SUMMARY:

• Self - motivated individual with 10 years of IT experience seeks a challenging position to utilize my educational background and technical skills to improve a company’s network, systems and security posture. I performed pen testing and vulnerability testing using Kali/Linux, Burp suite, Wireshark, White Hat, Nmap, Caine and Abel. I have performed Security testing: Input and Access handling, SQLite - SQL Injection, XSS - Cross Site Scripting, CSRF - Cross-Site Request Forgery, Session / Cookie Manipulation, Logic Flaws and Buffer Overflows. Also, I have experience with incident handling (NIST SP 800) and familiarity with ISO 27001 and PCI DSS. Lastly, I have strong organizational, time-management, interpersonal and communication skills.

TECHNICAL SKILLS:

Operating Systems::Windows Server 2008 R2, Windows 95/98/2000/XP/Vista/7/10, LinuxOS(Zorin,Ubuntu11.62,PClinux,Debian,Kali,Fedora).

Software::Visual Studio 2005/2008/2010 , Gliffy, Microsoft Office products, Photoshop CC14, Illustrator, Wireshark, SonicWall, Fireye, QRadar,Nmap, C programming, HTML programming, Java Programming, PHP/Perl programming, Powerscript, Symantec security products, AVG/Avira security malware/virus removal programs, Cryptographic analysis using CryptoTool1(CT1), BitLock, WEP/WPA2 TKIP penetration tests using Cain&Abel softwarePhPMyAdnim, VPN solutions, Gmer root kit diagnostics, Secunia PSI, Wireless Solutions implementations, Comodo enterprise solutions (firewall/browsers/proxies),Apache Servers management,CAINE computer forensics.

Hardware: Intel based servers, WAN/LAN Switches and routers, RAID1-5, printer / Fax / Scanner technologies. Cisco ASA, McAfee EPO(ePolicy Orchestrator)

Network: TCP/IP, Windows file & print services, Linux Samba, O/S tools such as netstat, ethconfig, ipconfig, route, traceroute, ethereal, Nmap, UDP, p2p networks, network topologies, severs management(exchange/outlook/mail/group policies),Cisco Packet Tracer, Skybox ticket management system.

DB: MySql, SQL, phpmyadmin,PostreSql, SQlite

Compliance assessment: PCI DSS, ISO 27002/27018 , CCS, NIST Cyber Security Management, HIPPA, GLBA.

PROFESSIONAL EXPERIENCE:

SIEM Security Engineer(Qradar/Splunk)

Confidential, MN

• Converted data types(list, raw, table) from Splunk environment to Qradar metrics
• Designed, developed or recommended measures to ensure successful up-time of our security infrastructure
• Designed, developed or recommended distributed computing environment architectures
• Exhibited knowledge and ability to collaborate on SIEM functional requirements: logging, event collection, normalization, correlation
• Storage, system access, reporting, and customization
• Exhibited knowledge and ability to collaborate on SIEM nonfunctional requirements: monitoring, retention, reporting, regulatory and contractual considerations, high availability, disaster recovery, and success criteria.
• Worked with key Customer personnel on macro design elements for SIEM system; such as: data/event source collection protocols and methods, asset risk weighting criteria, asset classification profiles
• Used case frameworks, customization requirements, dashboards
• Worked with key TR personnel on micro design elements for SOC and SIEM system; such as: data/event source phased integration plans, use cases, alert classification criteria, vulnerability management integration
• Configured and validated secure systems and tests security products and systems to prevent security weakness.
• Lead efforts on mission-critical security infrastructure projects
• Provided a full-service capability in management and operations of technology platform which includes deployment, configuration, and administration.
• Managed the engineering of technologies: Qradar, Splunk, ServiceNow
• Created documentation
• Built custom dashboard in Qradar console
• Tuned QRadar to deliver optimal performance in high volume enterprise customer environments
• Developed standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/Log Management platforms
• Integrated QRadar with customer operations including network management and ticketing systems, and assisting customers in building operational processes around the QRadar ecosystem
• Researched, analyzed log sources utilized for security monitoring, security and networking devices (such as firewalls, routers, anti-virus products, proxies, and operating systems)
• Worked with application and business owners to integrate monitoring of SaaS applications into the QRadar platform by ingestion of various log sources.
• Built custom DSM and uDSM parsers for log integration from Cloud platform
• Conducted security investigations into customer incidents using QRadar Security Intelligence
• Configured and troubleshooting network and security devices, various operating systems, and applications such as web, mail and database services
• Performed all administration, management, configuration, testing, and integration tasks
• Used perl to create arrays of variables(reference map) in order to determine rules sets that need to be tuned

