PROFESSIONAL SUMMARY:

• Experienced Cyber Security Consultant with around five years of IT experience with a focus on designing and developing security solutions.
• Experience in analyzing Security logs generated by Intrusion Detection/Prevention Systems, firewalls, network flow system, and Anti - virus.
• Skilled & technically proficient with multiple firewall solutions, network security, and information security practices.
• Expertise in improving the Risk and Control functions against Governance, Risk Management and Compliance (GRC).
• Supported the information security audit and third-party assessment initiatives during planning, execution, and remediation phases, as well as coordinating and tracking remediation activities.
• Utilization and operation of Security software such Splunk, Tanium, McAfee ePO
• Become a trusted advisor in Symantec DLP with our customers and clients.
• Extensive experience with Symantec DLP architecture and implementation for enterprise level.
• Experience with Symantec DLP upgrades and patches.
• Involved in Cloud Security Infrastructure and design for client's in-house Azure Applications
• Supporting for Enterprise customers on Microsoft Azure (IAAS, PAAS, and SAAS).
• Implementing and supporting several of the following McAfee products: ePO, VSE, ENS, DLPe, HIPS
• McAfee Engineer on proof of concept / pilot of Device Control in McAfee Data Loss Prevention (DLP), McAfee Move.
• Deployed in the cloud and on-premises using Amazon Web Services (AWS) and Single- Server Support.
• Configured and deployed Symantec HIDS on Windows Server 2008 and 2012 and desktops.
• Experienced with Symantec DLP Policies (DLP templates) compliance and regulation standards such as SOX, PCI, and HIPAA.
• Installed and maintained security infrastructure, including IPS, IDS, log management, and security assessment systems. Assessed threats, risks, and vulnerabilities from emerging Security issues.
• Compliance and regulation standards such as PCI, HIPPA, SOX.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Experience in integrating Data Loss Prevention (DLP) policy between the CASB and network DLP to improve policy uniformity and consistency.
• Configuration and maintenance of SIM/SIEMS tool - QRadar, Splunk & Arcsight.
• Industry Experience with SOC and 24/7 operations.
• Strong knowledge of PKI concepts, patterns and practices.
• Lead the definition and implementation of POCs around PKI and other certificate related technologies
• Penetration Testing: Conduct manual security assessments on web applications, perimeter networks, and internal networks and identify critical vulnerabilities to discuss with information technology teams to understand the risk, resulting in speedy remediation.

TECHNICAL SKILLS:

Security Software: Nessus, Ethereal, NMap, Metasploit, Snort, BASE.

Frameworks: NIST SP, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS.

Security Technologies: Symantec DLP, McAfee EPO, QRadar, Splunk

Qualys Continuous Monitoring: Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance.

Security: McAfee epo, Symantec DLP, Log Rhythm, Tanium

Firewalls: Check Point, ISA 2004/2006, Palo Alto PA 3000/5000

PROFESSIONAL EXPERIENCE:

Confidential, Detroit, MI

Sr. Information Security Consultant

Responsibilities:

