SUMMARY:

• Cyber Security Engineer with good experience in Implementation, Administration, Operation and Troubleshooting of enterprise data networks
• IT experience and professionalism. Possesses a comprehensive background in IT Administration, network systems, and cyber security practices, accompanied by accomplished measurable results
• Experience in planning, developing, implementing, monitoring and updating security programs, and advanced technical information security solutions, and sound knowledge in SOX and PCI compliance requirements and understanding of NIST and ISO standards
• Experience as a Splunk Engineer configuring, implementing and supporting Splunk Server Infrastructure across Windows, UNIX and Linux environments
• Configure, maintain and design network security solutions including firewalls (CheckPoint, Cisco ASA and Fortinet), IDS/IPS (Cisco, CheckPoint and SourceFire), VPN, ACLs, Web Proxy, etc.
• Hands on experience on Operations and management of Aruba based wireless network providing multiple SSID platform for DoD users
• Hands on experience using Tanium suit for endpoint protection, asset management, integration and threat intelligence.
• Knowledge of Computer Networking Basics, SOC Components, OSI model, TCP/IP protocols, Data Backup basics, Information Threats and Attacks.
• Hands on experience on Web Application Firewalls and attack mitigation techniques
• Work closely with clients Information Assurance analysts to oversee the preparation of a comprehensive and executive Certification and Accreditation (C&A) packages for approval of an Authorization to Operate (ATO); generate, review and update System Security Plan (SSP) against NIST and NIST requirements
• Establish a strong GRC (Governance, Risk and Compliance) practice to ensure adherence to best practice, regulatory requirements and ISO 27001
• Facilitate implementations of information security policies, account security policies and standards for logical and physical security
• Acquired RBAC and Trace Tanium modules, implemented them in production to facilitate easy user administration with pre - defined roles, and capturing of trace events on the endpoints.
• Perform Risk Assessment, Gap analysis & create Risk Mitigation plan
• Good experience to provide remediation consultation to organizations and system owners, ensuring vulnerabilities are remediated IAW DISA/NIST and Cyber Threat Intelligence research
• Modernize assessment tools by researching emerging technologies and outlining their procurement to increase productivity and effectiveness
• Having good understanding and Knowledge for implementation for ISO 27001, NIST 800-series, DIACAP, and FISMA guidance/governance
• Strong knowledge under Imperva web application firewall for monitoring for in-depth analysis of attacks and SIEM tools such as Splunk, HP ArcSight for analysis and log monitoring.
• Led an effort to create a new process in filtering and manage IPS events by automating the process and streamline Security Operation Center (SOC) triage efforts.
• Managed HBSS Mcafee ePO, configured HIPS 8.0 policies, verified and created server tasks, monitored events, created and enforced DLP policy, managed Rogue System Detection.
• Support deployment of all HBSS point products and updates to include Mcafee agent, HIPS, VSE, DLP. Perform HBSS policy tuning, HIPS, IPS tuning, and all related tasks.
• Experienced with Proxy and Malware-mitigation (BlueCoat, Radware/ApplXcel/Alteon, FireEye), threat detection and data leakage protection (Network DLP/Vontu/Symantec, BlueCoat Security Analytics.
• Worked on various projects involving security systems to bring in security data to the SIEM. Systems such as Splunk, Tanium, various IPS event data sets, Blue Coat, NetWitness to just name a few.
• Dedicated, multifaceted, and detail-oriented professional with progressive experience in Cybersecurity operations; complemented with wide-ranging knowledge of McAfee ePolicy Orchestrator (ePO) and networking technologies such as firewalls, switches, and routers.
• Analyzed the Policy rules, monitor logs and documented the Network/Traffic flow diagram of the Palo Alto Firewalls placed in the Data Center with MS Visio.
• Worked on various projects involving security systems to bring in security data to the SIEM. Systems such as Splunk, Tanium, various IPS event data sets, Blue Coat, NetWitness to just name a few.
• Expert level configuration of Layer 2 technology including VLANS, Trunking, STP, RSTP, PVST, MST, VTP in addition to port-security, Uplink fast, Backbone fast, Port fast, BPDU guard & filter and Ether channel including LACP & PAGP negotiations
• Management and administration of Juniper and ASA Firewalls at various zones including DMZ, Extranet (Various Business Partners) and internal.
• Aggregate, correlate, and analyze log data from network devices, security devices and other key assets using QRadar. Analysis of various use cases in the Qradar console like Malware, AD related issues.

