SUMMARY:

• Responsible for SOC operations in 24x7 enviroment.
• Understanding of SIEM Implementation & its Integration with other N/W devices and Applications and the troubleshooting work.
• Expertise in Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC)
• Real - Time Log monitoring in the Security Operations Centre from different devices such as Firewalls, IDS, IPS, Operating Systems like Windows, Linux, Proxy Servers, Windows Servers, System Application, Databases, Web Servers and Networking Devices.
• Excellent working knowledge on ServiceNow ticketing tool.
• Ensures the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through the performance of formal Risk Assessments, Policy and Governance, and internal Threat Analysis in regards to a SOC environment, with the use of siem tools
• Expert Understanding to develop the complex Use Cases, Universal Device Support Modules (DSM’s) on the QRadar SIEM.
• Involved in Integration IBM Resilient IRP with IBM QRadar SIEM.
• Responsible for monitoring networks and security tools to detect suspicious and hostile activity across the Environment.
• Supported for Security Operations Center (SOC). Monitor security system and diagnoses malware events to ensure no interruption of service. Identify potential threat, anomalies, and infections and provide report to the customers
• Monitoring network traffic for security events and perform triage analysis to identify security incidents.
• Analyze Threat Patterns on various security devices and Validation of False/True positive Security Incidents.
• Identifying potential threat, anomalies, and infections.
• Responding to computer security incidents by collecting, analyzing, providing details evidence (network log files) and ensure that incidents are recorded and tracked in accordance with its guideline and requirements.
• Knowledge of Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Database Activity Monitoring (DAM), Data Loss Prevention (DLP), Identity and Access Management (IAM) solutions

TECHNICAL SKILLS:

Operating Systems: Windows 2000, XP, 10, Windows Server 2008,12, Linux (Red Hat)

Security / Vulnerability Tools: Snort, Wireshark, Websense, Bluecoat,Checkpoint, Symantec, Qualys Vulnerability Manager, FireEye HX,Sourcefire, Nessus.

RDBMS: Oracle 11g/10g/9i, MS-SQL Server 2000/2005/2008, DB2 MS Access, MySQL

Networking Protocols and Tools: TCP/IP, HTTP/HTTPS, SSH, SSL, DNS, SNMP Routers, Switches, Load Balancers, Cisco VPN, MS- Direct AccessProgramming Language: C, C++, Java/J2EE, UNIX shell scripts

Monitoring Tool: Net cool, Dynatrace,TEMS,Splunk,QRadar

PROFESSIONAL EXPERIENCE:

Confidential, Boise, ID

SOC Analyst

Responsibilities:

• Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives
• SOC Lead for integration of CISCO Sourcefire IPS with QRadar by using Estreamer Protocol.
• Provided support in identifying malicious network activity, threats impacting network operations and developing appropriate countermeasures, eliminating network threats and vulnerabilities.
• Collecting data on Attacks to help SOC engineers create reports for auditing purposes.
• Integration of different devices/applications/databases/ operating systems with QRadar SIEM.
• QRadar SIEM v7.2 Administration with SIEM EPS tuning, distributed deployment architectures
• Part of deployment team where parsing several Log sources are integrated into QRadar through mid-layer such as F5 for PCI and Syslog services.
• Migrating existing Reports and Alerts from RSA envision to IBM Qradar.
• Tuning, Configuration, False Positive Reduction, Custom Log Source Extension development and administration of QRadar.
• Aggregate, correlate, and analyse log data from network devices, security devices and other key assets using Qradar.
• Responsible for Incident handling and response, with knowledge of common probing and attack methods, viruses, botnets and other forms of malware. Correlating events from a Network, OS, Applications or IDS/Firewalls and analysing them for possible threats.
• Ensure the SOC analyst team is providing excellent customer service and support.
• Designed SOA based data service (for data domain) serving master data to authorized systems.
• Monitors agencies sensors and SOC (Security Operation Center) systems for incidents and malicious activity.
• Executed daily vulnerability assessments, threat assessment, and mitigation and reporting activities in order to safeguard information assets and ensure protection has been put in place on the systems.
• Performing security analysis and identifying possible vulnerabilities in eliciting the key derivation function, create Vulnerability Assessment report detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities.
• Conduct log analysis, proactive monitoring, mitigation, and response to network and security incident. Analyse security event data from the network (IDS sensors, firewall traffic).
• Administrative Office 365 (Exchange Online, SharePoint Online, and skype for business (Lync))
• Setup and manage alerts to monitor activity on business critical information as required.
• Develop custom applications using InfoPath and other Out of the Box SharePoint features and functionality.
• Provided second level support for the Symantec Endpoint Protection Antivirus System Provided after-hours support for the Production environment, generated and provided documented reports for the Threat Remediation Management Team.
• Put together E-Business Operations documentation for the Symantec Endpoint Protection Management environment.
• Implemented and configured firewall changes within the Symantec Protection environment according to Internal Compliance approved Specifications/recommendations.
• Responsible for maintaining availability, reporting and communication of the SIEM between it, its event-sources and the endpoints.
• Responsible for the management, design, and dissemination of relevant data from the global security information and event management (SIEM) system.
• Assisted in designing, implementing and evaluating applications, systems and utilities relevant to Active Directory services.
• Perform static and dynamic malware analysis on virtual servers with proper documentation and steps for removal on infected systems. .
• Experienced on configuration, installation, and patches upgrades of Tripwire Log Centre on windows environment.
• Interacts with end users, including first responders and explosive experts, identifying and aligning user needs with Tripwire resources.
• Experience with Firewall Administration, Rule Analysis, Rule Modification.
• Recognizes potential, successful, and unsuccessful intrusion attempts and compromises through analysis of relevant event logs and supporting data sources. Utilized Sourcefire, Wireshark.

