- I am a Security Operations Center Analyst with an in - depth working experience on network, endpoint security, threat intelligence, forensics, as well as the functioning of specific applications and underlying IT infrastructure.
- I have identified and stopped intrusions by analyzing IOCS from phishing email headers and by analyzing attachment or links in these emails.
- I respond to events and act as a first responder to account/system attacks and compromises by determining threat vectors and providing initial remediation.
- I use a vast number of SIEM tools to monitor and analyze events or incidents and work with stakeholders to resolve these incidents and escalate incidents when necessary following policies and procedures.
- I do respond and investigate data loss prevention alerts, hunt and blacklist IOCs.
- Experience and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IDS technologies, proxy technologies, and antivirus, spam and spyware solutions.
- Experience converting intelligence into actionable mitigation and technical control recommendations.
- Strong time management and multitasking skills as well as attention to detail.
- Strong collaborative skills and proven ability to work in a diverse team of security professionals.
- A passion for research, and uncovering the unknown about internet threats and threat actors
- Ensure the SOC analyst team is providing excellent customer service and support.
- Excellent oral and written communications skills.
Security Technologies: FireEye, IronPort, Sourcefire, McAfee Web Gateway, Splunk, Splunk Express, McAfee DLP, Nessus Security Center, Nmap, Wireshark, IDS/IPS; Log Management, Anti-Virus Tools; (Norton, Symantec).
Operating Systems: Unix-Based Systems (Solaris, Linux); Windows.
Networking: LANs, VPNs, Routers, Firewalls, TCP/IP
Software: MS Office (Word, Excel, Outlook, Access, PowerPoint)
Ticket Systems: Archer, ServiceNow, Remedy & JIRA
Open Source Site Check tools: URLVOID.COM, VirusTotal.com, zscaller.com etc.
Security Operation Center (SOC) Analyst
- Continuously improve processes for use across multiple detection sets for more efficient Security Operations.
- Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed.
- Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.
- Provide forensic analysis of network packet captures, DNS, proxy, malware, host-based security and application logs, as well as logs from various types of security sensors.
- Use Splunk Enterprise Security (ES) to monitor and analyze network traffic, Intrusion Detection Systems (IDS) and security events logs.
- Use Cisco Sourcefire to monitor network traffic to ensure that malicious network traffic is dropped.
- Perform incident response to investigate and resolve potential security intrusions
- Lead and review root cause analysis efforts following incident recovery plans.
- Compose security alert notifications and other communications.
- Use McAfee DLP Manager to protect intellectual property and ensure compliance by safeguarding sensitive data such as PII and BII.
- Process Daily Threat Intel and blocking malicious MD5 hashes, IPs and Domains following standard operating procedure.
- Process Web Site Review Requests using McAfee Web Gateway GUI to grant temporal Web Access to users within the Company to websites that are being blocked for security.
- Block malicious domains, Hashes of Files and IPs following company's Standard Operating Procedures.
- Use Splunk to search and analyze email logs to confirm malicious emails were not delivered or is quarantined and malicious attachment is dropped.
- Stay up to date with current vulnerabilities, attacks, and countermeasures.
- Develop follow-up action plans to resolve reportable issues, and communicate with other Analysts to address security threats and incidents.
- Review and process accidental disclosure requests following standard operating procedures.
- Regularly develop new use cases for automation and tuning of security tools.
- Analyze, investigate and process Malicious/Phishing Email alerts from IronPort and FireEye following standard operation procedure.
- Contribute to security strategy and security posture by identifying security gaps, evaluate and implement enhancements.
- Prioritize and differentiate between potential intrusion attempts and false alarms.
- Assist with the development of processes and procedures to improve incident response times, analysis of incident, and overall SOC functions.
- Provide Incident Response (IR) support when analysis confirms actionable incident.
- Strong working knowledge of network security monitoring and incident response, as well as superior written and technical communications skills.
Database security DBA
- Provided physical and logical database support as needed for all the Applications specified by Client.
- Performed Database Audits to identify and evaluate design considerations, propose design best practices, perform database code reviews and propose performance changes.
- Led database issues until resolution. Serve as a liaison between the applicable third-party vendor technical support team and Client if a problem case is submitted to the third-party vendor.
- Coordinated with Application teams or other teams to resolve database issues even though the issues are not directly related to the databases.
- Performed database housekeeping designed to ensure that the databases are functioning optimally and securely.
- Maintained compliance with Client Standards and Client Rules, including those related to the databases (e.g. access management, direct grant, db links, etc.).
- Performed performance tuning and/or stress testing in the non-production environment for application releases as necessary to ensure database infrastructure is configured optimally.
- Provided after business hours and weekend support in Client's production and contingency environments in accordance with the applicable Application release schedules. In addition, provide on-demand support for the lower environments as requested by Client.
- Maintained the databases to meet performance standards, maximize efficiency, and minimize outages.
- Monitored database usage, transaction volumes, response times, and concurrency levels, and measure and report its performance against the applicable Service Levels.
- Generated reports based on the data in the databases and reports related to the performance and integrity of the databases.
- Developed/maintained/enhanced database monitoring scripts designed to ensure the stability, security, and performance of the database queries.
- Identified, reported and managed data security issues. Provided audit trails and forensics to Client or its designee when necessary.
- Developed and documented all database processes, structures, changes, issues and solutions for future reference.
- Supported Database, Systems and Application audit to meet SCA and STIG compliance requirements.
Database Administrator ( DBA)
Environment: RHEL 5.X, 6.X; HPUX, AIX, Windows X; Oracle 10g, 11g, OEM 11g/12c, RAC, DATAGUARD, Goldengate etc. More than 50 servers with more than 400databases)
- Automated hourly, daily, weekly system health reporting using Crontab, and Oem cloud control
- Performed Hot Backups, Cold Backups, as well as incremental backups using Recovery Manager(RMAN)
- .Managed recovery catalog related tasks: synching targets, configuring rman backup configurations;.
- Over saw DR testing operations (as a backup strategy) on numerous Data Guards, physical/logical
- Standby configurations. Resolved archivelog gaps and other related problems. Affected switchover manually and using DMGDGR
- Used Data Pump for export and import to support deployment efforts and projects.
- Reviewed and modified generic backup scripts for Backup of databases, maintenance archive logs for databases
- Database Refreshing / Replication from production to testing using Expdkp/Impdp.
- Resolved alerts in a timely manner as required by our SLA
- Extensively performed performance tuning of the database instances - SQL Tuning, Used Tuning utilities like EXPLAIN PLAN, AWR, ADDM, Sql Tuning tools and Tuning of SGA, distribution of disk I/O
- Used cloud Control extensively. Configuring and troubleshooting of agent related issues, set up Rules for alert notification and schedule RMAN backups with Failure notification
- Installation of the Oracle software using both GUI and silent feature and also manual database creation
- Patch numerous rac environments, applied the latest PSUand upgraded as required
- Supported & maintained the Production/Test/Development databases on various servers
- Extensive troubleshooting and resolution of Databases backup related issues; space consumption and deletion policy implementation
- Monitored different databases and application servers using Oracle Enterprise Manager (OEM) 12cGrid Control.
- Upgrade and pushed out the cloud control agents to the various targets
- Performed Schema refreshes as well as whole database refresh
- Managing and creating User accounts, profiles, roles etc
- Provided support to my team. Handling of team escalation and On-calls
- Performed team mentoring and administrative duties, daily, weekly and monthly reporting
- Troubleshoot performance issues using AWR, and ADDM reports