Principle Security Engineer

Confidential, CA

• Developed prevention techniques(USB block, incident escalation, incident evaluation, email prevent)
• DLP Implementations endpoint/network monitor/email prevent
• Created runbooks and diagrams for incident management
• Created incidents metrics data for executive management
• Assigned access roles in DLP
• Developed schema of incident response management
• Compliance management dashboard creation
• Tested policies with data identifier for endpoint and network monitoring systems
• Set up scanning data at rest, motion and endpoints
• Created network impact analysis for DLP components scanning
• Reviewed records management in DLP policy design
• Implemented and tests tap and inline modules for DLP architecture
• Designed context and content inspections for DLP scans
• Designed and proposed EDM(exact data matching) model for DLP regulatory policy enforcement
• Designed detection responses for incident management
• Designed data sanitation procedures for incident mitigation
• Designed data tagging principles
• Deployed countermeasures to prevent data loss for rephrased or unstructured data blocks
• Developed right taxonomy for DLP access management
• Produced discovery scans metrics with incident remediation plans

Cyber Security Incident Analyst

Confidential, CA

• Event monitoring, analysis, responding, and reporting for IT security incidents IT Security Incident response
• IT security incident and vulnerability response and escalations
• Threat detection, response and event escalations
• Account audit log and detection anomalies
• Detection and escalation of account privilege abuse
• Policy compliance monitoring
• Symantec DLP monitoring and escalations of policy violations(HIPPA/PCI/PII)
• Stealthwatch benchmarking and network monitoring with Metasploit integration
• Proofpoint/Messagelabs emails track and trace for phishing incidents
• Qualys monitoring vulnerabilities and weaknesses on externally facing assets
• Tripwire intelligence gathering asset validation
• Firewall rules analytics(Algosec)
• Imperva Dam predictive analytics with event monitoring escalations in database access violations/Use case engineer alert design, validation and configuration
• Service Market Place ticket analysis handling on stolen/lost assets
• Symantec Endpoint Protection logs analytics and event handling/escalating
• Juniper VPN access event monitoring/Splunk
• Blue Coat Reporter user access log information validation
• Developed specific content necessary to implement Security Use Cases (Stealthwatch) and transformed into templates, reports, rules, alerts, dashboards.
• Experience developing Data Analytics/Anomaly detection algorithms
• FireEye MPS/HX malware analysis using Redline
• Experience with incident handling(NIST SP 800)
• APT threat intelligence and response

Jr Network Analyst

Confidential, Jamestown, ND

• Created reports with Dell SonicWALL
• Monitor wireless access-points for rogue access-points
• Provided Help Desk support
• Analyzes network topologies to determine potential issues
• Installed current network operating server software on new or existing server-class hardware and installed communication equipment including routers, terminal servers, switches and firewalls.
• Active directory work with domains processes and services in windows 2008 R2
• Penetration Testing with Kali Linux, Cain &AbelWireless network analysis using Wireshark Network vulnerability testing with Nmap as well as EDB viewer to read email without an exchange server
• Familiarity with ISO 27001, PCI DSS
• Experience with MoonSol product line for creating physical memory copy of PC
• FireEye NX network Security Experience
• Security analysis using SonicWall
• Creating vulnerability reports Nmap, Wireshark
• Use of networking concepts such as DNS, Email, HTTP, SSL, OSI Model/DoD4, and TCP/IP protocols, Network/Server topologies implementations and application
• Apache management/set up with addition to myphpadmin, mysql database management/query manipulation
• VPN support/ remote assistance
• Ethical hacking experience using Cain & Abel
• IDS Firewall/system hardening
• Host intrusion detection prevention experience
• Symantec End Point Protection

IT support analyst

Confidential

• Provided student help in the lab. Printer/scanner issues, log in issues, updated group policies for CWC host.
• Provided help implementing PC solutions into four labs total count of 200+ computers.
• Adept at offering quality technical help to non-technical end users.
• Troubleshoot wireless network for West Apartments and researched solution (helped implementing new 802.11 ac beam-forming technologies).
• Installed user workstation hardware, operating software and various application software and/or pre-configured equipment.
• I dealt with students on daily bases for hardware and software problems resolutions
• Risk assessment and response with violations of user license agreements
• Procedural analysis and vulnerability management upon violations and/or anticipations
• Ability to explain complex IT concepts in simple terms
• Infrastructure experience supporting over 200+ systems
• Client Imaging experience
• Computer inventory experience
• Encryption tools experience.