SUMMARY:

• Experienced Professional with over 6+ years of experience as an IT Security Professional in IT Infrastructure, Risk security, Information Security, and Cyber Security.
• Information - security expert with a diverse technical background in enterprise networking, server infrastructure, database technologies, and system security.
• Experience in configuration management and policy implementation.
• Experience in vulnerability scanning g with relevant tools e.g., Nessus, HPE Fortify for SCA (Static Code Analysis) and WebInspect, and Rapid 7 Nexpose.
• Experience in managing Network infrastructure security using HPE ArcSight ESM/ Splunk for monitoring and classifying and responding to incidents and threats.
• Strong knowledge of risk management and computer forensic tools, technologies, and methods. Experienced in IT security design and implementation with a solid understanding of disaster recovery, intrusion detection systems (IDS), intrusion protection systems (IPS), and web application firewalls (WAF). Analytical problem solver adept at managing network changes and troubleshooting network issues to ensure maximum up time.
• Experience in in OSINT and TECHINT reconnaissance.
• Generated notification based on different templates on record content values using RSA Archer.
• Supports to generate all kinds of reports and extensively used in the workspace dashboards using RSA Archer and Forcepoint.
• Tracks all the incidents happened in all the stores and used for recovery and settlements using RSA Archer.
• Daily Data feeds to have up to date locations information of all the stores using RSA Archer.
• Leveraged Amazon Web Services through AWS console and API Integration.
• Experience with SOC and all time operations.
• Knowledge of distributed Splunk installation with Forwarders, Clusters, Search head cluster.
• Skilled with Penetration testing (white, grey, and black box) with passive and active modules using Burp suite, Metasploit, custom scripts, and other necessary tools.
• Recommend remediations for flaws discovered in the penetration test.
• Expert understanding on the Cyber-Kill-Chain and APT.
• Experience with network monitoring with SIEM IBM QRadar and Wireshark, Information Security & Network security configuration and functions.
• Experience in configuring deployment server, Splunk Apps and add-ons.
• Hands on experience with several vulnerability forms i.e., SQL injection, XSS etc.
• Hands on Experience with Security frameworks such as NIST, HIPAA
• Experience with NIST SP 800-53A and NIST SP 800-30.
• Experience in Paulo Alto Firewall, VPN’s, and networking with protocols i.e. NetBIOS, SNMP, telnet, SSH, ARP, etc.
• Experience with industry recognized SIEM (Security Information and Event Management) solutions such as IBM QRadar, Splunk, and LogRhythm.
• Perform vulnerability scan with Nessus for improper configurations, missing patches, hosts, network, and insecure credentials and accounts.
• Experience with HPE Fortify for code Vulnerability analysis reviews and WebInspect scan.
• Experience with application security.
• Excellent understanding of SAST, DAST, IAST and RASP best practices.
• Having hands on experience for Documentation and log analysis
• Experience and better understanding of scripting languages, command shells and regular expressions such as Python.
• Experience with identity and access management solutions such as LDAP, Active Directory, XAML, SAML and multi factor authentication
• Excellent understanding of computing environments Linux: RHEL-7/DEB-KALI, Windows 7/10, Server 2012/2016 and Unix Operating systems.
• Perform Risk Assessment, Gap analysis & create Risk Mitigation plan.
• Strong understanding of enterprise, network, system/endpoint, and application-level security issues and risks.
• Oversee Vulnerability assessment / penetration testing of scoped systems and applications to identify system vulnerabilities.
• Excellent knowledge of FISMA, HIPAA and NIST Compliance usage, rules and regulations
• Use IBM QRadar Security Manager to identify threats and assigned category.
• Solid Understanding of IBM QRadar, Palo alto NGFW and SDLC
• Having Strong understanding of DLP Architecture.
• Provide support in security architecture, design, developing, monitoring and supporting enterprise infrastructure environment
• Experience with supporting Business and Third party Risk Assessment
• Antivirus McAfee Virus Scan Enterprise, Symantec Endpoint Protection Suite

TECHNICAL SKILLS:

