SUMMARY:

• Accomplished Senior Information Security Analyst/Consultant with over 12 years of experience with notable success directing a broad range of corporate IT Security initiatives spanning: the design, implementation and management of IT Security infrastructures Cloud Services and business skills.
• IT Audit, Security Assurance, IT Security Testing, Enterprise Governance Risk and Compliance, Incident Response/Management, Project Management, hands on security platforms such as Enterprise Infrastructure Perimeter Network Security and Application Security, End Point Security, Vulnerability and Risk Assessment, Identity and Access Management, Active Directory and VMWare Security.
• Possess excellent presentation and communication skills that include the ability to rely on own initiative and communicate effectively with senior management, vendors, business partners and respective clients.
• Dedicated, disciplined, determined. Demonstrated confidence, efficiency, initiative ness, resourcefulness & adaptability to change.
• Skillful in critical analysis, problem solving, and project planning;
• Ability to organize highly complex function projects and direct implementation; and, ability to effectively manage multiple projects in a timely manner.
• Information security program, policies, standards and guidelines.
• Hands on experience with respect to Incident Handling process design flow, support and Service Level Agreement for Stakeholders and end - client.
• Experienced in Regulatory & Statuary Compliance Implementation and Audit: Federal Information Security Management Act (FISMA), Federal Information Processing Standard (FIPS), Payment Card Industry Data Security Standards (PCI DSS), Health Insurance Portability Accountability Act (HIPAA), Sarbanes Oxley (SOX) 404, Statement of Auditing Standards (SAS) 70, ISO 27001-27002 Information Security Management System Implementation & Audit, BS 25999 Business Continuity Management, ISO 9001-9002 Quality Management, Texas Administrative Code (TAC) 202, COBIT 4.1, NIST FIPS 140-2, 800-53, 800-63, 800-30 Guidelines, COBIT, OWASP & SANS Principles, DISA-STIGs, NSA and CIS Standards & Baselines.
• Knowledge of Identity & Access Management: Role Based Access Control (RBAC), CA-Site Minder Single Sign-On
• Enterprise Governance Risk and Compliance (eGRC)
• Skillful in performing audits and audit response
• Experience in performing risk assessments
• Hands on experience in FISMA, HIPAA, PCI-DSS assessment and ISO 27001 Implementation and Audit, application and network vulnerability and penetration testing, database security, and risk and compliance assessment
• Knowledge of Perimeter Security: Cisco PIX & Check Point Firewall, IDS & IPS, Syslog & Radius Server, Load Balancer.
• Enterprise Cloud Infrastructure Environments
• Experience on IT Security Cloud Service in a High Availability (HA) and Openstack environment.

TECHNICAL SKILLS:

Skillful in: VMWare Security Implementation and VMWare Systems Administration with primary focus on installation, configuration, administration and access control of VMware vSphere, ESX Information System Security 3.5 /4.0 and ESXi 4.0/4.1/5.0/5.1 VMware Vcenter 4.0/4.1 and 5.0/5.1 and Windows server 2000/2003/2008 R2, Active Directory and Unix/Linux Environments.

Security hardening and Monitoring of: VM’s & ESX servers (CPU, Memory, Disk, Network Utilization) for Security Compliance.

VMWare: VSphere, VMware ESX and ESX 3.5 /4.0, ESXi 4.1/ 5.0 and 5.1,Virtual center server 2.5/4.0/ 4.1 and 5.0/5.1, VMware converter enterprise, VMware Update Manager, Vmware View 4.0/4.5 and 4.6 Thinapp, VMware capacity planner, VMware Orchestrator.

Tools: Skillful in HP WebInspect, Nessus, AppDetective, Foundstone, Tripwire, Metasploit, NMAP

Experienced in Security Information & Event Management (SIEM): Nagios, LogLogic (Log & Monitoring Tool), Worked on Firewall Access Authorization System (FAAS), Retail Implementation & Application Support (RIAS), Firewall Request System (FRS), CMIS (Incident Handling), Confidential Change Online Product (VCOP) for CA/Release Management, Page Tool (SPOC Contact), Workbench (VITL Portal supporting Frontier), VSAD (Portfolio Name for App Name & Component), CMIS Crisis Portal.

System Software: Microsoft Windows, Unix, Sun Solaris 10, Red Hat Linux

Hardware & Networks: Oracle Exalogic & Exadata, SUN Sparc, Silicon Graphics, Intel and Macs environment, LAN/WAN and Microsoft, Oracle Linux VMware (Virtual Machine), NetApp

Enterprise Architecture & Software Development: Technical Writing, IT Project Management, Cloud Computing, ITIL V3F, Agile and Scrum

Knowledge of Server Application: Active Directory, LDAP, Web Sphere, Weblogic 8/10, Jxplorer, JBOSS, Apache Tomcat, IIS, SUN iPlanet

Knowledge of Technology: SAP Basis and SAP GRC, Hadoop Bigdata, C++/C, JAVA, J2EE, Eclipse, Android Mobile Programming, C# .Net, XML, SQL Server, Oracle 10g/11g, TCP/IP

Other Tools: MS Project, Word, Excel, Power Point, Visio, Outlook, Lotus Notes, and Putty.

