Sr Information Security Analyst Resume
Arlington, VA
SUMMARY
- A highly motivated and experienced cyber security professional with strong project management, leadership, and problem solving. Seeking a position in a growth - oriented organization with a focus on risk assessments, network security, penetration testing, compliance management, application security, and testing od IT security controls.
- Experienced Professional as an IT Security Professional in IT Infrastructure, Vulnerability, Risk security, GRC, SOC Analyst, SIEM, Information Security, and Cyber Security.
- Managing Security tools DLP, SIEM, Vulnerability scanner, and ServiceNow Security Operation and Penetrations test.
- Expert at implementing network security, SIEM tools, new concepts, identity management, new security technologies, securing cloud architecture, and new security controls as well as in developing innovative security controls and processes that meet business and executive requirements in order to protect information.
- Performed services using industry tools such as Encase Enterprise, Encase eDiscovery, Symantec Clearwell eDiscovery Platform, Discovery Attender, Splunk, Access Data’s Forensic Took Kit, MS SQL 2005/2008, MS Visual Studio, VM Ware, and SIFT Workstation.
- Experienced with Symantec DLP Policies (DLP templates) compliance and regulation standards such as SOX, PCI, and HIPAA.
- System Security and administrator Professional, Facility Security Officer (FSO), Information Systems Security Officer (ISSO), Information Security Management, Firewalls, IDS, Penetration Testing, and industry security standards e.g. ISO 27001:2013, NIST 800 series, HITRUST, HIPPA, GDPR and CCPA, and NISPOM regulations.
- Resolved vulnerabilities in the WebEx and FedRAMP GRC environments, POA&M & NIST, using automated scripts created in Python, PowerShell, Bash.
- Worked on GRC policies like - ISO Standards - Planning, Implementation and Management of ISO 27001:2013 Information Security Management System (ISMS) and ISO 20000-1:2011 Service Management System (SMS).
- Experience in Splunk friendly regex expressions and optimising Splunk search queries with optimal performance.
- Getting different log sources to send data to Splunk along with creating and tuning Technical Add-Ons for proper field extractions using regex
- Efficiently performed web application, vulnerability assessment using Burp Suite, HP Web Inspect, Nexpose and IBM AppScan.
- Operated with Splunk professional services to make the best practices that can be followed by everyone to maintain the performance of Splunk Enterprise Security 7.0.4.
- Experience with various Endpoint tools like McAfee EPO, Carbon Black, BigFix, Symantec EPO (IDS/IPS)
- Hands on experience for HIPAA and PCI-DSS related projects and servicenow ticketing.
- Hands-on experience with TCP/IP, security concepts, WAF and LAN concepts, Routing protocols, Firewall Security policies.
- Assessed the System Owners; used Radiant logic VDS, OIM, RACF, MFA, SailPoints, Archsight, IBM AppScan, Qualys, SiteMinder, Securonix (UEBA) and conducted MRA and Splunk.
- Integrated the data from SAP to ServiceNow by using API, Web services and captured that data in Service Now by creating a table.
- Prepared, installed and configured Symantec Endpoint Protection
- Worked with system owners to achieve FISMA compliance and Authorization to Operate (ATO) for systems based on guidance from the ISO and NIST SP, HITRUST, HIPPA, GDPR and CCPA, and NISPOM regulations and other Risk Management Framework.
- Used Splunk SIEM threat analyst in a managed service security operation center (SOC), triaging cyber threats utilizing Splunk and various Cloud security tools.
- Cyber Security Professional,Facility Security Officer (FSO), Information Systems Security Officer (ISSO),Information Security Management, Firewalls, IDS, Penetration Testing, and industry security standards e.g.ISO 27001:2013,NIST 800series,NISPOM.
- Vulnerability Management: Configured QualysGuard Tool for Vulnerability Analysis of Devices and Applications. Monitored them constantly through the dashboard by running the reports all the time.
TECHNICAL SKILLS
Antivirus: McAfee Virus Scan Enterprise, Symantec, Endpoint Protection Suite
DLP: Websense, Symantec & McAfee
SIEM: Splunk ES, McAfee, Arcsight, Qradar, LogRhythm
End Point Security: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Safeboot
IPS/IDS: McAfee IPS, HP Tipping Point, Cisco IDS, SecureWorks IDS/IPS
SIEM: RSA Envision, Arcsight, Splunk security manager, IBM Qradar
Cloud Security: AWS, Azure, OpenStack, Docker, Ansible, Chef, Ansible, CI/CD, Terraform
Worked on: Configuration management tool Puppet for continuous delivery. Experience in working with Modules, Classes, and Manifests in Puppet.
MSS: Vulnerability Assessment, Content Filter, Antispam, IDS/IPS Management
Vulnerability Management Tools: Foundstone, QualysGuard, Nessus, Nmap, Nexpose, Wireshark
Security Tools: Splunk ES, McAfee Vulnerability management solutions, Burpsuite, OpenVAS, Nessus, Qualys, SolarWinds, ForeScout
PROFESSIONAL EXPERIENCE
Confidential, Arlington, VA
Sr Information Security Analyst
Responsibilities:
- Responsible for capturing security and privacy requirements for clients to be compliant with Payment Card Industry (PCI).
