SUMMARY:

• Having good Experience in analyzing security logs generated by Intrusion Detection/Prevention Systems (IDS/IPS), SOC, DLP, SIEM, firewalls, network flow systems, Anti - Virus, and/or other security logging sources.
• Conducted vulnerability and compliance scans (i.e. Nessus) to determine overall system risk impacts and provide results to the customer and information system owner respectively.
• Strong hands-on experience on IBM QRadar, RSA Netwitness, Proof Point, Rapid7.
• Experience in developing the complex Use Cases, Universal device support Modules (UDSM) for non-supportable logs on the QRadar SIEM.
• Installed and configured SIEM (AlienVault) for on-going, in-depth vulnerability analysis.
• Monitoring and analyzing network traffic, Intrusion Detection Systems (IDS) and Instruction Prevention Systems (IPS), security events and logs.
• Ability to maintain confidential information and HIPAA related knowledge.
• Experience with SIEM tool like Qradar, Splunk.
• Experience in AWS Cloud, Working knowledge of Azure.
• Experienced with Symantec DLP Policies (DLP templates) compliance and regulation standards such as SOX, PCI, and HIPAA.
• 24/7 SOC monitoring for SIEM and IPS/IDS, alarm triage, and Forensic Investigation.
• Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.
• Experience with Symantec DLP web security gateway to provide security for outbound web content.
• Provided onsite Symantec DLP technical service and support to a large enterprise customer base.
• Experience in supporting Symantec Endpoint Protection 12.1 workstation clients in an enterprise environment. Installation, configuration, and day-to-day management of Symantec Endpoint Protection
• Performed System Administration Tasks for Symantec Data Centre Security (DCS).
• Installed and maintained security infrastructure, including IPS, IDS, log management, and security assessment systems. Assessed threats, risks, and vulnerabilities from emerging Security issues.
• Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level.
• Designed Symantec DLP architecture, implemented Symantec DLP.
• Worked with Symantec DLP upgrades and patches.
• Experience in Setup, configure and deploy Symantec HIDS on Windows Server 2008 and 2012 and desktops.
• Reviewed and revised client privacy and security policies to ensure they comply with HIPAA standards.
• Utilized SIEM solution to research account lockouts and authentication failures while assisting Security .
• Conducted vulnerability assessment using Nessus tool.
• Performed vulnerability scanning using Nessus & Retina. Run intrusion detection system (IDS) with low or no false positives.
• Have Excellent written and verbal communication skills, Analytical, Problem Solving skills, highly motivated, fast learner, lead/work within a team environment.

TECHNICAL SKILLS:

Application Servers: DNS, DHCP, Windows Active Directory Services, FTP, SFTP, Microsoft Exchange 2003/2007/2010

SIEM: Qradar, Splunk,Arcsight

DLP: Symantec & McAfee

Operating systems: Windows

PROFESSIONAL EXPERIENCE:

Confidential, Fort Worth, TX

Information Security/SOC Consultant

Responsibilities:

• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS/IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Analyzed threats to corporate networks by utilizing SIEM products ( Qradar and Splunk) to assess the impact on client environments.
• Installed and configured IBM QRadar Network Insights appliance to enables attack prediction through real-time network traffic analysis.
• Integrated custom apps with Qradar to Increase efficiency and performance of security solutions.
• Proficiently upgraded and revamped existing Qradar platform that provided more actionable intelligence, including the creation of custom alerts and daily reports, custom dashboards, and training.
• Worked with IBM Qradar SIEM Integration and responsible for integrating the log sources with IBM Qradar.
• Configuring log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases, and apps.
• Installed and configure Symantec DLP to protect confidential Data in motion, Data in use, and Data at rest.
• Performed three tier Installation of Symantec DLP for Production.
• Upgrade Symantec DLP version 15.0, 15.0.1 MP1, and 15.1.
• Work as per of SOC team to briefing on emerging threats and events in accordance to run book
• Coordinates and assists with team on assigned daily SOC operations.
• Analyze escalated email events including phishing and malware, and escalate as necessary
• Analyze and escalate events and incidents to SOC Analyst Level for response and resolution.
• Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.
• Utilize Intrusion Detection & Prevention (IDS / IPS) to monitor malicious activities on the network. Analyze firewall logs, IPS and IDS logs to uncover malicious activity going on within the network. Initiate and recommend corrective action to the CIRT team.
• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation
• Perform cyber threat intelligence analysis, correlate actionable security events, perform network traffic analysis using raw packet data, net flow, IDS, IPS and custom sensor output as it pertains to the cyber security of communications networks, and participate in the coordination of resources during incident
• Conduct analysis, cyber threats, the discovery of its vulnerabilities, monitoring for cyber intrusions, troubleshoot and response to security incidents detected from hp arcsight or related SIEM. IDS/ IPS, and other security applications
• Installed and configure Enforce Server Administration console to manage Endpoints, policies, policy rules, Agent groups, Incidents, manage DLP servers, and etc.
• Installed and Configure Endpoint Prevent and Discover detection server to protect Data in use.
• Installed and Configure Network Discover server to discover data at rest and Configure Network protect to protect data at rest by Quarantine, Copy and Encrypt data.
• Performed vendor File share scan with Symantec DLP by setting up Site-to-site VPN.
• Troubleshoot Symantec DLP Issues and provided support remotely for DLP issues.
• Customized and fine-tuned DLP policies to reduce rate of false positives in alerts and align them with business needs incident response. Configure PCI, SOX rules.
• Worked in Security Incident and Event Monitoring SIEM platform - IBM Qradar, and Splunk.
• Tested various threat vectors and present evidence of intent to create signatures/rules to mitigate specific threats.
• Deployed, Implemented and managed SIEM - IBM Qradar suite of products, QRadar SIEM, Qradar Vulnerability Manager (QVM), and Qradar Risk Manager (QRM) in AWS environment.
• Implemented and Maintained SIEM infrastructure using Qradar and Splunk in AWS environment.
• Installed and configured IBM QRadar Network Insights appliance to enables attack prediction through real-time network traffic analysis.
• Expert level understanding of Qradar Implementation & its Integration with other N/W devices and Applications and the troubleshooting work.
• Expert Understanding to develop the complex Use Cases, Universal device support Modules on the QRadar SIEM.
• Participated in the product selection and installation of Qradar Security Information Event Manager SIEM consisting of multiple collectors.
• Responsible to propose rules to the client to implement into QRadar to trigger security events. Once the rules were approved, involved to test them and implement them into QRadar.
• Worked on triage and remediation of data loss prevention events, call tickets, and support cases for the DLP environment.
• SIEM: Building software & application to enhance SOC operations and cohere Threat Intel interactions. Creating custom data visualization tools to interpret data correlated from event logs. Designing & implementing security content/use-cases on SIEMs, utilizing various event log sources. Delivering solutions, maintenance and support to currently deployed SIEM engines.
• Monitor SIEM tool and triage all alerts as they come in to assure the network is safe
• Services monitored include, but are not limited to SIEM, IDS/IPS, Firewall, Cloud Environments, and Data Loss Prevention (DLP) SMTP and Web.
• Conduct tuning engagements with security engineers to develop/adjust SIEM rules and analyst operating procedures.
• Provided leadership in architecture and implementing security solutions towards Qualys and SIEM tools like Qradar, Splunk.
• Monitor critical infrastructure including firewalls, IDS/IPS devices, virtual networks, vulnerability scanners, VPNs, WANs, and disaster recovery sites.
• Worked closely on Data Privacy control frameworks and related laws and regulations (ISO 27000 series, NIST).
• Managing ePO version 5.3 and VSE 8.8 for large enterprise network.
• Manually Installed McAfee NDLP Prevent 10.x ISO.file and configured in McAfee ePO server.
• Implemented, managed and deployed the McAfee Agent on windows Server’s master image.
• Conducted Benchmarks and File Integrity Monitor checks through Policy Auditor.
• Investigated alerts created by IDS/IPS including malicious file uploads compromised servers, SQL-injections, and port scanning.
• Managed vulnerabilities with the aid of NESSUS, Web Inspect as vulnerability scanning tools to detect potential risk on single or multiple assets across the enterprise.
• Conducted Security Scans using Security Center (NESSUS) to identify System Vulnerability, risk assessment and technical report submission detailing the vulnerabilities, risk, and remediation action and review assessment results.
• Implemented ArcSight Logger within organization's syslog enclave for long-term data retention and analysis (SIEM).
• Developed Vulnerability Scanning process for all environment builds, and on-going monthly scanning reporting using Nessus.
• Monitoring of events from Data Loss Prevention (DLP) and other information security tools and determined appropriate next steps using knowledge of Corning businesses or processes.
• Utilized Security Information and Event Management (SIEM), Data Leakage Prevention (DLP), Intrusion Detection and Prevention (IDS / IPS), forensics, sniffers and malware analysis tools.
• Performed investigation, analysis, reporting and escalations of security events from multiple sources including events like intrusion detection, Firewall logs, Proxy Logs, Web servers.