PROFESSIONAL SKILLS:

Cyber Security: STIX, TAXII, Trustar Data Loss Prevention (DLP) - Digital Guardian

SIEM: Splunk

Load balancer: BigIP F5 LTM and GTM

Network: Cisco Routers, Switches

Network Security: Snort

Database: My SQL

Programming Languages: Java/J2EE, JSP, PHP, HTML, Python

Operating Systems: Windows, Linux

Cloud Technologies: Amazon Web Services (AWS): SDK, Dynamo DB, Lambda, Elastic Beanstalk

Application Servers: Apache Tomcat, AWS Lambda, AWS Elastic Beanstalk

Virtualization Services & Technologies: Amazon EC2

PROFESSIONAL EXPERIENCE:

Confidential, Philadelphia, PA

Sr. Information Security Engineer

• Designed an Operational Technology (OT) Network security solution based on the required template in place of an existing Company Network (CN) addressing risk and availability of SCADA-ICS in a pharmaceutical/healthcare organization
• Proactive by working with the local installation IAPM/ISSM POCs as necessary to obtain a local Authorization To
• Work with POA&M owners and POCs to ensure that the quarterly updates are completed
• Assessed the current as-is architecture of the company and designed a to-be architecture proposing implementation of OT security features
• Provided security representation to business and technology solution projects to identify, evaluate, design and implement solutions that are secure
• Assesses the risk posture of third-party vendors to assure optimal controls are in place and limit exposure
• Support the Information System Security Officer (ISSO)/System POCs during the Assessment and Authorization (A&A) process to ensure assigned systems have the proper Authorization to Operate (ATO) using the NIST SP Risk Management Framework (RMF) guidance
• Used Pandora FMS monitoring solution to find and reach out to system and product owners to discuss criticality of their applications

Confidential, Richfield, OH

Information Security Engineer

• Involved in Digital Guardian DLP data encryption, monitoring/reporting and remediation of internal and external threats/vulnerabilities.
• Perform analysis and triage on activities and incidents withina the data protection environment including, but not limited to Digital Guardian DLP.
• Responsible for monitoring and, providing analysis in a 24x7x365 Security Operation Center (SOC) using Splunk SIEM, IDS/IPS tools.
• Utilize McAfee ePO and Microsoft SCCM for endpoint management.
• Coordinated efforts with DLP Engineering and escalations to Cyber Investigations.
• Provide incident and policy analysis for existing controls and help drive expansion for greater data visibility and loss prevention technologies in the information security environment.
• Developed custom SIEM deliverables in Splunk to meet customer needs in a variety of domains: IT security, financial, IT Ops, human resources, physical security, etc.
• Deploy and troubleshoot end point protection, Cylance,Tanium.
• Involved in IT security and compliance controls assessment, testing and documenting IT security control and compliance requirements (e.g., HITRUST, HIPAA, PCI, CIP, FISMA/NIST, etc.) across SOX domains.
• Proactive by working with the local installation IAPM/ISSM POCs as necessary to obtain a local Authorization To
• Support the ISSO/System POCs to conduct risk and vulnerability assessments of information systems to identify vulnerabilities and to reduce risks to the systems.
• Experienced with DLP, Bluecoat websense, Proofpoint, Trend Micro, and IBM QRadar Enterprise SIEM security tools to monitor network environment
• Experience with Risk assessment using Industry standards like NIST Rev3 and Rev4, HIPPA, PCI/DSS and develop Security policy as per these standards. proof of concept team deploying and testing applications such as Tanium, Varonis and Patch Manager
• Provide SME duties for licensing (utilizing KMS), and patching utilizing WSUS, SCCM, Tanium and SQL
• Developed alerts, timed reports Develop, and manage Splunk applications. Have done many POCs.
• Cultivate relationships with team members, management, and government POCs through effective communication and leadership.
• Opened, Assigned and closed the tickets assigned in SOC Security Management Console towards Qualys for various Remediation Process and Patch Management Process.
• Conducted testing of Sarbanes-Oxley (SOX), OMB Circular A-123 Audit and Service Organization Control (SOC) SSAE 18 review using COBIT, FISCAM frameworks and SAS 70.
• Antivirus McAfee Virus Scan Enterprise, Symantec Endpoint Protection Suite
• Mentored security analysts assisting them with analyzing Snort alerts in Splunk, Snorby, and the management interface for the Cisco FirePOWER appliances.
• Implementation with NIST SP A and NIST SP .
• Analyzing suspicious web or email files for malicious code discovered through the SOC's own.
• Responsible for troubleshooting and resolving firewall software and hardware issues, including VPNs, connectivity issues, logging, cluster configurations, and hardware installations for Checkpoint firewalls.