- Prepared AD Splunk environment by Verifying that all of the domain controllers and DNS servers in the environment have the latest service packs and hot fixes installed
- Networked and hosted DLP monitoring and logging and created regex-based parser to parser logs and configuring different connectors
- Worked on Splunk (ES) in building the real time monitoring to get a clear visual picture of organization's security posture, easily customize views and drill down to the raw event.
- Automated the centralized detection of security vulnerabilities with scripts for Vulnerability assessment tools like Qualys guard and Splunk.
- In-depth study and investigation of Governance Risk and Compliance including a deep dive into the NIST Risk Management Framework, FISMA, FedRAMP, HITRUST, HIPPA, GDPR and CCPA, ISO-PCI DSS, GDPR, UCF CCH, Cloud Security Alliance CCM, SOX, ISO 27001, HITRUST, Microsoft SDL, CIS 20 Controls and other legal aspects associated with GRC
- Configuration of SPLUNK data inputs by understanding various parsing parameters like Index, source, source typing, queue sizes, index sizes, index locations, read/write timeout values, line breaks, event breaks and time formats during index-time.
- Migration of Splunk clusters in various AWS accounts to single AWS account rehydration of Splunk cluster on AWS environment.
- Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
- Worked on Splunk ES to build the correlation searches, alerts, reports and dashboards to get specific monitoring.
- Integrated the data from SAP to ServiceNow by using API, Web services and captured that data in Service Now by creating a table.
- Planned, assigned, supervised, and reviewed the work of the SOAR staff as well as perform code reviews and mentored junior developers.
- Led O M team through successful full C A of current infrastructure as well as the POC for all monthly audits for SOAR
- Worked with product managers and/or PMO to understand feature requirements, and drive their detailed definition.
- Kept project manager well informed of status of development effort and serves as liaison between development staff and project manager.
- Led CNA and monthly audit activities to include 3rd party compliance validation, remediation of vulnerabilities, and result presentations to clients.
- Responsible for leading and contributing to all aspects of planning, estimating, development, testing, documentation, delivery and risk management.
- I set general priorities and goals for employees establishing deadlines and ensures timely completion of work assignments and communicate information to status to Senior Government and BAH staff
- Installed, configured, and administered .Net ColdFusion web servers web applications hosting Administration support on production and development servers include monitoring, handling run time production issues and security patches
- Implementation of name resolution using WINS & DNS in TCP/IP environment
- Worked using Perl CGI, python, Java Script, jQuery, Ajax and automating the test cases using python framework
- Actively used Splunk Phantom SOAR technology for searching and monitoring real time events for network security and compliance.
- Working closely with AppScan, Symantec and Rapid7 for any malware activity on environment.
- Ensuring Symantec DLP policies are in place and scanning the environments for incidents.
- Assisting in DLP policy development for the non-production environment.
- Actively monitored and responded to activity impacting various enterprise endpoints facilitating network communication and data handling (McAfee End Point Security, DLP)
- Data Loss Prevention suit, Symantec DLP Product - Implementation and deployment as the champion team.
- Gained experience with Symantec DLP Software: DLP Cloud Prevent for Symantec DLP.
- Worked on Splunk Phantom SOAR Proof of Value (POV) for testing the out of the box use cases.
- Setup CI/CD with Code Pipeline to automate with AWS CloudFormation and focused on cloud strategy (AWS), product marketing, competitive research, customer journey analysis, and strategic partnerships.
- Responsible to onboard applications onto Splunk Enterprise 7.x
- Created case for the suspicious issue and forwarding it to Onsite SOC team for further investigation.
- Conducted Vulnerability assessment for network using Nessus
- Actively used SIEM technology for searching and monitoring real time events for network security and compliance
- Assist in the implementation, setup, and management of Symantec DLP (Data Loss Prevention)
Confidential, Lawrenceville, GA
Information Security Analyst
Responsibilities:
- Monitoring the network to avoid intrusions and applied mitigation techniques using NIDS/HIPS through standard vendor devices such as CISCO Firesight and Firepower
- Helped win new work at the FAA to support the IT Modernization efforts for their SOAR grants management system. This win is particularly important as it allows us to add large-scale System Development support to our long-standing FAA portfolio. This is a single award, 10-year contract valued at 28M, with 80 of the ceiling anticipated to be executed within the first 3
- Responsible for SOAR O M budget of 1.1M and responsible for the successful management of the SOAR II System Development budget.
- Created, prepared and updated the O M and System Development project schedule using Microsoft Project.
- Implemented first every SOAR Change Control Board 3 months after project transition from previous contractor who had the project for 10 years.
