SUMMARY

• Cyber Security Analyst/Engineer with good experience in Implementation, Administration, Operation and troubleshooting of enterprise data networks
• Configuring Policies and Maintaining PaloAlto Firewall & Analysis of firewall logs
• Implemented Zone Based Firewalland Security Policies on the PaloAlto Firewall
• Hands on experience with Qualys Guard vulnerability management tool
• Experience in developing the vulnerability assessment report for the vulnerabilities and non - compliance issues that were detected. Recommend possible mitigating measures (Rapid7, Nessus, and Qualys Guard)
• Knowledge of building a python script for a HTTP Basic authentication by importing base64 encode
• Information Security Analyst with an active secret security clearance of proven IT experience and professionalism. Possesses a comprehensive background in IT Administration, network systems, and cyber security practices, accompanied by accomplished measurable results
• Experience in planning, developing, implementing, monitoring and updating security programs, and advanced technical information security solutions, and sound knowledge in SOX and PCI compliance requirements and understanding of NIST and ISO standards
• Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis
• Experience as a Splunk Engineer configuring, implementing and supporting Splunk Server Infrastructure across Windows, UNIX and Linux environments
• Configure, maintain and design network security solutions including firewalls (CheckPoint, Confidential ASA and Fortinet), IDS/IPS ( Confidential, CheckPoint and Sourcefire), VPN, ACLs, Web Proxy, etc.
• Hands on experience on WebApplicationFirewalls and attack mitigation techniques
• Work closely with clients Information Assurance analysts to oversee the preparation of a comprehensive and executive Certification and Accreditation (C&A) packages for approval of an Authorization to Operate (ATO); generate, review and update System Security Plan (SSP) againstNIST andNIST requirements
• Establish a strong GRC (Governance, Risk and Compliance) practice to ensure adherence to best practice, regulatory requirements and ISO 27001
• Facilitate implementations of information security policies, account security policies and standards for logical and physical security
• Installed, configured and manage Splunk Enterprise Security.
• Experience in Security Information and Event Management Tools like IBM QRadar, Splunk and RSA Archer.
• Knowledge of Process Explorer,Python, HTML
• Perform Risk Assessment, Gap analysis & create Risk Mitigation plan
• Good experience to provide remediation consultation to organizations and system owners, ensuringvulnerabilitiesare remediated
• Modernizeassessmenttools by researching emerging technologies and outlining their procurement to increase productivity and effectiveness
• Hands on experience onEndPointSecurityusing Symantec products.
• Having good understanding and knowledge for implementation of FISMA guidance/governance
• Led an effort to create a new process in filtering and manage IPS events by automating the process and streamline Security Operation Center (SOC) triage efforts.
• Managed HBSS McAfee ePO, configured HIPS 8.0 policies, verified and created server tasks, monitored events, created and enforced DLP policy, managed Rogue System Detection
• Support deployment of all HBSS point products and updates to include McAfee agent, HIPS, VSE, DLP. Perform HBSS policy tuning, HIPS, IPS tuning, and all related tasks
• Experienced with Proxy and Malware-mitigation (BlueCoat, Radware/ApplXcel/Alteon, FireEye), threat detection and data leakage protection (Network DLP/Vontu/Symantec, BlueCoat Security Analytics
• Dedicated, multifaceted, and detail-oriented professional with progressive experience in Cybersecurity operations; complemented with wide-ranging knowledge of networking technologies such as firewalls, switches, and routers
• Analyzed the Policy rules, monitor logs and documented the Network/Traffic flow diagram of the Palo Alto firewalls placed in the Data Center with MS Visio
• Having good working experience withCarbonBlack- Response performing threat hunting and incident response
• Management and administration of Juniper and ASA Firewalls at various zones including DMZ, Extranet (Various Business Partners) and internal

TECHNICAL SKILLS

Cyber Security: STIX, TAXII, Trustar

Endpoint Security: Crowdstrike, Carbon Black

Operational Technology (OT): SCADA, ICS

Data Loss Prevention (DLP): Digital Guardian

Firewall: Checkpoint, PaloAlto

SIEM: Splunk

Load balancer: BigIP F5 LTM and GTM

Network: Confidential Routers, Switches

Infrastructure Management: Pandora FMS

Network Security: Snort

Database: My SQL

Security Tools: Splunk ES, McAfee Vulnerability management solutions, BurpSuite, OpenVAS, Nessus, Qualys, Solarwinds, Forescout