WORKING EXPERIENCE:

Confidential, Irving, TX

Senior Information Systems Security Analyst

Responsibilities:

• Involved in management and maintenance of security technologies (firewalls, DLP, SEIM, AV etc.) with emphasis on managed services, ensuring audit adherence with Confidential Standards, Regulatory Compliances.
• Leads several efforts, which directly impact the security of environments where security product software is housed and utilized.
• Responsible for Implementation and management of Systems Security and Application Scanning, risk remediation and performance of the frontend and backend provisioning and monitoring builds for Confidential customer devices.

• Concluded findings for Systems, Networks and Application, provided recommendations for risk remediation with respect to addressing the gap (patches upgrades) and refining the policy compliance.
• On site in-charge project lead with staff for Confidential Security Review, PCI DSS Standards, FISMA and HIPAA regulations.
• Involved in Security benchmarking processing and reporting of security devices incident using State Event Analysis machine analytics.
• Ensures compliance with policies & procedures, safety, state and federal laws, regulations and standards
• Designed and performed IT general controls testing for PCI DSS Standards, FISMA and HIPAA regulations.
• Worked with team to build and finalize project development, implementation and execution plans with adherence to compliance with the code of conduct and Confidential CPI 810 policies and standards requirements.
• Participated in SAP Transaction Code testing to perform security testing of segregation of duties to assist the client in improving their user management, authentication management, authorization management, access management, and provisioning capabilities.
• Worked on providing a five star benchmark for every security release in Performance, Endurance, Functional testing, regression testing and Application scan for any security holes.
• Individually contributed as lead role and worked with team to build and finalize project development, implementation and execution plans with adherence to PCI DSS, HIPAA, FISMA Compliance and Confidential CPI 810 Policies, Code of Conduct and Standards requirements.
• Involved in redesign, implementation, troubleshooting during IT Security and Functional Test Cycle.
• Installed Configure Application & Web Services and Testing in Data Center (DC)-1 and Data Center (DC)-2 to ensure improve process for E2Ei Product Line.
• Designed and implemented ESX server infrastructure environment and integration with NetApp
• Created User Accounts, Configuring User Profiles, Creating local and Global Groups and implementing Group Policies
• Worked on IT Security Cloud Service called as Universal Identity Service (UIS)
• Responsible for IT security implementation and review, regulatory and statuary compliance, audit finding, risk remediation plans; IT security and risk assessment, security testing, gap analysis, application risk score reduction strategy and request for security exception (RFSE).
• Security and Compliance Project (Web Application Security Audit): Manage the team of security and compliance professionals to audit the security issues of the Frontier Internet Facing Web applications. Identified the issues relating to Privacy act, PHI and PII and HIPAA related acts.
• Identified the issues as per OWASP code review and security audit testing guides using WebInspect and Fortify as a security analyzer tool to identify the issues.
• Created findings matrix and final audit reports and recommended the solutions to fix the issues.

• Used threat modeling principles to identify and rank and the issues. Conducted the ethical hacking and web application penetration tests using NMAP, MetaSploit and Nessus, identified security issues and provided recommendations for remediation actions.
• Ensures that robust and effective IT governance processes and security controls are in place and the systems are in full compliance with Federal Information Security Management Act (FISMA), Federal Information Processing Standards (FIPS), Department of Homeland Security (DHS), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standards (PCI DSS), Sarbanes-Oxley (SOX), Statement of Auditing Standards (SAS 70), Drug Enforcement Administration (DEA), European Union Directive and National Institute of Standards and Technology (NIST) Guidelines.
• Coordinate with internal and external auditors and provide audit findings based on compliances; define and maintain security boundaries, identify all flow and interface attributes and touch points within system infrastructure and external system.
• Involved with implementation of SDLC and SDLC Trace Matrix comprising functional requirements, process flows, Hardware and Software Design specification, Test Plans and Test Cases based on statuary & regulatory compliance built on NIST Guidelines SP 800 and FIPS Guidelines and DISA-STIGs, NSA and CIS benchmarks for UIS and EPCS Application.
• Conducted several PCI-DSS Level 1 and 2 assessments and designed an on-going PCI program resulting in decreased cost and assured compliance for Confidential fortune 100 Customer’s.
• Provides education and mentoring to team members; evaluate and design cloud computing security solutions; perform black/grey box penetration security testing for various Application Program Interfaces.
• Revise and customize the Universal Identity Services (UIS) Platform Security Architecture artifacts targeted for Information Security and Compliance Regulation
• Provide recommendation to Non-Security and Security Operational Team and maintain documentation to ensure adherence to the corporate and federal regulations and international standards and directives.
• Worked on DISA STIGs and CIS Security Benchmarks comparison, provided evidence/artifacts for FISMA Baseline Controls, allowing executive’s better decision making.