DLP: Websense, Symantec & McAfee

End Point Security: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Symantec

IPS/IDS: McAfee IPS, SecureWorks IDS/IPS, SNORT

SIEM: IBM QRadar security manager, Splunk, LogRhythm

MSS: Vulnerability Assessment, Content Filter, Antispam, IDS/IPS Management

Vulnerability Management Tools: Nessus, Nmap, Nexpose, Wireshark, Fortify

Security Tools: IBM QRadar, McAfee Vulnerability management solutions, Nessus, Solarwinds, LogRhythmPlatforms/Applications: Continuous Monitoring Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance, Solarwinds, Nexpose, Rapid7 Event Management RSA Archer, Blue Coat Proxy, IBM QRadar, NTT Security, LogRhythm, PenTest Tools Metasploit, Burpsuit, NMAP, Wireshark and Kali

Security Software: Nessus, Ethereal, NMap, Metasploit, Snort, RSA Authentication

Networking: LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Firewalls/IPS/IDS

Protocols: TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS, NetBIOS, SNMP, TLS etc.

Operating System: Windows, Linux, Unix

Security Intelligence: WhiteHat Web Security, iDefence, NTT Security, LogRhythm

PROFESSIONAL EXPERIENCE:

Confidential, Farmington Hills, MI

Information Security Analyst/ Cyber Security

Responsibilities:

• Responsible for capturing security and privacy requirements for clients to be compliant with Payment Card Industry (PCI).
• Experienced with DLP, Bluecoat websense, Proofpoint, Trend Micro, and IBM QRadar Enterprise SIEM security tools to monitor network environment
• Assisted engineers with IBM QRadar troubleshooting and deployment
• Created IBM QRadar dashboards for investigations
• Perform QRadar product support and implementation
• Automated the centralized detection of security vulnerabilities with scripts for Vulnerability assessment tools like ArcSight and Splunk.
• Provide Level 2 Operations support for end user resolution investigating RSA Archer events to determine any true intrusions (Cyber Ark combined).
• Experience in supporting Symantec Endpoint Protection 12.1 workstation clients in an enterprise environment. Installation, configuration, and day-to-day management of Symantec Endpoint Protection.
• Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level.
• Monitor client environment using Security Event and Information Management (SIEM) IBM QRadar technology to centralize the storage and interpretation of logs; collect data into a central repository for trend analysis and provide automated reporting for compliance and centralized reporting, which provides more situational awareness and real-time analysis of security alerts.
• Coordinate and conduct event collection, log management, event management, compliances automation, and identity monitoring activities using SIEM platform.
• Perform research, analyze and understand log sources utilized for security monitoring focusing networking devices.
• Experience with Risk assessment using Industry standards like NIST 800-53 Rev3 and Rev4, HIPPA, PCI/DSS and develop Security policy as per these standards.
• Develop, implement, and execute standard procedures for administration, content management, change management, version/patch management, and lifecycle management of the SIEM.
• Support day to day event parsing and repairing of events that have missing or incorrect information, create log sources extensions, and flow management.
• Create and develop correlation and detection rules within SIEM to support alerting capabilities within the Threat Management Center.
• Installed, configured and administered Splunk Enterprise Server and Splunk Forwarder on Redhat Linux and Windows servers.
• Tracks all the incidents happened in all the stores and used for recovery and settlements using RSA Archer.
• Daily Data feeds to have up to date locations information of all the stores using RSA Archer.
• Network Admin, logging and securing network data using RSA Archer (TCP/IP data analysis).
• Successfully Worked with Ping identity professional services in establishing multi factor authentication in the organization.
• Create technical detailed reports on the status of the SIEM to include metrics on items such as number of logging sources, log collection rate, and server performance.
• Review risk assessments completed by security team based on National Institute of Standard and Technology (NIST) and International Standard Organization (ISO) by using its methodology is based on the PDCA cycle, which builds the management system that plans, implements cybersecurity, maintains, and improve the whole system.
• Monitoring using Splunk/ Wily Introscope and setting up WebSphere Global Security for access to the adminconsole. Configuring the HTTP Server for various clustered application servers using virtual hosting and enabling SSL security.
• Consult clients on automating business processes & risk management activities in the RSA ArcherGRC platform.
• Perform proxy policies management Bluecoat.
• Perform proxy authentication with ACL.
• Configuration of the RSA Archer platform with effective solutions and applications that support variety of business needs and to achieve organizational objectives.
• Assist penetration testing and investigation.
• Designed Symantec DLP architecture, implemented Symantec DLP.
• Worked with Symantec DLP upgrades and patches.
• Implementation with NIST SP 800-53A and NIST SP 800-30.
• Perform vulnerability scans using Nessus and prepare reports.
• Static Code analysis (SCA) for present vulnerabilities and WebInspect for servers with HPE Fortify.
• Perform log analysis utilizing IBM QRadar and various other security software and tools
• Manage IBM QRadar configuration files like inputs, props, transforms, and lookups. Upgrading the IBM QRadar Enterprise and security patching.
• Create policies, alerts and configure using SIEM tools
• Assist with vulnerability scans and reporting to clients and IT departments, use of Nessus scan and Report, Review the vulnerability scan that affects the assets and find critical devices that have critical vulnerability
• Manage enterprise security systems, identifying key security risks, reporting risks to management with recommendations for corrective action utilizing NIST frameworks.
• Work experience with IT policies, procedures, and standards are related to doing security review using the NIST standard specifically with NIST 800-53 and NIST 800-66 for HIPAA security rules. Review the Logs for malicious user activities
• Complete security project management to ensure that clients remain on track for their annual security assessments.
• Create advanced dashboards, alerts and visualizations using Splunk environment.
• Advanced administration of Splunk platform, installation and configuration of apps and add-on.
• Implement solutions as a part of the project support which include EventSentry SIEM, Nessus Vulnerability scanner and Palo Alto Firewall.
• Deploy IBM QRadar SIEM from scratch for security log monitoring and alerting in production environment including switches, routers, firewalls, load balancers, VPN and expand the deployment to the corporate domain.
• Experience with Risk assessment, Cobit I help Malware Analysis.
• Perform incident response on requirement with defined policies.
• Manage and Maintain Nessus Vulnerability scanner 6.11.0, add additional scan engine to a production environment and identify gaps in patching.
• Create dynamic groups for discovered assets by asset location and operating systems to run full system audit scans.

