SUMMARY

• Experienced Professional with over 5+ years of experience as an IT Security Professional in IT Infrastructure, Information Security, and Cyber Security.
• Experience with Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, Nessus, NMAP, SIEM, Splunk, ArcSight, Rapid7, Routers, Switches, LAN/WAN, TCP/IP protocols, VMware, Endpoint Security, Cloud Security.
• Implementing and supporting several of the following McAfee products: ePO, VSE, ENS, DLPe, HIPS
• McAfee Engineer on proof of concept / pilot of Device Control in McAfee Data Loss Prevention (DLP), McAfee Move.
• Develop McAfee related SOPs (standard operating procedures).
• Building, Deployment, Configuration, Management of SPLUNK Cloud instances in a distributed environment which spread across different application environments belonging to multiple lines of business.
• Provided real time intrusion detection host - based monitoring services using Symantec End point.
• Deployed in the cloud and on-premises using Amazon Web Services (AWS) and Single- Server Support.
• Configured and deployed Symantec HIDS on Windows Server 2008 and 2012 and desktops.
• Experienced with Symantec DLP Policies (DLP templates) compliance and regulation standards such as SOX, PCI, and HIPAA.
• Installed and maintained security infrastructure, including IPS, IDS, log management, and security assessment systems. Assessed threats, risks, and vulnerabilities from emerging Security issues.
• Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level.
• Designed Symantec DLP architecture, implemented Symantec DLP.
• Worked with Symantec DLP upgrades and patches.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Trouble shoot various appliances on the SIEM platform via various Linux commands and Knowledge of capacity planning and linux performance.
• Hands on experience of risk assessment, change management, incident management, third party risk assessment, access control methods.
• Industry Experience with SOC and 24/7 operations.
• Experience in packet analysis and reverse engineering.
• Deep understanding with software and security architectures as well as Intranet and Extranet security practices.
• Penetration Testing: Conduct manual security assessments on web applications, perimeter networks, and internal networks and identify critical vulnerabilities to discuss with information technology teams to understand the risk, resulting in speedy remediation.
• Strong decision-making skills: ability to make decisions, follow through on key tasks, and know when to include others/resources to reach informed decision
• Hands on skills includes end-to-end security management (security aspects in all stages of product development) and end-to-end product development (from functional design of the system to testing and deployment).

TECHNICAL SKILLS

Security Software: Nessus, Ethereal, NMap, Metasploit, Snort, BASE.

Frameworks: NIST SP 800-171, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS.

Security Technologies: Symantec DLP, McAffe EPO, Qradar,Splunk

Qualys Continuous Monitoring: Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance.

Event Management: RSA Archer, Blue Coat Proxy, SplunkPenTest Tools Metasploit, NMAP, Wireshark and Khali

Frameworks: NIST SP 800-171, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS

Security: McAfee epo, Symantec DLP, LogRhythm,Tanium

Firewalls: Check Point, ISA 2004/2006, Palo Alto PA 3000/5000

Operating Systems: Windows, NT, Windows 98/XP/ 2000/2003/2007 , MS-DOS, Linux

PROFESSIONAL EXPERIENCE

Confidential

DLP specialist / Sr. Information security Analyst

Responsibilities:

• Configuring, implementing and maintaining all security platforms and their associated software, such as routers, switches, firewalls, intrusion detection/intrusion prevention, anti-virus, and SIEM.
• Involved in Security Operation, Vulnerability and Risk Assessment, alerting report generation and analysis with various security tools (Splunk, McAfee ePO, Symantec DLP, Imperva, Sourcefire (IDS/IPS), FireEye. Bluecoat Proxy, etc
• Responsible for capturing security and privacy requirements for clients to be compliant with Payment Card Industry (PCI)
• Administration of Splunk (SIEM), ARCOS (Privilege Identity Management), DLP (Symantec), Imperva WAF tools.
• Experienced with, DLP, Bluecoat websense, Proofpoint, Trend Micro, Nexpose (Rapid7) and Splunk Enterprise SIEM security tools to monitor network environment
• Assisted engineers with Splunk troubleshooting and deployment .
• DLP Profile deployment report for detecting servers and Update DLP policies - Incident Analysis
• Excellent Understanding of upgrade SIEM ( ESM, ELM, Receivers)
• Versatile and adaptable team player with strong analytical and problem solving skills.
• Ability to initiate things and the power to grasp business operations and concepts instantly.
• Performing periodic vulnerability testing and assisting in remediation efforts.
• Responsible for installing, deploying, and tuning the DLP solution for the enterprise to include Endpoint and Network DLP solution.
• Support ongoing incidents from non-CIRT organizations related to cyber security
• Engineering, configuring and deploying Enterprise SIEM/SEM solutions.
• Manage Splunk (SIEM) configuration files like inputs, props, transforms, and lookups. Upgrading the Splunk Enterprise and security patching.
• Initiated projects to create disaster recovery plans for identified gaps.
• Established disaster recovery plan testing and auditing cadence.
• Create policies, alerts and configure using SIEM tools (Splunk )
• Identified, documented and investigated suspicious events in intrusion detection systems (IDS) and SIEM tools.
• Plan, deploy, modify and update IDS/IPS systems for the entire network.
• Well versed in working within PCI and HIPAA regulated networks.
• Provided onsite Symantec DLP technical service and support to a large enterprise customer base.
• Experience in supporting Symantec Endpoint Protection 12.1 workstation clients in an enterprise environment. Installation, configuration, and day-to-day management of Symantec Endpoint Protection
• Installed and maintained security infrastructure, including IPS, IDS, log management, and security assessment systems. Assessed threats, risks, and vulnerabilities from emerging Security issues.
• Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level.
• Designed Symantec DLP architecture, implemented Symantec DLP.
• Worked with Symantec DLP upgrades and patches.
• Monitoring and analyzing network traffic, Intrusion Detection Systems (IDS) and Instruction Prevention Systems (IPS), security events and logs.
• Incident handler for the CIRT, including log analysis, forensics, and malware investigation
• SOC and/or CIRT operational experience
• Updating antivirus (Mcafee) policies to protect against individual threats based on specific intelligence in coordination with other teams e.g. CIRT and Threat Intelligence.
• Monitoring of events from Data Loss Prevention (DLP) and other information security tools and determined appropriate next steps using knowledge of Corning businesses or processes.
• Utilized Security Information and Event Management (SIEM), Data Leakage Prevention (DLP), Intrusion Detection and Prevention (IDS / IPS), forensics, sniffers and malware analysis tools.
• Worked in Security Incident and Event Monitoring SIEM platform - IBM Qradar, and Splunk.
• Participated on PCI audits.
• Policy and Rule Management in Symantec DLP.
• Experience with Symantec Vontu DLP product
• Experience with deployment of Symantec DLP- Endpoint Prevent, Network Prevent for Email, and Network Prevent for Web, Network Discover, and ITA

Confidential

Information security Analyst

Responsibilities:

• Experience in Security Incident handling SIEM using RSA Envision and IBM Qradar products.
• Security incidents to provide management oversight to the incident process.
• Perform tuning of the Security Incident and Event Manager (SIEM) filters and correlations to continuously improve monitoring.
• Expert Understanding to develop the complex Use Cases, Universal device support Modules on the QRadar SIEM. Expert in installing and configuring Splunk forwarders on Linux, UNIX and Windows.
• Expert in installing and using Splunk apps for UNIX and Linux (Splunk nix).
• Experience with deployment of Symantec DLP- Endpoint Prevent, Network Prevent for Email, and Network Prevent for Web, Network Discover, and ITA. In-depth experience with Symantec DLP in an enterprise environment. Experience with architecting Symantec DLP Platforms. Experience analysing Symantec DLP events and reports. Experience tuning Symantec DLP to reduce false positives and improving detection rates.
• Provided penetration testing for PCI, SOX, HIPAA, and compliance with ISO 27000.
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies.
• Network and host DLP monitoring and logging
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Monitoring and remediating daily security alerts generated by end users with the tools like Intel/McAfee SIEM, ForcePoints Websense, and Intel/McAfee EPO 5.X and also responsible for effectiveness of tools and scans, as well as assessing and tracking risk of exposure.
• Manage Splunk(SIEM) configuration files like input, props, transforms etc.
• Upgrading the Splunk(SIEM) Enterprise and security patching.
• Well versed in both remote and on-site user Splunk (SIEM) Support
• Centralizing the storage and interpretation of logs using Splunk(SIEM) System
• Worked to develop CIRT within organization to handle a potential future breach instance.
• Vulnerability Management: Configured Qualys Guard Tool for Vulnerability Analysis of Devices and Applications. Monitored them constantly through the dashboard by running the reports all the time.
• Installed, Configured Symantec End Point Protection on laptops used for remote connectivity
• Familiarity with security and testing tools such as Burp Suite, Nmap, Zenmap, OpenVAS, Nessus
• Used remediation techniques for all collected vulnerabilities and if it is very high severe vulnerability
• Maintains network performance by performing network monitoring and analysis, and performance tuning, troubleshooting network problems. Skilled using Burp Suite, NMAP, Qualysguard, Nessus.
• Implemented essential changes to enhance reporting, communications, and work flow related to VM and patching teams.
• Provide Approvals for Software/Application Installations, Site review for web access, McAfee EPO exceptions, and Vulnerability exceptions
• Provided leadership in architecting and implementing security solutions towards SIEM tools like Splunk.
• Prepared, arranged and tested Splunk search strings and operational strings. Created and configure management reports and dashboards
• Splunk Engineer/Dashboard Developer responsible for the end-to-end event monitoring infrastructure of business-aligned applications
• Designed and implemented McAfee Data Loss Prevention (DLP) across all end-points. Created policies and keyword dictionary to safeguards intellectual property and ensures compliance by protecting sensitive data.
• Develop procedures and conduct the monthly patch cycle to keep the Microsoft patch revisions current.
• Assisted in upgrading 5 McAfee ePO servers from ePO 5.1.1 to ePO 5.3.1
• Expertise in the utilization, configuration, and implementation of industry capabilities including web content filters, email security capabilities, IDS, IPS, Host Based Security System (HBSS), SEIM security practices

Confidential

Cyber security Engineer

Responsibilities:

• Manage the Security Incident and Event Management (SIEM) infrastructure
• Collaborate across the entire organization to bring Splunk access to product and technical teams to get the right solution delivered and drive future innovation gathered from customer input.
• Design, Deploy, support and maintain Splunk cluster infrastructure in a highly available, geo-redundant configuration Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the firm's enterprise security platforms
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Analyze network traffic and various log data and open source information to determine the threat against the network required response, containment, investigation, and remediation.
• Responsible for incident response, tuning, system administration, operations and maintenance of the Security Incident and Event Management (SIEM) system
• Experience with deployment of Symantec DLP- Endpoint Prevent, Network Prevent for Email, and Network Prevent for Web, Network Discover, and ITA. In-depth experience with Symantec DLP in an enterprise environment. Experience with architecting Symantec DLP Platforms. Experience analysing Symantec DLP events and reports. Experience tuning Symantec DLP to reduce false positives and improving detection rates
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies.
• Network and host DLP monitoring and logging
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies
• Responsible for DLP Policy creation, testing and implementation to protect client data. information leakage
• Created Standard operating procedures for DLP SMTP(Email), HTTP/s(WEB), SharePoint Incident investigation, third party domain whitelisting, DLP Access provisioning and Incident Response
• Automated DLP Incident metrics using splunk. Developed monthly, weekly metrics and dashboards using splunk.
• Proficient in writing splunk queries, dashboards and log analysis
• Cleaned Symantec Anti-Virus Environment and brought previously Unprotected Machines into Compliance with Security Policy.
• Monitor the performance of Splunk via the Splunk Monitoring Console.
• Push configurations and updates to multiple Splunk Enterprise instances via the Splunk Deployment Server
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• • Implemented multiple tools including Symantec DLP, and QRadar SIEM.
• Conceptualize and implement end-user DLP training materials, enterprise-wide encryption system, Symantec Data insight integration, and Symantec DLP/data security environments support.
• Risk analysis and security control gap analysis from information & network security perspective.
• Managing security incidents in the organization, key member of Incident Response Team.
• Utilization and operation of Security software such Splunk, Tanium, McAfee ePO
• Managed day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.