Confidential

Responsibilities:

• Performed IT security Risk Assessments utilizing system security plans, provided recommendations for risk remediation for mission-critical new and existing business systems.
• Remediated the issues identified during the IT SOX audits relating to security controls of SAP and UNIX and Oracle, Microsoft database servers and recommend the solutions.
• Performed gap analysis and prepared reports to identify applications and business processes that fell short of PCI standards, ISO 27001 and SAS 70 Controls.
• Coordinated and reviewed audit compliance findings with IT systems owners and tracked the compliance finding status.
• Responsible for IT Security Implementation and Assessment for preparing Enterprise Information Governance Policy, Guidelines, Process and Procedures to monitor and control overall IT Security, IT Change Management and Computer Operations / Backup & Recovery across multiple platforms.
• Created the Risk Management and Incident Management Process in concurrence with NIST SP 800-30 Guidelines and ITIL V3 Framework respectively.
• Created and managed Incident Response (IR) performance metrics.
• Trained the developers about the web application security audit process and gave an overview of securing the code of web applications.
• Involved in Design and development of IT Security Architecture, including process flow, hardware and software design specification, security testing and remediation techniques. Firewall Request System & Firewall Access Authorization System.
• Worked on Rationalization of Rule Set for Networks, Systems and Cloud based Data Applications migration from Confidential to Frontier.
• Reviewed, documented and evaluated controls designed around IT Security, IT Change and Release Management, and Computer Operations / Backup & Recovery for the systems and applications, pertaining to the Software License Agreement (SLA) and Compliance Regulations.
• Helped coordinate and conduct client interviews and status meetings to gain an understanding of the client’s IT environment and to communicate control strengths and weakness.

Confidential, Irving, TX

Senior Information Security Consultant

Responsibilities:

• Performed gap analysis, PCI (Payment Card Industry) compliance requirements, requirements gathering and documentation, managing cross-team communication, managing external partner integration, change management, conducting interviews Works as project lead, accountable for achieving individual project development, implementation and execution objectives.
• Performed Annual IT Security and Risk Assessments“High, Medium and Low Risk” systems and to analyze business functions gaps and verify ownership and control of information system elements as necessary in accordance to the Statuary and Regulatory Compliance requirements.
• Involved with SAP SOX-IT Audit Integration of business functions supported by application systems
• Identified and resolved complex auditing and information system issues
• Documented data mapping, evidence gathering, reports, and organize meetings based on Role Based Access Control for Segregating Duties based on Audit Compliance Regulations.
• Involved with black and gray security testing for application vulnerability and port scans on the network using Nessus, Symantec, WebInspect, MetaSploit, NMAP, QualysGuard, and Foundstone as part of the internal audit process. Worked on the critical port analysis, remediation strategies for Incidents related to network infections.
• Designed Internet facing Perimeter Network and Cardholder Application Data Flow Network architecture, configuration review for Confidential entities, for Routers, Firewall and VPN, Application Servers, Systems (High-Range, Mid-Range and Client Server), Syslog and Radius Servers and other respective systems as necessary.
• Involved with Change Control and Incident Response Process Handling using ITILv3 and NIST Guidelines.
• Developed Information System Minimum Security Configuration Baselines (MSB), Rationalize Perimeter Firewall Rule Set Review (RSR), and Periodic Access Review (PAR) for Systems and Applications in accordance with SOX 404, HIPAA, SAS 70 and PCI DSS compliance and Standards for surveillance audit adherence.

Confidential, Oak Creek, WI

Information Security Analyst

Responsibilities:

• Responsible for implementing the information security processes for Firewall Rule Set, Risk Assessment, and IT Security Testing for Application Vulnerability Assessment & Penetration Testing, and Antivirus Management.
• Participated in internal monitoring and auditing; cooperating with external auditors for successful audit completion.
• Developed compliance inventory to assess high risk laws, regulations, policies, procedures, guidelines and standards of conduct to mitigate corporate financial, legal and public exposure.
• Identified potential areas of compliance vulnerability and risk, developed and implemented remediation plans, and provided guidance for process improvement.
• Chaired the Change Management Advisory Board-Approved/Denied Firewall Change requests for port opening from multiples team as per the Information security policy. Reviewing all changes to devices for risk impact and approving the requests for changes.
• Perform security gap analysis on SAP GRC and SAP Netweaver Environment using IT best practices methodology.

• Worked on Infrastructure IT Services, Information Security, Compliance and Audit with respect to Firewall Management, Application Security Vulnerability/Penetration Testing, Patch Management, Risk Management, Business Continuity BS 25999, Disaster Recovery Plan, Project Management and Quality Management for ISO 9001, and Security Implementation ISO 27001/27002 and PCI DSS across London, Essex, Middle Sex and parts of Sussex - England, ensuring consistency is maintained.
• Facilitated security phase of SDLC projects.
• Managed and organized backup infrastructure.
• Initiated and facilitated Security Awareness Program.