SUMMARY

• 15+ years IT industry experience
• 7+ years SIEM and Log Management experience
• Security Incident handling, SIEM (ESEM) using Confidential Qradar/LogRythm products
• Experience with vulnerability management solutions in Hybrid Cloud environments
• Experience inImplementing & managing McAfeeData Loss Prevention
• Extensive knowledge of Information Security Attacks, Threat Management and Systems/Applications Vulnerabilities, Cyber Security Forensic (malware analysis/ identifying intelligence related activity)
• Extensive experience integrating IDS/IPS, FW, DLP, Proxy, Vulnerability Management, Active Directory, Unix, End points into SIEM

TECHNICAL SKILLS

Information Security tools: SIM/SIEM QRadar, Fidelis, Splunk, McAfee Nitro, McAfee NSM, McAfee EPO, McAfee DLP, AWS, SourceFire, Carbon Black, Tripwire, Citrix and Active Directory, Office365, Linux, IronPort, Palo Alto, Checkpoint firewalls R65 and R70, NG, Provider1, Nokia IP650/IP440/IP330 series Snoop/Tcpdump, nmap, Wireshark, Radius, Computrace/Absolute DSS, Proxy, LDAP, Remedy, ISS Internet Scanner, Qualys Guard, AppScan, Snort, Nexpose, Nessus, Titus, Veronis, Retina, Fortinet, Tidal Enterprise Job Scheduling Software, SOX, HIPAA, PCI DSS, NIST 800 - 53, Trend Micro, Websense Content Filtering, Microsoft ISA TMG, Symantec ESM, VPNs, IPSec, PKI

O/S: Windows NT, 2003/2008 Servers, SAP, Linux, Unix

Protocol: TCP/IP, DNS, DHCP

PROFESSIONAL EXPERIENCE

Confidential

SIEM Engineer/Analyst

Responsibilities:

• Perform SIEM product support and implementation
• Unmanaged log-sources
• Aggregate, correlate, and analyze log data from network devices, security devices and other key assets using Qradar
• Manage the day-to-day log collection activities of source devices that send log data to SIEM Confidential Qradar
• Support day to day event parsing and repairing of events that have missing or incorrect information, create log source extensions, and flow management

Confidential

Security Analyst

Responsibilities:

• Managed and maintained operational data flows and Qradar platforms
• Investigate potential or actual security violations or incidents in an effort to identify issues and areas that require new security measures or policy changes
• Provide thought leadership on cloud usage strategy, monitoring, alerting, reporting, and blocking
• Closely collaborate with security architects in developing cloud security frameworks for the enterprise
• Created and documented reports, rules, trends and Dashboard
• Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities using the Qradar and Splunk platforms
• Incident analysis, responses and remediation using SIEM tools

Confidential, IL

Sr. Security Analyst

Responsibilities:

• Performed host, network, and web application penetration tests from an insider threat perspective
• Daily review of anti-bot and anti-spam events with Checkpoint Smart Center
• Conducted network vulnerability scans, identified several vulnerabilities and recommended corrective actions using NexPose
• Proficient in architecting, implementing and administrating Qradar to automate the correlation of Windows and network devices logs
• Deployment of McAfee DLP across the network Data in motion, Data in Use & data at Rest servers
• Monitored a worldwide network for cyber security events and anomalies using a variety of tools such as McAfee NSM, McAfee DLP, and LogRythm.
• Responsible for Confidential Qradar SIEM monitoring and configuration aligned to internal PCI and SOX controls
• Manage the day-to-day log collection activities of source devices that send log data to SIEM Confidential Qradar

Confidential, FL

Sr. Security Analyst

Responsibilities:

• Manage the day-to-day log collection activities of source devices that send log data to (SIEM) Confidential - Qradar
• Administration, Configuration, Rule set creations, policy fine tuning, in-line mode implementations and reporting of Endpoint Security Technologies like: Trend Micro Endpoint Security, Malware Bytes and FireEye APT
• Extract the logs,Performed real time log analysisusing SIEM technologies and Forensics Analysis of logs as per the request
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools
• Analyzed data from over 1000 log sources in a globally deployed Qradar SIEM solution to support incident response activities.
• Designed and deployed Confidential Qradar and integrated critical event sources with Qradar SIEM Provided system administration and firewall engineering support for the Florida SUNPASS ( Confidential )
• Evaluate web applications & web services for vulnerabilities and ensuring a secure platform for users and vendors.
• Perform regular vulnerability assessments and internal penetration tests against corporate assets.
• Observed and analyzed traffic in order to learn valuable lessons from known malicious actors and to determine countermeasures against such threats.
• Maintained organization wide security compliance and scanning for over several hundred hosts including early threat detection, and vulnerability assessment using Nessus

Confidential

Security Engineer

Responsibilities:

• Conducted vulnerability assessments and manual testing of various web applications and Networks.
• Monitor thesecurityof critical systems (e.g., e-mail servers, database servers, web servers, etc) and changes to highly sensitive computersecurity controls to ensure appropriate system administrative actions, investigate and report on noted irregularities.
• Monitored live systems to discover real-time threats
• Create detailed reports containing prioritized findings, demonstrations of exploits, explanation of compromise impacts, and recommendations for mitigation and remediation
• Investigate potential or actualsecurityviolations or incidents in an effort to identify issues and areas that require newsecuritymeasures or policy changes

Confidential

Information Security Analyst

Responsibilities:

• Responsible for maintenance, administration and configuration of the log aggregation solution
• Along with creating custom views, reporting and automated alerting for both operational and security use using Qradar
• Instrumental in architecting, implementing and administrating a Security and Information Event Management (SIEM) solution (QRADAR) to automate the correlation Linux, Windows and network devices
• Responsible for maintaining availability, reporting and communication of the SIEM between it, its event-sources and the endpoints
• Responsible for the creation of the logic to correlate attacks across multiple event sources and attempt to make a determination of the possible outcome

Confidential

Information Security Engineer

Responsibilities:

• Assisted with management and tuning of our perimeter Intrusion Prevention Solution
• Primary administrator for McAfee EPO server and global repository servers to deploy Antivirus and Host Intrusion to Confidential computers, in excess of 2000 machines.
• Implement, configure and troubleshoot VPN's and Secure Remote related issues
• Monitor and proactively report on current threats and vulnerabilities
• Operate and analyze results from enterprise detection systems (SourceFire)
• Supported the creation, customization, and optimization of clients network security policy using Check Point FireWall-1 / VPN-1 (4.1 and NG) and Check Point Provider-1
• Provided checklist, guidelines and implementation for Security Policies for Proxy Server and investigation of Security Incidents related to proxy browsing