SUMMARY

• 8 Years working in multiple IT groups wifin Florida Power & Light (FPL) and other major companies, wif solid understanding of Utility’s business processes and internal IM Systems and Security Processes.
• Experience in working wif Cyber Security, GuardiumProcess Monitoring wif understanding of SOX Processes.
• Experience working in Cyber Security Operations Center (CSOC) handling teh daily operational activities.
• Capable of defining, deploying and monitoring risk management, compliance, and information securityprograms.
• Experience in working on Compliance monitoring, Audits such as Sarbanes - OxelyAct .
• Experience working in different environments like Windows, Oracle, Sybase, Linux and Unix, DB2.
• Experience in reviewing security logs, alerts for various security events on a daily basis, recognize and identify potential threats to corporate information systems and data.
• Experience wif vulnerability scans like Qualys, SIEM Qradar tools, Guardium data monitoring tools, Bluecoat web filtering, Sophos End Point Protection, Fire Eye Malware Analysis and email filtering.
• Very well experienced in customer service, resolving tickets.
• Experience in database activity monitoring, investigating on teh traffic performing full due diligence and documenting teh incidents.
• Good experience working on IPS/IDSusing Tipping point, analyzing and creating Filters and implementing them on weekly basis.
• Very good experience on responding to virus alerts in teh entire organization.
• Very good experience in determining metrics for all teh security initiatives.
• Skilled Information Security Analyst wif expertise in risk management, unauthorized access, viruses, and a wide range of vulnerabilities and threats.
• Well-versed in direct and remote analysis wif strong critical thinking, communication, and people skills. Able to thrive in fast-paced and challenging environments where accuracy and efficiency matter.
• Experience in participating and working wif internal and external Auditors during Yearly and Quarterly Auditing.
• Knowledge in developing, documenting, maintain and manage policies and procedures according to compliance standards.
• Cross Trained Team members and IT Leads on Guardium, MSBI tools & InfoSec processes.
• 4 Years of technical experience as an Oracle PL/SQL Developer in analysis and development of applications using Oracle 10g & 11g R2, SSRS Reporting, Microsoft BI Dashboards & BIRT Reports.
• Experience in Developing Analytical Solutions & Reports using Microsoft BI Suite like Power Pivot and Power View.
• Extensive noledge of Application Support methodologies and in implementing various Production rollouts of application.
• Good team player wif strongcommunication and interpersonal skills.
• Excellent leadership qualities and quick learning ability.

TECHNICAL SKILLS

Languages: SQL, PL/SQL

Database: Oracle 8i / 9i / 10g / 11g, SQL-Server, Sybase, Access

DW Tools: Microsoft BI Suite (Power Pivot & Power View) - SharePoint Integrated mode, BIRT ReportsPlateau Reporting, Crystal Reports, SSRS

Development Tools: TOAD for Oracle, SQL Navigator, SQL Developer

Application Support: BMC Remedy, Lotus Notes, AD

Cybersecurity: IBM GuardiumInfosphere, ITIM(Tivoli Identity Manager), EAMS, Qradar SIEM, Tipping Point, Blue Coat, Sophos, ITIM, ITAM, Phonesweep, Co3, CSIRP, Fire Eye

Miscellaneous: Visio, Excel, Powerpoint, Power Pivot

PROFESSIONAL EXPERIENCE

Information Security Analyst

Confidential, Juno Beach, Florida

Roles and Responsibilities:

• Monitor thesecurityof critical systems and changes to highly sensitive computer securitycontrols to ensure appropriate system administrative actions, investigate and report on noted irregularities.
• Investigate potential or actualsecurityviolations or incidents in an effort to identify issues and areas that require newsecuritymeasures or policy changes.
• Monitored events responded to incidents and reported findings.
• Documenting Incident responses in Co3/Resilient and CSIRP using recommended methods in run books.
• Run monthly report for internet activity on Sample control devices using Bluecoat and review teh report and follow-up based on teh findings.
• Review virus alerts that come on a day to day basis, analyze teh virus submit sample to Sophos, clean teh infected machine and advise teh user of security policies.
• Proven record of evaluating system vulnerability, compiling actionable analysis, reporting threats, and recommending security improvements.
• Ability to quickly assess and trouble shoot complex problems involving a wide variety of information systems, work independently on large-scale projects, and thrive under pressure in fast-pace environments.
• Initiated incident handling procedures to isolate and investigate potential information system compromises.
• Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures.
• Develop rules in teh Qradar for real time alerts of teh security events and also monitor/analyze/document teh alerts.
• Responding to various security alerts, remedy tickets that come in on a daily basis and performing research in finding teh root cause and solving.
• Perform semiannual wardial procedures for modem penetration testing to check for vulnerabilities.
• Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
• Coordinate implementation of computer system plan wif establishment personnel and outside vendors.
• Assisted in IAM(Identity Access management) Project to address teh critical need to ensure appropriate access to resources across different critical environments, and to meet compliance requirements.
• Implementation of IBM Guardium solution to enable SOX controls for sensitive data monitoring.
• Demonstrate configurations through development of prototype systems for sensitive data monitoring.
• Customize, configure and test integrations between Guardium and other technologies including teh modules across each of their respective product sets.
• Plan, implement, tune and monitor database security tools to ensure teh highest levels of security are maintained for protected information.
• Monitor SOX regulatory compliance reports on a daily basis and maintain SOX policies and Controls and analyzing in detail about teh traffic generated from teh applications.
• Deploy new SOX control processes to database servers and develop Guardium policy filters for SOX database servers.
• Implemented Policies and filters in Guardium to monitor sensitive data and to exclude noise.
• Very deep noledge on Guardium Tool different versions, participated in guardium upgrades.
• Verification, Validation & Reporting requests created through EAMS which is used for Identity access management.
• Work very closely wif Internal and External auditors and providing them necessary documentation for teh audit.
• Educate and ultimately transfer teh noledge of Information security policies and process to other team members and to teh other business teams wifin teh organization.

Environment/Tools:IBM GuardiumInfosphere, Tipping Point, Sophos, Qradar SEIM, Phone sweep, Bluecoat, ECAT, ITAM, ITIM, EAMS, Oracle, SQL Server, DB2, Sybase

Systems Analyst

Confidential, Juno Beach, Florida

Roles and Responsibilities:

• Create Reports for monitoring SOX Controls, Monitoring SOX reports on a daily basis and analyzing in detail about teh traffic generated from teh applications.
• Deploy new SOX control processes to database servers.
• Work closely wif stakeholders to understand and prioritize requirements for teh solution.
• Oversee teh conversion of earlier SOX control processes to teh new ones.
• Verification, Validation & Reporting requests created through EAMS
• Develop and deploy Guardium policy filters for SOX database servers.
• Manage and remediate all issues identified by teh Guardium policy and filters.
• Educate and ultimately transfer teh noledge of developing and managing teh Guardium policy filters to teh application teams.
• Very good experience in working wif auditors and participated in annual SOX audit.
• Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures.
• Provide technical leadership to teh enterprise for teh information security program.
• Mentor and train others in information security in addition to training for other technical groups.
• Install and maintain security infrastructure, including IPS, IDS, log management, and security assessment systems.
• Assess threats, risks, and vulnerabilities from emerging security issues.
• Draft enterprise security standards and guidelines for system configuration.
• Perform and create procedures for system security audits, penetration-tests, and vulnerability assessments. Develop scripts to maintain and backup key security systems.
• Develop rules in teh Qradarfor real time failed login alerts for sensitive SOX databases and monitor and analyze teh alerts.
• Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
• Coordinate implementation of computer system plan wif establishment personnel and outside vendors.
• Responding to various security alerts, remedy tickets that come in on a daily basis and performing research in finding teh root cause and solving.