Confidential, Mahwah, NJ

Cyber Security/SOC Analyst

Responsibilities:

• Qradar Implementation & its Integration with other N/W devices and Applications and the troubleshooting work.
• Maintain QRadar components like Console, Event Processors, Flow processors, Event Collectors, Flow collectors to Coach Environment for Log collection and monitoring.
• Integrate Infrastructure devices and Security devices and also third party applications to QRadar SIEM.
• Analysis of Offenses created based on different device types of logs via Correlation rules.
• Identify offenses root cause and creating service tickets with support teams.
• Integrate Vulnerability scanner to QRadar to populate vulnerability information to associate internal assets.
• Recommended and configure Correlation rules and email alerts and reports and dashboards in QRadar Environment.
• Report common and repeat problems, observed via trend analysis, to SOC management and propose process and techniques.
• Oversee the daily operation in a SOC and responsible for managing Tier1 and Tier 2 Security analyst on my shift
• Delegate duties SOC Analyst (Tier 1 & 2) and manage escalation
• Develop SOPs and train employees on application/tools used in daily SOC operations.
• Respond to computer security incidents by collecting, analyzing, preserving digital evidence and ensure that incidents are recorded and tracked in accordance with organizational SOC requirements.
• Configure Network Hierarchy and Back up Retention configuration in QRadar SIEM. mation and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies.
• Network and host DLP monitoring and logging
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies.
• Designed and implemented McAfee Data Loss Prevention (DLP) across all end-points. Created policies and keyword dictionary to safeguards intellectual property and ensures compliance by protecting sensitive data.
• deployment of Symantec DLP- Endpoint Prevent, Network Prevent for Email, and Network Prevent for Web, Network Discover, and ITA. In-depth experience with Symantec DLP in an enterprise environment.
• Recommended and configure Correlation rules and email alerts and reports and dashboards in QRadar Environment.
• Maintain QRadar components like Console, Event Processors, Flow processors, Event Collectors, Flow collectors to Coach Environment for Log collection and monitoring.
• Monitored AWS cloud infrastructure resources, and created utilization, trending, chargeback and show back reports.
• Integrate Infrastructure devices and Security devices and also third party applications to QRadar SIEM.
• Integrate Vulnerability scanner to QRadar to populate vulnerability information to associate internal assets.
• Configure Network Hierarchy and Back up Retention configuration in QRadar SIEM.
• Investigate SIEM alerts.
• Maintain and implement all Checkpoint firewall, Confidential ASA firewall and Paloalto change requests from clients. This includes assisting in the correct determination of application flows necessary.
• Migration of the firewall rules from Confidential ASA, Checkpoint to Palo Alto firewalls using migration tool from PAN.
• Involved in Security Operation, Vulnerability and Risk Assessment, alerting report generation and analysis with various security tools (Splunk, McAfee ePO, Symantec DLP, Imperva, Sourcefire (IDS/IPS), FireEye. Bluecoat Proxy, etc
• Monitor SIEM views and draft reports on network activities that may exploit vulnerabilities or cause harm to network hosts
• Upgrading the Qradar(SIEM) Enterprise and security patching.
• Well versed in both remote and on-site user Splunk (SIEM) Support
• Centralizing the storage and interpretation of logs using Splunk(SIEM) System
• Worked in Security Incident and Event Monitoring SIEM platform - IBM Qradar, and Splunk.
• Tested various threat vectors and present evidence of intent to create signatures/rules to mitigate specific threats.
• Participated in the product selection and installation of Qradar Security Information Event Manager SIEM consisting of multiple collectors and a high-performance MS SQL database.
• Analyze and respond to security events and incidents from SIEM, Firewall (FW), Intrusion Detection/Prevention Systems (IDS/IPS), Antivirus (AV), Network Access Control (NAC) and other client data sources.
• Expertise in Creating Scripting for Configuration Backup, Report backup, Qradar Device Reports and for Metric Generation.
• Experience in creating custom views, reporting and automated alerting for both operational and security use using Qradar.
• Experience in Security Incident handling SIEM using RSA Envision and IBM Qradar products.
• Security incidents to provide management oversight to the incident process.
• Perform tuning of the Security Incident and Event Manager (SIEM) filters and correlations to continuously improve monitoring.
• Managed a multisite environment with more than 200 Palo Alto firewalls.
• Managed Palo Alto devices by implementing security rules and mitigating network attacks.
• Updated daily schedules to update security, threats, Wild fire update from Palo Alto.
• Writing MOPS for adding new Firewall rules, running reports on the unused and vulnerable rules.
• Expert Understanding to develop the complex Use Cases, Universal device support Modules on the QRadar SIEM. Expert in installing and configuring Splunk forwarders on Linux, UNIX and Windows.
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Vulnerability Management: Configured Qualys Guard Tool for Vulnerability Analysis of Devices and Applications. Monitored them constantly through the dashboard by running the reports all the time.
• Installed, Configured Symantec End Point Protection on laptops used for remote connectivity
• Co-ordinating pen testing and application security testing audits with PenTest Tools like Metasploit, NMAP, Wireshark and Kali on Linux/Unix operating system.
• Coordinated security scans, remediation to ensure computer security root cause analysis, executive summary, mitigation strategies and tracking remediation efforts that finalized application risk assessments, risk analysis of support systems, site tasks associated with IT Security Checklist.
• Integrated infrastructure devices and security devices to Qradar SIEM.
• Actively used SIEM technology for searching and monitoring real time events for network security and compliance.
• Assisted with review of policy, security alerts, guidance, regulations and technical advances in IT Security Management.