Confidential, NewYork City, NY

SOC Associate

Responsibilities:

• Assisted in monitor and maintain server systems. Install server hardware and operating systems.
• Participated in the product selection and installation of QRadar Security Information Event Manager SIEM consisting of multiple collectors and a high-performance MS SQL database
• Designed and implemented enterprise SIEM systems: centralized logging, NIDS, alerting and monitoring, compliance reporting, based on QRadar 7.0 SIEM.
• Responsible for QRadar SIEM monitoring and configuration aligned to internal PCI and SOX controls
• Manage the day-to-day log collection activities of source devices that send log data to SIEM QRadar.
• Cleaning up log sources auto-discovered in QRadar by identifying duplicates, correcting mis-identified log sources, and identifying log sources from their logs.
• Configuration trouble shooting on SIEM for data sources.
• Dashboard / Enterprise dashboard customization for various teams based on the log source type requirements.
• Experienced in Operations Center environment team such as: Computer Emergency Response Team (CERT), Computer Incident Response Team (CIRT)
• SIEM troubleshooting and processing assigned enhancement request for various SIEM issues.
• Access control for browsing, Authentication for all hits from browsing on proxy servers, maintenance of proxy logs for forensic purpose
• Identifies, validates and documents substation asset classifications. Maintains substation asset tracking systems and databases as well as the credential management system.
• Serves as a team member that properly prepares for and address incidents across the organization, a centralized incident response team is formed and is responsible for analysing security breaches and taking any necessary responsive measures.
• Implementation, configuration and support of Checkpoint and ASA firewalls for clients.
• Understanding the whole network & requirement of the organization.
• EPS calculation and storage calculation as per compliance.
• Understanding of various OS, web, database and application servers and respective integration mechanism.
• Define logging as per customer’s requirement.
• Integration of different data sources like Linux servers, windows servers, web servers, databases, security controls, network elements.
• Responsible for end device configuration to push / pull logs to/from SIEM receivers.
• Fine tuning of default rules, reports and alarms.

Confidential

IT Security Engineer

Responsibilities:

• Implementation of SIEM tool.
• Managing and maintaining Windows NT, 2000, 2003, 2008 and 2012 server administration Remote Administration using Terminal Services.
• Performed Windows user administration, managing user accounts, permissions, User rights, Account policies, Security policies and performed software and hardware maintenance.
• Hands on experience on Remedy7.2, AF Remote, and HP Open view, TEPS, HP insight manager, IBM Director, etc.
• Primary troubleshooting and knowledge in Windows clusters.
• Monitoring & managing Weekly server reboots.
• Performing Disk clean-ups and disk management for windows OS drives
• Working on high CPU and Paging file issues
• Performing daily checks to ensure stability in the environment
• Experience in fixing IBM (RSA) and HP (ILO) connectivity with Blade and Brick Servers
• Working on file/folder restoration issues on user’s requests.
• Hands on experience in network devices like port resets, logs collections, investigations, etc.

Confidential

Jr. Security Engineer

Responsibilities:

• Working on Incident and problem management for resolving incidents within the SLA using ticketing tool Remedy 7.2
• Worked on Service now ticketing tool for creating tickets and changes according to the business requirements.
• Ensuring that the change process is followed for any configuration changes in the environment and upon request for technical solutions.
• Physical and virtual Server Rebuilds and Decommissions with proper documentation
• Responsible for server weekly scheduled reboots and patching schedules on Blade logic and WSUS.
• Worked DR test and was successful in recovering two of client’s most critical applications.
• Managing ESX, ESXI hosts and VMs through VMware vSphere server.
• Good knowledge in Installing, Configuring and Managing VMware vSphere.
• Troubleshooting virtual machine issues like, RDP issues to VMs, Restarting VMs, Application Issues, etc.
• Monitoring and managing performance of ESX servers and Virtual Machines.
• Knowledge on Hardware RAID configurations (RAID 1, RAID 5...).
• Basic knowledge on SAN/NAS/DAS environment.
• Understand network performance analysis and capacity planning best practices.
• Thorough understanding of performance impact of network security configuration options.