Confidential, Albany, NY

Cyber Security Engineer

• Developed custom SIEM deliverables in Splunk to meet customer needs in a variety of domains: IT security, financial, IT Ops, human resources, physical security, etc.
• Design, development, implementation, tuning and testing of standard and nonstandard content for McAfee SIEM (Nitro).
• Perform Digital forensics and Incident Response (IR) using tools Autopsy, Magnet, Stinger, etc. 28 DOL agencies
• Implementation of Endpoint Security and Management solution. Tool use: Tanium Endpoint Security and Management Tool.
• Played a key role in deploying Symantec Endpoint Protection Manager and clients on a closed network
• Participates in direct client requirements, SOW, POCs, workshops as well as demonstrations and round table discussions. Initiated the need to continue to develop internal workshops with Round Table discussions and demonstrations.
• Worked as a PCI-DSS consultant to perform a third party audit.
• Establish and maintain an IT Compliance program for Financial Security Infrastructure team that minimize risks to IT objectives through effective, efficient, scalable, and cost-effective design and operation of controls, including Sarbanes Oxley (SOX), ITGC (IT General Control) using COBIT framework, and other domestic and international compliance requirements.
• Involved in DLP data encryption, monitoring/reporting and remediation of internal and external threats/vulnerabilities.
• Understand the threat landscape as related to vendors and perform vendor risk assessments
• Works with Encase, FTK, Cellebrite, Gargoyle, IEF, tools, plus dozens of utilities for ripping, extracting, repairing, copying, de-duplicating, automating and more
• Played an Integral role in migrating company's security firewall environment from FortiOS 4.0 firewall platform to Forficate FG 100D.
• Deployed Windows Updates and third party software patches using Tanium.
• Assist penetration testing and investigation.
• Collaborate with Internal audit, External Audit, SOX PMO in a regular cadence, discuss changes to the control environment and prepare effective, efficient compliance and substantive test plans and SOX Calendar.
• Expertise in development of Information Security Programs based on frameworks such as NIST, NIST, NIST, ISO 27002, COBIT 5.0, FFIEC, GLBA, SOX, PCI & PII with IT Risk drivers KPI's and KRI's to ensure Financial regulatory compliance and data security.
• Conduct internal and external security audits based on standard cybersecurity frameworks from ISO 27002, COBIT, NIST, OWASP and Cloud Security Alliance
• Built proof of concept (POC) for Localization to use AWS for some transcoding workloads. AWS services used were EC2, S3, Lambda, Elastic Transcoder. Second phase would be to add Captions and Digital Rights Management (DRM).
• SIEM management using Tanium connect for integration and correlation for active monitoring.
• Asset categorization and management by using Tanium Discover and provide continuous monitoring.
• Assessment guidance/standards used; NIST SP, NIST, NIST, ISO27002, ISO27005, to ensure regulatory compliance and proper assessment of risk.
• Develop documentation for new/existing policies and procedures in accordance with Risk Management Framework (RMF), NIST SP requirements.
• Used GZIP with AWS Cloud front to forward compressed files to destination node /instances.
• Dynamic monitoring and analysis of Intrusion Detection Systems (IDS) to identify security issues for remediation. Analyze, recognize, correlate, and report any potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information from AccelOps SIEM, Snort logs and Checkpoint FW logs.
• Consulted with business and technology partners to create and provide security recommendations and best practices.
• Assisted CSO with completion of established goals, objectives, and streamlining of internal office procedures.
