SUMMARY:

• Experienced Professional with over Five years of experience as an IT Security Professional in IT Infrastructure, SOC, Information Security, and Cyber Security.
• Experience with Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, Nessus, NMAP, SIEM, Splunk, ArcSight, Rapid7, Routers, Switches, LAN/WAN, TCP/IP protocols, VMware, Endpoint Security, Cloud Security.
• Execute Identity and Access Management (IAM) services, including, but not limited to Provisioning, Authentication, Authorization and Monitoring.
• Expertise in improving the Risk and Control functions against Governance, Risk Management and Compliance.
• Maintained security infrastructure, including IPS, IDS, log management, and security assessment systems.
• Assessed threats, risks, and vulnerabilities from emerging Security issues.
• Expertise in improving the Risk and Control functions against Governance, Risk Management and Compliance (GRC).
• Involved in Cloud Security Infrastructure and design for client's in - house Azure Applications
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS/ IPS), Data Loss Prevention (DLP), forensics, sniffers and malware analysis tools.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Monitored and investigated suspicious network activities, endpoints and threats utilizing a variety of tools such as ArcSight, Splunk, Carbon Black, FireEye, Cisco Talos, WireShark and Nessus
• Use of LogRhythm SIEM for investigations.
• Incident response and threat detection using Tanium.
• Experience on Fireeye for Management Systems and for Threat Intelligence.
• Experience deploying in the cloud and on-premises using Amazon Web Services (AWS) and Single- Server support
• Using network monitoring and IDS tools such as Wireshark and Snort.
• Support and implement information security projects for the enterprise to include SSL decryption, application filtering, and LogRhythm SIEM solution for the enterprise.
• Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, ArcSight, Solutionary, LogRhythm create logrhythm rules.
• Liaise with business partners to agree on objectives and maximize the adoption of and support for IAM plans, procedures, and regulatory controls.

TECHNICAL SKILLS:

Security Software: Nessus, NMap, Metasploit, Snort.

Frameworks: NIST SP, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS.

Security Technologies: Symantec DLP, McAfee EPO, QRadar, Splunk, Cybereason, Trend Micro TippingPoint

Qualys Continuous Monitoring: Vulnerability Management, Web Application Scanning, Policy Compliance, Asset Management, Governance, Risk Management and Compliance.

Frameworks: NIST SP, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS

Operating Systems: Windows, Server 2012 R2, Linux

PROFESSIONAL EXPERIENCE:

Confidential, Detroit, MI

Sr. Security Incident Response Analyst

Responsibilities:

• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS/IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Analyzed threats to corporate networks by utilizing SIEM products (QRadar and Splunk) to assess the impact on client environments.
• Expertise in improving the Risk and Control functions against Governance, Risk Management and Compliance (GRC).
• Installed and configured IBM QRadar Network Insights appliance to enables attack prediction through real-time network traffic analysis.
• Involved in security product assessments such as Palo Alto, Twistlock, Azure Firewall
• Analyzed, Administered, and Configured ArcSight SIEM, McAfee ePO, Carbon Black.
• Analyzed threats to corporate networks by utilizing SIEM products (Arcsight and LogRhythm) to assess the impact on client environments.
• Performs network/ host-based intrusion detection using a variety of threat detection tools such as Splunk,proofpoint Sourcefire, FireEye (HX, NX)
• Anti-virus alert response due to alerts by Logrhythm (SIEM), McAfee, Cylance.
• Proficiently upgraded and revamped existing QRadar platform that provided more actionable intelligence, including the creation of custom alerts and daily reports, custom dashboards, and .
• Worked with IBM QRadar SIEM Integration and responsible for integrating the log sources with IBM QRadar.
• Configuring log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases, and apps.
• IDS/IPS monitoring/analysis with tools such as Sourcefire, Snort, Bluecoat, Palo Alto, McAfee and FireEye
• Handle and investigate WAF alerts for Sourcefire and Fireeye
• Perform analysis on security incidents using Splunk, Tanium, Windows Event and Symantec logs.
• Perform analysis of host or user activities using Tanium Dashboard and Tanium Trace for evidence gathering.
• Work as per of SOC team to briefing on emerging threats and events in accordance to run book
• Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.
• Utilize Intrusion Detection & Prevention (IDS / IPS) to monitor malicious activities on the network. Analyze firewall logs, IPS and IDS logs to uncover malicious activity going on within the network. Initiate and recommend corrective action to the CIRT team.
• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation
• Perform cyber threat intelligence analysis, correlate actionable security events, perform network traffic analysis using raw packet data, net flow, IDS, IPS and custom sensor output as it pertains to the cyber security of communications networks, and participate in the coordination of resources during incident
• Conduct analysis, cyber threats, the discovery of its vulnerabilities, monitoring for cyber intrusions, troubleshoot and response to security incidents detected from hp arcsight or related SIEM. IDS/ IPS, and other security applications
• Installed and configure Enforce Server Administration console to manage Endpoints, policies, policy rules, Agent groups, Incidents, manage DLP servers, and etc.
• Installed and Configure Endpoint Prevent and Discover detection server to protect Data in use.
• Installed and Configure Network Discover server to discover data at rest and Configure Network protect to protect data at rest by Quarantine, Copy and Encrypt data.
• Performed vendor File share scan with Symantec DLP by setting up Site-to-site VPN.
• Troubleshoot Symantec DLP Issues and provided support remotely for DLP issues.
• Customized and fine-tuned DLP policies to reduce rate of false positives in alerts and align them with business needs incident response. Configure PCI, SOX rules.
• Worked in Security Incident and Event Monitoring SIEM platform - IBM QRadar, and Splunk.
• Tested various threat vectors and present evidence of intent to create signatures/rules to mitigate specific threats.
• Deployed, Implemented and managed SIEM - IBM QRadar suite of products, QRadar SIEM, QRadar Vulnerability Manager (QVM), and QRadar Risk Manager (QRM) in AWS environment.
• Implemented and Maintained SIEM infrastructure using QRadar and Splunk in AWS environment.
• Installed and configured IBM QRadar Network Insights appliance to enables attack prediction through real-time network traffic analysis.
• Participated in the product selection and installation of QRadar Security Information Event Manager SIEM consisting of multiple collectors.
• Responsible to propose rules to the client to implement into QRadar to trigger security events. Once the rules were approved, involved to test them and implement them into QRadar.
• SIEM: Building software & application to enhance SOC operations and cohere Threat Intel interactions. Creating custom data visualization tools to interpret data correlated from event logs. Designing & implementing security content/use-cases on SIEMs, utilizing various event log sources. Delivering solutions, maintenance and support to currently deployed SIEM engines.
• Monitor SIEM tool and triage all alerts as they come in to assure the network is safe
• Services monitored include, but are not limited to SIEM, IDS/IPS, Firewall, Cloud Environments, and Data Loss Prevention (DLP) SMTP and Web.
• Conduct tuning engagements with security engineers to develop/adjust SIEM rules and analyst operating procedures.
• Address/Monitor IAM mailbox and troubleshoot day-to-day issues sent via email from customers and tickets in ServiceNow.
• Collaborates with Infrastructure technical teams to resolve complex IAM security related issues.
• Provided leadership in architecture and implementing security solutions towards Qualys and SIEM tools like QRadar, Splunk.
• Monitor critical infrastructure including firewalls, IDS/IPS devices, virtual networks, vulnerability scanners, VPNs, WANs, and disaster recovery sites.
• Worked closely on Data Privacy control frameworks and related laws and regulations (ISO 27000 series, NIST).
• Managing ePO version 5.3 and VSE 8.8 for large enterprise network.
• Manually Installed McAfee NDLP Prevent 10.x ISO.file and configured in McAfee ePO server.
• Investigated alerts created by IDS/IPS including malicious file uploads compromised servers, SQL-injections, and port scanning.
• Managed vulnerabilities with the aid of NESSUS, Web Inspect as vulnerability scanning tools to detect potential risk on single or multiple assets across the enterprise.
• Conducted Security Scans using Security Center (NESSUS) to identify System Vulnerability, risk assessment and technical report submission detailing the vulnerabilities, risk, and remediation action and review assessment results.
• Implemented ArcSight Logger within organization's syslog enclave for long-term data retention and analysis (SIEM).
• Developed Vulnerability Scanning process for all environment builds, and on-going monthly scanning reporting using Nessus.
• Monitoring of events from Data Loss Prevention (DLP) and other information security tools and determined appropriate next steps using knowledge of Corning businesses or processes.
• Utilized Security Information and Event Management (SIEM), Data Leakage Prevention (DLP), Intrusion Detection and Prevention (IDS / IPS), forensics, sniffers and malware analysis tools.
• Performed investigation, analysis, reporting and escalations of security events from multiple sources including events like intrusion detection, Firewall logs, Proxy Logs, Web servers.

