SUMMARY:

• Experienced Professional Experience as an IT Security Professional in IT Infrastructure, Cloud, Risk security, Information Security, and Cyber Security.
• Installed, configured, and provided oversight of SEPM and SQL servers, Symantec Endpoint Protection client configuration, troubleshooting, (SEPM) Server management, design, build, and infrastructure.
• Hands on experience in standing up AWS accounts, migrating workloads, enforcing security and automation best practices.
• Involved in Cloud Security Infrastructure and design for client's in - house Azure Applications
• Deployed in the cloud and on-premises using Amazon Web Services (AWS) and Single- Server Support.
• Information-security expert with a diverse technical background in enterprise networking, server infrastructure, database technologies, and system security. Experience in configuration management and policy implementation.
• Experience in managing Network infrastructure security using HPE ArcSight ESM/ Splunk for monitoring and classifying and responding to incidents and threats.
• Experienced with Symantec DLP Policies (DLP templates) compliance and regulation standards such as SOX, PCI, and HIPAA.
• Supporting for Enterprise customers on MicrosoftAzure(IAAS, PAAS, and SAAS).
• Experience configuring and deploying McAfee modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM.
• Performed System Administration Tasks for Symantec Data Centre Security (DCS).
• Knowledge of distributed Splunk installation with Forwarders, Clusters, Search head cluster.
• Experience with network monitoring with SIEM IBM QRadar and Wireshark, Information Security & Network security configuration and f-unctions.
• Experience in configuring deployment server, Splunk Apps and add-ons.
• Hands on experience with several vulnerability forms i.e., SQL injection, XSS etc.
• Hands on Experience with Security frameworks such as NIST, HIPAA
• Experience with NIST SP A and NIST SP .
• Perform vulnerability scan with Nessus for improper configurations, missing patches, hosts, network, and insecure credentials and accounts.
• Having hands on experience for Documentation and log analysis.

TECHNICAL SKILLS

Tools: Kali Linux

Security Web Applications: TCP/IP OWASP,Firewall, IDS, IPS

Continuous Monitoring: Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance, Sourcefire, Nexpose, Forcepoint, Rapid7

Cloud: AWS

Event Management: Splunk, LogRhythm, HP Arcsight

PenTest Tools: Metasploit, NMAP, Wireshark and Kali

Information security: Symantec DLP, MacAfee epo

Security Software: Nessus, Ethereal, NMap, Metasploit, Snort, RSA Authentication

PROFESSIONAL EXPERIENCE

AWS Cyber Security Consultant

Confidential, NJ

Responsibilities:

• Responsible for monitoring and, providing analysis in a 24x7x365 using various SIEM, IDS/IPS tools.
• Leveraging AWS Native Security services for Cloud Security Operations Also using External tools and integrates with AWS environments and accomplishes the desired objective of Compliance and Audit.
• Worked on IDS/IPS Controls operation and monitoring, Endpoint Security and Control, Vulnerability Management, WAF, DDOS, File integrity, Advanced Endpoint Malware Protection, Email Security, Threat Intel, Secure Web Gateway, SIEM and Log Management.
• AWS Cloud Operations 24/7 support Lead.
• Involved insecurityproduct assessments such as Palo Alto, Twistlock,AzureFirewall
• Development of Cloud Formation template automating the creation of VPC and associated AWS resources for the application.
• Part of security team and performing analyzing VAPT assessment and closing loop holes in AWS Infra.
• Developed an AWS security roadmap which included the AWS services and 3rd party tools to be utilized in the AWS cloud for security monitoring
• Developed an AWS security group strategy, determined naming conventions, owners and approval process for security group changes requests in a promote-to production environment
• Verify that the Windows Virus Definitions on the SEPM are within 24hours from those reported by Symantec.
• Experienced in administering, upgrading, and troubleshooting problems with McAfee ePO, McAfee ENS, McAfee NDLP and McAfee NDLPE.
• Schedule scans on Symantec and reviewing results and quarantine risk data
• Perform and maintain SAST, DAST, IAST and RASP best practices.
• Manage Splunk configuration files like inputs, props, transforms, and lookups.
• Upgrading the Splunk Enterprise to 6.2.3 and security patching.
• Deploy, configure and maintain Splunk forwarder in different platforms.
• Ensuring that the application website is up and available to the users.
• Continuous monitoring of the alerts received through mails to check if all the application servers and web servers are up.
• Create Splunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards.
• Perform technical analysis on data de-identification tools.
• Perform data de-identification implementation in the non-production environment.
• Scan and identify using data discovery for sensitive data containing PII, PHI, PCI, and GDPR information.
• Ensuring the database refresh containing any sensitive data is detected and masked as defined in the policies.
• Installing and Troubleshooting McAfee 8.8, ePO 4.5
• Working closely with Appscan, Symantec and Rapid7 for any malware activity on environment.
• Ensuring Symantec DLP policies are in place and scanning the environments for incidents.
• Assisting in DLP policy development for the non-production environment.
• Monitoring the enforce console for incidents and troubleshooting.
• Provide real time intrusion detection host based monitoring services using Symantec Endpoint.
• Assist with the development of process and procedures to improve incident response times, analysis of incidents, and overall functions.
• Provide network intrusion detection expertise to support timely and effective decision making of when to declare an accident.
• Actively monitored and responded to activity impacting various enterprise endpoints facilitating network communication and data handling (McAfee End Point Security, DLP, Splunk)
• Data Loss Prevention suit, Symantec DLP Product - Implementation and deployment as the champion team.
• Gained experience with Symantec DLP Software: DLP Cloud Prevent for Microsoft Office 365, DLP.
• Assisted engineers with Splunk troubleshooting.
• Created Splunk dashboards for investigations
• Monitor and investigate SOC incidents and alerts with McAfee EPO.
• Document all activities during an incident with status updates during the life cycle of the incident.
• Analyze network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.).

