SUMMARY:

• A logical thinker with experience of 6+ years in the field of Cyber Security skilled with Incidence Response and Handling, Security Operation Centre(SOC), Firewall Operations, Risk Management, Malware Analysis, Intrusion Detection and Prevention System (IDS/IPS), Web Application Security, Unauthorized Access, Viruses and a wide range of Vulnerabilities and Threats.
• Self - motivated and proactive leader with technical and exemplary communication skills. Exceptional ability to create, implement and improve IT standards, policies, and procedures.
• Identified and evaluated potential threats and vulnerabilities.
• Examined and evaluated computer software and hardware to uncover access attempts
• Performed Penetration Testing for large enterprise networks
• Capable of defining and monitoring risk management, compliance, and information security programs
• Assisted with applications/tools including but not limited to SIEM, Wireshark, Intrusion detection Systems (IDS), Data loss prevention controls (DLP), e-mail gateway protection, VPN operations
• Developed security documentation to include policies and procedures for the Vulnerability Assessment Team.
• Ensured authorized access to files by revoking access, investigating unauthorized access
• Assisted and supported Cyber Security Incident or Service Response Teams when necessary.
• SOC Analysis, Log analysis, proactive monitoring and response to network and security incidents
• In-depth understanding of TCP-IP concepts and packet capture review utilizing tools such as WireShark to investigate suspicious events and anomalies
• Expertized on attacks like, XSS, SQL Injection, CSRF, PHP Injection etc.
• Worked on DDOS mitigation and have good idea on different kind flood attacks
• Production error monitoring and root cause analysis using SPLUNK.
• Debugged Splunk related and integration issues.
• Knowledge of LAN/WAN networking concepts - TCP/IP, routing and switching, OSI Layer, Packet Analysis, Logs, Endpoint and network protection, port and internet protocols and scripting languages.
• Responsible for end to end security, ensuring that the confidentiality, integrity and availability is not breached, infected or compromised in anyway by outside malicious users.

TECHNICAL SKILLS:

SIEM Tools: QRadar, Splunk, McAfee ESM.

Vulnerability/ Malware Tools: Wireshark, IDApro, Nessus, Nmap

Intrusion Detection System (IDS): Snort, Sourcefire

Database: Oracle, DB2, MS SQL Server

Operating System: Windows, Unix, Linux

Languages: Python, PL/SQL, C/C++, VB.net, HTML, PHP, XML

Application: VMware, Service Now, TWS, MS Office Products

PROFESSIONAL EXPERIENCE:

Cyber Security Analyst

Confidential, Basking Ridge, NJ

• Utilized Security Information and Event Management (SIEM), Data Loss Prevention (DLP), Intrusion Detection and Prevention (IDS / IPS), forensics, sniffers and malware analysis tools.
• Worked in Security Incident and Event Monitoring SIEM platform - IBM Qradar, and Splunk.
• Tested various threat vectors and present evidence of intent to create signatures/rules to mitigate specific threats.
• Responded to system security related incidents and can quickly and effectively comprehend and understand a problem and take immediate corrective actions
• Performed investigation, analysis, reporting and escalations of security events from multiple sources including events like intrusion detection, Firewall logs, Proxy Logs, Web servers.
• Monitored and investigate SOC incidents and alerts with SourceFire
• Report/Track the vulnerability reports periodically and submit the report to management.
• Expertise in Vulnerability management, implementing, executing, and monitoring vulnerability scans using Nessus, Wireshark, IDApro
• Analyzed the Malware through static and Dynamic analysis with tools.
• Performed network risk assessments, vulnerability assessments, and penetration testing.
• Evaluated and recommended security technology such as network and host based intrusion detection systems (IDS), virus protection capabilities, and virtual private network solutions.
• Provided technical support services in code reviews and static analysis
• Performed and developed procedures for system security audits, network penetration-test, and vulnerability assessments on OS, Server, Database, and other applications.
• Reviewed security logs to ensure compliance with policies and procedures and identifies potential anomalies.
• Utilized incident response use-case workflows to follow established and repeatable processes for triaging and escalating
• Monitored events from Data Loss Prevention (DLP) and other information security tools.
• Coordinating the development of advanced security signature or access control mechanisms that can be implemented on security systems such as intrusion prevention - detection systems, firewalls, routers or endpoint in response to new or observed threats within the enterprise
• Evaluated firewall change requests and assess organizational risk
• Verified that application software/network/system security controls are implemented as stated, documents deviations, and recommends required actions to correct those deviations
• Applied principles of Secure SDLC and methodologies like Lean/Agile/XP, CI, Software and Product Security
• Monitored the SOC critical systems and escalated issues to the SOC management and engineers of any global outage within the distributed systems that effects productivity
• Acted as an Incident Handler to manage both major and minor security incidents within the defined Computer Security Incident Response process
• Monitored incoming intrusion alerts utilizing Sourcefire, SNORT IDS and SPLUNK SIEM
• Monitored security vulnerabilities by analyzing a variety of network and host-based security appliance logs and determining the correct remediation actions and escalation paths for each incident.
• Performed Vulnerability assessment using Nessus scanner
• Monitored and analyzed QRadar channels looking for any unusual activity, malicious executable code, obfuscated JavaScript, APT (Advance Persistent Threats), and virus/Trojans on customer's network
• Monitored and analyze Intrusion Detection Systems (IDS) to identify security events via Snort/Sourcefire triggering on suspicious activity

