SUMMARY:

• Having 6+ years of experience in Information Security/Cyber Security
• Having experience in IBM QRadar, SIEM tools, Symantec Endpoint protection and having good knowledge on the complete architecture of QRadar.
• Worked with vendors from QRadar, ArcSight, Splunk and LogRhythm, and vendors of various associated products and services.
• Monitored the health of Qradar.
• Experience in implementation and migration to QRadar from ArcSight.
• Analyzed the logs which are triggered in Qradar and providing the recommendations to the technical teams.
• Experience in monitoring data related to Emails, USB, IDS, IPS, proxy, VPN, firewall, netflow and network data.
• Experience in monitoring logs forwarded from Nessus, Nexpose, Carbon Response, Palo Alto Network, Bluecoat and Cisco.
• Worked on Rapid7 and AppScan to run vulnerability scans.
• Configure database traffic monitoring and forwards to the IBM Guardium data collectors.
• Having hands on experience on Symantec Endpoint Protection Manager.
• Having hands on experience with Qualys Guard Vulnerability Management tool.
• Having experience in scanning the Networks and providing the Scan report to the technical teams. Analyzing the scan report and provided the recommendations to technical teams.
• Security Information and Event management (SIEM) support utilizing RSA Envision & Security Analytics.
• Performed network vulnerability scans and review scan output for high - risk network vulnerabilities.
• Involvement in HPE ArcSight projects which includes smart connector installations, logger installations, and Use-Case developments.
• Monitored and worked on ticket queue for events and incidents.
• Developed reports, dashboards, real-time rules, filters and active channels.
• Configured SIEM tool performance and event data quality to maximize SIEM system efficiency.
• Documentation and presentation of the work done to managerial level and VIPs.
• Communication with various teams and team members for requirements.
• Worked on Audit Violation Reports, Service Level Agreements (SLAs), SDLC, Agile.

TECHNICAL SKILLS:

Operating System: Linux, Windows

SIEM Tools: IBM QRadar, RSA Envision,ArcSight, Splunk, Logrhythm

Vulnerability tools: Nexpose, Qualys, Nessus

Others Tools/Software: Symantec Endpoint Protection, Service now- Ticketing tool, Succeed ticketing tool, Infoblox.

Language: C, C++, PHP, Java, HTML, Data Structure

Security Intrusion: Analysis, Vulnerability scanning

Networking: Cisco routers, Managing WAN & etc.

PROFESSIONAL EXPERIENCE:

Confidential, New York

Security Consultant

Responsibilities:

• Implementation of SIEM in the customer environment.
• Performing Admin level activities of integrating Devices like Windows, Unix etc.
• Troubleshooting of log source servers to successfully forward the log events to QRadar.
• Organizing meeting on weekly and daily basis to communicate the work status.
• Having strong knowledge of administering any SIEM and knowledge of vulnerability management.
• Maintaining coordination with security teams of the customer form various locations around the world.
• Experience in migration from ArcSight to QRadar, creation of searches, dashboards and reports.
• Experience in creating the log source groups, validating the log sources and reports.
• Proficient with Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
• Creating Templates for daily, monthly, weekly report and send to team to work for respective customers.
• Handling customer calls in case if any information security issue.
• Creating new process documents which would help the Analyst in analyzing events.
• Timely escalation of incidents to security management team.
• Operated the QRadar SIEM in a 24/7 SOC environment to investigate alarms, and mitigate incidents and events.
• Handling threat management tasks by subscribing various security alerts from various sources.
• Follow-ups with asset owners for remediation of vulnerabilities either at OS or application level.
• Tracking, validation and closure of critical and high vulnerabilities.
• Produce graphs and charts showing vulnerability posture on a weekly, monthly, and quarterly basis.
• Provide risk-based analysis of identified vulnerabilities on a weekly basis.
• Keeping tracks of incident created and utilization of customer response for future analysis
• To perform detailed event analysis, trending correlate with emerging threats and appropriate escalate information security events.
• Real-Time Monitoring, Investigation, Analysis, Reporting and Escalations of Security Events from Multiple log sources.

Environment: QRadar, Windows, Unix, Nexpose, Splunk, SOC, Qualys.

