CAREER OBJECTIVE:

Results - driven professional with specified experience in Vulnerability Management, Access Management, and Information Security. Effective skills to proactively complete projects and special assignments on time while working self-sufficiently within a fast-paced environment, all while promoting team solidarity and promoting a strong and positive environment.

PROFESSIONAL SUMMARY:

• Experienced in Vulnerability management and remediation.
• Hands on experience with Qualys Guard vulnerability management tool.
• Scanning the network and provide the scan reports to operational teams.
• Worked on McAfee VSE product for Stop worms, spyware, and viruses, get high-performance security, Lessen damage from outbreaks.
• Implemented and managed Splunk for log management and analytics.
• Worked on McAfee HIPS product for Get the broadest IPS coverage, Safeguard against malicious threats, Get automatic security updates, Protection around the clock.
• Knowledge of IDS-IPS.
• Experience in supporting, operation and troubleshooting the problems.
• Automated the centralized detection of security vulnerabilities with scripts for Vulnerability assessment tools like Qualys guard and Splunk.
• Diverse background with fast learning skills and creative analytical skills.
• Developed communication interpersonal skills, team coordination and versed with software processes.
• Scanning Data and in-coming alerts/false positives to recognize red flags and patterns in the DLPconsole - Data Loss Prevention (Symantec system) perform basic service request based on standard operating procedures, follow quality security process defined for the engagement.
• Experienced in Vulnerability management and remediation.
• Scanning the network and providing the scan reports to technical teams.
• Analyze and document client requirements and solution design for how McAfee solutions can meet these requirements now and in the future.
• Hands on experience with Qualys Guard vulnerability management tool.
• Design DLP architecture.
• Expert in installing SPLUNK logging application for distributed environment
• Strong grasp of TCP/IP and common Internet fundamentals such as DNS, DHCP, NTP, SMTP, HTTP, etc.
• Extensive knowledge of information security principles and practices, understanding of security protocols, standards and defense in depth.

TECHNICAL SKILLS:

Qualys Continuous Monitoring: Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance.

Event Management: RSA Archer, Blue Coat Proxy, Splunk, Alienvault.

PenTest Tools: Metasploit, NMAP, Wireshark and Kali.

Security Software: Nessus, Ethereal, NMap, Metasploit, Snort.

Forensic Tools: FTK, Encase

Frameworks: NIST SP 800-171, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS.

Security Technologies: McAfee Nitro (SIEM). McAfee ePO, McAfee Endpoint Protection Suite

Firewalls: Palo Alto PA 3000/5000.

Networking: Conversant in LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Fiber, Firewalls/IPS/IDS.

Routing: OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing.

Switching: VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging.

Protocols: TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS.

Hardware: Dell, HP, CISCO, IBM, SUN, CheckPoint, SonicWall, Barracuda Appliances, SOPHOS email appliances

Nexus: Nexus 7010 / 5548 UP / 5020 / 2232 PP / 2248 TP / 1000 V.

Operating Systems: Windows, NT, Windows 98/XP/ 2000/2003/2007 , MS-DOS, Linux.

PROFESSIONAL EXPERIENCE:

Confidential, Atlanta, GA

Sr. Information Security Analyst

Responsibilities:

• Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, Solutionary and LogRhythm.
• Managed Incident response lifecycle end to end from detection of incident, evidence preservation, artifacts collection, confirmation of incident and mitigation.
• Performed browser forensics using encase looking at the evidence for artifacts and analysing the evidence (EWF files) for logs.
• Analysing endpoint logs, firewall logs and host logs in case of an incident to approve or disprove the incident.
• Provided technical reports in case of incident on detection and remediation and recommended escalation of case based on incident.
• Managed Log management, event correlation, asset management and cloud monitoring in Alien vault UTM.
• Manually Installed Mcafee NDLP Prevent 10.x ISO.file and configured in mcafee epo server.
• Utilize McAfee ePO and Microsoft SCCM for endpoint management.
• Good experience in building Splunk Security Analytics. Lead logging enrollments from multi-tier applications into the enterprise logging platforms.
• Manage enterprise security systems, identifying key security risks, reporting risks to management with recommendations for corrective action utilizing NIST frameworks.
• Responsibilities for CSIRT included SIEM, Context Filtering, Web Security, Incident Tracking, IPS/IDS and Malware Analysis.
• Generate security reports utilizing enterprise security systems such as McAfee ePO
• Formulating systems and methodologies as well as responding to security related events.
• Expert in installing SPLUNK logging application for distributed environment.
• Use McAfee Real Time Command along with other tools such as CoreImpact and or Qualys to respond, isolate, and respond, isolate, and resolve network incidents resolve network incidents
• Documentation regarding DLP administration, scanning, reporting, and remediation.
• Symantec DLP and RSA DLP architecture and implementation for enterprise level companies.
• Vulnerability Management: Configured Qualys Guard Tool for Vulnerability Analysis of Devices and Applications. Monitored them constantly through the dashboard by running the reports all the time.
• Installed, configured and administered Splunk Enterprise Server and Splunk Forwarder on Redhat Linux and Windows servers
• Configuration, troubleshooting, and management of Websense Data Security (DLP).
• Implementation of DLP.
• Monitoring of Multiple Security Incidents using McAfee SIEM, Symantec MSS and Absolute
• Responsible for internal Qualys WAS services and WhiteHat Security scans.
• Performing Cyber security incident response, event analysis and investigations
• Network and System Security, Protocols, Penetration Testing
• Performing periodic vulnerability testing and assisting in remediation efforts.

