SUMMARY

• Over 10 years of experience in Information Security.
• Broad knowledge of hardware, software, and security technologies to provide a powerful combination of analysis, implementation, and support.
• Responsible for IBM Qradar SIEM monitoring and configuration aligned to internal PCI and SOX controls
• Provide network, systems, and security experience, knowledge, and solutions in a system and network-diverse environment. Protect confidentiality, integrity, and availability of information and information systems.

SKILLS

Windows NT, 2003/2008 Servers, SAP, Unix, TCP/IP, DNS, DHCP, SIM/SIEM, SourceFire, Citrix and Active Directory, Linux, AIX, Checkpoint, NG, Provider1, Cisco PIX, VPN, Nokia IP650/IP440/IP330 series Snoop/Tcpdump, nmap, Wireshark, TACACS, Radius, LDAP, Remedy, ISS Internet Scanner, Qualys Guard, AppScan, Snort, Nessus, WebInspect , Retina, Fortinet, Directory and Resource Administrator, Tidal Enterprise Job Scheduling Software, SOX, HIPPA, PCI DSS, RSA DLP, McAfee EPO, Load Balancing , WebSense, Microsoft ISA TMG, Bluecoat, Symantec ESM, Juniper, IronPort, Checkpoint firewalls R65 and R70, VPNs, IPSec, PKI and TCP/IP, QRadar, DLP, Splunk

EXPERIENCE

Confidential

System Security Analyst

• Aggregate, correlate, and analyze log data from network devices, security devices and other key assets using Qradar
• Assist multiple security projects with the goal of exceeding compliance objectives.
• Qradar SIEM and WebSense - Proxy
• Responsible for maintenance, administration and configuration of the log aggregation solution.
• Along with creating custom views, reporting and automated alerting for both operational and security use using Qradar
• Network traffic visualization to facilitate monitoring and trending analysis.
• Responsible for maintaining availability, reporting and communication of the SIEM between it, its event-sources and the endpoints.
• Responsible for the creation of the logic to correlate attacks across multiple event sources and attempt to make a determination of the possible outcome.

Confidential

Information Security Engineer

• Conduct network vulnerability assessments using tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures
• Assisted with management and tuning of our perimeter Intrusion Prevention Solution
• Recommended WebSense Internet proxy and Web Security Gateway Anywhere to manage corporate Internet proxy traffic and supporting infrastructure.
• Historical analysis and correlation of both IDS and Firewall logs.
• Supported Proxy services Microsoft Forefront, Netcache and WebSense Seucure access
• Intrusion Prevention System - IDS/IPS SourceFire Implementation and Upgrade for SourceFire
• Operate and analyze results from enterprise detection systems SourceFire
• Supported the creation, customization, and optimization of clients network security policy using Check Point FireWall-1 / VPN-1 4.1 and NG and Check Point Provider-1
• Provided checklist, guidelines and implementation for Security Policies for Proxy Server and investigation of Security Incidents related to proxy browsing

Confidential

IT Security Consultant

• Participated in the product selection and installation of Qradar Security Information Event Manager SIEM consisting of multiple collectors and a high performance MS SQL database
• Designed and implemented enterprise SIEM systems: centralized logging, NIDS, alerting and monitoring, compliance reporting, based on IBM/Qradar 7.0 SIEM
• Responsible for IBM Qradar SIEM monitoring and configuration aligned to internal PCI and SOX controls
• Manage the day-to-day log collection activities of source devices that send log data to SIEM IBM Qradar
• Managed and monitored McAfee EPO 4.6. Installed Linux/Windows agents and VirusScan Enterprise
• Recommended WebSense Internet proxy and Web Security Gateway Anywhere to manage corporate Internet proxy traffic and supporting infrastructure
• Access control for browsing, Authentication for all hits from browsing on proxy servers, maintenance of proxy logs for for forensic purpose
• Maintain McAfee antivirus applications and appliance, including ePolicy Orchestrator, VSE 8 and 8.5, and Secure Content Manager SCM 3200 SPAM, Virus, and Content filtering of web and email traffic

Confidential

Systems Security Engineer

• Supports day-to-day administration system of various firewalls Checkpoint/Juniper
• Supported, maintained and troubleshoot Microsoft TMG-related issues
• Responsible for daily security checks, monitoring unsuccessful logons, monitoring inactive users and locking inactive users in production system
• Assisted in the implementation of a WebSense Email Security Gateway Anywhere solution to manage/secure SMTP traffic
• Implementation and evaluation of products for new requirements and improve curent serveices. WebSense and NetApp Netcache and Smart filters
• Deploy network hardware technologies, especially Juniper SRX-210 and Checkpoint firewalls
• Provided backline support for escalated cases for WebSense customers, including Level 3/Tier 3 support
• Offer on-call support to detect intrusions and incident response during non-core business hours consistent with requirements
• Update signatures and monitor alerts on IBM SiteProtector Intrusion Prevention Systems