Programming Languages: Java/J2EE, JSP, PHP, HTML, Python

Operating Systems: Windows, Linux

Cloud Technologies: Amazon Web Services (AWS) SDK, Dynamo DB, Lambda, Elastic Beanstalk

Application Servers: Apache Tomcat, AWS Lambda, AWS Elastic Beanstalk

Virtualization Services & Technologies: Amazon EC2

PROFESSIONAL EXPERIENCE

Confidential, RICHARDSON-TX

Splunk /Cyber Security Engineer

Responsibilities:

• Testing Crowdstrike Falcon sensors under POC and installing as an end-point security solution on RHEL servers
• Hands on experience in implementing Security Orchestration and Automation Solutions such as Phantom, Demisto
• Measuring performance metrics of CPU, Memory Disk space utilization before and after the installation of Crowdstrike sensors using Splunk
• Work with the Demisto SOAR Teams to resolve the issues and write Automation Scripts
• Configuring rules and MaintainingPaloAlto Firewalls& Analysis of firewall logs using various tools
• Implemented Positive Enforcement Model with the help of PaloAlto Networks.
• Exposure towild firefeature of PaloAlto.
• Provided leadership in architecting andimplementingsecuritysolutions towards Qualys and SIEM tools like Splunk, Solutionary and LogRythm
• VulnerabilityManagement Configured Qualys,NessusGuard Tool forVulnerabilityAnalysis of Devices and Applications.
• Create and Manage Private Lab with Dell PowerEdge and AWS to host Splunk Clustered Environment
• Making API calls using PYTHON scripts to retrieve data from cloud and writing on the disk and then On-boarding it into Splunk using file monitoring inputs
• Use Splunk Search Processing Language (SPL) and Regular expressions.
• Creating, maintain, support, repair, customizing System & Splunk applications, search queries and dashboards.
• Deploy new Splunk systems and Monitor Splunk internal logs from the monitoring Console (MC) to identify and troubleshoot existing or potential issues
• Creation of indexes, forwarder & indexer management, Splunk Field Extractor IFX, Search head Clustering, Indexer clustering, Splunk upgradation.
• Schedule scans by making Asset Groups and Scan Schedule Option in Qualysguard and record issues occurring during scan. Also, schedule ad hoc scans using Option Profile.
• Integrated different feeds to Splunk Environment
• Track malware events daily through Sophos, Zscaler, and Splunk
• Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, Solutionary, LogRhythm, SCCM, Altiris, LanDesk, BigFix, McAfee/Symantec
• Performing continuous controls monitoring of assets using Panaseer
• Designing and implementing Splunk - based best practice solutions.
• Push configurations and updates to multiple Splunk Enterprise instances via the Splunk Deployment Server
• Writing automation scripts in python and bash
• Managing Carbon Black - Protect (CBp) as an anti-virus and malware protection endpoint security solution.
• Performing application whitelisting using CBp to ensure users are not able to install or use unauthorized and potentially unsafe applications
• Collaborate across the entire organization to bring Splunk access to product and technical teams to get the right solution delivered and drive future innovation gathered from customer input
• Monitor the performance of Splunk via the Splunk Monitoring Console

Confidential, DALLAS TX

Information Security Specialist/ Splunk Engineer

Responsibilities:

• Designed an Operational Technology (OT) Network security solution based on the required template in place of an existing Company Network (CN) addressing risk and availability of SCADA-ICS in a pharmaceutical/healthcare organization
• Writing complex tasks such as ETL jobs to integrate RSA Archer with Nessus, Rapid 7 and Qualys Vulnerability Scanners
• Automated DLP Incident metrics using splunk. Developed monthly, weekly metrics and dashboards Using splunk.
• Assessed the current as-is architecture of the company and designed a to-be architecture proposing implementation of OT security features
• Performing Qualys Vulnerability scans and manage reporting of all infrastructure assets.
• Supports, Monitors and manages the SIEM environment. Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis
• In depth experience with internal, external, network, & application vulnerability assessments utilizing QualysGuard and FireEye.
• Configured VLAN trunking with PaloAlto interface.
• Integrating Panorama with PaloAlto firewalls, managing multiple PaloAlto firewalls using Panorama.
• Troubleshooting the issues which are related to Splunk, logger, Oracle and Conapps performances
• Developed and maintained scripts in Python or JavaScript
• Provided security representation to business and technology solution projects to identify, evaluate, design and implement solutions that are secure
• On-boarded 6000+ devices to Splunk for monitoring.
• Integration of different devices data to Splunk Environment and also created dashboards and reports in Splunk.
• Installed Splunk Common Information Model add-on is packaged with Splunk Enterprise Security, Splunk IT Service Intelligence, and the Splunk App for PCI Compliance.
• Proficient in writing Splunk queries, dashboards and log analysis.
• Assesses the risk posture of third-party vendors to assure optimal controls are in place and limit exposure
• Used Pandora FMS monitoring solution to find and reach out to system and product owners to discuss criticality of their applications