Security Analyst

Responsibilities:

• Support on analyzing events that triggered by the IDS and IPS Sensors, Endpoint protection.
• Assist in the administration and 24x7 monitoring of SIEM (RSA envision) solution
• Create, modify and review rules as per the requirement
• Monitor for external threats and alert respective team regarding intrusions or suspicious activity.
• PerformLog Management Design, Implementation, Administration, Reporting and Log Analysis in LogRhythm.
• Monitor security logs and events to determine cause of security related events or to identify potential security related risks.
• Monitor dashboards to keep track of security events, health of SIEM devices.
• Participated in the development of the Symantec Endpoint Protection courses.
• Real-Time Monitoring, Investigation, Analysis, Reporting and Escalations of Security Events from Multiple log sources.
• Have run vulnerability scanning using Nexpose Rapid 7.
• Configure database traffic monitoring and forward to the Guardium data collectors.
• Reviewing and correlation of security events, performing root cause analysis, and escalation and investigation of security incidents.
• Used LogRhythm to reduce Mean Time To Detect and to increase Mean Time to Respond for Indicators of compromise.
• Correlate and analyze events on Security Information and Event Management (SIEM) tool to detect IT security incidents.
• Report and investigate on anomalies outside the expected norm.
• Timely notification to appropriate teams immediate or potential virus or worm attacks or other suspicious activity
• To actively coordinate and cooperate with other teams, to ensure best IT Security practices and deliveries and a smooth interaction
• Creating new process documents and procedures
• Monitor Cisco IDS/IPS for new signatures/attacks in the environment, Analyze the attack and escalate for further action to the concerned team
• Imparting knowledge to the newly inducted team members on the business & the technology

Environment: QRadar, LogRhythm, Guardium, Nexpose, Rapid7, RSA envision, PHP, Java, HTML,Cisco IDP/IPS Symantec.

Security Analyst

Responsibilities:

• Develop a correlated picture of what is occurring right now in an enterprise through integration of information from a variety of devices with QRadar SIEM tool, then normalizing and correlating the information to develop modules that provides real-time (or near real-time) reporting in SOC.
• Develop an intelligence- driven security approach for threat detection, which helps organization use all available security- related information from both internal and external sources to detect hidden threats from within and outside the organization.
• Develop the complex Use Cases, Universal device support Modules on the QRadar SIEM and Qradar Log Manager tool.
• Writing and Enhancing the Processes and procedures to apprehend the Network anomaly behavior in Qradar Network Anomaly Detection Manager.
• Develop the Scenarios for the detection of zero-day threats in the Qradar Network anomaly detection and Qradar SIEM Tool.
• Tunes performance and event data flow of ArcSight Appliances and Connectors to ensure system efficiency.
• Develop the Queries in Qradar Log Manager Tool to check the integrity of event and flow logs to determine if the logs were modified.
• Perform QRadar Incident Forensics. which helps to search, verify that an incident occurred, determine the severity, reconstruct the event, review it, determine the root cause, and take corrective and preventative action.
• Used ArcSight Express for SIEM/Correlation functionality and ArcSight Logger for Log Management.
• Wrote Logger API that can be used in ArcSight Integration Commands and Rules.
• Development of Tuning/Designing of Correlation rules to reduce the false positives and to generate the alerts/offenses/notifications for the attacks, Security Violations and any deviation in the traffic/flow.
• Identifying IT related risks throughout areas including perimeter, network, and host & application security.

Environment: QRadar, ArcSight, Service now- Ticketing tool, Infoblox

System Analyst

Responsibilities:

• Installing, administration & maintenance of client networks and Install new software releases such as MS Office, System upgrades
• Evaluate and install patches. Manage projects for updates and maintenance Routines on servers, labs, and classroom
• Supported core Windows technologies (Windows server 2003 & 2008, Windows 7/XP)
• Deploy Windows 7, and upgrade from Windows XP
• Assisted in administering and supporting Active Directory environment
• Develop system access, monitoring, control, and evaluation; establishing and testing disaster recovery policies and procedures; completing back-ups; maintaining documentation, and performing system and software upgrades and patches
• Testing and Installation of computers and Medium hardware systems connected PCs in a network and set up peripheral equipment, hardware components
• IT establishes system specifications by conferring with users; analyzing workflow, access, information, and security requirements; support DNS, DHCP, TCP/IP; NetBIOS, PXE
• Troubleshooting a windows server operating system, IIS and Intel server related hardware issues

Environment: ArcSight, Windows 2003, XP, 7, MS Office, DNS, DHCP, NetBIOS, PXE, HTML, Java.