SUMMARY

• Experienced Professional with 9+ years of experience as an IT Security Professional in IT Infrastructure, Risk security, Information Security, and Cyber Security.
• Extensive experience in Managing Qradar Use - cases, administering Qradar, Defender ATP, O365 ATP, Azure AD and other security application which includes Microsoft, Cisco, Palo-Alto, ITSM Tools, Symantec and various other products.
• Information-security expert with a diverse technical background in enterprise networking, server infrastructure, database technologies, and system security, configuration management and policy implementation for various Cyber Industry leading security platforms.
• Extensive professional experience in SIEM operations and implementation, administration, implementation, and monitoring
• Working as a part of Threat Intelligence team performing malware analysis, advanced cyber threat detection & security advisory integration with QRadar and Splunk.
• Experience with network monitoring with SIEM Splunk/IBM QRadar and Wireshark, Angular JSP, Palo Alto, Information Security & Network security configuration and functions.
• Good Hands-on working knowledge in developing Restful webservices and Microservices with Golang.
• Experience with Identity IQ lifecycle manager, applications onboarding, certifications, and workflow, administration of security applications, maintaining up to date Realtime policies and Rules.
• Extensive experience on deploying compute and storage Azure cloud.
• Supports to generate all kinds of reports and extensively used in the workspace dashboards using RSA Archer and Forcepoint, configuring Endpoint applications to SIEM log collection platform and Incident management platform.
• Use IBM QRadar Security Manager to identify threats and assigned category, tracks all the incidents happened in all the stores and used for recovery and settlements using RSA Archer.
• Hands-on experience with Qualys Guard vulnerability management tool, leveraged Amazon Web Services through AWS console and API Integration, SOC and all-time operations.
• Hands - on education and demonstration using: Linux (through a Virtual box), Nessus, Nmap, OpenVAS, Burp Suite, OWASP-ZAP, Wireshark, scripting in Bash, and Active Directory.
• Hands on experience on Google Cloud Platform (GCP) in all the bigdata products BigQuery, Cloud Data Proc, Google Cloud Storage, Composer (Air Flow as a service).
• Knowledge of distributed Splunk installation with Forwarders, Clusters, Search head cluster.
• Hands on experience with several vulnerability forms i.e., SQL injection, XSS, Tenable, Firewall, Hippa, Palo Alto, Security frameworks such as NIST, NIST SP A and NIST SP, HIPAA.
• Configured private and public facing Azure load balancers etc.
• Experience in Designing, Architecting, and implementing scalable cloud-based web applications using strong AWS strong and strong GCP strong.
• Replacing Checkpoint VPN and BlueCoat proxy with Zscaler and worked on implementing Zscaler in Production.
• Hands on experience in Paulo Alto Firewall, VPNs, and networking with protocols i.e. NetBIOS, SNMP, Telnet, Maritime, SSH, ARP, SAST, DAST, IAST and RASP best practices and application security.
• Developed API using REST to interact with the Cassandra database with Golang as backend language.
• Perform vulnerability scan with Nessus for improper configurations, missing patches, hosts, network, and insecure credentials and accounts, experience with HPE Fortify for code Vulnerability analysis reviews and Web Inspect scan.
• Installing Maintenance Levels and updates on Wintel/Windows Platform, strong knowledge of FISMA, HIPAA and NIST Compliance usage, rules and regulation and Solid Understanding of IBM QRadar, Palo alto NGFW and SDLC, DLP Architecture.
• Extensive experience implementing software throughout the SDLC process, deep hands-on experience of networking, migration and implementation in Azure.
• Configured Connectors along with Zscaler TAM and DAS team
• Provide support in security architecture, design, developing, monitoring, and supporting enterprise infrastructure environments, supporting Business and Third-party Risk Assessment.
• Antivirus McAfee Virus Scan Enterprise, Symantec Endpoint Protection Suite.

