SUMMARY:

• Security Analyst/Engineer with more than 5+ years of experience in analyzing security incidents, Vulnerability and Penetration testing, Network Monitoring, Information Security & Network security functions.
• Experience with industry recognized SIEM (Security Information and Event Management) solutions such as NITRO, Splunk, Forcepoint and many other tools. s
• Experience with HP Arcsight, IBM QRadar, Rapid7, Forcepoint,FireEye and RSA Authentication
• Experience with Incident Handling, Documentation and log analysis
• Experience and better understanding of scripting languages, command shells and regular expressions such as Python, Perl, visual basic
• Hands on experience on Information Security, involved in planning, configuration, investigating, troubleshooting and managing Arcsight, Retina CS, IDM Tivoli and Tripwire.
• File Integrity checks and alert handling using Tripwire
• Well versed in all major infra VM tools and other tools such as Qualys, Rapid7 Nexpose, Tripwire IP360, Tripwire Configuration Compliance Manager (CCM) & CIS CAT PRO, Atlassian CA Agile Central (Rally), Confluence, ServiceNow, Radar & Espresso.
• Hands on experience with Fireeye Network(NX), Email(EX), Malware analysis(AX), Host (HX) and packet capture(PX) series
• Assess and evaluate business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement
• Hands on Experience with Security frameworks such as NIST, HIPAA, PCI - DSS
• Experience on the technical delivery side of Governance Risk and Compliance (GRC) projects
• Troubleshoot issues and perform many tasks related to technologies such as RSA Authentication
• Hands on Experience with Rapid7 Nexpose, Metasploit and ForcePoint
• Experience with identity and access management solutions such as LDAP, Active Directory, XAML, SAML and multi factor authentication
• Worked in SOC department to analyse security incidents and log analysis
• Implementation of a GRC utility (from POC, through evaluation, selection, and implementation)
• Solid understanding and implementation of Firepower and identity service engine for big organizations
• Experience with 802.1x implementation and support
• Solid working knowledge of ethical hacking and testing of cryptographic algorithms
• Identify the threat vectors and security events by analyzing signatures
• Perform Risk Assessment, Gap analysis & create Risk Mitigation plan.
• Experience configuring and deploying McAfee modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM.
• Oversee Vulnerability assessment /penetration testing of scoped systems and applications to identify system vulnerabilities.
• Excellent knowledge of FISMA, HIPAA and NIST Compliance usage, rules and regulations
• Use Splunk Security Manager to identify threats and assigned category.
• Solid Understanding of IBM QRadar, Palo alto NGFW

TECHNICAL SKILLS:

• Information Security Tools CyberArk, Paros, Nmap, BMC BladeLogic, Nessus, Rapid7 Nexpose, Tripwire, Symantec Vontu, Beyond Trust PAM, DB Protect, e - DMZ Password Auto Repository (PAR), Varonis, AppDetect, AppRador, JHijack, Metasploit Pro, ZED attack proxy, SQLMAP, Wireshark, WebScarab, Amazon Web Services (AWS) Cloud security.
• DAST and SAST tools Checkmarx, Veracode, Fortify SCA, IBM AppScan Enterprise (ASE), Standard & Source editions, HP WebInspect, QualysGuard, BurpSuite Pro
• Operating Systems Oracle Solaris UNIX, RedHat LINUX 4/5, Windows Server2013/2016.
• Java & J2EE Technology Spring Framework, EJBs, Struts2, Servlets, JavaServerPages (JSPs), JMS, Java Mail API, JNDI, LDAP, JDBC, JTS, RMI, AWT, Swing, Socket Programming, IONA Orbix CORBA.
• SIEM Kibana, HP Arc Sight ESM, Logger, SmartConnectors, Express, Splunk
• Networking Symantec DLP, Checkpoint, Palo Alto, Check Point, Cisco, IDS/IPS, Anti-virus, Cisco IronPort, BMC BladeLogic, Remedy.
• Application Servers Weblogic Server, iPlanet, Netscape Application Server and Microsoft IIS.
• Languages Java, Python, C/C++, C#.NET, Perl, UML.
• Scripting Languages AngularJS, XML, XSLT, XPath, XQuery, HTML/JavaScript/JQuery, AJAX.
• Middleware TIBCO EMS, IBM WebSphere MQ, JMS, Apache Kafka
• Databases Oracle, MS SQL Server, Sybase.
• Web Services Restful/SOAP, SOA, UDDI, WSDL.
• Web Servers Apache Tomcat, Netscape Enterprise Server3.5, Jboss and JRun.