Cloud Cyber Security Analyst

Confidential, Austin, TX

Responsibilities:

• Implement and maintain NGA Amazon Cloud Service (AWS) security instances and deploy security infrastructure.
• Deploy Palo firewall, Panorama, Cisco FTD, FMC and F5 on AWS east and west regions VDSS (Virtual Data Center Security Stack) with redundant availability zones.
• Advice and Recommendation to management for AWS security posture improvement.
• Enabled and configure cloud trail logs for all VPC's in all AWS accounts.
• Monitored cloud environments (AWS) for potential threats and vulnerabilities using security tool, RedLock, to process logs and generate alerts based on rule criteria
• Installed and managed detection servers and cloud detectors.
• Deliver the implementation, setup, and management of Symantec DLP.
• Provide a solutions-driven, customer-centric approach to clients' data-security challenges.
• Performed Single tier Installation of Symantec DLP for test purpose. Also performed two tier and three tier installation.
• Performed activities including requirement analysis, design and implementations of various client server-based applications using Splunk 5.x, Splunk 6.x.
• Experience implementing an operational Splunk environment. Review, recommend changes and improvements
• Responsible for monitoring and, providing analysis in a 24x7x365 Security Operation Center (SOC) using various SIEM (Splunk), IDS/IPS software tools.
• Worked with Symantec DLP version 14.6 and 15.0.
• Provide DLP support to end users remotely and Onsite.
• Manage and deployed 3000+ endpoints and 100+ detection servers.
• Managed DLP Users and their roles.
• Analyze network attacks, blocks, detects, and regular Health checkups in environment.
• Tuned policies for HIPPA, HITECH, PII, PCI, PHI and SOX.
• Scanned File servers, Distributed machines, documents and email repositories, web content, applications, and databases.
• Manage system events and messages. Worked with saved system reports, configure event thresholds and triggers, enable syslog server, log review, configure system alerts, and configure enforce server to send email alerts.
• Involved in firewall deployment and management inAzuresuch as Palo Alto,AzureFirewall
• Developed incident management module to automate the existing incident Management and Incident response process thereby reducing the manual effort of incident analyst by 40%.
• Configure response rule for endpoint detection, Network Prevent detection, Cloud storage detection, and data at rest detection.
• Created and managed 50+ agent groups. Assign appropriate policy and response rules to agent group.
• Investigated new DLP technologies, Software, patches, and security packages, which improve system performance and system procedures.
• Become a trusted advisor in Symantec DLP with our customers and clients.

Cyber security Analyst

Confidential, Chicago, IL

Responsibilities:

• Provided necessary designs and implemented security solutions for egress/ingress points using IDS/IPS sensors across the networks to provide better incident handling and event monitoring.
• Developed cyber security standards on NIST frameworks and ensured their proper implementation to reduce risk of vulnerabilities to IT assets.
• Developed various functions including identifying, protecting, detecting, responding and recovering for performing concurrent and continuous operation of dynamic security risk.
• Reported compliance and operational metrics for network security infrastructure.
• Worked with vendors, IT personnel and various departments to deploy new or updated technologies.
• Conducted routine hardware and software audits of all supported systems to ensure compliance with established standards, policies, procedures and other requirements.
• Periodic security assessment of firewall, routers, switches, VPNs and other network components' security configurations.
• Provided support in investigating any actual and potential information security incidents.
• Experience with deployment of Symantec DLP- Endpoint Prevent, Network Prevent for Email, and Network Prevent for Web, Network Discover, and ITA.
• Installed and applied QualysGuard appliances and ran various standard reports.
• Responsible for supporting customers with Symantec products including Ghost Solution Suite, Deployment Solution, and Symantec Endpoint Protection.
• Provided real time intrusion detection host based monitoring services using Symantec Endpoint.
• File Integrity Monitoring - Infrastructure Operations and Administration of Symantec Data Center Security Server
• Deploying and Managing Symantec Endpoint Protection.