• Installed and configure Symantec DLP to protect confidential Data in motion, Data in use, and Data at rest.
• Work closely with the information security team and security project management office to roll out a DLP solution in compliance.
• Administration and initial configuration of Symantec DLP and CASB cloud security.
• Implementation and support of DLP (Data Loss Prevention) Security tools like Symantec NDLP and Skyhigh CASB for Amazon AWS Implement, troubleshoot, integrate, and support vulnerability management, Data Loss Prevention (DLP), Cloud Access Security Broker (CASB)
• Planning, risk and control assessment of Skyhigh CASB to enhance visibility to user interaction to enterprise data in the cloud.
• Utilized Python Libraries like Boto3, numPY for AWS.
• Using Amazon EC2 command line interface along with Bash/Python to automate repetitive work.
• Worked in Python for instantiating multi-threaded application and Deploy and monitor scalable infrastructure on Amazon web services (AWS)
• Performed vendor File share scan with Symantec DLP by setting up Site-to-site VPN.
• Troubleshoot Symantec DLP Issues and provided support remotely for DLP issues.
• Customized and fine-tuned DLP policies to reduce rate of false positives in alerts and align them with business needs incident response. Configure HIPPA, HITECH, PII, PCI, SOX, and PHI policies and rules.
• Application administration for QRadar, Splunk and Tanium
• Configuring, implementing and maintaining all security platforms and their associated software, such as routers, switches, firewalls, intrusion detection/intrusion prevention, anti-virus, and SIEM.
• Involved in security product assessments such as Palo Alto, Twistlock, Azure Firewall
• Involved in Security Operation, Vulnerability and Risk Assessment, alerting report generation and analysis with various security tools (Splunk, McAfee ePO, Symantec DLP, Imperva, Sourcefire (IDS/IPS), FireEye, Bluecoat Proxy, etc
• Consolidating analysis of suspicious Splunk data security event logs (Windows Defender, AppLocker, Audit Events, successful malicious.
• Responsible for capturing security and privacy requirements for clients to be compliant with Payment Card Industry (PCI)
• Install and configuring SSL certificates on new and existing McAfee ePO servers.
• Intelligence gathering, incident response, malware analysis and Malware Analysis.
• Assisted engineers with Splunk troubleshooting and deployment.
• Performing periodic vulnerability testing and assisting in remediation efforts.
• Responsible for installing, deploying, and tuning the DLP solution for the enterprise to include Endpoint and Network DLP solution.
• Administer Controls & Permissions to files using PowerShell commands through SCCM.
• Manage Splunk (SIEM) configuration files like inputs, props, transforms, and lookups. Upgrading the Splunk Enterprise and security patching.
• Use of smartcard management system to perform PKI certificate issuance, certificate updates, certificate revocation and restoration, smartcard distribution and smartcard status updates.
• Manage certificates within a private Enterprise-wide PKI.
• Revocation and Suspension of PKI certificates on NIPRNet and/or SIPRNet (CRLs and OCSP).
• Identified, documented and investigated suspicious events in intrusion detection systems (IDS) and SIEM tools.
• Plan, deploy, modify and update IDS/IPS systems for the entire network.
• Experience in supporting Symantec Endpoint Protection 12.1 workstation clients in an enterprise environment. Installation, configuration, and day-to-day management of Symantec Endpoint Protection
• Installed and maintained security infrastructure, including IPS, IDS, log management, and security assessment systems. Assessed threats, risks, and vulnerabilities from emerging Security issues.
• Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level.
• Monitoring and analyzing network traffic, Intrusion Detection Systems (IDS) and Instruction Prevention Systems (IPS), security events and logs.
• Analyzed threats to corporate networks by utilizing SIEM products (Arcsight and LogRhythm) to assess the impact on client environments.

Confidential, Newport Beach, CA

Information security analyst

Responsibilities:

• Experience in Security Incident handling SIEM using RSA Envision and IBM QRadar products.
• Implementing cloud access security broker (CASB) solutions to act as central control points to set policy, monitor behavior, and manage risk across all cloud services simultaneously
• Designing cloud security using CASB firewalls in AWS.
• Perform tuning of the Security Incident and Event Manager (SIEM) filters and correlations to continuously improve monitoring.
• Procedure all deployment and step by step document for all ePO related troubleshooting
• Deploy Agent, and VSE package from the ePO console to fix the corrupt Agents/VSE
• Troubleshoot all kind of issue related with McAfee and ePO.
• Configured, operated and troubleshooted customer network intrusion and malware
• Expert Understanding to develop the complex Use Cases, Universal device support Modules on the QRadar SIEM. Expert in installing and configuring Splunk forwarders on Linux, UNIX and Windows.
• Utilized Tanium Endpoint Management to actively hunt cyber security threats within the environment.
• Involved in firewall deployment and management in Azure such as Palo Alto, Azure Firewall
• Administer Patching and Compliance systems using SCCM.
• Provided penetration testing for PCI, SOX, HIPAA, and compliance with ISO 27000.
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Monitoring and remediating daily security alerts generated by end users with the tools like Intel/McAfee SIEM, ForcePoints Websense, and Intel/McAfee EPO 5.X and also responsible for effectiveness of tools and scans, as well as assessing and tracking risk of exposure.
• Manage Splunk (SIEM) configuration files like input, props, transforms etc.
• Upgrading the Splunk (SIEM) Enterprise and security patching.
• Well versed in both remote and on-site user Splunk (SIEM) Support
• Centralizing the storage and interpretation of logs using Splunk(SIEM) System
• Vulnerability Management: Configured Qualys Guard Tool for Vulnerability Analysis of Devices and Applications. Monitored them constantly through the dashboard by running the reports all the time.
• Installed, Configured Symantec End Point Protection on laptops used for remote connectivity
• Used remediation techniques for all collected vulnerabilities and if it is very high severe vulnerability
• Maintains network performance by performing network monitoring and analysis, and performance tuning, troubleshooting network problems. Skilled using Burp Suite, NMAP, Qualysguard, Nessus.
• Implemented essential changes to enhance reporting, communications, and work flow related to VM and patching teams.
• Provide Approvals for Software/Application Installations, Site review for web access, McAfee EPO exceptions, and Vulnerability exceptions
• Provided leadership in architecting and implementing security solutions towards SIEM tools like Splunk.
• Designed and implemented McAfee Data Loss Prevention (DLP) across all end-points. Created policies and keyword dictionary to safeguards intellectual property and ensures compliance by protecting sensitive data.
• Expertise in the utilization, configuration, and implementation of industry capabilities including web content filters, email security capabilities, IDS, IPS, Host Based Security System (HBSS), SEIM security practices.

Confidential, NYC, NY

Security Analyst

Responsibilities:

• Managed universal Symantec DLP policies with a centralized platform for detection, incident remediation workflow and automation, reporting, system management and security.
• Manage the Security Incident and Event Management (SIEM) infrastructure
• Collaborate across the entire organization to bring Splunk access to product and technical teams to get the right solution delivered and drive future innovation gathered from customer input.
• Design, Deploy, support and maintain Splunk cluster infrastructure in a highly available, geo-redundant configuration Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the firm's enterprise security platforms
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Responsible for incident response, tuning, system administration, operations and maintenance of the Security Incident and Event Management (SIEM) system
• Responsible for DLP Policy creation, testing and implementation to protect client data information leakage
• Created Standard operating procedures for DLP SMTP(Email), HTTP/s(WEB), SharePoint Incident
• Investigation, third party domain whitelisting, DLP Access provisioning and Incident Response
• Automated DLP Incident metrics using splunk, Developed monthly, weekly metrics and dashboards using splunk.
• Cleaned Symantec Anti-Virus Environment and brought previously Unprotected Machines into Compliance with Security Policy.
• Monitor the performance of Splunk via the Splunk Monitoring Console.
• Push configurations and updates to multiple Splunk Enterprise instances via the Splunk Deployment Server
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Conceptualize and implement end-user DLP training materials, enterprise-wide encryption system, Symantec Data insight integration, and Symantec DLP/data security environments support.
• Managing security incidents in the organization, key member of Incident Response Team.
• Utilization and operation of Security software such Splunk, Tanium, McAfee ePO

Confidential

Technical associate - Information security

Responsibilities:

• Data Loss Prevention suit, Symantec DLP Product - Implementation and deployment as the champion team
• Deployment of Data loss prevention across the network - Data in motion, Data in Use & data at Rest servers
• Reviewed encryption logs and DLP logs to regulate use base technological risk violations
• Prepared the Knowledge Transfer document of Process and Technical specifications guide for the Transition/Internal purpose
• Data Loss Prevention suit, Symantec DLP Product - Implementation and deployment as the champion team
• Deployment of Data loss prevention across the network - Data in motion, Data in Use & data at Rest servers
• Performed tuning of Symantec DLP to reduce false positives and improving detection rates
• Signature Updates Deployment on the Management Components and all the Individual IPS/IDS devices
• Intrusion Prevention System - IDS/IPS Implementation and Upgrade for Site Protector
• Refined IPS Policy and Creating Rules according to the Security Standard