KNOWLEDGE AND SKILLS

Programming Languages

C/C , Visual Basic, JAVA, MIPS, Assemble Languages, VHDL.

Operating Systems

DOS, Win 9x/NT/2000/XP, Vista, Win 7, Linux, UNIX, SunOS Solaris , Mac OS X.

Intrusion Detection Systems

HIDS, NIDS Snort, SourceFire IDS, Enterasys Dragon

Network Security Tools

Network devices and Servers: Dell PowerEdge Devices, Checkpoint Firewall, Pix Firewall, Raptor Firewall, Norton Personal Firewall, Cisco VPN configuration, VM ware Workstation, Server, GSX/ESX Server.

Security Management: ArcSight SIM/ESM , Event Tracker Console, BigFix management console, IDS Policy Manager, SourceFire Defense Center, Enterasys Console manager, BlueCoat Proxy Console, Remote Administration VNC, Putty , Imperva Web Application Firewall, TripWire Enterprise SIEM, SPLUNK.

Scanning and logging: Nmap network scanner, Nessus, Retina, Ethereal Protocol Analyzer, SPLUNK Logging tool.

Incident Management: Risk and threat Analysis, Research and assessment, escalation plans and logging CAPRS Ticketing system , Footprints Ticketing System, remediation IPT security Portal, Sensor management Console .

Network Compliance and security remediation: Symantec Anti-Virus Console SAV , E-Trust AV software, McAfee AV software, Symantec Endpoint Protection SEP , BigFix Management Console.

Software Packages

• Microsoft Office Suite Word, Excel, PowerPoint, Access Microsoft Visio, WordPerfect, Adobe
• Reader, MS-Works. Enterprise Manager.

Electronics and Test Instruments

LabView, Spectrum and Schematic Diagram Analysis, Digital and Analog Meters, Oscilloscopes.

PROFESSIONAL EXPERIENCE

Security Analyst

Confidential

• Packet-level analysis of data captured using wireshark including repackaging of detected executables to determine maliciousness such as specific callouts or backdoors.
• Using specific tools such as SourceFire IDS and security web sites to analyze security events and detect malicious traffic.
• Recommending specific signatures to be tuned in order to reduce the amount of false positives detected by the IDS.
• Logging of malicious hosts and domains and investigating phishing emails to determine if links are malicious.
• Actively involved with day to day SOC activities such as configuration, monitoring, remediation, incident handling, product review and analysis.
• Monitored network traffic and analyzed data from the IDS. Took appropriate actions when necessary such as shutting down ports during a live infection and applying patches and fixes to workstations and network components that are not patch compliant.

Security Analyst

Confidential

• Writing virus and intrusion detection signatures for vulnerabilities and exploits by analyzing packet data and patterns for viruses and exploit codes to enable detection of such viruses and exploits.
• Packet level analysis of triggered alerts log analysis, port and protocol analysis, Hex pattern matching analysis, Source and Destination IP address analysis to more accurately determine an intrusion or hacking attempt and to distinguish false positives from true positives.
• Daily research and monitoring of security websites Internet Storm Center, etc for the most recent vulnerabilities and for patches to existing vulnerabilities.
• Configured Servers to be used in Intrusion detection. Installed the Operating system and snort rules to be monitored for.
• Installed the servers, plugged them to the core of network traffic and ensured they were receiving traffic and actively alerting on the baseline signatures which I created for the intrusion process.
• Continuously updated the snort ruleset, adding new signatures which monitor for future vulnerabilities, removing signatures which are no longer needed and tweaking signatures to meet with network requirement and specifications. Performed signatures updates remotely and on-site ensuring that the Network remains hacker-free 24 hours a day and quickly responded from any location whenever I get an alert from other IDS Team members.
• Daily research of existing and new security vulnerabilities including 0-day vulnerabilities. These vulnerabilities are documented and network hosts are patched against these vulnerabilities and threats.
• Scanned for rogue unknown hosts on the network, which includes unauthorized network peripherals such as printers, laptops, PDAs, and taking them of the network for compliance and proper identification.
• Was in charge of malware adware and spyware remediation for the organization. Identified new malware infections and removed those remotely using admin tools or by identifying the user and guiding them through a removal process.
• Analyzed security event data from the network IDS sensors, firewall traffic and routers . Made decisions on ports to monitor for threats and harmful sites to be blocked by the firewall. Established a Baseline for all the sensors that was deployed in various regions to monitor traffic. This baseline was created based on extensive research of various Bleeding-edge signatures.
• Made decisions on threats or vulnerabilities and responded to them by either shutting of the ports from which the attack occurred or pulling the system off the network to curb the attack while checking for the source of the attack and taking necessary action to restore the system to our network standard.
• Generated monthly FEDCIRC reports of which the SSA is best amongst all government agencies detailing our security status against threats and vulnerabilities. This report also contained details of the IDS, number of infections and intrusions and the steps taken to curb such actions.
• Scanned infected hosts using McAfee Antivirus tool. Scan results are analyzed for possible virus and malware infections and the malicious files are deleted or quarantined after the analysis. Manually updates AV signatures or removes AV signatures that have yielded high amounts of false positives.
• Forensic analysis of exploited boxes and systems to trace source of attack, mode and method of attack and extent of damage to information resources as well as proposing solutions to combat future attacks through that means
• As a member of the Intrusion Detection and Protection Team, my daily tasks includes
• Packet payload Analysis using Snort BASE
• Application Inventory and Analysis
• IDS Incident Handling Ticket creation and remediation
• Vulnerability Monitoring
• Risk and Threat Analysis
• Development and implementation of SSA IDS policies and procedures using NIST series.

PROJECTS

Security Analyst

Confidential

• Sensor configuration and Installation: Imaged DELL PowerEdge 2850 systems with Linux operating system and configured them to meet SSA's system security standards. Coordinated with SSA sub regions worldwide before deploying them out to monitor traffic. Made an in-depth network study to determine the network trunks to monitor based on traffic flow and how the load balancer will be installed to efficiently monitor traffic. Corresponds with the different regions to solve problems related to our IDS devices.
• Test LAB design and creation: Designed and configured a Test lab to test applications and their performance on different Operating Systems. The Test Lab was built on the ESX VM Sever infrastructure with virtual machines of different Operating Systems Red Hat, Ubuntu, Trustix, FreeBSD, Solaris10, Cent OS, Slackware, Windows Server 2003, and Windows . All Network and Security applications are first tested on these Operating Systems to determine compatibility and performance before deployment.
• Baseline Creation: Created the baseline for the sensors. Due to my knowledge of malware and Intrusion methods, I specifically worked on the malware, Virus, Scan and attempted Recon signatures. I determined the signatures that will be very effective and at the same time cover the network against any possible attack. I also tweaked existing Sourcefire VRT snort signatures to meet our demands and created new signatures when needed to protect the network.
• Security Response Document: Drafted and created the SSA Security Response Document, which is a model for many Government organizations today. This document details the steps to take when the network security is breached. It also details our security procedures such as the systems that are allowed to perform network scans and what to do when any other NMAP scan is performed by a system that has not been identified by us.
• Sensor Upgrades: Currently working with the IDS team lead to procure 38 new DELL PowerEdge 2850 boxes for our field offices DDS . Once these sensors are acquired, I will take over the configuration and installation of the sensors. This includes configuring the management ports, assigning the IP addresses and setting up the ports to be monitored on the router.

SPECIAL SKILLS

• Very proficient knowledgeable in spreadsheets Access, Excel.
• PC and MAC software and hardware Installation and troubleshooting
• Extensive working knowledge of MAC OS X and Windows Operating System Environments
• Excellent verbal and written communication skills
• Strong Analytical skills and background
• Extensive knowledge in Network Security and monitoring tools.
• Extensive knowledge in cryptography, cryptographic algorithms and PKI architecture.
• Work efficiently with little or no supervision, and meets deadline
• Microsoft Office Suite: Office '97, Office '03, HTML and Front-page.
• COREL Suite: CorelDraw, Photo -Paint, WordPerfect Office.
• Eager and willing to learn.
• US Citizen with an Active Security Clearance