SUMMARY

• Cyber Security Engineer bringing over 8 plus years of experience in Cloud Computing, Incident Handling and response, Log Analysis, Security Information and Event management, Vulnerability Management.
• Diversified background in SOC operational challenges Perform Security monitoring, incident handling, log Analysis, Integrating Event Sources to SIEM, Customer Handling
• SSIM Symantec Log collection platform implementation, administration & management.
• Sumo Logic, Rapid7 and Splunk administration & management.
• Log Collector code develop parsing rules, field mapping to MSS schema.
• Project Management - SIEM- UAT, SOC projects, POCs, SIEM upgrades, SOC process improvements, Queue handling.
• Nessus/Rapid7 Vulnerability Scanner - run vulnerability assessment scan and provide reports based on requirements.
• EDR investigation/containment: Crowd strike, Tanium, Rapid7XDR and Ensilo.

TECHNICAL SKILLS

SIEM tool: ( SumoLogic, Rapid7, Symantec Log collection platform, Splunk(Monitoring) ), Symantec ARC, Responder Analysis.

EDR/Endpoints: Crowd Strike, Symantec Endpoint Protection, Ensilo, Tanium, Tanium Response, Cylance.JIRA, Etrack, Confluence, Artifactory, Slack, Stash, WebEx.

Ticketing Tools: HPSD & Proline ticketing tool, ServiceNow (SNOW).Wireshark, Putty, ping, nslookup, tcpdump, nmap, zenmapNetcool and Zenoss monitoring, collector parser tools, SQL studio, Kusto Query Language

MSS: Symantec MSS portal, Respond Software.

Email Analysis: Iron Scale (Email Phishing), Abnormal Security (Email Phishing), Proofpoint protection and TAP.

O365: O365 Protection dashboard, eDiscovery, Azure AD Security, Intune(MDM).Kali Linux, Nessus tool, Reg Explorer, FTP, SCP tools

IDM: Sailpoint, ARS

PAM: CyberArk

Voice & Telecomm: Install and configure avaya IP OFFICE, Install and Maintain the Asterisk VOIP, (Optical communication & copper communication), Knowledge in DSL, ADSL, G703, V.35 Modem, PRI, BRI modems. Install and configure the EPX systems.

Avaya Products: Video conference, MCU, Pathfinder, Gateway, and IP data networking (Switching). Avaya Scopia desktop and client.

Audio and Video: Install and troubleshoot the Video conferencing systems (Cisco, polycom, Lifestyle), Multiconferencing Unit (Cisco, Avaya), wide knowledge in AV connectors, mixers, Amplifiers, Bosch PA system controller, timer, conference system.

Others: Basic SQL queries, shell scripting, Computer Hardware, OS installation (windows and all distribution of Linux).

PROFESSIONAL EXPERIENCE

Confidential, SFO, CA

SR CYBER SECURITY ENGINEER

Responsibilities:

• Security Monitoring, Incident Handling, Incident Response
• Monitoring and analyzing security incidents, triage and escalate based on the incident criticality to the respective stakeholders with the next action and recommendations
• Monitoring the Email Phishing/spam activity, investigate the new phishing emails reported by email gateway/end users and mitigate them by doing the header analysis and dynamic URL analysis
• Administrating and monitoring the below tools

Confidential, COLUMBUS, OH

SR. CYBER SECURITY ENGINEER

Responsibilities:

• Security Monitoring, Incident Handling, Incident Response.
• Monitoring and analyzing security incidents, triage and escalate based on the incident criticality to the respective stakeholders with the next action and recommendations.
• Monitoring the Email Phishing/spam activity, investigate the new phishing emails reported by email gateway/end users and mitigate them by doing the header analysis and dynamic URL analysis.
• Creating/Monitoring the O365 alerts and mitigating them.
• Investigate and respond of suspicious communication, attacks, malware infections, brute force, anomalies/DOS/DDOS, host sweep attacks etc, and reach out the respective stakeholders with the next action and recommendations, providing a brief report for Root Cause Analysis (RCA) on any reported issues and present to the client.
• Analyzing security breaches to identify the root cause and manage the negative effects of an attack or breach, from minimizing the impact to altering security controls for future prevention and providing a complete RCA report for the breach/attack.
• EDR - Investigating/doing Forensic the incident using Crowd Strike, Ensilo and Tanium.
• Doing Active threat hunting using the IOCs that are collected from various intels.
• SIEM - Sumo Logic Implementation & Administration.
• Integrate Log sources to Sumo Logic SIEM, troubleshoot the collector and familiar with all logging mechanism such as Syslog, DB query, API, Log file, FTP etc..
• Run Log query, configure dashboards, creating use cases, alerts, and reports to meet operational and business needs, managing log relay server such as syslog-ng.
• Performing logs searches in Palo Alto, Proof point, Endpoints (Windows defender, Ensilo, McAfee), AWS guard duty, Cloud watch and cloud trial as part of incident response.
• Doing Malware dynamic/static analysis and report it to the client.

Confidential, SAN RAFAEL, CA

CYBER SECURITY ENGINEER

Responsibilities:

• SIEM - Splunk & Symantec LCP Implementation & Administration.
• Deploy Symantec Log Collection Platform in Azure, AWS, VM and Physical environments end to end and manage them on patching, upgrades and collectors troubleshooting.
• Add Log sources to Splunk/Qradar/Symantec Log Collection Platform.
• Run Log query, configure dashboards, creating use cases, alerts and reports to meet operational and business needs.
• Log forwarding agent installation and configuration - nxlog agent, Epilog, snarewin etc.
• Security Monitoring and Incident Handling
• Experience in monitoring and analyzing security incidents, triage and escalate based on the incident criticality to the customer.
• Investigate and respond of suspicious communication, attacks, malware infections, brute force, anomalies, host sweep attacks etc. Investigate logs via deep security (GIN).
• Analyzing and comparing log volume trends to detect misconfiguration anomalies/DOS/DDOS Identifying and providing a brief report for Root Cause Analysis (RCA) on any reported issues.
• Deployment of EDR for various customer, investigate the threat and doing containment if needed via ATP.
• Analyze spam and phishing email conduct vulnerability assessment and take necessary action, create awareness to the users. Provide technical assistance in fixing the vulnerabilities that was analyzed Log Collectors and testing:
• Involved in Log Collector UAT testing, New Platform upgrade testing before General Availability. Developed Log collectors with field mapping to MSS schema, regex pattern matching and parsing rules Managed Ticket handling tasks, to peers, Escalation handling and SPOC for technical issues.
• SOC projects, POCs, SIEM upgrades, SOC process improvements, UAT, Collector’s project, New Hire .

Confidential

JR. SECURITY ANALYST

Responsibilities:

• Set and Maintenance Network and network security devices (ROUTERS, SWITCHES and Firewalls), Analyzing security logs and mitigate the network threats.
• Installing and configuring VOIP and SIP software.
• Troubleshooting network issues.
• Sending agent’s Status Reports to Security Team.
• Monitoring and maintaining the network devices and connections.
• Network connectivity using V.35 and G.703 modem.
• Building wired networks and install/maintain the telecom devices and VPN routers.
• Configure and manage Apache web server, MySQL database, FTP and samba servers.
• Configure and manage DNS, DHCP servers in Red hat.
• Configure and maintain Host level security products like SCSP, SEP and IP tables.