SUMMARY

• Experienced Information Security Analyst looking for a job as a Sr. Information & Cyber Security Analyst. A Certified Ethical Hacker (CEH) having over 8+ years of IT Industry experience primarily focused on Information Systems Security with active participation in Security Operations Centre (SOC) support activities.
• An insightful and results - driven IT professional with a passion for being the best Security Analyst and setup complex network environments with the highest security standards.
• Successfully meets the challenge of remaining current with new and developing technology to participate in corporate IT security initiatives in support of business objectives.
• Very strong experience in Information Security with a focus on Federal Information Security Management Act (FISMA), NIST Cyber Security Risk Management Framework (RMF), Government Risk Compliance (GRC) System Security Monitoring and Auditing, Risk Assessments, Security Control Assessment (SCA) and Developing Security Policies, Procedures according to NIST Standards and Guidelines.
• Information Security Analyst/ Threat Engineer with more than 6+ years of experience in analyzing Security Incidents, Vulnerability and Penetration testing, Network Monitoring, Information Security & Network security functions.
• Experience with industry - recognized SIEM (Security Information and Event Management) solutions such as NITRO, Splunk, Arcsight, LogRhythm, McAfee, Symantec, QRadar, and many other tools.
• Commendable experience in auditing, implementing & managing HIPAA, SOX, ISO, NIST, PCI DSS, SAS 70 I & II Standards/Guidelines.
• Provided, maintained (at N Release Level), and administer endpoint security management tools: (a) anti-virus (e.g., Symantec, Palo Alto, and TrendMicro), (b) data loss prevention (“DLP”) (e.g., WebSense and Palo Alto), (c) web filtering (e.g., Cortex XSOAR and Palo Alto XSOAR) and (d) spam filtering (e.g., Proofpoint) across Customer IT Environment, Authorized Users, data center and Network Assets
• Hands-on Experience with Rapid7 Nexpose, Metasploit and ForcePoint, and Splunk. Security Manager to identify threats and assigned category.
• Experience configuring and deploying McAfee modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM.
• Worked using McAfee best practice standards for OWASP top 10 CIS CSC, DLP, Data classification, and Encryption standards for Contractors and employees.
• Strong experience in working on RSA Archer (XDR) and have good experience with all areas of Archer framework including Access Control, SSO Application Builder, DDEs, Calculations, Notifications, Data Feed Manager, Searching & Reporting, Workspaces, Dashboards for SOAR (Security Orchestration, Automation, and Response).
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers, and malware analysis tools.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Vulnerability Management: Configured QualysGuard Tool for Vulnerability Analysis of Devices and Applications. Monitored them constantly through the dashboard by running the reports all the time.
• Monitor and investigate SOC incidents and alerts with Splunk, Sourcefire and McAfee EPO.
• Hands-on Experience with Security frameworks such as NIST S\P 800-37, HIPAA, PCI-DSS, SOX and industry standards ISO 27001, HITRUST, HITRUST CSF and PCI DSS and ISO 22301
• Experienced on the technical delivery side of Governance Risk and Compliance (GRC) projects
• Configured and deployed Symantec HIDS on Windows Server 2008, 2012 and 2014 and desktops.
• Provided to internal SOC team on hand-off of SIEM product and Handling Symantec Encryption Desktop related tickets or issues.
• Determined enterprise information assurance and security standards
• Used SIEM threat analyst in a managed service security operation center (SOC), triaging cyber threats utilizing Splunk, QRadar, Splunk, McAfee Enterprise Security Manager (ESM) and various Cloud security tools.

TECHNICAL SKILLS

DLP: Websense, Symantec & McAfee

End Point Security: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Symantec, Antivirus, HIPS, Encryption, HDLP, Malware Analysis, Advance Threat Protection

IPS/IDS: McAfee IPS, SNORT

SIEM: Splunk, IBM QRadar, Arcsight, Nitro Threat Q

MSS: Vulnerability Assessment, Content Filter, Antispam, IDS/IPS Management

Vulnerability Management Tools: Nessus, Nmap, Nexpose, Wireshark, Fortify

Security Tools: Splunk, ServiceNow, McAfee Vulnerability management solutions, Nessus, Solarwinds, LogRhythmPlatforms/Applications Continuous MonitoringVulnerabilityManagement, Web Application Scanning, Threat Protect, Blue Coat Proxy, LogRhythm, Burpsuit, NMAP, Wireshark

Content Protection: Email Security, Web Security, Application Security

Frameworks: NIST SP 800-171, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS

PROFESSIONAL EXPERIENCE

Confidential

Sr Cyber Security Engineer

Responsibilities:

• Worked as a Splunk Phantom SOAR analyst in a managed service security operation center (SOC), triaging cyber threats utilizing Splunk Cloud Security Core, Enterprise, Data Stream processor) tools.
• Opened, Assigned, and closed the tickets assigned in SOC Security Management Console towards Qualys for various Remediation Process and Patch Management processes.
• Conducted Vulnerability assessment for a network using Nessus and N-Map.
• Performed penetration testing for external-facing web applications. Security areas covering DMZ architecture, threat modeling, secure coding practices (i.e., OWASP standards), and vulnerability analysis were assessed for the company's internal applications.
• Extracted the fields using Rex, Regex, IFX, which are not extracted by Splunk SOAR and extracted the fields using Rex, Regex, IFX, which are not extracted by Symantec SEP.
• Development of assorted testing/build scripts as needed using Selenium WebDriver/IDE written in Python and BASH.
• Involved in standardizing Splunk Phantom SOAR POV deployment, configuration and maintenance across UNIX and Windows platforms.
• Performed malware reverse engineering and behavioral analysis and Incidence Response handling.
• Experienced with RSA DLP, Symantec DLP versions 12.5, 14.0, 14.5, and 14.6, Forcepoint DLP or native GPO controls and other tools.
• Worked on Splunk (ES) in building the real time monitoring to get a clear visual picture of organization's security posture, easily customize views and drill down to the raw events for Incident Response Team(CIRT) and Cyber Security Operations Center (CSOC).
• Automated the centralized detection of security vulnerabilities with scripts for Vulnerability assessment tools like Qualys guard and Splunk.
• Deployment of Data loss prevention across the network - Data in motion, Data in Use & data at Rest servers.
• Gained experience with Symantec DLP Software: DLP Cloud Prevent for ForcePoint, DLP.
• Deployed in the cloud and on-premises using Amazon Web Services (AWS) and Single- Server Support.
• Performed tuning of Symantec DLP to reduce false positives and improving detection rates.
• Reviewed and designed security best practices for Symantec EPP and DLP, Anti-Virus, HIPS and DLP. Reporting for the development and execution of remediation plans.
• Worked on Splunk ES to build the correlation searches, alerts, reports and dashboards to get specific monitoring.
• Configuration of SPLUNK data inputs by understanding various parsing parameters like Index, source, source typing, queue sizes, index sizes, index locations, read/write timeout values, line breaks, event breaks and time formats during index-time.
• Worked on SAST and DAST applications using tools CheckMarx, Fortify and IBM AppScan.
• Migration of Splunk clusters in various AWS accounts to single AWS account rehydration of Splunk cluster on AWS environment.
• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
• Worked on Splunk ES to build the correlation searches, alerts, reports and dashboards to get specific monitoring.
• Integrated the data from SAP to ServiceNow by using API, Web services and captured that data in Service Now by creating a table.
• Developed and publish key metrics for the team to illustrate value and accountability.
• Configuring policies, communication settings and other important features in Symantec endpoint manager 12.x series.
• Preparing soft skills to enhance the esteemed learning process provided by the company

Confidential, Detroit MI

Sr. Cyber Security Engineer

Responsibilities:

• Foundational knowledge on security orchestration and automation tools such as CyberSponse and Cortex XSOAR with Palo Alto for comprehensive security orchestration, automation and response (SOAR)
• Worked on Splunk products such as Splunk ES and SOAR and developed and operationalized target network architecture to have a successful interaction with event sources to design, develop, and implement the solution
• Worked using Splunk SIEM best practice standards for OWASP top 10 CIS CSC, DLP, Data classification, and Encryption standards for Contractors and employees.
• Migration of Splunk clusters in various AWS accounts to integrate with Palo Alto Networks Cortex XSOAR.
• Consulting for security assessments, recommendations, and remediation using HIPAA, PCI DSS, COBIT, ISO 27001/2, and NIST frameworks
• Integrated the data from SOAR to ServiceNow, and captured that data in Service Now by creating a table.
• Highly skilled inSplunkto build, configure and maintain different environments and in-depth knowledge of log analysis generated by various operating systems.
• Scheduled scans by making Asset Groups and Scan Schedule Option in Qualys Guard and record issues occurring during scan. Also, schedule ad hoc scans using Option Profile.
• Conceptualized and implementDLPProgram and policies.
• Managed enterprise security systems, identifying key security risks, and reporting risks to management with recommendations for corrective action utilizing NIST frameworks.
• Automated the centralized detection of security vulnerabilities with scripts for Vulnerability assessment tools like Qualys guard and Splunk.
• Built the Security Orchestration, Automation and Response (SOAR) program centered on ServiceNow, Swimlanes, Qualys Vulnerability Scanner, Carbon Black, Symantec DLP, and Splunk.
• Worked on multiple RSA Archer solutions i.e., Business Continuity, Compliance, Audit, Policy, Risk and Vendor Management including Findings and Issues Management, Risk Register, Risk Control Self-Assessment, and Security Operations.
• Actively used Splunk Phantom SOAR technology for searching and monitoring real-time events for network security and compliance.
• DevelopedCyber SecurityStandardson NIST Frameworksand insured their proper implementation to reduce the risk of vulnerability to IT assets.
• Worked on Splunk products such as Splunk ES and SOAR and developed and operationalized target network architecture to have successful interaction with event sources to design, develop, and implement the solution
• Documentation regarding DLP administration, scanning, reporting, and remediation.
• Monitored theSplunksystem by identifying terrible missions, dashboards and well-being ofSplunk and collaborate with individual gatherings to upgrade execution
• Symantec DLP and RSA DLP architecture and implementation for enterprise-level companies.
• Monitored, analyzed and respond to network incidents and events. Participated in disaster recovery implementation and testing under the NIST framework, HIPPA, & HITECH standards.

