SUMMARY

• Professional with 8+ years of extensive experience in the areas of Risk Analysis, SIEM, Endpoint Security, DLP, Network Security, Email Security, Web Gateway, Vulnerability Assessment, Pen testing, Windows Server, Domain technology, and Antivirus servers.
• Experienced with supporting Defense and Healthcare markets, detailed understanding of OPSEC procedures and requirements.
• Expert level skills with Linux servers, VMs and embedded devices.
• Created marketable capabilities currently in use using RaspberryPi and Arduino embedded boards.
• Authored white - papers and offered training for clients and colleagues.
• Cyber Intelligence, exploit development, identification, prevention, and remediation.
• Linux systems administration, Solaris administration, Windows Server administration
• Penetration testing, exploitation, security assessments of network switching routing equipment
• Protocol vulnerability analysis, hacking, verification & sandbox testing
• Expert in Vulnerability Assessment using Qualys, Nessus and Nexpose tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans andsecurityprocedures.
• Possess a well-balanced understanding of business relationships, business requirements, and technical solutions Continuous Integration, Configuration Management, Jenkins, Vagrant, Sonatype Nexus, RHEL Satellite, Docker.
• Database technologies Oracle/Mongo/SQL
• McAfee Enterprise AntiVirus, Host Intrusion Protection, McAfee e-Policy Orchestrator.
• Atlassian Administrator (JIRA, Confluence. Fisheye, Stash, Crowd)
• Operation of Cisco IOS, IOS XR, Qualcomm QXDM, QPST, QCAT, Gemalto CardAdmin, Ixia, SIEM tools
• EMM, Mobile Device Management debugging, device provisioning, SIM/CSIM/RUIM/USIM module provisioning
• Capability development and prototyping using RaspberryPi/2, Arduino, Teensy, BeagleBone, Gumstix
• Expertise in Gathering and analyzing metrics, key risk indicators and maintain scorecards defined within the area of informationsecurityto ensure our informationsecurityprogram is performing effectively and efficiently.
• Excellent knowledge of FISMA, HIPAA and NIST, PIA Compliance usage, rules and regulations.
• Expertise in performing Application Security risk assessments throughout the SDLC cycle.
• Understanding of data integration, network design, and database concepts.

TECHNICAL SKILLS

Networking: Packet Analysis (tcpdump, Wire shark), IDS (Bro, Snort), Splunk, Firewall, IDS/IPS, Access Control

Systems Administration: Active Directory, DNS, FTP, SSH, DHCP, SMB, HTTP, Virtualization

Vulnerability Assessment: Nmap, Nessus, Ettercap, Metasploit, Honeypots (honeyD, inetSim), BurpSuite, Nexpose, Acunetix, IBM App Scan, HP Web Inspect

End PointSecurity: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Symantec McAfee EmailSecurityGateways GUI & CLI, McAfee Network Data Loss Prevention, McAfee NITRO SIEMSecurityInformation and Event Management, Cisco Security (Cisco AMP Umbrella, Cisco Email Security),Fire Eye HX

Platforms/Applications: Continuous Monitoring Vulnerability Management, Web Application Scanning, Threat Protect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance, Solar winds, Nexpose, Rapid7 Event Management RSA Archer, Blue Coat Proxy, IBM QRadar, NTTSecurity, LogRhythm, Pen Test Tools Metasploit,KaliLinux

Standards & Framework: OWASP, OSSTMM, PCI DSS

SecuritySoftware: Nessus, Ethereal, NMap, Metasploit, Snort, RSA Authentication, PIA

Programming Languages: C, C++, Java, Python, JavaScript, PowerShell

Protocols: TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS, NetBIOS, SNMP, TLS

Domain Knowledge: Risk Management, BCP/DRP, ISO 27001, COBIT, SWOT analysis, Cryptography, Incident Response, Penetration Test, Risk Assessment, SC ADASecurity, SCADA Audits, SIEM, ITIL, NIST, FIPS