• To provide QRadar with up-to-date threat intelligence and more robust vulnerability scanning, engineered Proof of Concept (PoC) demonstrations for Carbon Black and ThreatConnect software. These PoCs compared QRadar core vulnerability analysis and proved to management the need for the current threat landscape be infused into QRadar.
• Conducted onsite penetration tests from an insider threat perspective.
• Performed host, network, and web application penetration tests.
• Provided leadership in designing and implementing security solutions towards Qualys and SIEM tools like Splunk, Solutthirstionary, LogRhythm, SCCM, Altiris, LanDesk, BigFix, and McAfee/Symantec.
• Push configurations and updates to multiple Splunk Enterprise instances via the Splunk Deployment Server
• Support the reporting and outputs from cross-functional teams related to the vendor risk assessment process
• Provide IT Governance, Risk, and Compliance (GRC) service to fulfil client requirements.
• Experience with SIEM platforms (Splunk, Qradar, McAfee/Nitro, Arcsight, LogRhythm, Carbon Black)
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools, SSL/TLS, SOAP/XML, TCP/IP, HTTP and expertise in open ssl. Moreover Experience in deploying and administering Dynatrace, APM Tools like Synthetic, DCRUM, UEM, & AppMon.
• Managed Cyber Security threats through prevention, detection, response, escalation and reporting in effort to protect Enterprise IT Assets through Computer Security Incident Response Team (CSIRT).
• Responsibilities for CSIRT included SIEM, Context Filtering, Web Security, Incident Tracking, IPS/IDS and Malware Analysis.
• Responsible for troubleshooting and resolving firewall software and hardware issues, including VPNs, connectivity issues, logging, cluster configurations, and hardware installations for Checkpoint and Palo Alto firewalls.
• Performed risk analysis using State approved risk analysis methodology based on NIST SP and ISO IEC 17799 methodologies.
• Increased productivity by fine-tuning their IPS security policies allowing analysts to quickly identify threats on the network. Tune HIPS and VirusScan policies to support mission requirements as needed.
• AWS CLI Auto Scaling and Cloud Watch Monitoring creation and update
• Participate in design efforts for network security related portions of new applications along with application development areas and the network design for disaster recovery efforts.
• Experience spans over SIEM, Threat Intelligence, Penetration Testing and Vulnerability Assessment, Security Architecture, PCI-DSS and Security Research.
• Provide expertise with incident response, security event monitoring, vulnerability management, asset security compliance and data loss prevention utilizing McAfee Nitro (SIEM), McAfee ePO, McAfee DLP.
• Expertise in development of Information Security Programs based on frameworks such as NIST, NIST, NIST, ISO 27002, COBIT 5.0, FFIEC, GLBA, SOX, PCI & PII with IT Risk drivers KPI's and KRI's to ensure Financial regulatory compliance and data security.
• Advise and implement Symantec Best Practices and configuration management in the environment.
• Working with a team where my primary responsibility is planning, installation, configuration, performance tuning, problem determination, and administration of a Security Information and Event Management (SIEM) solution.
• Initiated a vendor risk assessment program
• Used virtualization tools such as VMWARE and VIRTUAL BOX to build server infrastructure for Arcsight security solutions.
• Coach and mentor new analysts in our Third Party Vendor Risk Assessment Program.
• POC and assisted in deployment for Bluecoat Security Analytics across BOA Data centers and remote offices, scripting and data extraction for SSL/TLS CPS utilization, Malware, Firewall and F5 capacity management and high availability planning.
• Design and implement a vendor risk assessment scorecard - to establish a risk benchmark, identify
• areas needing improvement, and as a periodic tool to assess overall risk status.
• Configuring and implementing F5 BIG-IP, LTM, GTM load balancers to maintain global and local traffic.

