SUMMARY

• Experienced in Vulnerability management and remediation.
• Expert in identifying and evaluating risks during review and analysis of the System Development Life Cycle (SDLC), including design, testing/QA, and implementation of systems and upgrades.
• Expert in preparing audit scopes reported findings and presented recommendations for improving data integrity and operations.
• Conducted Dynamic and Static Application Security Testing (SAST & DAST).
• Extensive experience in SIEM operations and implementation, administration, implementation, and monitoring. Working as a part of Threat Intelligence team performing malware analysis, advanced cyber threat detection & security advisory integration with QRadar, and Splunk.
• Deploy new Splunk systems and Monitor Splunk internal logs from the monitoring Console (MC) to identify and troubleshoot existing or potential issues.
• Created correlation, aggregation rulesets, and visualization dashboards using Splunk ESM, QRadar
• Configured and installed Bluecoat Proxy SGs to a newly designed network scheme, from an inline perspective to a WCCP load - balanced network layout.
• Performed checks to ensure that the audits are performed accurately in the allocated time frame.
• Good understanding of Incident Response and Forensic investigation on a volatile memory, hard drives, and cloud storage.
• Experience in penetration testing, DAST, SAST, and manual ethical hacking on various applications in different domains based on OWASP Top 10.
• Solid Understanding of IBM QRadar, Palo alto NGFW, and SDLC
• Understanding of Incident response policies and guidelines, REACT principle, Policy enforcement, Malware Analysis, and Incident recovery.
• Knowledge of Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k, etc.) as well as a centralized management system (Panorama) to manage large-scale firewall deployments.
• Hands-on experience with Palo alto firewall and Trend Micro endpoint solution. Assisted customers with troubleshooting McAfee ePO, McAfee Drive Encryption
• Played a major role in understanding the logs, server data and brought an insight into the data for the users.
• Collaborate with other Information Security and IT team members to develop and implement innovative strategies for monitoring and validating compliance status.
• Evaluate transactions using established criteria to detect potential incidents of fraud Utilize resources to obtain forensic evidence for investigative purposes when reviewing fraud detection or investigation cases.
• Conduct data analysis to logically identify opportunities for improvement of shrink reduction.
• Manage confidential information and documentation as required by the company, state, and federal law.
• Implemented company policies, technical procedures, and standards for preserving the integrity and security of data, reports, and access.
• Worked on McAfee VSE product to Stop worms, spyware, and viruses, get high-performance security, Lessen damage from outbreaks.
• Configured a load balancer to divert traffic to different webserver’s and securing Apache and SSH through playbooks.
• Designed IP tables playbook to restrict unknown connections reaching out to the webservers.
• CyberArk Vault Maintenances, 2FA troubleshooting, accesses and authentications, SAPM troubleshooting & repairs, SUPM users authentications and maintenances.
• General managing of Cyber-Ark Security that offers any enterprise a wide range of services and support options to making digital vault solution a success; these services include implementation, consulting, training, maintenance, online support and vault scripting, and Digital Certification supporting.
• Manage and perform Nessus and Nmap scans before all production releases and analyzevulnerabilitiesand report to all stakeholders.
• Knowledge of CPM/PPM/EPV/PSM & PSM Recorder for RDP connections and session recording of activity logs in the PVWA, such as SIEM.
• Examine assets to determine if vulnerabilities exist and if vulnerabilities are found proposes remediation strategies that can be applied to mitigate them.
• Developed DevSecOps tools for automating various security scanning processes.
• The tools such as Jenkins, Python, Docker, PowerShell, BOTO3, and AWS CLI have been used for automation. Developed AWS Security Groups to control traffic.
• Implemented security fundamentals like SANS top 25.
• Identify issues on sessions management, Input validations, output encoding, Logging Exceptions, Cookie attributes, Encryption, Privilege escalations.
• Developed AWS Security Groups to control traffic to various instances in the Cloud.
• Assist in vulnerability remediation efforts across various projects by proposing remediation strategies and engaging vital stakeholders utilizing Plan of Actions and Milestones.
• Experienced in using Microsoft System Center 2016 Endpoint Protection and System Center Configuration Manager for blocking virus, worms via emails or documents and lessen damage from the outbreaks.
• Skilled in creating and managing security policies for firewalls, software hardening, policy implementation, prioritization, and deployment.
• Experience related to advanced threat protection, firewall policy administration, network profiling, and device health monitoring.