PROFESSIONAL EXPERIENCE

Confidential, Chicago, IL

Cyber Security Engineer/Analyst

Responsibilities:

• Establish a strong GRC (Governance, Risk and Compliance) practice to ensure adherence to best practice, regulatory requirements and ISO 27001.
• Adept with QRadar, Symantec PCAP, Symantec CloudSOC, PAN Firewall, PAN Wildfire, PAN TRAPS, PAN Relock, Fire Eye, Threat, Microsoft SCEP, Microsoft O365Securityand Compliance Portal, Proof Point,
• Working with McAfee epos for managing client's workstations for providing end pointsecurity.
• Facilitate implementations of informationsecuritypolicies, accountsecuritypolicies and standards for logical and physicalsecurity.
• Worked on SIEM, as well as solar winds, Symantec end to end pointsecurityfor malware detection and threat analysis.
• Experience with national, international, and/or sectorial cloudsecurityassurance/compliance regimes and frameworks such as Federal Risk and Authorization Management Program (Fed RAMP), Federal
• Performed system administration functions to create SSP, SCTM and documenting the security architecture.
• Reviewed security threats and implement effective countermeasures IAW established policies/regulations/directives.
• Analyzed network or system changes/reconfigurations for security impacts (performs risk analysis/assessment).
• Performed functions as required in support of the Confidential Instruction 8510.01 “Risk Management Framework (RMF).
• Performed privacy impact assessments and provide PII data security and monitoring and migration strategies.
• Identified potential vulnerabilities to cyber and. information security using penetration testing and red teams.
• Provided technologies for identification, modeling, and predictive analysis of cyber threats.
• Performed information assurance certification and accreditation analysis, security assessments.
• Provided recommendations to the Information System Security Managers to bring their systems into compliancy. Analyzed and document deficiencies in POA&Ms or requests prepared for Acceptance of Risk (AoR).
• Implemented and configured CASB solution including Netskope to secure the enterprise with a cloud.
• Tested and certified new software such as Tanium Protect (an access control software) and PEGA trouble ticketing software.
• Audit Support: Facilitated the PCI DSS external audit for the client, took charge of end to end co- ordination and support during the onsite assessment.
• Oversee the design and development ofsecuritysolutions and manage cross-platform integration of a range of on-premised and public cloudsecuritydesigns and configurations, Amazon Cloud Front and Amazon Route 53.
• Troubleshooting day to day issues in IT infrastructure in Business Environment tools like Splunk, Arc Sight, Solutionary, PIA, Log Rhythm, SCCM, Altiris, LANDesk, Big Fix, McAfee/Symantec.
• Automated DLP Incident metrics using Splunk. Developed monthly, weekly metrics and dashboards using Splunk.
• Provided leadership in architecting and implementingsecuritysolutions towards Qualys and SIEM tools like Splunk, Arc Sight, Solutionary, Log Rhythm, SCCM, Altiris, LANDesk, Big Fix, and McAfee/Symantec.
• Configured Advance Cyber Ark integration with AD through LDAP, 2factor authentication & email integrations.
• Utilizing Tanium EndpointSecurityto create reports to resolve various informationsecurityissues.
• Experience with Risk assessment, Cobit I help Malware Analysis.
• Coordinates closely with disaster recovery and datasecurityteams.
• Enhancing Risk culture across the organization based on COSO framework. Applying and implementing COSO framework across organization
• Allocate/coordinate work within a team/project. Provides value input into risk reports. Presents reports to the business areas and CTS management.
• Working as Device Management in-charge to provide technology support, install, maintain, upgrade, and troubleshoot server's issues, networks, othersecurityproducts, providing solutions to complex hardware/software problems.
• Working as a dedicated resource for a Scrum Project to provide timely firewall support and configuration for ongoing high priority Scrum Projects.
• Conduct daily IDS analysis/monitoring for potential compromise, intrusion, deficiency, significant event or threat to thesecurityposture andsecuritybaseline and numerous activities against spam.
• UtilizeSecurityInformation and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools
• Implemented multiple tools including Symantec DLP, and QRadar SIEM.
• Deploying and configuring McAfee products for client. Providing SME for McAfee suite of products like McAfee epos, McAfee Endpoint Encryption, McAfee DLP Endpoint
• Manage IBM QRadar configuration files like inputs, props, transforms, and lookups. Upgrading the IBM QRadar Enterprise andsecuritypatching.
• Leading a SOC team forcyberincidence and compliance towards PCI DSS, NIST framework.
• Installed, configured and administered Splunk Enterprise Server and Splunk Forwarder on Red hat Linux and Windows servers.
• Configuration and Maintenance of MPLS between satellite locations and Data center. Rule Management for MPLS routers.
• Tracks all the incidents happened in all the stores and used for recovery and settlements using RSA Archer.
• Experience with SIEM platforms (Splunk, Qradar, McAfee/Nitro, Arc sight, Log Rhythm, Carbon Black).
• Administration experience of Cyber Ark vault with Safe creation, integration with LDAP and other authentication methods & Creation of policies and reports in PVWA.
• Experience in analyzing the logs and Trouble Shooting issues in Integration of other applications using CA Site Minder (Access Management) and Identity Management tools along with LDAP and Web-server agents and Site minder federation services.
• Projects that installed, deployed and/or maintained multiplesecuritysolutions forsecuritytools such as Nexpose Rapid 7, Comodo, Qualys, and threat stop.
• Installation and configuration of Cyber Ark Vault, Password Vault Web Access (PVWA), Central Password Manager (CPM) and Privileged Session Manager (PSM) in Prod and PIA.
• Working on theSecuritytools like DeepSecurity, HIPPM, Nessus, and Symantec Control Compliance Suite 11.