TECHNICAL SKILLS

• IBM Qradar
• Fire eye HX
• TrendMicro
• Vulnerability scanners
• Web gateway
• Endpoint Security
• Email Gateway
• Spam Filters
• Golang
• SPF
• DKIM Deployment
• DMARC
• OWASP
• SOAR
• ATP Defender
• Hippa
• Zscaler
• Angular
• GCP (Google Cloud Platform)
• Firepower Management Centre
• IDS/IPS
• Tenable
• Maritime
• Firewall
• Palo Alto
• Incident Response
• Forensic Analysis
• Security Solutions Implementations

PROFESSIONAL EXPERIENCE

Confidential, IL

SOC Analyst/ Cyber Security Engineer

Responsibilities:

• Responsible to Interface with users, technicians, engineers, vendors and other Technical Maintenance personnel to install, update and debug automated systems, ensuring products and systems comply with cyber security standards and practices.
• Actively involved in developing test routines and monitoring solutions Penetration testing using Nmap and Wireshark.
• Provide day to day support of servers, workstations, network, and other equipment, Document support procedures specific to systems to be utilized by the Technical Maintenance and Engineering departments.
• Plan, execute and oversee remediation activities for valid vulnerabilities which are identified using Application Scanning tools, application scanning to identify security vulnerabilities in the web application and architectural weaknesses.
• Hands-on technical experience with testing of web applications in Java or .NET, Experience with audits, e.g. A-123, SOC 1, FISCAM. Radius and Kerberos Server experience.
• Worked on google cloud platform (GCP) services like compute engine, cloud load balancing, cloud storage, cloud SQL, stack driver monitoring and cloud deployment.
• Experienced with Azure E5 security tools products (Defender ATP, Azure Sentinel, Azure ATP, Office 365 security, security center, Defender for Identity, Defender for endpoint.
• Take charge of developing and executing policies for web, email gateway, and data loss prevention (DLP), and evaluating reports from Crowdstrike, Forcepoint, and Mimecast.
• Solid understanding of OWASP top Vulnerabilities and other software security best practice.
• Management of Sites and Replication, DNS, WINS, DHCP, Group Policy.
• Migrating virtual environments VMWare to Azure cloud using ASR.
• Working with McAfee ePO for managing client’s workstations for providing endpoint security.
• Literature survey of international maritime terms: Inco terms, IMDG Codes, BOL, and L/C.
• Implement OWASP considerations for improving Web and application security.
• Administered AzureAD for providing O365 and Defender ATP permissions.
• Performed Vulnerability testing using tools such as Tenable Nessus Security Center and Qualysguard.
• Active Directory, Domain, Member servers, DNS, WINS, DHCP, DFS, GPO, OU, Power, Shell, VB, VB Script, Windows CMD and Visual C.
• Setup GCP Firewall rules to allow or deny traffic to and from the VM39’s instances based on specified configuration and used GCP cloud CDN.
• Troubleshooting firewall rules in Cisco ASA, Checkpoint, Zscaler.
• Extracted the fields using Rex, Regex, IFX, which are not extracted by Splunk SOAR and extracted the fields using Rex, Regex, IFX, which are not extracted by Symantec SEP.
• Hold accountability for all log reviews/reporting, network security troubleshooting, and incident responses from Crowdstrike, Forcepoint, SecureWorks, Vipre, and Mimecast.
• Configured SQL Server 2016 and 2012R2 on to Azure VMs.
• Worked on SIEM, as well as solar winds, Symantec end to end point security for malware detection and threat analysis.
• Used industry testing tools to include, Nessus, Tenable, Webinspect, Appdetective. Firewall, Dbprotect and XACTA.
• Experience using DAST tools to detect potential vulnerabilities such as HP Webinspect, Zap, Palo Alto, Hippa, Burp, Tenable, Splunk, Alertlogic, Symantec Endpoint Protection, Portswigger, Tenable, Firewall, Palo Alto, Fiddler, Wireshark, JIRA, Sonatype, Coverity. Experience in Palo Alto Networks and Firewall.
• Excellent experience with Red hat Linux Server, macOS Server, and Microsoft Windows Server, MS Active Directory, GPO and AWS/Azure Cloud environments with the capability and passion to quickly learn new tools.
• Analyze and protect OWASP vulnerabilities on hosting and per website basis.
• Implementation and Management of email public security methods, DKIM, SPF, DMARC records.
• Deploy, manage, and effectively maintain security systems and their corresponding or associated software, including firewalls, intrusion detection systems, IPS, cryptography systems, and anti-virus software.
• Experience in Python, PowerShell, and JavaScript programming language, setting up Firewalls, using NAV tools, Vulnerability Management platforms, and Security Analytics platforms, Penetration Testing frameworks (Metasploit or Resolve).
• Experience in developing application in (SPA) using various frameworks such as strong Angular JS and strong React JS strong.
• CrowdStrike Falcon administration
• Provided management and administration support in AD domain users, printers, computers, and OUs.
• Developed Microservices in Golang to process numerous data from various db like Cassandra and MYSQL.
• Audit and adjust permissions, access-lists, file shares, and any other access control mechanism in place troubleshoot and document network security incidents, produce and present security reports for management and monitor and analyze network security data.
• Experience in using stackdriver service/ dataproc clusters in GCP for accessing logs for debugging.
• Integrated Proofpoint solutions with Crowdstrike and Demisto working manufacturer development teams.
• Actively involved in communicate with Business Operations and other functional areas on web application vulnerabilities.
• Advanced knowledge of Cisco wireless LAN controllers, Cisco access points, Cisco ISE, Cisco routers, Cisco L2/L3 switches, Cisco Prime, load balancing, QOS, PBR, WCCP, VPN, NAT, VoIP, IPSec, Multicast, DNS services, MPLS networks, LAN, Juniper Networks Firewall, Cisco ASA firewalls and network and routing protocols (Ethernet, TCP/IP, SNMP, VLAN Trunking, BGP, OSPF, ISIS, EBGP, IBGP, RIP).
• Implemented OWASP standards for web application security.
• Deploying and managing applications in Datacenter, Virtual environment and Azure platform as well.
• Utilize Wi-Fi analyzers, Wi-Fi survey software tools (i.e., AirMagnet, Ekahau, etc.) and test equipment, full stack of enterprise security tools to include everything from the physical layer to the application layer, Cisco Nexus series 5k, 7k, 9k.
• Highly experienced in strong AWS strong and strong GCP strong Cloud platform and its features.
• Involved in standardizing Splunk Phantom SOAR POV deployment, configuration and maintenance across UNIX and Windows platforms.
• Used strong Angular 4 Http services strong for asynchronous validations for the input fields of the forms with the data existed in the database.
• Experience in GCP Dataproc, GCS, Cloud functions, BigQuery, Azure Data Factory DataBricks.
• Lead the design of network security infrastructure and the integration of new requirements into existing architectures, lead compliance assessments of relevant cybersecurity frameworks.
• Remain informed on trends and issues in the security industry, including current and emerging technologies and policies.