Confidential

Information security specialist

Responsibilities:

• Per Performed Symantec DLP environments management and support configuration as well as data security environments used in testing and configuring client sites prior to installation.
• Performed Symantec DLP environments management and support configuration as well as data security environments used intesting and configuring client sites prior to installation.
• Responsible for using cutting edge solutions for Data Loss Prevention DLP.
• In-depth experience with Symantec DLP in an enterprise environment.
• Experience with architecting Symantec DLP Platforms.
• Experience analyzing Symantec DLP events and reports formed stress test, optimization for Sourcefire sensors& high availability test on Sourcefire sensors.
• Provided Symantec Endpoint Protection, developed bySymantecCorporation, is an antivirus and personal firewall software for centrally managed corporate environments providing security for both servers and workstations. Experienced with Splunk Monitoring and Reporting.
• Worked on Symantec’s security endpoint solutions on firewall, proactive protection and IPS/IDS
• Will have responsibility for multiple, complex projects; will direct activities of teams related to special initiatives or operations and may have direct reports.
• Responsibilities for CSIRT included SIEM, Context Filtering, Web Security, Incident Tracking, IPS/IDS and Malware Analysis.
• Experience and good knowledge over routing protocols like EIGRP, OSPF, RIP, BGP, ISIS also static route, MPLS, VPN, IPSEC, PPPoE
• Experience in Configuring and implementing VLAN, VTP, LAN switching, STP and 802.x authentication in access layer switches
• Raising incidents for Antivirus issues like Malware, SIEM worms, DNR Alerts, etc.
• Build detection rules in QRadar for over 50,000 Windows, Unix, and Mainframe log sources.
• Develop and test Arcsight asset modelling, it is used to populate asset properties in Correlation rules and reports.
• Experience with architecting Symantec DLP Platforms.
• Experience analyzing Symantec DLP events and reports
• Experience tuning Symantec DLP to reduce false positives and improving detection rates
• Data Loss Prevention suit, Symantec DLP Product - Implementation and deployment as the champion team.
• Good experience with Security Incident and Event Management (SIEM), Intrusion Detection and Prevention Systems (IDS/IPS) and log management and database activity monitoring.
• Managing Bluecoat proxy devices and IDS, IPS devices. Migration of forward proxies to the centralized Director product, configuring the reverse proxy for the content analysis system(CAS) for newer application.
• Planning and configuring the routing protocols such as OSPF, RIP, and Static Routing on the routers.
• Experience in configuring high availability protocols like HSRP, VRRP, GLBP
• Strong Knowledge in WAN technologies including T1, T3, ISDN, HDLC, Point to Point, ATM, Frame Relay or Ethernet over a Packet Switched Network (PSN) with PWE3 emulation
• Advanced knowledge of OSI model, TCP/IP, Internet technologies, system security, firewall infrastructure, network architecture and Cisco network routing / switching (Layer 2 and 3) experience, including LAN and WAN, design and implementation which includes Layer 1 to Layer 7 experience
• Maintained DNS, BGP, OSPF, PPPoE, LACP, L2TP, L2VPN, L3VPN, IP Multicast, IPv6 G.8032, 802.1q, 802.1x, NAC, MPLS, TCP/IP, IPv4, IPv6, Ethernet, WAN Technologies, VPN tunnelling
• Responsible for vendor management for MPLS, VPN circuits