- Led Operations and Maintenance of a 10 member team consisting of developers, help desk support and security personnel. Developers and Analysts are made up of multiple subcontractors.
- Led the transition of distributed operation hot backup sites in multiple locations across the US.
- Solely stood up, updated and configured all applications and databases on FAA production environment to the Global Hosting Center at Booz Allen from scratch.
- Lead the transition of applications and specialized software running on RedHat Enterprise Linux, CentOS, VMware, and Windows environments on 11 production servers from incumbent.
- Led System Development of the SOAR modernization team consists of 22 developers, business analyst, requirements analyst, testers, configuration management and security staff.
- Ensured requirement traceability was established from business requirements to the developer by leveraging the Rational product suite.
- SOAR Technical Representative at the System Review Board
- Helped create the overall project schedule for SOAR II as well as determined necessary staff to meet requirement and funding constraints.
- Assisted with Enterprise Identity Management EIIM implementations utilizing LDAP
- Researched, synthesized, and analyzed data from numerous sources to develop reports and recommendations for the proposed modernization of the SOAR architecture which included the legacy SOAR Cold Fusion/ .Net architecture to the proposed SOAR II architecture to Java stack to include the following Oracle 11g technologies Webcenter Suite, Database, Access Manager, Identity Directory, Business Intelligence, Primavera, Unified Content Manager, SOA Suite.
- Helped design the final selected SOAR architecture, infrastructure and software consisting of the IBM BPM Suite Process Manager, Operational Decision Manager, Performance Data Warehouse, .
- Technical representative of the SOAR project JHS Engineering Review Board
- Led the BAH CAST Pilot integration with SOAR to capture and quantify the reliability, security, complexity and size of SOAR business application.
- Worked using Splunk best practice GRC standards for OWASP top 10 CIS CSC, DLP, Data classification, and Encryption standards for Contractors and employee.
- Created GRC Policy according to HIPPA rule and served as a resource for departments affected by Health Information Portability and Accountability Act (HIPAA) and provides on the requirements to perform actions such as initial inventory, gap analysis, and risk assessments to determine appropriate privacy and security-related organizational policies and Splunk/Phantom 4.1.94.
- Analysis of Static and Dynamic Application Security Testing (SAST/DAST) tools for use by GSS infrastructure contractor and Application Developer Organizations (ADOs).
- Supported the GRC implementation of RSA Archer 6.2 Regulatory and Corporate Compliance, Incident, Task and Risk Management Solutions/Use Cases and maintenance of technology for the Compliance Management.
- Worked on Splunk Phantom SOAR Proof of Value (POV) project and created regex-based parser to parser logs and configuring different connectors
- Strong understanding of enterprise, network, system/endpoint, and application-level security issues and risks
- Experience with Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, Nessus, NMAP, SIEM, Splunk, Active directory user's attribute bulk modification in PowerShell, query user's details in PowerShell and export reports.
- Ensured smooth transition for all the Security Applications, Preparing Team Metrics report and weekly/monthly Project status report presenting to the Customer.
Confidential, NYC, NY
Security Analyst
Responsibilities:
- Worked on Splunk products such as Splunk ES and SOAR and developed and operationalized target network architecture to have successful interaction with event sources to design, develop, and implement the solution
- Worked using Splunk best practice standards for OWASP top 10 CIS CSC, DLP, Data classification, and Encryption standards for Contractors and employee.
- Migration of Splunk clusters in various AWS accounts to single AWS account rehydration of Splunk SOAR on AWS environment.
- Worked for AWS EC2 and Cloud watch services. CI/CD pipeline management through Jenkins as a part of Cloud Security.
- Guided all the SME's in using Splunk to create dashboards, reports, Alerts etc.
- Extracted the fields using Rex, Regex, IFX, which are not extracted by Splunk SOAR and extracted the fields using Rex, Regex, IFX, which are not extracted by Symantec SEP.
- Implemented Symantec endpoint encryption (SEE) and DLP to prevent data breaches for lost and stolen devices
- Assisted in the implementation, setup, and management of Symantec DLP (Data Loss Prevention).
- Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
- Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, Solutionary, LogRhythm, SCCM, Altiris, LanDesk, BigFix, McAfee/Symantec.
- In depth experience with internal, external, network, & application vulnerability assessments utilizing QualysGuard and FireEye.
- Involved in standardizing Splunk Phantom SOAR POV deployment, configuration and maintenance across UNIX and Windows platforms.
- Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level.
- Developed Cyber Security GRC Standards on NIST Framework, HITRUST, HIPPA, GDPR and CCPA, and NISPOM regulations and insured their proper implementation to reduce the risk of vulnerability to IT assets
- Tested and performed vulnerability analysis (VA) for the client through Nessus & Qualys Guard Scan and McAfee Found stone. Also maintain endpoint protection system.
- Analyzed credit card number disclosure events via McAfee DLP.
- In depth knowledge of TCP/IP, IEEE 802.11, wireless, & routing protocols
- Administering multi-Server windows LAN, WAN.