Confidential

IT Security Analyst

• Setup and maintained CheckPoint-1 security policies including NAT, VPN and SecuRemote access
• Monitored and troubleshoot production and corporate network security issues.
• On-call 24x7, responding to intrusion attempts, evaluating new security architectures, assisting in support of firewall issues
• Creation of Checkpoint security policies to dictate users network right as well as securing the internal network from malicious external /internal users
• Configuration and maintenance of SIM/SIEMS tool - QRadar
• Assisted clients on a daily basis with troubleshooting network traffic problems i.e. latency, dropped traffic, loss of packets, etc. related to network devices
• Manage Checkpoint Firewalls, trouble-shooting of access issues, monitoring system resources, policy changes and intrusion detection

Confidential

Network Security Engineer

• Performed detail study of Checkpoint, Palo Alto Firewalls.
• Providing network security by reducing the opportunities for malicious behavior to pass into or out of network undetected by fine-tuning the rules on the network perimeter devices.
• Reviewed network gateway rules and configurations at various Internet gateway device locations.
• Analyzed current outbound traffic patterns/usage Source IP, Destination IP, Port, Service etc. at various Internet gateway device locations, by using log analysis packages like Splunk, Sawmill etc.
• Recommended outbound rule-set/configuration changes based on the review and analysis addressing specific security concerns and vulnerabilities.
• Analyzing and monitoring logs of Firewalls like Checkpoint Palo Alto.
• Detail study of logs, by parsing them in log parsers like Splunk Sawmill tools.
• Detail Study of Ports usage in the Network traffic.
• Developed draft process to determine valid business traffic in the Network.

Confidential

Technical Support Specialist

• Support customer on-site product, technical issues, products and implementation of Tidal Enterprise Scheduler
• Serve as a technical resource and perform highly difficult and complex data management operations
• Develop job processing in the scheduling system, as well as, support and maintain of client scheduling system
• Assisted in troubleshooting cases open around the world related to ISA Server and Microsoft TMG
• Provide guidance to IT organization in advanced security concepts, techniques, technology, and standards.
• Project management - focus on light weight multiplatform systems for use throughout the organization
• Implemented and supported software encryption applications and backup applications to maintain integrity of customer data
• Support/move scripts and programs into the production servers and assist with troubleshooting

Confidential

Information Assurance Specialist

• Day to day technical support and resolution of security issues
• Monitored and supported Symantec Enterprise Security Manager
• Investigated, analyzed and tested vulnerabilities in database security against new types of intrusion threats from the Internet and Internet applications against business enterprise databases
• Specialized in Data Loss prevention and mediation of SQL Injections
• Worked on Setting up of users, roles and profiles Security Policies
• Develop, follow and /or implement infrastructure policies, strategies, guidelines, standards and procedures
• Used TCP/dump to identify traffic going to database server

Confidential

Network Security Engineer

• Diagnosed and resolved both network and firewall related outages within the Intermedia's Internet security infrastructure and acted as the technical escalation point for all such outages
• Performed updates and applied patches on Checkpoint, Solaris, and Nokia IPSO platforms
• Diagnosed and resolved both network and firewall related outages within the Intermedia s Internet security infrastructure and acted as the technical escalation point for all such outages.
• Performed updates and applied patches on Checkpoint, Solaris, and Nokia IPSO platforms.
• Set-up Check Point to Check Point VPN tunnels as well as Check Point to non-Check Point Cisco3030 Concentrator, Swan .

Confidential

Network Security Administrator

• Traveled to data centers to oversee and expedite critical installations and to troubleshoot problems
• Configured, installed, and troubleshot Nokia firewall appliances running Check Point Firewall-1 on IPSO and Cisco network infrastructure
• Assisted security and network engineers comprising a 24/7 security operations center
• Created extensive documentation including snapshots of installation, configurations, html-formatted Check Point security policies and objects, and customer-specific white papers on such topics as how to lock down Solaris

Confidential

Network Support

• Responsible for resolving issues related to the application servers.
• Served in a remote hands capacity, rebooting servers and performing tasks at the console as directed.
• Assisted in the maintenance of the monitoring software
• Conducted on-site support at the corporate level for all hardware/software related issues to include the installations, repairs, and upgrades
• Performed daily backups and conducted monthly tests of data restoration to ensure data integrity and sound procedures
• Installing and configuring RAS Remote Access Services on Windows NT