Confidential, Austin, TX

Cyber Security Analyst

• Proactively implemented updates, maintained, managed, monitored, and supported enterprise network and systems security operations infrastructure throughout the shared services environment.
• Perform daily DLP Incident monitoring, analysis and reporting, solution checks, client
• interaction, and day-to-day DLP operations.
• Managing SIEM - Net forensics
• Create and run routine reports and data analytics in Excel and Tableau. Audit and validate data/reports
• Managed the large security, risk and compliance initiatives of SOX-404 IT, PCI DSS and HIPAA/HITECH, Privacy Act, and FTC including security policies, procedures and controls.
• Experience with Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, HIPS/HIDS, Nessus, NMAP, SIEM, Splunk, Rapid7 Nexpose and InsightVM, WAF, routers, switches, VMware, Endpoint Security, Cloud Security, Symantec Endpoint Protection.
• Assesses a residual risk rating for the vendor based upon their control environment
• Monitor, analyze and 0respond to network incidents and events. Participate in disaster recovery implementation and testing under NIST framework, HIPPA, & HITECH standards.
• Developed approaches for industry-specific threat analyses, application-specific penetration tests and the generation of vulnerability reports.
• Implementation of security processes and protection tools: Endpoint Protection, Data Loss Prevention, Tanium, Privileged Access Management, Splunk, Qualys, Okta MFA
• Providing proper remedy to fix vulnerability in the client network after analysing security incident queries alerted by ArcSight Performing Vulnerability Assessments and taking the required counter actions and measurements to ensure the security of the IT infrastructure / systems.
• Analysis and documentation of network & information security requirements and define security policy for enterprise client and business critical servers.
• Perform daily duties supporting and trouble-shooting digital rights management on a Windows and Linux Platform, while defining and implementing patching
• Build and operate a security training & awareness program relating to vendor risk management program
• Collect and analyze detailed endpoint data like device manufacture, OS, open ports/applications etc by using Tanium Discover.
• Malware detection using Tanium Connect and gathering threat intelligence from the endpoint for rapid and effective identification of systems compromised by known viruses, Worms.
• Performing system auditing using audit reduction tools; following up on audit findings; maintaining authorization documents; and supporting the local Information Systems Security Manager (ISSM) as needed to maintain system authorization.
• Implementation of Symantec Mail Security for SMTP and Symantec Endpoint Protection.
• Experienced with tools like Metasploit/Qualys/Network forensics technologies
• Respond to inbound security monitoring alerts, emails, and inquiries that arose from various monitoring tools that included Symantec DLP.
• Performed application security and penetration testing using IBM Appscan.
• Perform vendor risk assessments as assigned. Work with vendors and business owners to gather documentation and develop vendor remediation plans.
• Worked on AWS designing and followed Info security compliance related guidelines.
• Collaborate across the entire organization to bring Splunk access to product and technical teams to get the right solution delivered and drive future innovation gathered from customer input.
• Design, Deploy, support and maintain Splunk cluster infrastructure in a highly available, geo-redundant configuration Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the firm’s enterprise security platforms
• Use Carbon Black (CB Defense), McAfee Nitro and Splunk Enterprise SIEM security tools to monitor environment
• Judged DIAR on the 12 PCI-DSS audit requirements as well as the 80 Sub-Requirements to determine strengths and weaknesses for audit preparedness.
• Knowledge and experience in IT risk or compliance disciplines including risk assessment.
• Establish a strong GRC (Governance, Risk and Compliance) practice to ensure adherence to best practice, regulatory requirements and ISO 27001.
• Websense, Symantec Endpoint Protection and Active Directory (User Account Management specific) events monitoring and analysis.
• Infrastructure security design and implementation expertise (Firewall, IDS/IPS, SIEM, Proxy services, Antivirus, Vulnerability Management, Key management, Web application firewall and PKI).
• Management of Cloud security, Vulnerability assessment, and security audits.
• Review and updated System Security Plan (NIST SP ), Risk Assessment (NIST SP ), and Security Assessment Report (NIST SP A).
• Reducing Proofpoint Digital Risk to defend impersonation of the brand to harm current market.
• Managing SIEM - Net forensics, its prevention controls, Penetration testing
• Perform personnel interviews during assessments and review proper analysis of testing results.
• Review documentation as applicable to controls for compliant/non-compliant status.
• Ability to provide an independent assessment per control and ensure security controls are implemented correctly; operating as intended; and are producing the desired outcome.
• Designed and documented Compliance logging & auditing strategy, provide analysis and trending of security log data from security devices, provide threat and vulnerability analysis as well as security advisory services.
• Co-ordinating pen testing and application security testing audits with PenTest Tools like Metasploit, NMAP, Wireshark and Kali on Linux/Unix operating system.
• Monitoring and remediating daily security alerts generated by end users with the tools like Intel/McAfee SIEM, ForcePoints Websense, and Intel/McAfee EPO 5.X and responsible for effectiveness of tools and scans, as well as assessing and tracking risk of exposure.
• Respond to security incidents and follow through to resolution, reporting, and lessons learned phases.
• Cisco ASA/Palo alto firewall troubleshooting and configuring policy based on change request, allowing/denying communication between different segment of the network based on requested ports.
• Conduct vulnerability scans to support to our risk/threat/vulnerability management program including resolving risks and the documentation of any residual risks.
• Maintain serviceability of assessment tools with latest software and firmware resulting in zero equipment failure during assessments
• Identifying flaws and weaknesses in information systems that may be exploited to impact the confidentiality, integrity and availability of a system.
• Prioritize vulnerabilities/assets that should be patched during maintenance cycles.
• Analyze vulnerability assessment results, identify remediation strategies and provide timely reports to management for review.
• Configured AWS Identity Access Management (IAM) Group and users for improved login authentication.
• Solution partner product compatibility validation with Cisco UCS servers. Functional and Feature testing of various datacenter and IT solutions and extracting test results for the quarterly marketing press release for Cisco partners.
• Investigate, document, and report on information security issues and emerging trends, Implemented Strategy for Security Compliance and Auditing (HIPAA, SOX). Coordinate with Symantec technical support to resolve product issue escalations to assist in faster resolution and reduce unplanned downtime.
• Used Splunk to analyze Bluecoat, Palo Alto, Juniper firewall, Windows Infrastructure logs. Configured UTM policies in juniper SRX 3600.

