PROFESSIONAL PROFILE:

I am a Senior Cyber Security Engineer with leadership experience and hands - on expertise in advanced Cybersecurity tools and processes. An onsite lead and subject matter expert (SME), providing expert advice, general supervision at Confidential - Boston, MA. Expert in risk management, Vulnerability assessment, threat prevention, and ForgeRock (IAM). Experienced in SIEM, DLP, IoT, Penetration Testing, Digital Forensics and Threat intelligence . I am a self-motivated, and goal-oriented Individual with the ability to handle complex problems.

COMPUTER SKILLS/DOMAIN KNOWLEDGE:

Cyber Security Tools: Splunk, ArcSight, Nessus, Nexposs, OpenVAS, PhisMe, FireEye, Threat Intel, ServiceNow, Sniffers, Nmap, FTK, Encase, Yara, Cain and Abel, Firewalls, Microsoft Azure, Cryptool, Symantec DLP, Cisco routers/Switches, etc.

Protocols: FTP, SSH, HTTP, SCP, VPN, VLAN, DNS, DHCP, SMTP, TCP/IP, UDP etc.

Platforms: Microsoft Windows, RedHat, Solaris, Apache, VMware, AIX, and HP.

Scripting Tools: Unix Shells (sh, csh, ksh, bash), PHP, HTML, SQL.

PROFESSIONAL EXPERIENCE:

IT SOC Analyst

Confidential, Boston, MA

Responsibilities:

• Knowledge of Risk Management Frameworks (RMF) and NIST SP 39 and 53. Knowledge of attack vectors (malware, web application, social engineering, etc). Experience with incident response and handling. Operate SIEM environment in a manner that meets all Service Recipient requirements, including: Minimizing cyber-attacks with the ability to capture, load and analyze all types of Security Events in real-time. Defining collection points and tuning rules as needed to avoid false positives. Creating correlation rules based on current Security Events, threats, Service Recipient’s needs and Provider’s knowledge from its customer base, including: Monitoring Services and reacting to triggered alerts.
• Monitoring threat feeds, the latest vulnerabilities and the latest security news items. Suppressing or filtering unneeded Events. Creating alerts based on rules, thresholds, baselines and events. Providing alerting capability using Service Recipient required communications channels (such as email or short messaging services) and use of ticketing system - Service Now. Checking for a false positive before alerting Service Recipient of a Security Event. Foundational knowledge of IT Infrastructure.
• Collecting data via syslog, SNMP, FTP and SMTP. Importing threat data feeds based on various parameters, including user defined intervals, IP ranges, hostname, or URL/URI. Creating correlation rules based on threat feeds. Onsite-Offshore model working experience. Identify malicious or anomalous activity based on event data from Firewalls, and other sources. Perform analysis of log files and data outputs. Perform triage of incoming issues using ticket tracking system. Initiating escalation procedures if triggers and threshold are met. Facilitate Event and Incident Management.
• Implement problem-solving, critical thinking, and quantitative reasoning. Communicate clearly in writing and speaking English, meeting expectations for content, purpose, organization, audience, and format; Organize presentations clearly in a manner that promotes understanding and meets the requirements of the assignment. Ensure that Information systems security policies, procedures, practices comply with FISMA, FedRAMP, NIST, etc. Analyze network traffic using Packet Analyzers. Develop requirements for LAN, WAN, VPN, Routers, Firewalls, and related network devices.

Cybersecurity Analyst

Confidential, Washington, DC

Responsibilities:

• Work with Azure Active Directory and ForgeRock; Setup centralized Authentication through LDAP Server Configuration.
• Set up active directory management agent, replicate directory, create, delete, and manage user accounts. Configure privileged access management (PAM) and user access control.
• Configure self-service features and core authentication attributes. Implementing Single Sign on with SAML and Agent based solutions.
• Experience working with reverse proxies and policy agent-based Access Management implementation.
• Develop NIST-compliant Vulnerability assessment and management, plans of action and milestone (POA&M).
• Identify critical flaws in systems that can be exploited by hackers.
• Use manual testing techniques and methods to gain a better understanding of the environment and reduce false positives. Monitor and analyze web traffic to identify, respond, and report suspicious traffic and potential security breaches. Establish plans and protocols to protect digital files and information systems against unauthorized access.
• Anticipate security alerts, incidents, and reduce their likelihood. Experienced working with Splunk and ArcSight.
• Construct graphs, charts, and tables to represent relevant mathematical and statistical information.
• Assess technological elements of virtualization, cloud computing and the major cybersecurity policy issues posed by virtualization and cloud computing. Evaluate information assurance concepts and their impact on the company and its Cybersecurity policies. Apply DLP for data protection. Detects data breaches and protect them by monitoring, detecting and blocking sensitive data while in-use , motion , and at-rest . Use FireEye to investigate cyber-attacks, protect against malicious software, and analyze IT security risks.
• Perform Digital Forensic analysis on Computers, Network, Data, and Mobile devices utilizing FTK, command prompt, and EnCase, etc. Encrypt and Decrypt Information using encryption tools. Verify hidden information in cryptographic security systems through algorithms, and ciphers and design public key infrastructures (PKI), including the use of Authorities (CAs) and digital signatures.
• Perform Penetration Testing using Metasploit, Neosploit, Foundstone, fuzzers, packet sniffers, and debug. Track/control/prevent/correct network access by devices (PCs, BYOD, IoT) based on an asset inventory of authorized network devices. Analyzed software lifecycle management concepts. Apply security principles to improve security throughout the software life cycle.

UNIX Systems Admin

Confidential, Washington, DC

Responsibilities:

• Configuring Apache for virtual and web hosting. Access the content of a website on Apache using ports, alongside web-hosting company DNS settings/SMTP Support. Work with Enterprise Virtualization products such as VMware, Hyper-V and KVM, and Enterprise storage products such as NetApp, EMC.
• Initiate Solaris, Red-Hat, and other servers into the network. Patch Solaris and Linux servers. Install MySQL on Solaris Operating system.
• Write scripts Utilizing sh, ksh, bash, ssh, Perl, and Python and apply them to automate processes, such as full and incremental backups, file system migration and enlargement in servers.
• Conduct multiplatform volume management through SVM, LVM, ZFS volume managers, NAS, SAN, and VERITAS volume manager.
• Buildup LAN-wide NAS to form LUNs and attach to Windows Servers and Solaris using iSCSi. Knowledge of DHCP, DNS, NFS, CIFS. Setup Samba servers in a multiplatform LAN.
• Configure whole root zones on Solaris for application management, migrate zone paths and completed zones to other platforms.
• Migrate data from Physical Node to Solaris zone, Scheduled Cron Jobs using the Cron utility for processes to occur unattended, utilize various platforms and software in executing various tasks.