TECHNICAL SKILLS

Routers: Cisco 7609,2600,2800,3800,3640,3745,7200 series

Switches: Cisco 3500,500,6500 Catalyst Series, Cisco 7000,2000 Nexus Series

Routing Protocols: BGP,OSPF,EIGRP,VRRP,HSRP,GLBP and RIP

Computer Networking: TCP/IP, DHCP, DNS, RIP, OSPF, IGRP, EIGRP, BGP, SSL, ARP, VLAN, Ethernet, 802.11, VPN, SNMP

Authentication/Authorization/DLP: Kerberos, 802.1x, Symantec

IDS/IPS/Anti-Virus Software: McAfee Total Protection, Symantec Endpoint Protection, Sophos Mobile Security

SIEM: Splunk ES, McAfee, Arcsight, Qradar, Logrithm

Network Simulation Applications: Riverbed Modeler Academic Edition

Programming/Scripting Languages: Python, SQL, MS SQL

Virtualization environments: VMware Workstation, VirtualBox

Operating Systems: Kali Linux, Windows XP/Vista/7/8.1/10/Server 2008 R2 Datacenter, Mac OS X, Ubuntu

IP Services: DHCP,NAT,VLAN,DNS,FTP,TFTP,LAN/WAN

WAN Technologies: ATM,ISDN,PPP,MPLS,ATT,802.11,802.11a,802.11b,APLUS

PROFESSIONAL EXPERIENCE

Confidential, Newark New jersey

Cyber Security Analyst

Responsibilities:

• Implementation starting from Design, Installation, Administration, Monitoring, Upgrades of McAfee Policy Orchestrator (ePO) and McAfee Endpoint Security Protection enterprise suite.
• Black Box Testing Frontend Security Testing
• Worked and Expert on Virus Scan Enterprise (VSE), Policy Auditor (PA), Drive Encryption (MDE), Rogue System Detection (RSD), Data Loss Prevention (DLP), Threat prevention (TP) and Adaptive threat prevention (ATP), and maintaining them on multiple networks like Windows/Linux/MAC.
• Monitored network servers, conducted workstation administration, managed workstation and server deployments, conducted backup & patch management.
• White box test done by using Fortify, Engage with Penetration Testers validate false positives, Perform secure code review of the codebase.
• Implementation, consulting, training, maintenance, online support, and vault.
• CyberArk Vault Maintenances. Building CyberArk safes and adding different applications/portfolios in the safes.
• Performed Internal and External Vulnerability Scans using OpenVAS and Rapid 7 Nexpose
• Active Directory group/user authentication and maintenances.
• Authentication and Authorization of Privilege users working with CyberArk and Access Management.
• General managing of Cyber-Ark Security that offers any enterprise a wide range of services and support options to making digital vault solution a success; these services include implementation, consulting, training, maintenance, online support and vault scripting, SIEM, and Digital Certification supporting.
• Responsible for delivering DLP implementation with complete PLM deliverables like requirements, designing of policies Pilot testing, and Enterprise implementation.
• Designing Incident response workflow for DLP incidents for the generated alerts.
• Designing of DLP Policy with Data scanning while at Rest, Motion, and Use.
• Developing necessary DLP Policy or Rules for generating metrics like key risk values and performance indicators to measure the monitored program and related processes to present to the management.
• Developing SOP documentation for Level 1 and 2 engineers for troubleshooting and product information.
• Implement or coordinate remediation required by audits, and document exceptions, as necessary.
• Acquainted with various approaches to Grey & Black box security testing.
• Conducted Dynamic and Static Application Security Testing (SAST & DAST).
• Deploy new Splunk systems and Monitor Splunk internal logs from the monitoring Console (MC) to identify and troubleshoot existing or potential issues
• Created Test Plans for Grey Box testing, white box testing.
• Implemented and using Rapid 7 Nexpose for vulnerability assessment and Metasploit for Penetration testing
• Configured Nexpose Rapid7 to scan all internal servers and workstations to ensure patching is complete.
• Wrote and Executed SQL queries in Rapid 7 to generate reports for vulnerabilities reported in formatted data for stakeholders.
• Responsible for creating weekly, ad hoc, and monthly reports using Rapid 7 and Nessus vulnerability tool to analyze reports using excel to create pivot charts to show trends.
• Web Application Blackbox Testing Used Cenzic Hailstorm and Appscan to assist in BlackBox testing. Executed manual tests by validating with custom security checklists.
• Worked with Splunk professional services to make the best practices that can be followed by everyone to maintain the performance of Splunk Enterprise Security.
• Helped in automating the DDP report in Splunk to see the machines that are out of compliance.
• Guided all the SME's in using Splunk to create dashboards, reports, alerts, etc.
• Ingest logs into Splunk from databases and applications (includes non-COTS applications); develop custom parsers as needed
• Providing Information Security Operations Center (ISOC) support, analyze a variety of network and host-based security logs (Firewalls, NIDS, HIDS, Syslog, etc.)
• Managed McAfee ePO A/V environment using ePO console to pull reports and validate security protection compliance via DAT file updates, and accordingly take appropriate action to correct issues found within the ePO environment.
• Generated securityreports and dashboards utilizing enterprise securitysystems such as McAfee ePO.
• Developed AWS Security Groups to control traffic to various instances in the Cloud.
• Given Authorizations for data transfers also Alerting and logging for rogue machines and unauthorized actions.
• Web Application Vulnerability Assessment Performed web application BlackBox testing.
• Performed white box and black box software security assessments
• Utilized WhiteHat to also perform SAST and DAST on production applications.
• Managed Mcafee Web control for monitoring the website traffic to the endpoint users.
• Created and delivered whitepapers to customers explaining how to implement new capabilities with ePO, VSE, HIPS, RSD, DLP, and PA.
• Experience with the Splunk Phantom SOAR Proof of Value (POV) project and participate in testing the out-of-the-box use cases.
• Implemented Repository management updates, definitions, policies and also performed Agent deployment for new machines and users.
• Prepared detailed Test Plans and Test Cases for Functional, System, and Black Box Testing.
• Performed Smoke, Functional, Black Box, and System Testing on IE and IE11.

Confidential, liberty street, NY

Cyber Security Analyst

Responsibilities:

• Executed daily vulnerability assessments, threat assessment, mitigation, and reporting activities to safeguard information assets and ensure protection has been put in place on the systems.
• Actively monitored and responded to activity impacting various enterprise endpoints facilitating network communication and data handling (McAfee End Point Security, DLP,).
• Gather testing tools and methodologies and perform step by step Penetration testing by enumerating information.
• Qradar SIEM and WebSense - Proxy
• Performed Static and Dynamic Analysis and Security Testing (SAST and DAST) for various applications as per the firm's security standards (i.e., OWASP, SANS 25).
• Coordinated and conducted event collection, log management, compliance automation, identity monitoring activities using ArcSight ESM and Splunk platform.
• Analysis for onboarding requests to determine fit for Splunk/monitoring platform
• Supported Proxy services Microsoft Forefront, Netcache, and WebSense Secure access
• Assisted in the implementation of a WebSense Email Security Gateway Anywhere solution to manage/secure SMTP traffic
• Implementation and evaluation of products for new requirements and improve current services. WebSense and NetApp Netcache and Smart filters
• Deploy network hardware technologies, especially Juniper SRX-210 and Checkpoint firewalls
• Provided backline support for escalated cases for WebSense customers, including Level 3/Tier 3 support
• Managed and tuned Splunk Phantom SIEM, SOAR, and Cisco Firepower IPS Gateways
• Good Experience in Metasploit Framework and Social Engineering.
• Handling responsibilities for CSIRT included SIEM, Context Filtering, Web Security Service, Incident Tracking, IPS/IDS, and Malware Analysis.
• Performed Vulnerability Scans with Rapid 7, Nessus Tenable, OpenVAS
• Perform Server scans for both internal and external IP addresses using Rapid 7 Nexpose and Nessus.
• Experienced in Dynamic Application Security Testing (DAST) & Static Application Security Testing (SAST)
• Performed real-time proactive Security monitoring and reporting on various Security enforcement systems, such as MacAfee NITRO (SIEM), Anti-virus, Internet content filtering/reporting, malware code prevention, Firewalls, IDS& IPS, Web Security service, Anti-spam, etc.
• Proficient with security tools and platforms such as IDS/IPS, SIEM (Arc Sight, Splunk), A/V, ProxySG
• Involved in standardizing Splunk forwarder deployment, configuration, and maintenance across UNIX and Windows platforms.
• Conduct Malware analysis and investigate behavioral characteristics of each incident utilizing IDS monitoring tools.
• Experienced with McAfee ePO, Nitro, Web gateway, DLP, Bluecoat Websense, ForcePoint, Proofpoint, Trend Micro, Nexpose (Rapid7), and Splunk Enterprise SIEM security tools to monitor network environment.
• Monitor and investigate SOC incidents and alerts with McAfee EPO.
• Good experience in working security management tool McAfee ePolicy Orchestrator (ePO) console and deploying the McAfee agents on the client-side.
• Managing End Point Encryption and Infrastructure using MacAfee EPO.
• Performed wireless pen testing using Air cracking and analyzed the network using Wireshark. Found network vulnerabilities using Nexpose and examined web application using HP Fortify.
• Experience in vulnerability assessment and penetration testing using various tools like Burpsuite, DirBuster, OWASP ZAP Proxy, Nessus, IBM App Scan, Nmap, Kali Linux, and Metasploit.
• Responsibility for policy configuration for all the McAfee components and the same is deployed to the clients.
• Proficient in Penetration testing based on OWASP Top 10vulner abilitieslike XSS, SQL injection, CSRF, Source code review assessment.
• Managed security incidents resulting from Splunk and third-party alerts, including investigation and remediation.
• Used McAfeee Policy Orchestrator to monitor and identify potential intrusions and attacks for the Security Operations Center (SOC).

Confidential, Reston Virginia

IT Security Analyst

Responsibilities:

• Qradar Implementation & its Integration with other N/W devices and Applications and the troubleshooting work.
• Create log rhythm rules.
• Investigate SIEM alerts.
• SIEM deployment, currently looking at Rapid7, Log Rhythm, and others.
• Configuring alarms and dashboards in SIEM (Log Rhythm) for detecting threats and abnormal behaviour.
• Respond to cybersecurity events from firewalls, IDS/IPS, Log Rhythm SEIM and McAfee anti-virus security tools.
• Involved in Security Operation, Vulnerability and Risk Assessment, alerting report generation and analysis with various security tools (Splunk, McAfee epos, Symantec DLP, Impervo, Source fire (IDS/IPS), FireEye. Bluecoat Proxy, etc.
• Monitor SIEM views and draft reports on network activities that may exploit vulnerabilities or cause harm to network hosts
• Security incidents to provide management oversight to the incident process.
• Perform tuning of the Security Incident and Event Manager (SIEM) filters and correlations to continuously improve monitoring.
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies.
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data f Configuration and Administration of Palo Alto Networks Firewall to manage large scale firewall deployments
• Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools
• Successfully installed Palo Alto PA-3060 firewalls to protects Data Centre and provided L3 support for routers/switches/firewalls
• Implemented Positive Enforcement Model with the help of Palo Alto Networks
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools
• Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls