SUMMARY

• 6+ Years of professional experience as Cyber Security Analyst. Experience in managing and monitoring Real Time Logs in the Security Operation and implementation of SIEM via IBM Qradar and McAfee ESM.
• Knowledge in Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Database Activity Monitoring (DAM), Data Loss Prevention (DLP), Identity and Access Management (IAM) solutions.
• Proven ability in identifying various network security vulnerabilities and explain in detail how to remediate the identified vulnerabilities.
• Expert level understanding ofSIEMImplementation &Integration with other N/W devices and Applications and the troubleshooting work.
• Successful Integration of Palo Alto Firewall with the Panorama and Skybox, and implementation experience on Check Point Firewalls.
• Responsible for monitoring & acquiring data feeds from a variety of technologies for Firewalls, BlueCoatproxy, Windows, Linux, RSA, etc.
• Experience with SIEM including adding data source, infrastructure maintenance and software update support.
• Maintain QRadar components like Console, Event Processors, Flow processors, Event Collectors, Flow collectors for Log collection and monitoring.
• Working knowledge of TCP/IP Networking and knowledge of the OSI model.
• Security Incident handling, SIEM using RSA Envision and IBM Qradar products Identifying the critical IT infrastructure that requires 24/7 monitoring.
• Experience in configuration and setting up Cisco routers to perform functions Confidential the Access, Distribution and Core layers
• Good Knowledge and understanding of Software Defined Networking (SDN) and Cisco ACI Technology
• Network security policies like NAT, PAT, VPN, DMVPN, Route - maps and Access lists.
• Experience with different Network Management Tools and Sniffers like Wireshark (ethereal).
• Experience in planning, developing, implementing, monitoring and updating security programs, and advanced technical information security solutions, and sound knowledge in SOX and PCI compliance requirements and understanding of NIST and ISO standards.
• Implementation of IBM Guardium data activity Monitoring (DAM) solution to increase security posture with protecting ePHI, PII and PCI.
• Worked with IBM Infophere Guardium technical support on problem resolution.
• Creating Tickets to the respective team to fix the vulnerability (High/Medium) and Providing guidance to the respective team to fix the vulnerability.
• Experience in Handling cybersecurity risk management framework assessments; ensures enterprise cybersecurity policies fully support all legal and regulatory requirements and ensures cybersecurity policies are applied are applied in new and existing IS resources

TECHNICAL SKILLS

Information Security: SIEM - Qradar, Splunk, McAfee ESM.

Security/Vulnerability Tool: Snort, Wireshark, Websense, BlueCoat proxy, Palo Alto, Checkpoint, Symantec, Qualys Vulnerability Manager, FireEye HX, Sophos, Sourcefire.

Networking Protocols: TCP/IP, SSH, SSL, DNS, SNMP, ICMP, RIP, OSPF, BGP, TACACS+

OS: Red Hat Linux 4.x/5.x/6.x, Windows 10/8/7/XP/NT/98, Virtualization(VMware).

Languages: C, LINUX Shell scripts, JAVA, Python, SQL, Oracle.

Web Tools and Languages: Java Script, JDBC, XML, HTML5.

Ticketing System: ServiceNow, Remedy

PROFESSIONAL EXPERIENCE

Confidential, El Segundo, CA

Sr. Security Engineer

Responsibilities:

• Perform day to day monitoring of information security appliances, including reviewing, analyzing and interpreting cyber-alerts and events from various systems to identify cyber intrusions or data loss,
• Escalate confirmed suspicious events and / or system compromises for review and follow-on escalation for containment, eradication, and recovery,
• Services monitored include, but are not limited to SIEM, IDS/IPS, Firewall, Cloud Environments, and Data Loss Prevention (DLP) SMTP and Web.
• Performing static analysis on phishing emails and associated malware,
• Conduct tuning engagements with security engineers to develop/adjust SIEM rules and analyst operating procedures.
• Working in Security Incident and Event Monitoring SIEM platform - IBM Qradar, McAfee ESM, and Splunk.
• Responsible for design and development of multiple security operations in SIEM and endpoint protection and data protection.
• Experience in integrating the log sources with IBM Qradar.
• Knowledge in creating, developing, and documenting SIEM implementation. worked with Qradar and having knowledge on investigations, building and tuning content.
• Involved in operational expansion and tuning of developed systems as necessary.
• Technical expertise with security infrastructure architecture design and management. troubleshooting the log collection from networking devices, operating system, databases, security applications and more.
• Lead implementation of IBM Guardium Data Activity Monitoring (DAM) solution to increase security posture with protecting ePHI, PII, and PCI.
• Administers Guardium to detect threat vectors, vulnerabilities, and access to confidential data that may pose potential breach to Scripps data assets. Monitors internal access to data assets to determine potential theft.
• Implementation and Integration of Servers (Windows, Linux and Unix), Security devices like Firewall, IPS, IDS, WAF, Nessus, McAfee Proxy, Symantec Endpoint Protection).
• Creating Vulnerability Assessment dashboard using Rapid7 that aggregates data across multiple services to identify critical threats and proactively mitigate risks.
• Report/Track the vulnerability reports periodically and submit the report to management.
• Experience in Vulnerability management, implementing, executing, and monitoring vulnerability scans using Nessus, OpenVAS, and other vulnerability tools.
• Create and implement standard operating procedures and processes to help streamline investigations, daily monitoring and analysis research to ensure all analysts are effective and following the same guidelines.
• Developing processes and procedures around security event management.
• Performing investigation, analysis, reporting and escalations of security events from multiple sources including events like intrusion detection, Firewall logs, Proxy Logs, Web servers.
• Implementation and Integration of Servers (Windows, Linux and Unix), Security devices like Firewall, IPS, IDS, WAF, Nessus, McAfee Proxy, Symantec Endpoint Protection.
• Installed and configured Symantec Enterprise Anti-Virus. logging, monitoring and response concepts and technologies for cloud networks, corporate networks, and hosts in all environments
• Created DLP role-based access controls, DLP device policies, DLP application file access protection.
• Worked with project managers to ensure in corporation of security activities in all ongoing projects and to identify security impact of new release.
• Develop, implement, and maintain employee database for multiple departments.
• Working with global security team for the Server Compliance and risk management.
• Worked on OWASP TOP 10 attacks like, XSS, SQL Injection, CSRF, PHP Injection etc.
• Technical expertise in vulnerability assessment including vulnerability scanning and penetration testing with clear reporting, threat identification and action plans for remediation.