Information Security Administrator

Confidential, Chicago, IL

• Conducted penetration testing & Auditing of the organization network by using tools.
• Perform Foot printing, Scanning, Sniffing and monitoring Network activities by using Open source & commercial tools like (Wireshark, Nmap).
• Developed Vulnerability Scanning process for all environment builds, and on-going monthly scanning reporting using Nessus
• Monitor and respond to ServiceNow tickets regarding security access requests.
• Analyzed and remediated phishing emails, malware, and other suspicious activity confronting the network.
• Reviewed system logs to identify and research suspicious activities.
• Reviewed group policy security settings and user access to network resources and folders and assists administrators with testing group policy changes
• Utilized Active Directory to create, edit, and maintain accounts
• Utilized Unix based applications to provide end users with the proper access to the proper networks
• Provided risk analysis, information assurance and IT project management using tools like SharePoint and RSAM
• Monitored security status of networks and networking devices, responded to security incidents with appropriate levels of action. Coordinated with other IT teams to resolve incidents.
• Led project to improve Access Control by moderating user access control of computers
• Computed and encrypted data, installed firewalls, viruses and malwares software to protect internal data.
• Assessed the quality and completeness of Information Security Program artifacts, such as program management plan, information security strategic and tactical plan, program risk assessment and management plan, risk register
• Focused on Security monitoring and configuring networks tools and services.
• Partnered with security analysts to maintain VPN Management Security Solution Director and closely monitored remote IDS sensors for reliable reporting of network intrusion attempts
• Deployed and monitored a signature-based IDS combined with packet capture software to monitor for and investigate
• Installed Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) intrusions
• Set up security policies for end-users and provide continuous training to avoid computer virus penetration
• Provided ongoing training on secure development practices to our Engineering teams.
• Hunted for malicious network activity - inspect malicious software, such as Spyware, Trojans, Worms, Ransomware, Virus, Bots and other Intrusion.
• Provided real-time cyber security monitoring - exam security trends, research threats and analyze security events that occur on the network and endpoints.
• Analyzed web server, proxy, mail server logs for root cause analysis
• Analyzed a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.
• Categorized security events and raise necessary incidents after thorough quality check of the event.
• Routinely monitored SOC infrastructure systems functionality, availability and followed emergency procedures while outage occurred.
• Monitored various security tools (e.g. Splunk, Qradar) to identify potential incidents, network intrusions, and malware events, etc. to ensure confidentiality, integrity, and availability of services and information systems are protected
• Responsible for filtering out Security events in Qradar SIEM and Investigating IDS Alerts.

Information Assurance Analyst

Confidential

• Work with Information Assurance working groups, planning teams, etc. to support efforts in the review, application, and maintenance of IA policies and procedures.
• Perform security analysis, ISS scans and risk/vulnerability assessments. Support the recording, retrieval, manipulation, analysis, and storing of test data
• Monitoring firewalls, data encryption, and other security measures.
• Reviewed violations of computer security procedures and discuss procedures with violators to ensure violations do not occur.
• Conduct vulnerability assessment and remediation actions utilizing Nessus for vulnerability scans
• Performed vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle (SDLC)
• Participated in security team meetings and rendered other support to IT Security office, which included ensuring appropriate steps are taken to implement information security requirements for all IT systems.
• Reviewed routine security audit logs (e.g., access control logs).
• Performs technical security tasks such as penetration testing and evaluates and participates in technical infrastructure design and deployment.
• Alerting, response, and mitigation of computer security incidents at TW and works closely with the incident response team
• Worked closely with help desk and network operations, and provide adequate information required for incident resolution
• Evaluated daily logs to ensure the data is in compliance with the company’s policy.
• Assessed the vulnerability of IT systems to unauthorized access and supporting the use of network and encryption routines.