Confidential

Cyber Security Analyst

Responsibilities:

• Worked with the Log reviewers’ team to create and modify use cases for auditing purposes, Splunk Cyber Security use case management and Migrated data from Palo Alto XSOAR and Cortex XSOAR.
• Utilizing security tools like IBM QRadar, ThreatQ, and resources to determine if PG&E systems are vulnerable.
• Helped in automating the System Security Plan (SSP) and reports in Splunk SOAR to see the machines that are out of compliance.
• Assisted in the collection of evidence for the SOC and OCC Audits. Also helped in manual testing for the password parameters of applications under SOX scope.
• Worked on Splunk Phantom SOAR Proof of Value (POV) for testing the out-of-the-box use cases.
• Use both internal and external threat intelligence to build indicators of compromise into monitoring tools, be able to integrate these tools with one another to provide data enrichment.
• Actively preparing All Intelligence Meeting (Collecting latest Trends in Cyber Security Space), sharing the information with all the SIOC (Security Intelligence & Operations Center) team folks.
• Collected Intelligence feeds from paid sources like FireEye, Crowdstrike, Proofpoint, Palo Alto, Recorded Future, Secureworks, opensource platforms like Alienvault, Trend Micro, My Online Security etc. and hunted for the indicators that are targeting PG&E infrastructure.
• Managed and created schedule run discovery scans to identify CH assets, ensure assets are documented in ServiceNow and SOAR CMDB system.
• Utilized Threat Intelligence Platform and other OSINT sources such as news articles and research papers to pull IOCs and conducted searches in McAfee ESM.
• Extracting the fields using Rex, Regex, IFX, CortexTM XSOAR which are not extracted by Splunk, and experienced in developing Web Services with Python programming language.
• Worked to improve logging in our SIEM and helped create better visibility across our network through McAfee ESM.
• Created Security Test Labs including Honeypots and Virtual Machines to catch malicious hacker IPs, and domains.
• Conducted system security assessments based on FISMA, NIST, and HIPPA/PCI DSS Compliance.
• Developed ISO-based controls that address regulatory requirements associated with PCI, HIPAA, and SOX.
• Maintain and employ a strong understanding of advanced threats, continuous vulnerability assessment, response and mitigation strategies used in cybersecurity operations
• Work with the ServiceNow SOAR Teams to resolve the issues and write Automation Scripts
• Performed daily review and escalation of Data Loss Prevention (DLP) incidents using Symantec DLP.
• Conducted system security assessments based on FISMA, NIST, and HIPPA/PCI DSS Compliance.
• Analyzed and researched about latest threat actors like APT28, APT29, APT30, and APT32 (campaigns from Russia, China, Vietnam respectively) that are potentially targeting the company’s assets & as a threat analyst preparing the countermeasures in order to outplay the threat actors.
• Used extensive TCP/IP networking skills to perform network analysis to isolate and diagnose potential threats and anomalous network behavior.
• Prepared the reports like Daily Actionable intelligence reports, Weekly Actionable Intelligence reports based on the number of IOCs and TTP that are actioned on a daily & weekly basis & sending them over to the supervisors, and management for their review & feedback.

Environment: ThreatQ, IBM QRadar, McAfee EPO, Symantec EDS, Proofpoint, MISP (Open Source Malware Information Sharing Platform)