Environment/Tools: IBM GuardiumInfosphere, Oracle 10g/11g, EAMS, ITIM, Remedy, DB2, Sybase, SQL Server

BI Report Developer

Confidential, Jupiter West, Florida

Responsibilities:

• Responsible for implementing Guardium for sensitive sox databases.
• Developedguardiumpolicies and filter rules and responsible for monitoring teh traffic reports for database activity.
• Performed risk assessment for various high sensitive databases to determine if guardiummonitoring is needed.
• Act as a Data Steward and translating business requirements for IT Developers to enhance existing reports and bring in new data elements.
• Requirement Gathering and Testing for BI Reports built for Information Security Group
• Develop and enhance SSAS Tabular Model ( using SSDT 2012) cubes and Powerpivot on teh Oracle Data warehouse for Analytics and Ad-hoc Reporting
• Create Reports for Remedy Helpdesk Queues for teh Information Security Group using Microsoft BI tools: Power View and Performance Point Dashboards from Multidimensional Data Sources & SSRS Reports from Oracle Data warehouse.
• Deploying cube changes to production and regression testing of changes. Formulate test plans and functional verification.
• Ensure teh daily refresh of Tabular cubes, Manage teh SSRS Subscriptions in Production.
• Analysis of data issues or queries from teh business on an ongoing basis.
• Providing timely data to teh Business users by writing Ad-hoc SQL Queries Against teh Data warehouse and teh Application Database
• Enable business analysts for self-service BI - Prepare How-To docs, Job-Aids and assisting them to navigate teh data using Excel Services and through SharePoint.
• Handle Helpdesk tickets from Users for application support.
• Establish disaster recovery testing methodology.
• Plan and coordinate teh DR testing, test teh reports and make sure all teh environments are working fine.
• Assisted in teh development of access-controls, separation of duties, and roles.
• Conducted technical risk evaluation of hardware, software, and installed systems and networks.
• Assisted in incident response and recommend corrective actions.
• Communicated wif personnel about potential threats to teh work environment.

Environment: Oracle 11g, Microsoft BI Toolset (SSRS 2012, SSAS - Tabular, Powerview), SQL Server Data Tools 2012, SQL Server Management Studio, Sharepoint, IBM GuardiumInfosphere

Report Designer/Developer

Confidential, Juno Beach, Florida

Responsibilities:

• System Analysis, Design, Coding, Testing, Development and Documentation.
• Gather teh requirements from teh users and analyzed their business needs and created Functional specification documents.
• Writing DDL Statements to Create Aggregate tables to facilitate reporting on a need basis
• Data Cleansing and migration - Writing Queries to compare data between two systems.
• Writing SQL queries, Stored Procedures and constructed administrative pages for web-basedreporting.
• Developed List, Tabular and Matrix Reports, Charts using Eclipse Birt.
• Involved in performance fine-tuning of teh queries/reports using PL/SQL.
• Identified Frequently Used Reports and Scheduled for Email Delivery wif PDF and Excel outputs to reduce teh load on teh database.
• Developed and Tested advanced SQL and PL/SQL based code in support of Reports, Exported Text IO packages and had written many Stored Procedures in many Reports.
• Assisted Production rollout, warranty support and bug-fixes.
• Trained teh Business Users on teh features and use of teh new Reporting Framework

Environment: Oracle 10g, SQL, PL/SQL, SQL developer, VMware, Plateau reporting tool, Crystal reports.

Employee Identification System

Confidential, Bear, Delaware

Responsibilities:

• Identify critical areas and scenarios.
• Installation of RFID Tag and employee name mappers.
• Design of a Datamart to Store Employee and Tracking information.
• Writing SQL queries, Procedures to automatically generate list of employees in critical areas.
• Crystal reports for generating reports wif employee details
• Participated in creation of Systems Operations Center for teh company, which maintained hundreds of systems and applications spread throughout teh world.
• Responsibilities included end-user troubleshooting, document creation, and system design.
• Documented exiting and in-development policies, procedures, and systems.
• Participated in development and maintenance of global information security policy.
• Assisted in teh development of access-controls, separation of duties, and roles.
• Protected vulnerable networks following detailed risk assessments.
• Guided cross-functional teams in teh design, validation, acceptance testing and implementation of secure, networked communications across remote sites for several key clients.