Confidential

Network Security Engineer

• Responsible for installation and maintenance of new network connection for the customers.
• Configured all the required devices and equipment for remote vendors at various sites and plants.
• In-depth expertise in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems.
• Manage enterprise security systems, identifying key security risks, reporting risks to management with recommendations for corrective action utilizing NIST frameworks.
• Design and Implementation of Bluecoat Proxy Infrastructure. Upgrading Radware Appwall WAF (Web application firewall) and fixing hot fixes and patches.
• Supported nationwide LAN infrastructure consisting of Cisco 4510 and catalyst 6513.
• Worked with cisco routers 2600, 2900, 3600, 3800, 7200 and 7600 and switches 2900, 3560, 3750, 4500, 4900, 6500
• Perform ISO 27001, PCI and SOX Audits and drive them to the closure of findings.
• Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce the risk of vulnerability to IT assets.
• Implementing various policies as per client compliance to restrict web access, troubleshooting proxy related access issues and generate Internet access reports using Websense web proxy
• Creating compliance rules, extracting Security risks and auditing the policies in firewall using Tufin firewall monitoring tool
• Reviewed encryption logs and DLP logs to regulate use base technological risk violations
• Upgrade, managing and troubleshooting various issues with Cisco IPS
• Rules implementation, log analysis, logical troubleshooting and managing various Checkpoint products-Power-1, UTM-1, Smart-1 appliances and Cisco ASA appliances
• Part of Disaster Recovery Datacentre’s Security Configuration and Management team