SUMMARY:

Develop, document, and execute incident response procedures. Perform analysis, classification, and correlation of security events. Develop filters and alerts for security events within SIEM. Develop and deploy automation/scripting to eliminate manual processes and improve efficiency. Monitor and recommend improvements based on security events or incidents in areas endpoints in windows servers 2008, 2012, window 7, window 8, and windows XP. Develop, document, and execute security incident response plan. Coordinate security remediation effort with various technical and business domain owners. Participate in security projects and information security program development. Provide input on information security strategies

SKILLS:

• Data Security Products
• McAfee Endpoint Policy Orchestrator (ePO)
• McAfee Data Loss Prevention (DLP)
• McAfee Endpoint Encryption for Files and Folders (EEFF)
• McAfee Virus Scan Enterprise (VSE)
• McAfee Agent (MA)
• Symantec DLP
• ThreatSpike

.JOB EXPERIENCE:

Confidential

AVP - DLP Engineer

Responsibilities:

• Define new DLP policies and tune the existing policies to meet the business requirements while reducing the number of polices.
• Performed bottom up review of the DLP capability to reduce the gaps.
• Incorporate the new test cases into bank’s DLP testing strategy to ensure that DLP is solidly tested before the technology is deployed to production.
• Continuous incorporating new use cases as needed to keep up with ever changing technology.
• Prepared 2000 + comprehensive use cases, and tested the use cases with DLP policies to check if DLP controls/ functionalities can block the file transfer if user tries to transfer the file by using different file transfer methods, by defining and configuring DLP policies to detect the data transfer on the flowing.
• Work with Third party vendors and demonstrate the gaps found in their product during testing, and help their engineers to understand the test steps (how DLP is not blocking the file transfer), so that they can reproduce the issue on their end, and resolve it in their next version release.
• Work with compliance and provide DLP testing documentation, including the following to show what tests were performed.
• Incidents numbers
• Product release versions
• OS versions
• Document of use cases with screen shots to showing how test was performed.
• Work closely with DLP operations team collecting the business requirement defining DLP policies.
• Configure Policies
• User Access
• Fine tuning rules
• Capturing the evidence and document it for audit purpose.
• Created use cases to find gaps to improve DLP and ThreatSpike.
• Provide continuous improvement to the testing program by developing new use cases on as needed basis.
• Help junior staff on the team come up to speed on testing to help advance the program.

Confidential

Senior Systems Programmer

Responsibilities:

• Upgraded ePO from 4.6.7 to 4.6.8. Install Hot Fixes (HFs) patches on ePO as required.
• Created server tasks to run reports and automate processes, create queries to pull systems for analysis.
• Utilize ePO to deploy McAfee products, and set up server tasks to run queries.
• Set up server tasks to send out automated reports to managers.
• Create tags to apply specific policies to systems or sub groups.
• Data Loss Prevention Deployment, deployed DLP 9.3.416 globally (200,000 workstations and Laptops), and I deployed DLP 9.2.216.4 globally (200,000 Workstations and Laptops).
• Eliminate Risk, 60,000 endpoints had out dated DLP (DLP 3.0). These systems were vulnerable to leak data due to open USB ports (potential risk of losing DATA), I tested the solution and recommended the solution to management and deployed solution successfully to 60,000 endpoints. Automated the removal of DLP 3.0 version and upgraded the endpoints to current version of DLP to enforce correct policy to block USB ports.
• Engine 5600 Deployment, automated Virus Scan Enterprise (VSE) engine 5600 deployment to 275,000+ endpoints.
• EEFF 4.2.0.224 deployment, deployed EEFF 4.2.0.224 and FRMP 4.3.0.224 (EEFF) to 75,000+ endpoints and created support documents to be used by the team members and help desk support team for troubleshooting issues on endpoints.
• Setup On Demand Scans (ODS), configured automated tasks in ePO to run scans on servers and workstations located in different time zones globally to scan these servers and workstations during non-peak hours to minimize business operation and user impact.
• White Listing, gathered all legitimate processes to upgrade the ePO from 4.5 to 4.6 to have minimum ePO policy management overhead, I worked with application owners to verify if these processes were still being used, and blacked listed all the processes used by the applications that were not in production or had been obsoleted.
• Virus Scan Enterprise (VSE) troubleshoot anti-virus scanning issues, deploy VSE upgrades by setting up server and client assignment tasks in ePO. Work with internal teams and external application vendors to determine the files and processes to be excluded from policies to improve application performance.
• Coordinate system and application changes with other engineering teams and vendors. Test, and validate user functionality after upgrades. Represent the security area on divisional councils; and review changes before and after production installations.
• Improve plan of action by providing expert advice and guidance to others on the security applications and best practices to support and align efforts to meet customer and business needs; and build relationship to deliver and deploy product on time.
• Ensure system performance by identifying opportunities to by setting up alerts, monitors and resolving issues proactively before negative impact occurs. Update documentation, track issues to find root cause and work with suppliers to review system performance, availability, and reliability; and review actions to be taken to respond to alerts and problems.
• Work with compliance to ensure systems are compliant with PCI, and company's policies and procedures to support company mission, values, and standards of ethics and integrity. Implement business plans; and assist others with how to apply procedures to meet business needs and ensure that practices are followed by others.
• Provide and support the implementations of business solutions by building relationships and partnerships with key stakeholders; identify business needs; determine and carrying out necessary processes and practices; monitor progress and results; recognize and capitalize on improvement opportunities; and adapt to necessary changes according to stake holder’s demands, take on new organizational changes, and new responsibilities.
• Troubleshooting endpoints (Windows 2003, 2008r, 2012, Windows7 and Windows XP). Consuming high CPU, Endpoints not communicating with ePO to pull policies. Endpoints not pulling updates from remote repositories.
• Resolve issues with VSE getting disabled. Troubleshoot file encryption and file transferring issues with removable media. Troubleshoot endpoints for user not able to use USB drives with appropriate access.
• Troubleshoot repositories that are not getting updates from ePO, and not getting correct policy to distribute the updates to its endpoints. Remediate endpoints and repositories that don’t get the software upgrades during rollout.

Confidential

Application Support Technician

Responsibilities:

• Took calls and performed first level troubleshooting on UNIX systems for WMSC applications, documented the procedure to resolve the issue, and provided the information to application support teams.
• Validated upgrades with internal teams and end users to make sure application functionality is normal after the upgrades or if outage has made any unexpected changes to the normal functionality.
• Reset Passwords for third party vendors to access the servers on which their applications ran on.