Confidential, CHARLOTTE, NC

Information Security Analyst/ Splunk Admin

Responsibilities:

• Perform analysis and triage on activities and incidents within the data protection environment including, but not limited to Digital Guardian DLP
• Involved inDigital Guardian DLPdata encryption, monitoring/reporting and remediation of internal and external threats/vulnerabilities SME (Subject matter expert) on SIEM and writing detection rules on the platform Scripting or programming experience in Python and PowerShell.
• Monitor client SIEM devices (Splunk) for potential security events that could compromise the client's environment.
• Worked along with theWindowsSystem Administrator for securing theWindowsEnvironment.
• Coordinated efforts with DLP engineering and escalations to cyber investigations
• Provide incident and policy analysis for existing controls and help drive expansion for greater data visibility and loss prevention technologies in the information security environment.
• Configuring, Administering, and troubleshooting the Checkpoint, PaloAlto, ImpervaandASAfirewall
• Configuring rules and maintaining PaloAlto firewalls and analysis of firewall logs using various tools
• Actively monitored and responded to activity impacting various enterprise endpoints facilitating network communication and data handling McAfee End Point Security, DLP, Splunk
• Use Splunk Security Manager to identify threats and assigned category
• Developed customSIEMdeliverables in Splunk to meet customer needs in a variety of domains like security, financial services, IT Ops, human resources, physical security, etc.
• Conducting Security assessment of various security events through Splunk, Secure works platform
• Responsible for troubleshooting and resolving firewall software and hardware issues, including VPNs, connectivity issues, logging, cluster configurations, and hardware installations for Checkpoint firewalls
• Performed application security and penetration testing using IBM Appscan

Confidential, LEXINGTON, KY

Information Security Engineer

Responsibilities:

