SUMMARY

• Highly dedicated Cyber Security EDR Specialist with over 9 years of experience in information systems security, documenting Information System Security Assessment and Authorization process from initiation to continuous monitoring, ensures compliance with operational policy and procedures focus on FISMA requirements.IT Networking with leadership and management skills
• Support and implement information security projects for the enterprise to include SSL decryption, application filtering, and LogRhythm SIEM solution for the enterprise.
• Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, ArcSight, Solutionary, LogRhythm create logrhythm rules.
• Conducted MRA and Assessed the System Owners; used OIM, RACF, MFA, SailPoints, Archsight, IBM AppScan, Qualys, SiteMinder, SWIFT and Splunk.
• Experience in the field of penetration testing and vulnerability assessments on various applications in different domains.
• Experience in Reverse engineering legacy scripting used for system provisioning and integrated functions
• Experience of risk management and computer forensic tools, technologies, and methods. Experienced in IT security design and implementation with a solid understanding of disaster recovery, intrusion detection systems (IDS), intrusion protection systems (IPS), and web application firewalls (WAF). Analytical problem solver adept at managing network changes and troubleshooting network issues to ensure maximum up time.
• Experienced with multiple SIEM technologies (ArcSight, Splunk, QRadar, LogRhythm) and EDR solutions (Carbon Black.)
• Experience with Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, Nessus, NMAP, SIEM, Splunk, ArcSight, Rapid7, Routers, Switches, LAN/WAN, TCP/IP protocols, VMware, Endpoint Security, Cloud Security.
• Support and assist the CSOC in their investigations of cyber security events to identify potential security incidents.
• Proficient in Reverse Engineering Malware.
• Good knowledge on Scripting: Python, Perl, Linux/Unix Shell, Microsoft Windows CMD/PowerShell.
• Generated notification based on different templates on record content values using RSA Archer.
• Execute Identity and Access Management (IAM) services, including, but not limited to Provisioning, Authentication, Authorization and Monitoring.
• Review of various packet capture to assist with troubleshooting and reverse engineering legacy web application
• Expertise in improving the Risk and Control functions against Governance, Risk Management and Compliance.
• Maintained security infrastructure, including IPS, IDS, log management, and security assessment systems.
• Assessed threats, risks, and vulnerabilities from emerging Security issues.
• Endpoint Detection and Response (EDR) experience with Carbon Black Defense/Protect/Response
• Expertise in improving the Risk and Control functions against Governance, Risk Management and Compliance (GRC).
• Experience analyzing cyber threats, as a malware analyst, incident responder, and digital forensics investigator.
• Strong understanding of malware analysis, data recovery, information security assurance, network forensics, hacking techniques, and digital forensics experience
• Provide tactical leadership during incident response for products within team portfolio, coordinating with executive committee, production support, cyber - security operations center (CSOC), and enterprise fraud management teams.
• Involved in Cloud Security Infrastructure and design for client's in - house Azure Applications
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS/ IPS), Data Loss Prevention (DLP), forensics, sniffers and malware analysis tools.
• Skilled using Burp Suite for web application penetration tests
• Prior experience working in a Security Operations Center; working with Endpoint Detection & Response (EDR) products
• Monitored and investigated suspicious network activities, endpoints and threats utilizing a variety of tools such as ArcSight, Splunk, Carbon Black, FireEye, Cisco Talos, WireShark and Nessus
• Use of LogRhythm SIEM for investigations.
• Incident response and threat detection using Tanium.
• Experience on Fireeye for Management Systems and for Threat Intelligence.
• Experience deploying in the cloud and on-premises using Amazon Web Services (AWS) and Single- Server support
• Using network monitoring and IDS tools such as Wireshark and Snort.