Confidential, Boston, MA

SR. Information security/SOC Analyst

Responsibilities:

• Responsibilities includes supporting 24/7 SOC environment to ensure real time information security and prevent any cyber-attack from inside and outside network.
• Involved in Security Operation, Vulnerability and Risk Assessment, alerting report generation and analysis with various security tools (Splunk, McAfee ePO, Symantec DLP, Bluecoat Proxy).
• Conduct threat intelligence analysis on key areas of the Enterprise Defense in depth analytics, incident statistics and other relevant information in the creation of periodic threat intelligence reports.
• Experienced with DLP, Proofpoint, Trend Micro and Splunk Enterprise SIEM security tools to monitor network environment.
• Monitoring logRhythm dashboard for the suspicious alerts and provide efficient write-up for each alert.
• Using tools like LogRhythm in analyzing network, DLP email monitoring, Symantec SEP logs, firewall and proxy logs to determine the risk level of the alarms.
• Delivering comprehensive prevention, detection and response status using FireEye, Symantec, and Qualys software.
• Utilized Tanium for Deployments, monitor, and analyze data throughout various networks.
• Administer Controls & Permissions to files using PowerShell commands through SCCM.
• Performing periodic vulnerability testing and assisting in remediation efforts.
• Identified, documented and investigated suspicious events in intrusion detection systems (IDS) and SIEM tools.
• Monitoring and analyzing network traffic, Intrusion Detection Systems (IDS) and Instruction Prevention Systems (IPS), security events and logs.
• Involved in firewall deployment and management in Azure such as Palo Alto, Azure Firewall
• Analyzed threats to corporate networks by utilizing SIEM products (QRadar, Splunk) to assess the impact on client environments.
• Assist with their global DLP program including multiple DLP solutions / Cloud Access Security Broker (CASB) security deployment.
• Worked in Security Incident and Event Monitoring SIEM platform - IBM QRadar, and Splunk.
• Provide proactive APT hunting, incident response support, and advanced analytic capabilities.
• Run vulnerability scans and reviews vulnerability assessment reports.
• Coordinates and assists with team on assigned daily SOC operations.
• Analyze and escalate events and incidents to SOC Analyst Level for response and resolution.

Confidential

SOC Analyst

Responsibilities:

• Manage the Security Incident and Event Management (SIEM) infrastructure.
• Collaborate across the entire organization to bring Splunk access to product and technical teams to get the right solution delivered and drive future innovation gathered from customer input.
• Fine tuning existing correlation rules to reduce noise and false positives.
• Monitor the performance of Splunk via the Splunk Monitoring Console.
• Push configurations and updates to multiple Splunk Enterprise instances via the Splunk Deployment Server.
• Develop reports/alerting to meet SOC, clients and leadership requirements.
• Improved and expanded SOC L1 and L2 process documents.
• Risk analysis and security control gap analysis from information & network security perspective.
• Managing security incidents in the organization, key member of Incident Response Team.