Confidential

Cyber Security Analyst

Responsibilities:

• Identifying and implementing practices in security to enhance the operations of the clients.
• Maintaining framework to ensure that information security policies, technologies and processes are aligned with the business regulations of the clients.
• Managing SIEM- HP IBM QRadar and Splunk, Rapid7 Nexpose, Forcepoint .
• Extract customized Property value using the Regex for devices which are not properly parsed by QRadar DSM.
• Troubleshoot error log sources and indexed data.
• Manual Install updates and Upgrading the latest patches to QRadar.
• Symantec Data Loss Prevention (DLP) policy engineering
• Experience in Deployment of Symantec HIDS Agents.
• Perform Daily Maintenance of The Symantec CSP console by grouping assets According to Function.
• Risk analysis and security control gap analysis from information & network security perspective.
• Managing security incidents in the organization, key member of Incident Response Team.
• Log analysis and advisories to different customers through RSA envision SIEM.
• Lead the deployment, installation, and configuration of Symantec DLP, as well as Enforce, Network Monitor, Network Discover, Web Prevent, Email Prevent, and Endpoint Agent.
• Administer and maintain the corporate DLP environments while structuring and documenting the corporate DLP infrastructure environments.
• Performed Symantec DLP environments management and support configuration as well as data security environments used in testing and configuring client sites prior to installation.
• Performed Symantec DLP environments management and support configuration as well as data security environments used in testing and configuring client sites prior to installation.
• Develop reports/alerting to meet SOC, clients and leadership requirements.
• Improved and expanded SOC L1 and L2 process documents