TECHNICAL SKILLS

Tools: Kali Linux, Tableau, Lotus Notes, ERP - SAP, Visio, Qlikview, Oracle, Identity and access management

Security: Threat Vulnerability Management, End Point Protection, Sec Ops, URL Filtering, SIEM, Web Application Vulnerabilities, Firewall Risk Assessment, Nessus, Ethereal, NMap, HX, NX, Metasploit, Snort, RSA Authentication, PIA, FireEye

Security Web Applications: TCP/IP OWASP, Nessus, Grabber, Zed Attack, Skipfish Hydra, Firewall, IDS, IPS

Languages and Database: SQL, C++, Visual Basic, Java script, JSON, Python, Bro, ASP.NET MVC, Powershell, PowerBI, STIX

Security Software: Nessus, NMap, Metasploit, Snort.

Web Application: Manual SQL Injection, Manual Cross Site Scritping (XSS), Cross site request forgery (CSRF), SQLmap

Frameworks: NIST SP, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS.

Security Technologies: Symantec DLP, McAfee EPO, QRadar, Splunk, Cybereason, Trend Micro TippingPoint

Qualys Continuous Monitoring: Vulnerability Management, Web Application Scanning, Policy Compliance, Asset Management, Governance, Risk Management and Compliance.

Frameworks: NIST SP, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS

Operating Systems: Windows, Server 2012 R2, Linux

PROFESSIONAL EXPERIENCE

Confidential, Weehawken, NJ

Cyber security/Endpoint Detection & Response (EDR) Engineer

Responsibilities:

• Executed daily vulnerability assessments, threat assessment, and mitigation and reporting activities to safeguard information assets and ensure protection has been put in place on the systems.
• Engaged all IR (Incident Response) stages. Actively Hunt, conduct Memory Forensics Analytics and create Rules for our current detections platforms to include SIEM, NSM and EDR. My primary objectives are to remediate any escalations pushed to my queue and any incidental investigations discovered within our network.
• Deployed, Implemented and managed SIEM - IBM QRadar suite of products, QRadar SIEM, QRadar Vulnerability Manager (QVM), and QRadar Risk Manager (QRM) in AWS environment.
• Experienced in working on Patch Management, Vulnerability Scanners and Penetration Testing Supported to address and integrate Security in SDLC by following techniques like Threat Modelling, Risk Management, Logging, Penetration Testing, etc
• Experience in Web Application Security, Logging and Alerting, Security Design, Penetration Testing, Secure Coding, Mobile Application Security, Application Security Controls and Validation, Risk Assessments, Regulatory Compliance and Secure Software Development Life Cycle (secure SDLC).
• Tested new security tools/products and make recommendations of tools to be implemented in the SOC environment.
• Monitored Security Management Console for Security Operation Centre (SOC) for ensuring confidentiality, Integrity and Availability of Information systems.
• Managed the Security Services Providers (MSSP) and also supported the enterprise system and Performed Qradar SIEM administration involving report migration, alerts, custom reports and malicious activities.
• Responsible for development, testing, and management of SOC use cases and formulating run books for the Tier 2 and Tier 1 teams.
• Security Systems Engineer that has implemented and maintained the following security solutions: Carbon Black EDR, Cisco AMP, Cisco IronPort, Cisco Meraki (Firewall and Switching), Palo Alto PA - 850 firewalls, Cisco Umbrella, Nagios Infrastructure Monitoring, Rapid7 InsightVM (vulnerability assessor), SolarWinds Log and Event Management, Proofpoint Email Security, and MalwareBytes Enterprise.
• Operate in a 24/7/365 CSIRT SOC that monitors and responds to Cyber & Information Security incidents.
• Hands-on with Penetration Testing, DAST, SAST and manual ethical hacking.
• Remediation of endpoint non-compliance at both the server and workstation level for 25k+ endpoints.
• Assist Cyber threat and Infosec team with Malware analysis and ensure that all data on the network is properly logged via Sentinel monitoring tools plugged into the Sophos Console.
• Implemented and Maintained SIEM infrastructure using QRadar and Splunk in AWS environment.
• Analyze, investigate and respond to security events and incidents from IDS/IPS, SIEM, Firewall, Splunk, Log analysis, DLP, malware analysis and forensics tools (FireEye, Bit9, Security Analytics, Fidelis XPS and Wireshark).
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS/IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Worked on network security design and installation using Palo Alto Firewall (Application and URL filtering, Threat Prevention, Data Filtering)
• Experience with scripting, developing, and reverse engineering Big Data. Development experience using Hadoop HDFS, Spark Streaming using Cloudera, Data Analytics, Mahout Machine Learning, and code debugging.
• Analyzed threats to corporate networks by utilizing SIEM products (QRadar and Splunk) to assess the impact on client environments.
• Endpoint protection platforms (EPP) and endpoint detection and response (EDR).
• Practiced using languages Java and Python and automation combining Python, Regex, and Bash Scripting worked on Reverse engineering including to find out how various functions in the code are built, what they do, and how each relates to and interacts with other code function
• Performed dynamic and in-depth static analysis and reverse engineering of identified malware.
• Skilled using Burp Suite Pro, HP Web Inspect, IBM AppScan Standard, Source and Enterprise, NMAP, Dirbuster, Qualysguard, Nessus, SQLMap, RSAArcher, FireEye Retina, Onapsis for web application penetration tests and infrastructure testing. Performing onsite & remote security consulting including penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering, wireless assessment, and IDS/IPS hardware deployment.
• Expertise in improving the Risk and Control functions against Governance, Risk Management and Compliance (GRC).
• Performed functional testing of security solutions like RSA two factor authentication, Novel single sign on, DLP and SIEM
• Installed and configured IBM QRadar Network Insights appliance to enables attack prediction through real-time network traffic analysis.
• Design, Install, and support email application filter appliances for various customer facing environments.
• Design, Install, and support web application filter appliances for various customer facing environments.
• Expert for DLP, Firewall, VPN, Archer, Vulnerability Management solutions, IDS/IPS/WIPS, SIEM and EDR
• Involved in security product assessments such as Palo Alto, Twistlock, Azure Firewall
• Analyzed, Administered, and Configured ArcSight SIEM, McAfee ePO, Carbon Black.
• Analyzed threats to corporate networks by utilizing SIEM products (Arcsight and LogRhythm) to assess the impact on client environments.