Confidential, Dallas, TX

Cyber Security Engineer

Responsibilities:

• Developed custom SIEM deliverables in Splunk/McAfee/QRadar/ArcSight to meet customer needs in a variety of domains: IT security, financial, IT ops, human resources, physical security, etc.
• Design, development, implementation, tuning and testing of standard and nonstandard content for Mcafee SIEM (Nitro).
• Perform Digital forensics and Incident Response (IR) using tools Autopsy, Magnet, Stinger, etc. 28 DOL agencies
• Served as the primary SME for RSA SecurID and all multi-factor authentication products including Azure MFA.
• Maintained GIT repositories, branches and tags and Experience in Administering GITHUB repository.
• Played a key role in deploying Symantec Endpoint Protection Manager and clients on a closed network
• Worked as a PCI-DSS consultant to perform a 3rd party audit.
• Establish and maintain an IT Compliance program for Financial Security Infrastructure team that minimize risks to IT objectives through effective, efficient, scalable, and cost-effective design and operation of controls, including Sarbanes Oxley (SOX), ITGC (IT General Control) using COBIT framework, and other domestic and international compliance requirements.
• Worked on projects moving to cloud services such as Azure, Office 365 and Amazon Web Services (AWS).
• Interacted with Cloud Service Provider (CSP) to conduct Incident Response (IR) and Contingency Plan (CP) exercises for Disaster Recovery Plan (DRP) and procedures.
• Expertise in development of Information Security Programs based on frameworks such as NIST, NIST, NIST, ISO 27002, COBIT 5.0, FFIEC, GLBA, SOX, PCI & PII with IT Risk drivers KPI's and KRI's to ensure Financial regulatory compliance and data security.
• Conduct internal and external security audits based on standard cybersecurity frameworks from ISO 27002, COBIT, NIST, OWASP and Cloud Security Alliance
• Worked extensively in Configuring, Monitoring Elk,Extrahop.
• Built proof of concept (POC) for Localization to use AWS for some transcoding workloads. AWS services used were EC2, S3, Lambda, Elastic Transcoder. Second phase would be to add Captions and Digital Rights Management (DRM).
• Assessment guidance/standards used; NIST SP, NIST, NIST, ISO27002, ISO27005, to ensure regulatory compliance and proper assessment of risk.
• Develop documentation for new/existing policies and procedures in accordance with Risk Management Framework (RMF), NIST SP requirements.
• Used GZIP with AWS Cloud front to forward compressed files to destination node /instances.
• Dynamic monitoring and analysis of Intrusion Detection Systems (IDS) to identify security issues for remediation. Analyze, recognize, correlate, and report any potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information from AccelOps SIEM, Snort logs and Checkpoint FW logs.
• Consulted with business and technology partners to create and provide security recommendations and best practices.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools, SSL/TLS, SOAP/XML, TCP/IP, HTTP and ddexpertise in open ssl. Moreover Experience in deploying and administering Dynatrace, APM Tools like Synthetic, DCRUM, UEM, & AppMon.
• Managed Cyber Security threats through prevention, detection, response, escalation and reporting in effort to protect Enterprise IT Assets through Computer Security Incident Response Team (CSIRT).
• Responsibilities for CSIRT included SIEM, Context Filtering, Web Security, Incident Tracking, IPS/IDS and
• Participate in design efforts for network security related portions of new applications along with application development areas and the network design for disaster recovery efforts.
• Experience spans over SIEM, Threat Intelligence, Penetration Testing and Vulnerability Assessment, Security Architecture, PCI-DSS and Security Research.
• Provide expertise with incident response, security event monitoring, vulnerability management, asset security compliance and data loss prevention utilizing McAfee Nitro (SIEM), McAfee ePO, McAfee DLP.

