PROFESSIONAL SUMMARY:

• Experienced Professional as an IT Security Professional in IT Infrastructure, Vulnerability, Risk security, GRC, SOC Analyst, SIEM, Information Security, and Cyber Security.
• Managing Security tools DLP, SIEM, Vulnerability scanner, and ServiceNow Security Operation and Penetrations test.
• Expert at implementing network security, SIEM tools, new concepts, identity management, new security technologies, securing cloud architecture, and new security controls as well as in developing innovative security controls and processes that meet business and executive requirements in order to protect information.
• Performed services using industry tools such as Encase Enterprise, Encase eDiscovery, Symantec Clearwell eDiscovery Platform, Discovery Attender, Splunk, Access Data’s Forensic Took Kit, MS SQL 2005/2008, MS Visual Studio, VM Ware, and SIFT Workstation.
• Experienced with Symantec DLP Policies (DLP templates) compliance and regulation standards such as SOX, PCI, and HIPAA.
• System Security and administrator Professional, Facility Security Officer (FSO), Information Systems Security Officer (ISSO), Information Security Management, Firewalls, IDS, Penetration Testing, and industry security standards e.g. ISO 27001:2013, NIST 800 series, HITRUST, HIPPA, GDPR and CCPA, and NISPOM regulations.
• Resolved vulnerabilities in the WebEx and FedRAMP GRC environments, POA&M & NIST, using automated scripts created in Python, PowerShell, Bash.
• Worked on GRC policies like - ISO Standards - Planning, Implementation and Management of ISO 27001:2013 Information Security Management System (ISMS) and ISO 20000-1:2011 Service Management System (SMS).
• Experience in Splunk friendly regex expressions and optimising Splunk search queries with optimal performance.
• Getting different log sources to send data to Splunk along with creating and tuning Technical Add-Ons for proper field extractions using regex
• Efficiently performed web application, vulnerability assessment using Burp Suite, HP Web Inspect, Nexpose and IBM AppScan.
• Operated with Splunk professional services to make the best practices that can be followed by everyone to maintain the performance of Splunk Enterprise Security 7.0.4.
• Experience with various Endpoint tools like McAfee EPO, Carbon Black, BigFix, Symantec EPO (IDS/IPS)
• Hands on experience for HIPAA and PCI-DSS related projects and servicenow ticketing.
• Hands-on experience with TCP/IP, security concepts, WAF and LAN concepts, Routing protocols, Firewall Security policies.
• Assessed the System Owners; used Radiant logic VDS, OIM, RACF, MFA, SailPoints, Archsight, IBM AppScan, Qualys, SiteMinder, Securonix (UEBA) and conducted MRA and Splunk.
• Integrated the data from SAP to ServiceNow by using API, Web services and captured that data in Service Now by creating a table.
• Prepared, installed and configured Symantec Endpoint Protection
• Worked with system owners to achieve FISMA compliance and Authorization to Operate (ATO) for systems based on guidance from the ISO and NIST SP, HITRUST, HIPPA, GDPR and CCPA, and NISPOM regulations and other Risk Management Framework.
• Used Splunk SIEM threat analyst in a managed service security operation center (SOC), triaging cyber threats utilizing Splunk and various Cloud security tools.
• Cyber Security Professional, Facility Security Officer (FSO), Information Systems Security Officer (ISSO), Information Security Management, Firewalls, IDS, Penetration Testing, and industry security standards e.g. ISO 27001:2013, NIST 800 series, NISPOM.
• Vulnerability Management: Configured QualysGuard Tool for Vulnerability Analysis of Devices and Applications. Monitored them constantly through the dashboard by running the reports all the time.

TECHNICAL SKILLS:

Antivirus: McAfee Virus Scan Enterprise, Symantec, Endpoint Protection Suite

DLP: Websense, Symantec & McAfee

SIEM: Splunk ES, McAfee, Arcsight, Qradar, LogRhythm

End Point Security: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Safeboot

IPS/IDS: McAfee IPS, HP Tipping Point, Cisco IDS, SecureWorks IDS/IPS

SIEM: RSA Envision, Arcsight, Splunk security manager, IBM Qradar

Cloud Security: AWS, Azure, OpenStack, Docker, Ansible, Chef, Ansible, CI/CD, Terraform

Worked on: Configuration management tool Puppet for continuous delivery. Experience in working with Modules, Classes, and Manifests in Puppet.