Information Security Analyst (SOC)

Responsibilities:

• Responsible for monitoring and, providing analysis in a 24x7x365 Security Operation Center (SOC) using various SIEM, IDS/IPS tools.
• Perform and maintain SAST, DAST, IAST and RASP best practices.
• Assist with the development of process and procedures to improve incident response times, analysis of incidents, and overall SOC functions.
• Provide network intrusion detection expertise to support timely and effective decision making of when to declare an accident.
• Different kinds of calculations, text, date, attachments, sub-form, cross-references, record permissions and values list fields were created using RSA Archer.
• Assisted engineers with Splunk troubleshooting and deployment
• Created Splunk dashboards for investigations
• Document all activities during an incident with status updates during the life cycle of the incident.
• Analyze network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.).
• Provide information regarding intrusion events, security incidents, and other threat indications and warning information.
• Generated notification based on different templates on record content values using RSA Archer.
• Supports to generate all kinds of reports and extensively used in the workspace dashboards using RSA Archer.
• Tracks all the incidents happened in all the stores and used for recovery and settlements using RSA Archer.
• Daily Data feeds to have up to date locations information of all the stores using RSA Archer.
• Network Admin, logging and securing network data using RSA Archer (TCP/IP data analysis).
• Design DLP architecture and handle Third party Risk Assessment and Managed SOX audits
• Facilitated FISMA Continuous Monitoring Test Cases NIST 800-53 Rev 4 Update.
• Configure and Install IBM QRadar Enterprise, Agent, and Apache Server for user and role authentication and SSO.
• Implemented Symantec DATA Loss prevention to secure all end points. Configured and instrumented Symantec management console, Symantec management server and Symantec database on Oracle.
• Perform command line scripting in Linux and Unix to configure Splunk.
• Performed real-time proactive Security monitoring and reporting on various Security enforcement systems, such as IBM QRadar (SIEM), McAfee, Internet content filtering/reporting, malware code prevention HPE Fortify, Firewalls, IDS& IPS, Web Security, Anti-spam and FireEye
• Manage IBM QRadar configuration files like inputs, props, transforms, and lookups.
• Upgrading the IBM QRadar Enterprise to 6.2.3 and security patching.
• Experience in Intrusion Detection & Prevention (IDS / IPS), SIEM, Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Worked on SIEM, as well as solar winds, Symantec end to end point security for malware detection and threat analysis
• Imported existing information from legacy systems into RSA Archer Applications and questionnaire. Integrated the RSA Archer with External data sources with WebAPI.
• Managed and coordinated activities for multiple Data privacy information security.
• Responsibilities for CSIRT included SIEM, Context Filtering, Web Security, Incident Tracking, IPS/IDS and Malware Analysis.
• Support IT teams based on latest risks and possible remediation. Involved in integration of Splunk with Service Now, Active directory and LDAP authentication
• Used Splunk Deployment Server to manage Splunk instances and analyzed security based events, risks & reporting.
• Deploy, configure and maintain IBM QRadar forwarder in different platforms.
• Ensuring that the application website is up and available to the users.
• Continuous monitoring of the alerts received through mails to check if all the application servers and web servers are up.
• Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level. Designed Symantec DLP architecture, implemented Symantec DLP. Worked with Symantec DLP upgrades and patches. Implemented Symantec DLP Policy and Content Blade creation and tuning. Provided input into customer's operational and processes and procedures.
• Responsible for testing vulnerability updates for all releases and patches of IBM QRadar SIEM.
• Integration of IDS/IPS to SIEM and analyze the logs to filter out False positives and add False negatives in to IDS/IPS rule set.
• Develop content for IBM QRadar like correlation rules, dashboards, reports and filters, Active lists and Session list.
• Configure Symantec Critical System Protection IDS to forward logs to IBM QRadar for File Integrity Monitoring. Configured remote logging to IBM QRadar with flexible fields.
• Responsible for testing and implementation IBM QRadar with setup to AD (Active Directory) and LDAP.
• Troubleshooting the issues which are related to IBM QRadar.