Confidential, Dallas, TX

Cyber/Network Security Engineer

Responsibilities:

• Experience with many of the following technologies/roles: Privileged Account Management, Two-Factor Authentication, Web filtering, Web Application Firewalls, Maritime, Virtualized computing environments, Encryption-at-rest and encryption-in-transit, Vulnerability Management.
• Installation and configuration of networks and network devices such as web application firewalls, network firewalls, switches, checkpoint firewall, squid firewall, blue coat proxy and routers.
• Implemented the Microservcies to process the message into the Kafka cluster setup using Golang.
• Actively involved in Network Security configuration, audit, and management of Windows servers. Installation, configuration, audit, and management of security tools, Tenable, Firewall, Security configuration, audit, and management of applications and databases. Leading security incident investigations, including basic forensic analysis and reporting.
• Maintenance and monitoring of network and host intrusion detection and prevention technologies. Implementing security controls.
• Migration of Splunk clusters in various AWS accounts to single AWS account rehydration of Splunk SOAR on AWS environment.
• Highly experienced in GCP features which include Google Compute engine, Google Storage, VPC, Cloud Load balancing, IAM.
• Configure and upgrade Nessus and ATP defender vulnerability management console.
• Hands on with Penetration Testing, DAST, SAST and manual ethical hacking.
• Comfortable using GCP console and gcloud shell.
• Implemented physical and procedural safeguards for information resources within the facility.
• Communicate effectively with senior management, peers, staff, Palo Alto, and customers both inside and outside the corporation.
• Administered access to information resources and makes provisions for timely detection, reporting, and analysis of actual and attempted unauthorized access to information resources, proposed and assisted with the acquisition of security hardware/software.
• Extensive use of cloud shell SDK in GCP to configure/deploy the services Data Proc, Storage, and BigQuery.
• In depth knowledge of Penetration testing for web and mobile (IOS and Android) applications.
• Develops and follows procedures for reporting on monitored controls. Develops and leads tests of network security tools. Experience in maintaining local and remote networks.
• Deployment of various email security mechanisms like DMARC, DKIM, SPF authentication, trusted partners and TLS partners.
• Comfortable in deploying the infrastructure AWS Cloud formation and GCP Deployment
• Maintain ongoing review and monitoring of SIEM alerts (Splunk) and SOAR alerts.
• Integrated Okta SSO with Cisco tetration, Cisco email security, ATP defender, Nessus, and many other apps in ACC environment.
• Lead the design, implementation, and migration of enterprise infrastructure and application services to software defined networks, develops, and leads procedures for testing disaster recovery plan. Provides help-desk-style assistance.
• Administered MS Windows Server, Red Hat Linux Server, and Network/Security Administration.
• Develop and deploy the outcome using spark and Scala code in Hadoop cluster running on GCP.
• Experience in the configuration, design and management of network equipment including switches, routers, and firewalls.