• Developed customSIEMdeliverables in Splunk to meet customer needs in a variety of domains: IT security, financial, IT Ops, human resources, physical security, etc.
• Perform Digital forensics and Incident Response (IR) using tools Autopsy, Magnet, Stinger, etc. 28 DOL agencies
• Played a key role in deployingSymantecEndpointProtectionManager and clients on a closed network
• Worked as a PCI-DSS consultant to perform a 3rd party audit
• Involved inDLPdata encryption, monitoring/reporting and remediation of internal and external threats/vulnerabilities
• Responsible for identifying and validating indicators of threat from multiple Intel sources (i.e. Crowdstrike, FS-ISAC, Bluecoat, etc.) against internal assets to determine an accurate threat landscape and remediation targets (i.e. Splunk endpoint analysis, Vulnerability analysis (Qualys, Nessus, Metasploit).
• Designing and maintaining production-quality Splunk dashboards.
• Played an Integral role in migrating company's security firewall environment from FortiOS 4.0 firewall platform to Fortigate FG 100
• Designing a secure environment for theWindowsServers and securing Dell Sonic TZ600 series Firewall.
• Collaborate with Internal audit, External Audit, SOX PMO in a regular cadence, discuss changes to the control environment and prepare effective, efficient compliance and substantive test plans and SOX Calendar
• Built proof of concept (POC) for Localization to use AWS for some transcoding workloads. AWS services used were EC2, S3, Lambda, Elastic Transcoder. Second phase would be to add Captions andDigitalRightsManagement(DRM)
• Expert in installing SPLUNK logging application for distributed environment
• Enterprise Roles review withPowerShell
• Manage project task to migrate from Confidential ASA firewalls to PaloAlto firewalls
• Exposure to wild fire feature of Palo Alto.
• Performcyberthreat intelligence (CTI) on the logs/data received from multiple sources including network security,endpointand vendor devices to identify indicator of compromise (IOC) or vulnerabilities using exhaustive cyber-attack framework
• Vulnerability Assessment and Management (Nessus & Qualys), Security risk analysis; reporting using Splunk
• Involved in integration of Splunk with Service Now, Active directory and LDAP authentication
• Assessment guidance/standards used; NIST SP, NIST, NIST, ISO-27002, ISO-27005, to ensure regulatory compliance and proper assessment of risk
• Generated property list for every application dynamically and writing automated testing scripts usingPython.
• Used GZIP with AWS Cloud front to forward compressed files to destination node/instances
• Consulted with business and technology partners to create and provide security recommendations and best practices
• Assisted CSO with completion of established goals, objectives, and streamlining of internal office procedures
• Conducted onsite penetration tests and investigation from an insider threat perspective
• Performed host, network, and web application penetration tests
• Configured and maintained aRedHatLinux file server, which used Samba to serve files to Windows clients.
• Support the reporting and outputs from cross-functional teams related to the vendor risk assessment process
• Provide IT Governance, Risk, and Compliance (GRC) service to fulfil client requirements
• Developing in-house automation projects in Python,PowerShellfor the consumption of SOC.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS/IPS), forensics, sniffers and malware analysis tools, SSL/TLS, SOAP/XML, TCP/IP, HTTP and expertise in open SSL. Moreover, Experience in deploying and administering APM tools like Dynatrace and AppDynamics
• Managed Cyber Security threats through prevention, detection, response, escalation and reporting in effort to protect Enterprise IT Assets through Computer Security Incident Response Team (CSIRT)
• Experience in Bluecoat proxy, McAfeeEndPointsecurityanalytics.
• Responsible for troubleshooting and resolving firewall software and hardware issues, including VPNs, connectivity issues, logging, cluster configurations, and hardware installations for Checkpoint and Palo Alto firewalls
• Increased productivity by fine-tuning their IPS security policies allowing analysts quickly identify threats on the network. Tune HIPS and VirusScan policies to support mission requirements as needed
• AWS CLI Auto Scaling and Cloud Watch Monitoring creation and update
• Participate in design efforts for network security related portions of new applications along with application development areas and the network design for disaster recovery efforts
• Experience spans over SIEM, Threat Intelligence, Penetration Testing and Vulnerability Assessment, Security Architecture, PCI-DSS and Security Research
• Maintained aWindows2011 Small Business Essentials Server
• Provide expertise with incident response, security event monitoring, vulnerability management, asset security compliance and data loss prevention utilizing McAfee Nitro (SIEM), McAfee ePO, McAfee DLP
• Advise and implement Symantec Best Practices and configuration management in the environment.
• Working with a team where my primary responsibility is planning, installation, configuration, performance tuning, problem determination, and administration of a Security Information and Event Management (SIEM) solution
• Initiated a Third Party Vendor Risk Assessment Program
• Used virtualization tools such as VMware and Virtual Box to build server infrastructure for ArcSight security solutions
• POC and assisted in deployment for Bluecoat Security Analytics across BOA Data centers and remote offices, scripting and data extraction for SSL/TLS CPS utilization, malware, firewall and F5 capacity management and high availability planning
• Design and implement a vendor risk assessment scorecard - to establish a risk benchmark, identify areas needing improvement, and as a periodic tool to assess overall risk status
• Configuring and implementing F5 BIG-IP, LTM, GTM load balancers to maintain global and local traffic

Confidential, NASHVILLE, TN

Network Engineer

Responsibilities:

• Responsible for installation and maintenance of new network connection for the customers
• Configured all the required devices and equipment for remote vendors at various sites and plants
• In-depth expertise in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems
• Scheduled enterprise vulnerability scans to ensure there is no impact on client facing or critical information assets. (Internal Nessus, Nexpose and Metasploit scans in coordination with the enterprise Red Team, and external scans (Qualys)).
• Scripting and development skills (Perl, Python) with strong knowledge of regular expressions.
• Design and Implementation of Bluecoat Proxy Infrastructure. Upgrading Radware Appwall WAF (Web Application Firewall) and fixing hot fixes and patches
• Supported nationwide LAN infrastructure consisting of Confidential 4510 and catalyst 6513
• Worked with Confidential routers 2600, 2900, 3600, 3800, 7200 and 7600and switches 2900, 3560, 3750, 4500, 4900, 6500
• Implementing various policies as per client compliance to restrict web access, troubleshooting proxy related access issues and generate Internet access reports using Websense web proxy
• Upgrade, managing and troubleshooting various issues with Confidential IPS