Confidential, Chicago, IL

Cyber Security Analyst

Responsibilities:

• Responsible for detection and response to security events and incidents within global fortune 500 client networks; utilizing Arc Sight, Splunk, Tipping Point, Virus Total, IPVOID, Fire Eye, Wire shark, etc. To gather, analyze, and present forensic evidence of cyber malware and intrusions.
• Review System and firewall logs based on individual preset client policies, rules, and standards; also review all host activity for specified timeframe.
• Work directly with ESM engineers and Account Information Security Officers to adjust alert criteria
• Coordinated escalations to Forensic Analyst Team with recommendations for remediation.
• Acted as liaison and interacted with leadership, account management teams, and engineers to further define the risk and remediation plan.
• Evaluated and fulfilled requests from the Account Information Security Risk & Compliance Officers for each client and aligned with the appropriate run book procedures to attain Client Service Level Objectives and Agreements.
• Adjusted network alerts temporarily to suppress excessive alerts prior to engineers making permanent threshold changes.
• Facilitated and operated direct telephone communication in order to perform the immediate required escalation requests or engagements of required teams to support clients.
• Researched McAfee Threat Center, Symantec, and other vulnerability and threat libraries to identify and formulate remediation plans.

Confidential, Dallas, TX

Jr.SecurityAnalyst

Responsibilities:

• Resolved all LAN/WAN connectivity other issues.
• Analyze Vulnerabilities reports from various scans and assessments by acting on high risk / critical Vulnerabilities to other Vulnerabilities.
• Management of systemsecurityand file systemsecuritypolicies and analyzing systems to determine ways of improving performance
• Conducting routine checks, warranty claims, hardware failure, replacement, software up-gradation, download patches and hotfixes.
• Infrastructure deployment from the very basis to complete function and InformationSecurityPolicy as per PCI-DSS Audit Compliance.
• Review controls related to various business process of entity for compliance with COSO framework.
• Responsible for conducting structuredsecuritycertification and accreditation (C&A) activities utilizing the Risk Management Framework and in compliance with the Federal InformationSecurityModernization Act (FISMA) requirements
• Performing OS updates and upgrading application.
• Used Splunk to monitoring/metric collection for applications in a cloud-based environment.
• Maintaining all shared resource and monitor free and utilized disk space.
• Responsible of setting up projector, audio/video devices for meetings and lectures.
• Keeping and tracking inventory of all loaner laptops issued to students and staffs.
• Responsible of writing and updating training manuals.
• Install and configure the Qradar SIEM including all its components, local & or remote log collectors.