PROFESSIONAL EXPERIENCE:

Confidential, Kansas

Cyber Security Consultant

• Work on tools like Symantec MSS, Forcepoint, Palo Alto, Lancope and manage alerts from FireEye EX.
• Review logs in Symantec MSS and analyze the incidents. Take actions on Symantec Endpoint Protection Manager to perform full scan on machines in case of malware alerts.
• CyberArk integration with splunk and tripwire monitoring tools.
• Vulnerability Scanning & Analysis: Running authenticated vulnerability and baseline scans using tools such as Tripwire IP360, CCM & Rapid7 Nexpose, tool configuration, reporting & analysis of issues found such as failed scans.
• Vulnerability Scanning Tools: Rapid7 Nexpose, Tripwire IP360, Tripwire PureCloud
• Implemented, installed and troubleshoot Tripwire Enterprise, IP 360, IBM BigFix, ForeScout CounterACT, Firemon, Splunk/Splunk Security Enterprise, Nessus, Websense AP data for web monitoring, and Websense DLP.
• Manage, operate, and analyze data from Sourcefire IDS, Websense, ForeScout CounterACT, Tripwire Enterprise, IP 360, Firemon, Splunk, Tivoli BigFix, Websense, and EnCase.
• Identify opportunities for operational improvement and assist in the development and roll-out of improved processes, methods and tools.
• Automated the centralized detection of security vulnerabilities with scripts for Vulnerability assessment tools like Qualys guard and Splunk.
• Managed inventory tracking establishing tight asset control standards region-wide using ForeScout and asset management tools.
• Update and import asset files and identify files into Splunk Enterprise Security.
• Deployed a Splunk cluster to digest over 100GB of security log data generated daily also installed Apps for Splunk.
• Developed Splunk dashboards, alerts, and reports to analyze critical security intelligence data for IR issues and vulnerabilities.
• Developed dashboard and report for manger using Splunk, Tripwire Enterprise, IP360, Firemon.
• Designed, published SOP for ForeScout CounterACT, Tripwire Enterprise, Firemon. Completed POA&M.
• Designed, published, and maintained Incident Response guide including processes, procedures, contacts, review, and operational aspects.
• Conducted network and server vulnerability assessment scans plus tracks and reports risk mitigation.
• Manage monthly vulnerability patch management and fixed CVE 10 vulnerability.
• Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology developers and support teams.

Confidential, Texas

Information Security Analyst

• Configure, upgrade and fine tune the DLP policies to meet the changing needs & improve Security Metrics
• Responsible for Monitoring and enforcing information security program and policies
• Responsible for developing information security risk identification, classification, triaging and mitigation
• Installing, patching and maintaining McAfee EPO 5.X and DLP, utilizing McAfee Orchestrator, and able to deploy DLP and reporting and working knowledge in ENS 10.
• Configuration, Installation of McAfee ePO Agent Server. Maintaining enterprise Mcafee Virus Scan 8.8.
• Managed and maintained McAfee Anti-Virus.
• Monitored client network with McAfee Threat Analyzer for security breaches and investigated violations when they occur using Tripwire IP 360 software for vulnerability scanning. Verified data integrity and accuracy.
• Worked on log management using Tripwire Console and Tripwire Enterprise file integrity solutions. Performed network troubleshooting and root cause analysis by restoring the archived logs.
• Monitor site servers for capacity planning and management of drive space and Log management.
• Configure ArcSight connectors and loggers; add missing assets in ArcSight.
• Worked with the enterprise architecture team, Security Governance, and Policy team
• Good understanding of administering and implementing SIEM, DLP, Web sense, Advance malware detection program, vulnerability assessment, and prevention,
• Had to deal with SIEM solutions such as Rapid7 Nexpose, Forcepoint, Splunk
• Maintaining Microsoft Active Directory, routers, switches, and Symantec backup
• Good understanding of IT security concepts with an emphasis on Security Operations, Incident response, Vulnerability Management, PKI encryption, network security control tools and functionalities.
• Test and maintain security tool(Forescoute, McAfee ePo, IP 360, Splunk) configuration on Test, Dev and Production system
• Managing Security Operation Centre Services, Information Security Transitions, Security Controls Gap Analysis, Service Assurance Programs, help team for Internal and External IT Audits, Security Consultation, Information Risk Assessment for various processes
• Test and maintain security tool(Forescoute, McAfee ePo, IP 360, Splunk) configuration on Test, Dev and Production system
• Solid Knowledge of TCP/IP and OSI models

Confidential

Cyber Security Analyst

• Duties involves participation in managing technologies, evaluating new technologies, continuous improvement of SLA, customer meetings, implementing new solutions as asked by customer.
• Performing Vulnerability Assessments and taking the required counter actions and measurements to ensure the security of the IT infrastructure / systems.
• Analysis and documentation of network & information security requirements and define security policy for enterprise client and business critical servers.
• Daily assessment of Vulnerabilities identified by Dell Secureworks Firewall and IDS/IPS System through RegEX
• Hands on Experience with Metasploit exploit techniques
• Solid understanding of RSA authentication and Rapid 7 technologies and ForcePoint
• Assist in developing procedures for monitoring, detecting, reporting, and investigating information security breaches
• Worked with endpoint security tools like McAfee EPO and CarbonBlack.
• Investigating ArcSight SIEM events to determine any true intrusions. Investigate DDoS attacks, Fireeye, Sourcefire, malwares, web sense event that are prone to Comcast Network and NBCUniversal. Connectors are set for all the IDS/IPS appliance to Arcsight.
• Implement solutions for certificate management and key management processes using the VenafiTrust Protection Platform and Gemalto Hardware Security Modules
• Maintenance and upgrade Venafi Servers, including troubleshooting errors and problem resolution.
• Provided real time intrusion detection host-based monitoring services using McAfee EPO and Carbon Black.
• Worked on SOC department which runs 24*7 days and able to analyse all security incidents