Information Security Analyst

Responsibilities:

• Performed network and host DLP monitoring and logging
• Information protection solutions including Monitoring, DLP and Security Auditing solutions from Symantec and McAfee.
• Conducted Security Risk Assessment on all new applications, IT Systems or changes to existing IT systems to verify if they satisfy established security baseline before adoption into Corporate Regional offices.
• Conducted Security Risk Assessment on new Vendors and annual Vendor Risk Assessment.
• Assisted management in authorizing the IT Systems for operation on the basis of whether the residual risk is at an acceptable level or whether additional compensating controls should be implemented.
• Designed processes in Archer using workflows, notifications, and data feeds.
• Assisted teams in the design and development of management reporting and dashboards from the designed solution in Archer.
• Coordinated with system owners and ISSOs across the organization to ensure timely compliance
• Participated in meetings to discuss system boundaries for new or updated systems to help determine information types for categorization purposes. Determined the classification of information systems to aid in selecting appropriate controls for protecting the system.
• Worked with Palo Alto Panorama management tool to manage all Palo Alto firewall and network from central location.
• Configured and troubleshooting DHCP issues on Switches.
• Created of Network diagrams on Visio.
• Install and configure the Qradar SIEM including all its components, local & or remote log collectors.
• Worked on SIEM tool Qradar for reporting and data aggregation
• Used SIEM tool Qradar on adding the newly build windows and Linux log servers and creating policies for different alerts
• Security Audit, Budget Violation, Operational Violation, Best practice check in client AWS environment.
• Coordinated with Network Administrator regarding BGP/OSPF/EIGRP routing policies and designs, worked on implementation strategies for the expansion of MPLS VPN networks.
• Troubleshooting the Network Routing protocols (BGP, MPLS EIGRP and RIP) during the Migrations and new client connections.
• Responsible for notifying systems owners of potential events and remediation. Responsible for drafting and conducting daily briefings to customers.
• Designing and maintaining production-quality Splunk dashboards.
• Working with Client teams to find out requirements for their Network Requirements.
• Monitor performance of network and servers (Microsoft and Linux) to identify potential problems and bottleneck.
• Real time monitoring and network management using Cisco Works LMS and Solarwinds.
• Provided technical support on hardware and software related issues to remote production sites.
• Coordinated and managed team activities during assessment engagements.
• Established schedules and deadlines for assessment activities.
• Monitored controls post authorization to ensure continuous compliance with the security requirements.
• Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce the risk of vulnerability to IT assets
• Updated the controls changes from NIST-800 53 rev 3 to NIST-800 53 rev 4 and control assessment changes from NIST-800 53A to NIST 53A rev4
• Assisted in deployment of AWS (Amazon Web Services) database and encryption, reducing operational costs by 50%.