MSS: Vulnerability Assessment, Content Filter, Antispam, IDS/IPS Management

Vulnerability Management Tools: Foundstone, QualysGuard, Nessus, Nmap, Nexpose, Wireshark

Security Tools: Splunk ES, McAfee Vulnerability management solutions, Burpsuite, OpenVAS, Nessus, Qualys, SolarWinds, ForeScout

PROFESSIONAL EXPERIENCE:

Confidential, Kennesaw, GA

Cyber Security and GRC Security Engineer

Responsibilities:

• Opened, Assigned and closed the tickets assigned in SOC Security Management Console towards Qualys for various Remediation Process and Patch Management Process.
• Experience on Network scanning and penetration testing using various web application security tools like Metasploit, OWASP ZAP Proxy, Nmap, Nessus.
• Prepared AD Splunk environment by Verifying that all of the domain controllers and DNS servers in the environment have the latest service packs and hot fixes installed
• Networked and hosted DLP monitoring and logging and created regex-based parser to parser logs and configuring different connectors
• Worked on Splunk (ES) in building the real time monitoring to get a clear visual picture of organization's security posture, easily customize views and drill down to the raw event.
• Automated the centralized detection of security vulnerabilities with scripts for Vulnerability assessment tools like Qualys guard and Splunk.
• In-depth study and investigation of Governance Risk and Compliance including a deep dive into the NIST Risk Management Framework, FISMA, FedRAMP, HITRUST, HIPPA, GDPR and CCPA, ISO-PCI DSS, GDPR, UCF CCH, Cloud Security Alliance CCM, SOX, ISO 27001, HITRUST, Microsoft SDL, CIS 20 Controls and other legal aspects associated with GRC
• Configuration of SPLUNK data inputs by understanding various parsing parameters like Index, source, source typing, queue sizes, index sizes, index locations, read/write timeout values, line breaks, event breaks and time formats during index-time.
• Migration of Splunk clusters in various AWS accounts to single AWS account rehydration of Splunk cluster on AWS environment.
• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
• Worked on Splunk ES to build the correlation searches, alerts, reports and dashboards to get specific monitoring.
• Integrated the data from SAP to ServiceNow by using API, Web services and captured that data in Service Now by creating a table.
• Used automated Vulnerability assessment tools such as Nessus, Nexpose,
• Knowledge of OWASP top 10 vulnerabilities, network and internet architecture, IDS-IPS.
• Deployed Cisco Fire Sight/Firepower appliance and Cisco ASA Firepower inline.
• Identifying OWASP Top 10 Issues identifications like SQL Injection, CSRF, Insecure Cryptographic Storage, XSS and Invalidated redirects and forwards etc.
• Implementation of name resolution using WINS & DNS in TCP/IP environment
• Worked using Perl CGI, python, Java Script, jQuery, Ajax and automating the test cases using python framework
• Actively used Splunk Phantom SOAR technology for searching and monitoring real time events for network security and compliance.
• Working closely with AppScan, Symantec and Rapid7 for any malware activity on environment.
• Ensuring Symantec DLP policies are in place and scanning the environments for incidents.
• Assisting in DLP policy development for the non-production environment.
• Actively monitored and responded to activity impacting various enterprise endpoints facilitating network communication and data handling (McAfee End Point Security, DLP)
• Data Loss Prevention suit, Symantec DLP Product - Implementation and deployment as the champion team.
• Gained experience with Symantec DLP Software: DLP Cloud Prevent for Symantec DLP.
• Worked on Splunk Phantom SOAR Proof of Value (POV) for testing the out of the box use cases.
• Setup CI/CD with Code Pipeline to automate with AWS CloudFormation and focused on cloud strategy (AWS), product marketing, competitive research, customer journey analysis, and strategic partnerships.
• Responsible to onboard applications onto Splunk Enterprise 7.x
• Created case for the suspicious issue and forwarding it to Onsite SOC team for further investigation.
• Conducted Vulnerability assessment for network using Nessus
• Worked on OWASP top 10 CIS CSC, DLP, Data classification, and Encryption standards for Contractors and employee's and experience with object-oriented programming (OOP) concepts using Python, C++, C# and PHP.
• Experience in Installing, configuring Ansible on Linux, Unix clients, creating new profiles, creating modules, running checks, modifying scripts, pushing changes to the clients.
• Conducted system security assessments based on FISMA, NIST and HITRUST, HIPPA, GDPR and CCPA, and NISPOM regulation and DSS Compliance.

Cyber and GRC Security Analyst

Confidential, Fort Worth TX

Responsibilities:

• Answered pre-sales technical and security questionnaires regarding SDLC, ISO 27001, SOC 2/3 audit, FedRamp, PCI, and HIPAA, NIST, PCI and other GRC.
• In depth experience with internal, external, network, & application vulnerability assessments utilizing QualysGuard and FireEye.
• Experience with Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, Nessus, NMAP, SIEM, DLP, Active directory user's attribute bulk modification in PowerShell, query user's details in PowerShell and export reports.
• Implemented Symantec DATA Loss prevention to secure all end points. Configured and instrumented Symantec management console, Symantec management server and Symantec database on Oracle.
• Setup and maintained NFS and TCP/IP network, configured the systems for TCP/IP Networking with the existing LAN, setting up SSH and SCP features between SUN systems and other Red Hat/UNIX hosts.
• Performed tuning of Symantec DLP to reduce false positives and improving detection rates.
• Upgrading the IBM QRadar Enterprise to 6.2.3 and security patching.
• Performed Single Tier 2 and 3 Installation of Symantec DLP for test purpose. Also performed two tier and three tier installation.
• Performed Monthly and quarterly Scans using Symantec 365 DLP and done the escalation of critical data found on Share devices and Shared drives.
• Created and managed DLP policies and networked and hosted DGM monitoring and logging.
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives.
• Used Splunk Deployment Server to manage Splunk instances and analyzed security based events, risks & reporting.
• Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level. Designed Symantec DLP architecture, implemented Symantec DLP
• Troubleshot issues on all Platforms, threat remediation on Splunk Agent, VirusScan Enterprise (VSE), ENS and MNE.
• Handling database issues and connections with SQL and NoSQL databases like MongoDB, Cassandra, Redis, CouchDB, MongoDB, by installing and configuring various packages in python.
• Monitoring the network to avoid intrusions and applied mitigation techniques using NIDS/HIPS through standard vendor devices such as CISCO Firesight and Firepower
• Extracting the fields using Rex, Regex, IFX, which are not extracted by Splunk and experienced in developing Web Services with Python programming language.
• Worked with the Splunk professional to remediate the Search Head load issue by distributing the load equally between the search Heads.
• Worked on multiple RSA Archer solutions i.e., Business Continuity, Compliance, Audit, Policy, Risk and Vendor Management including Findings and Issues Management, Risk Register, Risk Control Self-Assessment and Security Operations.
• Troubleshot issues on all Platforms, threat remediation on Splunk Agent, VirusScan Enterprise (VSE), ENS and MNE.
• Worked using Splunk best practice GRC standards for OWASP top 10 CIS CSC, DLP, Data classification, and Encryption standards for Contractors and employee.
• Created GRC Policy according to HIPPA rule and served as a resource for departments affected by Health Information Portability and Accountability Act (HIPAA) and provides on the requirements to perform actions such as initial inventory, gap analysis, and risk assessments to determine appropriate privacy and security-related organizational policies and Splunk/Phantom 4.1.94.
• Analysis of Static and Dynamic Application Security Testing (SAST/DAST) tools for use by GSS infrastructure contractor and Application Developer Organizations (ADOs).
• Supported the GRC implementation of RSA Archer 6.2 Regulatory and Corporate Compliance, Incident, Task and Risk Management Solutions/Use Cases and maintenance of technology for the Compliance Management.
• Worked on Splunk Phantom SOAR Proof of Value (POV) project and created regex-based parser to parser logs and configuring different connectors
• Strong understanding of enterprise, network, system/endpoint, and application-level security issues and risks
• Experience with Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, Nessus, NMAP, SIEM, Splunk, Active directory user's attribute bulk modification in PowerShell, query user's details in PowerShell and export reports.

Confidential, Wichita, KS

CyberSecurity Engineer

Responsibilities:

• Worked on Splunk products such as Splunk ES and SOAR and developed and operationalized target network architecture to have successful interaction with event sources to design, develop, and implement the solution
• Worked using Splunk best practice standards for OWASP top 10 CIS CSC, DLP, Data classification, and Encryption standards for Contractors and employee.
• Migration of Splunk clusters in various AWS accounts to single AWS account rehydration of Splunk SOAR on AWS environment.
• Worked for AWS EC2 and Cloud watch services. CI/CD pipeline management through Jenkins as a part of Cloud Security.
• Guided all the SME's in using Splunk to create dashboards, reports, Alerts etc.
• Extracted the fields using Rex, Regex, IFX, which are not extracted by Splunk SOAR and extracted the fields using Rex, Regex, IFX, which are not extracted by Symantec SEP.
• Implemented Symantec endpoint encryption (SEE) and DLP to prevent data breaches for lost and stolen devices
• Assisted in the implementation, setup, and management of Symantec DLP (Data Loss Prevention).
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, Solutionary, LogRhythm, SCCM, Altiris, LanDesk, BigFix, McAfee/Symantec.
• In depth experience with internal, external, network, & application vulnerability assessments utilizing QualysGuard and FireEye.
• Involved in standardizing Splunk Phantom SOAR POV deployment, configuration and maintenance across UNIX and Windows platforms.
• Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level.
• Developed Cyber Security GRC Standards on NIST Framework, HITRUST, HIPPA, GDPR and CCPA, and NISPOM regulations and insured their proper implementation to reduce the risk of vulnerability to IT assets
• Updated the GRC controls changes from NIST rev 3 to NIST rev 4 and control assessment changes from NIST A to NIST 53A rev4