Confidential, Birmingham, AL

Network Security Analyst

Responsibilities:

• Managed, developed, streamlined, automated and resolved any incident management, process workflow, ticket escalation issues.
• Developed and operated computer imaging systems as well as mobile data computer configuration.
• Incident response investigator/handler for cybersecurity violations within the organizational footprint. working in Security Incident and Event Monitoring SIEM platform - RSA Envision.
• Monitor RSA Envision dashboards to keep track of real time security events, health of SIEM devices.
• Collecting the logs of all the network devices and analyses the logs to find the suspicious activities.
• Knowledge in analyzing, detecting, preventing malware with security analysis tools and compliance tools.
• Performed event and incident analysis to identify and classify cyber security incidents.
• Respond to Computer security incidents according to the computer security incident response policy.
• Investigate the security logs, mitigation strategies and Responsible for preparing Generic Security incident report.
• Created Compliance Security Baseline and Vulnerability Assessment dashboard for IBM Guardium Security for Database Server and Database Instances.
• Experience with large enterprise environment and possesses both deep and wide expertise.
• Working knowledge of privileged account management with in large enterprise environment.
• Responsible to preparing the Root cause analysis reports based on the analysis.
• Implementation and Integration of Servers (Windows, Linux and Unix), Security devices like Firewall, IPS, IDS, WAF, Nessus, McAfee Proxy, Symantec Endpoint Protection).
• Network Security (IDS/IPS, N/W Sniffing, Wireshark, TCPDUMP, NMAP).
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Responsible for monitoring & acquiring data feeds from a variety of technologies for Splunk (Firewalls, BlueCoat proxy, Windows, Linux, RSA, etc)
• Setup Integration of FireEye alert in other security systems.
• Setup Automation of FireEye alerts to block infected devices in other security systems.
• Secured company internet access using BlueCoat proxy.
• Performed event and incident analysis to identify and classify cyber security incidents.
• Monitoring various event sources for possible intrusion and determine the severity of threat.
• Hauling Ad hoc report for various event sources and, customized reports, and scheduled reports as per requirements.
• Responsible for maintaining McAfee IDS/IPS policies.
• Creates automated actions based on configured alerts. Reducing the effort and resources needed to react to items in the environment.
• Contribute to the security planning, assessment, risk analysis, risk management, certification, and awareness activities for system and networking operations.
• Running vulnerability & compliance scan and report vulnerabilities mitigate risks associated with vulnerabilities reported.
• Expertise in windows server administration along with windows architecture design.
• Conducted network vulnerability assessments to identify system vulnerabilities.
• Created custom scripts to save time & labor cost on attestation of 50,000 + accounts
• Collaborated with other departments in investigations for HIPPA & PCI violations
• Provide consultative services Confidential the time of PCI audits & reviews.
• Performed security audits and document investigation results, ensuring relevant details are passed to senior analysts.
• Provided daily hardware and software technical support for military computer and communications hardware, software and equipment created with ITSM remedy trouble ticket

Confidential, Norwalk, CT

Security Analyst

Responsibilities:

• Manage, review and Implement Security Access across the Network.Work on Projects, Audits and help maintain compliance with Security Best Practices within the Company.
• Manage, review and Implement Security Access across the Network.Work on Projects, Audits and help maintain compliance with Security Best Practices within the Company.
• Running vulnerability & compliance scan and report vulnerabilities mitigate risks associated with vulnerabilities reported.
• Experience in performing digital forensics and incident response using tools such as Mandiant Intelligent Response, FireEye Redline, Encase or other enterprise tools.
• Hauling Ad hoc report for various event sources and, customized reports, and scheduled reports as per requirements.
• Preparation of documents of all aspects of related efforts on intrusion analysis, which is submitted to higher officials to conduct audit and worked with various IT and business unit leads to ensure timely and accurate reports.
• Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.
• Provided technical administrative support for IBM Infosphere Guardium a real-time database security system designed to monitor the entire corporate DBMS infrastructure (Oracle, MySQL, MS SQL Server)
• Experience in Information Security Platform by providing support on known/ unknown vulnerabilities/ threats found via security devices/ product. Experience in developing & creating SIEM Procedures (SOP) documentation.
• Network traffic visualization to facilitate monitoring and trending analysis.
• Experience in Vulnerability management, implementing, executing, and monitoring vulnerability scans using Nessus, OpenVAS, and other vulnerability tools.
• Involved in configuring and troubleshooting Juniper Firewalls including UTM features like anti-virus, deep inspection (IDP), URL filtering and screening.
• Knowledge in Group Policy Security (GPO) and AD policy.
• Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Engineered Bluecoat policies to follow company's policies & procedures.
• Responsible for monitoring & acquiring data feeds from a variety of technologies for Splunk (Firewalls, BlueCoat proxy, Windows, Linux, RSA, etc) logging, monitoring and response concepts and technologies for cloud networks, corporate networks, and hosts in all environments.
• Develop, implement, and maintain employee database for multiple departments.

Confidential

Cyber Security Analyst

Responsibilities:

• Responsible for the creation of the logic to correlate attacks across multiple event sources and attempt to decide of the possible outcome.
• Participated in the product selection and installation of QRadar Security Information Event Manager SIEM consisting of multiple collectors and a high-performance MS SQL database.
• Dashboard / Enterprise dashboard customization for various team based on the log source type requirements.
• Experience in Handling cybersecurity risk management framework assessments; ensures enterprise cybersecurity policies fully support all legal and regulatory requirements and ensures cybersecurity policies are applied are applied in new and existing IS resources.
• Experience in integrating the log sources with IBM Qradar.
• Consulted with Rapid7 in performing testing, targeting all assets along with social engineering.
• Experience in Information Security Platform by providing support on known/ unknown vulnerabilities/ threats found via security devices/ product. Experience in developing & creating SIEM Procedures (SOP) documentation.
• Technical expertise in vulnerability assessment including vulnerability scanning and penetration testing
• Experience with large enterprise environment and possesses both deep and wide expertise.
• Knowledge in Group Policy Security (GPO) and AD policy.
• Created DLP role-based access controls, DLP device policies, DLP application file access protection.
• Foot printing, Scanning, Sniffing and monitoring Network activities by using Open source & commercial tools like (Wireshark, Nmap).
• Researched and explored different attack vectors/methods. Eg. SQL Injections, device vulnerabilities, slow and persistent attempts.

Confidential

IT Security Engineer

Responsibilities:

• Managed Cisco campus infrastructure to support the exchange of both integrated and separate multimedia information including voice, video and bulk data transfer. Expert knowledge working with TCP/IP and network routing protocols.
• Uses various tools to extract malware samples from email attachments and audits the raw code for URLs and Domains to explicitly block on the corporate proxy/firewall. This has greatly lowered our exposure to ransom ware.
• Uses various tools to extract malware samples from email attachments and audits the raw code for URLs and Domains to explicitly block on the corporate proxy/firewall. This has greatly lowered our exposure to ransom ware.
• Through constant monitoring of our SOC environment, audits security issues such as missing router ACLs, users improperly added to admin level groups, and device mis-configuration.
• Worked on implementation of different third-party security tools like Rapid7, Demistro and DUO.
• Creating Vulnerability Assessment dashboard using Rapid7 that aggregates data across multiple services to identify critical threats and proactively mitigate risks.
• Performed mitigations required to protect critical resources.
• Plan, organize, and/or lead remediation efforts as part of vulnerability management
• Utilizes tools such as Wireshark to analyses packet captures and diagnose issues.
• Assist in the planning and execution of the Connect Wise,
• Schedule and manage tickets on service board
• Project manage new and existing projects with clear measurable goals
• Proactively research and maintain knowledge of IT solutions provider and related industries
• Responsible for the oversight and support an organization's infrastructure systems such as File and Print Services, Email, Network OS and Applications.
• Perform maintenance and support of the availability and functionality of these systems.
• Maintenance (includes OS Patching and upgrades), implementation rollouts of new systems, L1,2&3 break fix
• Resolve inbound tickets (Level 1 & 2 helpdesk as needed), and ensure SLAs are maintained
• Review and monitor our service-ticket boards, and ensure routine network maintenance occurs.