• Performed static and dynamic computer forensic analysis using FTK, Autopsy, Silent Runner and Helix, including malware forensics and reverse engineering. Developed, implemented and monitored Active Directory security measures, on premises and in the cloud. Deployed and monitored VoIP.
• Performs network/ host-based intrusion detection using a variety of threat detection tools such as Splunk, Proofpoint Sourcefire, FireEye (HX, NX)
• Responsible to propose rules to the client to implement into QRadar to trigger security events. Once the rules were approved, involved to test them and implement them into QRadar.
• Monitor SIEM tool and triage all alerts as they come in to assure the network is safe
• Anti-virus alert response due to alerts by Logrhythm (SIEM), McAfee, Cylance.
• Proficiently upgraded and revamped existing QRadar platform that provided more actionable intelligence, including the creation of custom alerts and daily reports, custom dashboards
• Worked with IBM QRadar SIEM Integration and responsible for integrating the log sources with IBM QRadar.
• Configuring log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases, and apps.
• IDS/IPS monitoring/analysis with tools such as Sourcefire, Snort, Bluecoat, Palo Alto, McAfee and FireEye
• Handle and investigate WAF alerts for Sourcefire and Fireeye
• Security Engineering, including implementation of information security awareness programs, Incident Response, Computer Forensics, Malware Reverse Engineering of Malicious Software, Network Traffic Analysis and log review
• Performed pen testing of both internal and external networks. The pen testing scope included O/S (Windows and Linux) and external facing web apps and database servers that store customer confidential information.
• Participated in Web Application Security Testing including the areas covering Mobile, Network, security, WIFI.
• Deploy and manage multiple global sensors to collect threat intelligence
• Troubleshooting by packet flow and packet capture diagnostics to reverse engineer web applications
• Provide documentation of how various applications worked after reverse engineering
• Perform analysis on security incidents using Splunk, Tanium, Windows Event and Symantec logs.
• Perform analysis of host or user activities using Tanium Dashboard and Tanium Trace for evidence gathering.
• Work as per of SOC team to briefing on emerging threats and events in accordance to run book
• Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.
• Supports to generate all kinds of reports and extensively used in the workspace dashboards using RSA Archer and Forcepoint.
• Utilize Intrusion Detection & Prevention (IDS / IPS) to monitor malicious activities on the network. Analyze firewall logs, IPS and IDS logs to uncover malicious activity going on within the network. Initiate and recommend corrective action to the CIRT team.
• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation
• Perform cyber threat intelligence analysis, correlate actionable security events, perform network traffic analysis using raw packet data, net flow, IDS, IPS and custom sensor output as it pertains to the cyber security of communications networks, and participate in the coordination of resources during incident
• Penetrate, Infiltrate networks, Firewalls, Mobile devices and Web applications using various tools: Burp suit, Metasploit, python, Bash, Proxy attack tools
• Conduct analysis, cyber threats, the discovery of its vulnerabilities, monitoring for cyber intrusions, troubleshoot and response to security incidents detected from hparcsight or related SIEM. IDS/ IPS, and other security applications
• Installed and configure Enforce Server Administration console to manage Endpoints, policies, policy rules, Agent groups, Incidents, manage DLP servers, and etc.
• Installed and Configure Endpoint Prevent and Discover detection server to protect Data in use.
• Worked in Security Incident and Event Monitoring SIEM platform - IBM QRadar, and Splunk.
• Tested various threat vectors and present evidence of intent to create signatures/rules to mitigate specific threats.
• Perform host-centric analysis (tactical forensicanalysis, memory analysis, malware detonation, and reverse engineering)
• Installed and configured IBM QRadar Network Insights appliance to enables attack prediction through real-time network traffic analysis.
• Participated in the product selection and installation of QRadar Security Information Event Manager SIEM consisting of multiple collectors.
• Services monitored include, but are not limited to SIEM, IDS/IPS, Firewall, Cloud Environments, and Data Loss Prevention (DLP) SMTP and Web.
• Conduct tuning engagements with security engineers to develop/adjust SIEM rules and analyst operating procedures.
• Provided leadership in architecture and implementing security solutions towards Qualys and SIEM tools like QRadar, Splunk.
• Monitor critical infrastructure including firewalls, IDS/IPS devices, virtual networks, vulnerability scanners, VPNs, WANs, and disaster recovery sites.
• Worked closely on Data Privacy control frameworks and related laws and regulations (ISO 27000 series, NIST).
• Developed Vulnerability Scanning process for all environment builds, and on-going monthly scanning reporting using Nessus.
• Utilized Security Information and Event Management (SIEM), Data Leakage Prevention (DLP), Intrusion Detection and Prevention (IDS / IPS), forensics, sniffers and malware analysis tools.
• Performed investigation, analysis, reporting and escalations of security events from multiple sources including events like intrusion detection, Firewall logs, Proxy Logs, Web servers.