Confidential, Louisville, KY

Cyber Security Analyst

Responsibilities:

• Responsible for detection and response to security events and incidents within global fortune 500 client networks; utilizing ArcSight, Splunk, Tipping Point, Tenable, Firewall, Palo Alto, VirusTotal, IPVOID, FireEye, Wireshark, etc. to gather, analyze, and present forensic evidence of cyber malware and intrusions.
• Perform the Penetration testing of mobile (Android and IOS) applications, specially, APK reverse engineering, traffic analysis and manipulation, dynamic runtime analysis.
• Actively involved in review System and firewall logs based on individual preset client policies, rules, and standards; also review all host activity for specified timeframe work directly with ESM engineers and Account Information Security Officers to adjust alert criteria.
• Implement, configure, and maintain security solutions, DLP, antivirus, vulnerability scanners, IPS/IDS, web filters, VPN, SIEM, SOAR, etc.
• In-Depth internal and external network penetration tests.
• Experienced with Docker and Kubernetes with PRISMA, Nessus vulnerability scanning, Sysdig, Azure ATP, Windows Defender ATP anti-malware.
• Migrated previously written cron jobs to airflow/composer in GCP.
• Coordinated escalations to Forensic Analyst Team with recommendations for remediation and acted as liaison and interacted with leadership, account management teams, and engineers to further define the risk and remediation plan.
• Evaluated and fulfilled requests from the Account Information Security Risk & Compliance Officers for each client and aligned with the appropriate runbook procedures to attain Client Service Level Objectives and Agreements.
• Conduct external, internal, wireless and segmentation penetration testing for clients in their Payment Card Industry (PCI) environments.
• Adjusted network alerts temporarily to suppress excessive alerts prior to engineers making permanent threshold changes, facilitated and operated direct telephone communication to perform the immediate required escalation requests or engagements of required teams to support clients.

Confidential, CT

End Point Security Analyst

Responsibilities:

• Responsible for investigation and remediation responses to security incidents and alerts working and following up with end users as well as system administrators, and Account Information Security Officers; received inquiries from level 1 helpdesk surrounding threat and vulnerability management.
• Troubleshooting assistance with issues installing and updating anti-virus software as well as the removal of malware and vulnerability patching support the monitoring and maintaining of EDS client endpoint protection platforms, such as McAfee ePO, Symantec, and Trend Micro.
• Skilled using Burp Suite, Acunetix Automatic Scanner, NAMP, DirBuster for Web application penetration tests.
• Maintained anti-virus software platforms with vendors, including signature and DAT file releases, AV software updates and patches.
• Build data pipelines in airflow in GCP for ETL related jobs using different airflow operators both old and newer operators.

Confidential, Plano, TX

Junior Security Analyst

Responsibilities:

• Resolved all LAN/WAN connectivity and other issues analyze Vulnerabilities reports from various scans and assessments by acting on high risk / critical Vulnerabilities to other Vulnerabilities and management of system security and file system security policies and analyzing systems to determine ways of improving performance.
• Conducting routine checks, warranty claims, hardware failure, replacement, software up-gradation, download patches and hotfixes, Infrastructure deployment from the very basis to complete function and Information Security Policy as per PCI-DSS Audit Compliance.
• Conduct Network/Host penetration tests and web application penetration tests using.
• Responsible for conducting structured security certification and accreditation (C&A) activities utilizing the Risk Management Framework and in compliance with the Federal Information Security Modernization Act (FISMA) requirements.
• Conducted PCI required Penetration Test of the outsourced call center and fulfillment operation serving the ecommerce line of business. Findings resulted in a multi-phase remediation effort.
• Review controls related to various business processes of the entity for compliance with the COSO framework performing OS updates and upgrading applications.
• Used industry testing tools to include, Nessus, Tenable, Webinspect, Appdetective, DbProtect, and XACTA
• Used Splunk for monitoring/metric collection for applications in a cloud-based environment, maintaining all shared resources and monitor free and utilized disk space, setting up projector, audio/video devices for meetings and lectures.