monitors and minimizes complex areas of risk that pertain to information technology.
• Developed the original SOX documentation for a first year compliance.
• Work with Windows Operating systems for the building, configuring, and troubleshooting of Windows 2003, 2008, 2008 R2, 2012, and most currently 2012 R2 and support x86 hardware regarding storage requirements and use x86 tools such as Dell Open Manage and IBM Director.
• Deploy and support information security systems and solutions such as key management, IPS/IDS, SIEM, MDM, NAC, APT detection, and endpoint management for remote user.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Implemented multiple tools including Symantec DLP, and QRadar SIEM.
• Monitored Security Management Console for Security Operation Centre (SOC) for ensuring confidentiality, Integrity and Availability of Information systems.

Cyber Security Engineer

Confidential, Richardson, Texas

Responsibilities:

• Conducted onsite penetration tests from an insider threat perspective.
• Performed host, network, and web application penetration tests.
• Analysis of threats detected by vulnerability management tools.
• Developed Black Box Security test environments & conducted tests as part of team for precautionary measures.
• Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce the risk of vulnerability to IT assets.
• Monitoring and remediating daily security alerts generated by end users with the tools like Intel/McAfee SIEM, Force Points Websense, and Intel/McAfee EPO and also responsible for effectiveness of tools and scans, as well as assessing and tracking risk of exposure.
• Deploy and support information security systems and solutions such as key management, IPS/IDS, SIEM, MDM, NAC, APT detection, and endpoint management for remote user.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Implemented multiple tools including Symantec DLP, and QRadar SIEM.
• Developed approaches for industry-specific threat analyses, application-specific penetration tests and the generation of vulnerability reports.
• Utilize McAfee EPO and Microsoft SCCM for endpoint management.
• Develop risk assessment reports that identify reports and vulnerabilities, and also evaluate the likelihood that the vulnerabilities can be exploited.
• Performed risk assessments to ensure corporate compliance.
• Developed detailed remediation reports and recommendations for compliance and security improvements across industries based on changing threats.
• Evaluated firewall change requests and assess organizational risk.
• Performed Vulnerability Assessments and Data Classification and their impacts
• Suggested the Patches for windows machines with vulnerabilities identified.
• Performed application security and penetration testing using IBM Appscan.
• Performed security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS)
• Manage enterprise security systems, identifying key security risks, reporting risks to management with recommendations for corrective action utilizing NIST frameworks.
• Participate in Security Assessments of networks, systems and applications.
• Reviewed and involved in the WebSphere Application server hardening process from Security Team.
• Utilized monitoring tools to identify cyber security alerts of active threats, intrusions, and compromises

Environment: Linux, White Hat Security Source, Nessus, WireShark, Sql Map, Nmap, Metasploit, AWS Cloud Watch and StackDriver

Information Security Engineer

Confidential

Responsibilities:

• Configure and install various network devices and services (e.g., routers, switches, firewalls)
• Administering, configuring and troubleshooting of Windows Server 2008, 2012.
• Installation, Configuration and Administration of Web Servers (IIS and Apache)
• Design, implement and maintain VMware vSphere infrastructure.
• Infrastructure Development on AWS by employing services such as EC2, RDS, Cloud Front, Cloud Watch, VPC, etc.
• Evaluated firewall change requests and assess organizational risk.
• Configuration, installation and support of equipment in a MS Environment to terms of client proposals.
• Installation, configuration and administration of Asterisk based VOIP Telephony
• Troubleshoot and resolve computer/network issues by providing both on-site and remote support.
• Maintaining software applications, operating systems Win2K, Win XP, Win2007, and Linux.
• Responding to inquiries from staff, administrators, service providers, site personnel and outside vendors and etc. to provide technical assistance and support.
• Supervising administration of systems and servers to ensure availability of services to authorized users.
• User administration, setup, maintaining system and verifying peripherals are working properly.
• Quickly arrange repair in occasion of hardware failure and Monitor system performance
• Install software & create a backup and recovery policy & Updating Antivirus and its Patches.
• Administering multi Server windows LAN, WAN.