Confidential

Cyber Security Engineer

Responsibilities:

• Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives
• Executed daily vulnerability assessments, threat assessment, and mitigation and reporting activities to safeguard information assets and ensure protection has been put in place on the systems.
• Responsibilities includes supporting 24/7 SOC environment to ensure real time information security and prevent any cyber-attack from inside and outside network.
• Analyzed production data usage patterns to arrive at forecast needs - (Reverse engineering - Identify the performance problem in production environment and help the devops to team to replicate the similar issue in pre-sandbox environment - root cause analysis)
• Perform reverse engineering of malware samples for targeted attacks and extract network indicators to assist with computer network defense
• Utilize Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), McAfee Endpoint Encryption Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tool.
• Skilled using Burp Suite, Checkmarx, HP Fortify, SecureAssist, WAS, NMAP, Havij, DirBuster for web application penetration tests.
• IPS IDS / Application Filter / Web Filter Configurations, IDS/IPS Signature for various vulnerability.
• Supported for Security Operations Center (SOC). Monitor security system and diagnoses malware events to ensure no interruption of service. Identify potential threat, anomalies, and infections and provide report to the customers
• Provided solutions to team by creating in-house utilities when needed to save time on efforts spent in scripting / Analysis / log analyzer (development / repeatability)
• Cyber Security skilled with Incidence Response and Handling, Security Operation Centre (SOC), Firewall Operations, Risk Management, Malware Analysis, Intrusion Detection and Prevention System (IDS/IPS), Web Application Security, Unauthorized Access, Viruses and a wide range of Vulnerabilities and Threats.
• Conduct threat intelligence analysis on key areas of the Enterprise Defense in depth analytics, incident statistics and other relevant information in the creation of periodic threat intelligence reports.
• Experienced with DLP, Proofpoint, Trend Micro and Splunk Enterprise SIEM security tools to monitor network environment.
• Built out various capabilities including network monitoring, incident response, forensics, vulnerability management, penetration testing, malware reverse engineering and cyber threat intelligence analysis
• Network Admin, logging and securing network data using RSA Archer (TCP/IP data analysis).
• Used McAfee ePolicy Orchestrator to monitor and identify potential intrusions and attacks for the Cyber Security Operations Center (CSOC).
• Hunting within the network for potential threats based on intelligence reporting.
• Monitoring logRhythm dashboard for the suspicious alerts and provide efficient write-up for each alert.
• Using tools like LogRhythm in analyzing network, DLP email monitoring, Symantec SEP logs, firewall and proxy logs to determine the risk level of the alarms.
• Delivering comprehensive prevention, detection and response status using FireEye, Symantec, and Qualys software.
• Vulnerability Assessment of various web applications used in the organization using Burp Suite, and Web Scarab, HP Web Inspect.
• Utilized Tanium for Deployments, monitor, and analyze data throughout various networks.
• Administer Controls & Permissions to files using PowerShell commands through SCCM.
• Performing periodic vulnerability testing and assisting in remediation efforts.
• Identified, documented and investigated suspicious events in intrusion detection systems (IDS) and SIEM tools.
• Monitoring and analyzing network traffic, Intrusion Detection Systems (IDS) and Instruction Prevention Systems (IPS), security events and logs.
• Understanding of all CSOC and SCADA rules and policies
• Involved in firewall deployment and management in Azure such as Palo Alto, Azure Firewall
• Analyzed threats to corporate networks by utilizing SIEM products (QRadar, Splunk) to assess the impact on client environments.
• Assist with their global DLP program including multiple DLP solutions / Cloud Access Security Broker (CASB) security deployment.
• Worked in Security Incident and Event Monitoring SIEM platform - IBM QRadar, and Splunk.
• Provide proactive APT hunting, incident response support, and advanced analytic capabilities.
• Run vulnerability scans and reviews vulnerability assessment reports.
• Coordinates and assists with team on assigned daily SOC operations.
• Analyze and escalate events and incidents to SOC Analyst Level for response and resolution.

Confidential

SOC Analyst

Responsibilities:

• Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.
• Develop reports/alerting to meet SOC, clients and leadership requirements.
• Improved and expanded SOC L1 and L2 process documents.
• Configuration, troubleshooting, and management of Websense Data Security (DLP).
• Managed DLP solution which included configuring and fine tuning DLP filters. Took action on alerts generated off of DLP.
• Conducting Web Application Vulnerability Assessment & Threat Modeling, Gap Analysis, secure code review on the applications.
• Proficient in creating Virtual User Simulated Scripting, Execution, Monitoring and Analysis using load simulation tools (commercial / open source).
• Developed Application Security program (DAST and SAST) at the enterprise level to identify, report and remediate security vulnerabilities from applications deployed in development and production environments.
• Performed malware analysis including reverse engineering using disassemblers and debuggers IDA Pro, OllyDbg, as well as related tools and utilities.
• Troubleshooting system configurations and Python scripts to restore services, set Linux firewall rules and open ports to allow communication
• Remains current on cyber security best practices, news, issues, vulnerabilities and threats
• Supports activities related to the implementation and use of tools for insider threat intelligence gathering, analysis, and reporting.
• Recognized areas of improvement for CSOC visibility, incident management and Threat Hunting use cases
• Performed Vulnerability Assessments using - Kali Linux / Metasploit / BurpSuite / Paros / SQLmap and many open-source tools.
• Proficient in detecting application level vulnerabilities like XSS, SQL Injection, CSRF, authentication flaws etc both through automation and manual testing.
• Identified issues on session management, Input validations, output encoding, Logging, Cookie attributes, Encryption, Privilege escalations
• Provide tactical leadership during incident response for products within team portfolio, coordinating with executive committee, production support, cyber-security operations center (CSOC), and enterprise fraud management teams
• Participating during major incidents to support the primary Incident Manager with outage communications and logging incident timeline and other key information during an incident.
• Configures Smart Connectors on ArcSight Connector Appliance.
• Configuring and administering Arcsight loggers, ESM, and database systems.
• Processes vulnerability and threat data from a variety of internal and external sources to provide actionable intelligence to internal consumers.
• Create and implement Splunk Enterprise Security use cases for the Insider Threat team.
• Monitor network traffic off of QRadar SIEM and Sourcefire IDS tools for any suspicious activity.
• Experience in handling security events that affect VMware systems, applications, infrastructure, information and users using Splunk Enterprise Security.
• Bolstered End User Computing and Build Team capabilities by through utilization of malware reverse engineering cyber forensics expertise to establish baseline security analysis methodology for application inspection, hardening guidance and validation of newly added or modified Windows XP and Windows 7 workstation core builds.
• SIEM: Building software & application to enhance SOC operations and cohere Threat Intel interactions. Creating custom data visualization tools to interpret data correlated from event logs. Designing & implementing security content/use-cases on SIEMs, utilizing various event log sources. Delivering solutions, maintenance and support to currently deployed SIEM engines.
• Performed information security incident response and incident handling based on Working with multiple clients on Real time threat management using SIEM and solutions. Categorization and in accordance with established procedures
• Integration of different devices/applications/databases/ operating systems with SIEM.
• Monitors agencies sensors and SOC (Security Operation Center) systems for incidents and malicious activity.
• Analyze escalated email events including phishing and malware, and escalate as necessary
• Understanding and evaluating the cyber threat landscape, and assess what threats are most relevant to respective client
• Supplying actionable recommendations to other teams within the Cyber Security Center, to bolster cyber security efforts
• Managing indexes and cluster indexes, Splunk web framework, data model and pivot tables.
• Performed troubleshooting and/or configuration changes to resolve Splunk integration issues.
• Writing Splunk Queries, Expertise in searching, monitoring, analyzing and visualizing Splunk logs.
• Experience in alert handling, standard availability and performance report generation.
• Configured and scheduled Qualys Scanner in QRadar to perform scan on regular intervals
• Vulnerability Management by scanning, mapping and identifying possible security holes using Qualys Guard and Nessus scanner.

Confidential, Denver, CO

Clinical Treatment Counselor

Responsibilities:

• Clinical Treatment Counselor: worked with a therapeutic treatment team made up sociologists, psychologists, therapist, social workers, and counselors in diagnosing mental disorders for youth. Monitored and studied patient’s behavior, disorders, behaviors problems, and developmental disabilities using to identify symptoms in the Diagnostic and Statistical Manual of Mental Disorders. Work with you and their families. Problem solving and de-escalation skills used when needed.
• Compliance Audits: Conducted quarterly compliance audits to ensure proper maintenance clinical records, timely documentation, and ensuring regulatory compliance with patient’s privacy standards as associated to HIPPA polices. Supported the audit team with creating detailed Sarbanes-Oxley project plans, including resources, issue identification, resolution processes, communications, risk management, and status reporting.
• Client intake: entering information of new clients into the organizations database, gathering, and verifying information of new clients and updating database of the organization.
• Technical support: teaching co-worker and new employees how to use the organization application software. Also helping with desktop support maintaining and updating computers virus software. Troubleshooting technical issues related to the organization’s operating systems and database. Monitored CCTV, reviewed security cameras.