Confidential, Dallas, TX

Splunk Engineer/Security Specialist

Responsibilities:

• Performed Dead and live imaging based on the incident to preserve the evidence using FTK imager.
• Analysed the evidence using FTK and encase looking for artifacts.
• Have written malware detection signatures for snort and payload inspection based on content of the file.
• Used multiple products such as qualys, Alienvault and McAfee for monitoring logs, users and server-side certificates.
• Performed end to end incident response from detection to mitigation, follow up and documented the findings.
• Execute the vulnerability assessment process, event monitoring using McAfee SIEM and incident response using predefined policies and rules.
• Implement common security exploitation techniques and mitigations using Sqlmap, Burpsuite and others.
• Early informer of critical vulnerabilities and exposures relevant to safeguarding the company's Information assets.
• Good experience in building Splunk Security Analytics. Lead logging enrollments from multi-tier applications into the enterprise logging platforms.
• In depth experience with internal, external, network, & application vulnerability assessments utilizing QualysGuard and FireEye.
• Strong knowledge on Vulnerability Management using QualysGuard and Nexpose .
• Conceptualize and implement DLP Program and policies.
• Maintain McAfee ePO environment in optimum performance and compliance standards.
• End to End Vulnerability Management services - Qualys tool.
• Oversee the execution of the Cyber Security Incident Response Playbook by the Security Operations Center and others for minor security incidents.
• Drive complex deployments of Splunk dashboards and reports while working side by side with technical teams to solve their integration issues.
• Doing Policy compliance using Qualys Guard.
• Analyze new forms of malware and design countermeasures to protect the enterprise from their impact.
• Lead the deployment, installation, and configuration of Symantec DLP, as well as Enforce, Network Monitor, Network Discover, Web Prevent, Email Prevent, and Endpoint Agent
• Investigation for false positives for issues with Qualys with the help of support.
• Managing ePO version 5.3 and VSE 8.8 for large enterprise network.
• Installing and configuring new ePO server.
• Monitoring McAfee dashboard for updated DAT versions in all the client.
• Monitoring and updating the Stores Closing details in McAfee and Bit9 console.
• Handled the compatibility issues that arise due to Qualys scans.
• Vulnerability Management by scanning, mapping and identifying possible security holes using Qualys Guard and Nessus scanner.
• Designing and maintaining production-quality Splunk dashboards, Data gathering from onsite and coming up with an implementation plan.
• Responsible for resolve issues of QRADAR.
• Performed Symantec DLP environments management and support configuration as well as data security environments used in testing and configuring client sites prior to installation.
• Designing and maintaining production-quality Splunk dashboards.
• Monitor Threats and Security events on McAfee and Bit 9.
• Vulnerability Assessment and patch validation through Qualys guard express.
• Developed security metrics dashboards to illustrate trends in security events and situational views over time.
• Operations - Security Incidents and Vulnerabilities by OS.

Confidential

Information Security Analyst

Responsibilities:

• Created, designed and documented SIEM Implementation.
• In-depth expertise in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems.
• Experience analyzing Symantec DLP events and reports.
• Monitor controls post authorization to ensure continuous compliance with the security requirements. plans, training and testing were executed appropriately and discuss lessons learnt.
• Extensive PowerShell and VBScript scripting Remote management of Windows 2003 & Windows 2008 servers.
• Experience analyzing network traffic captures and network mapping using WireShark, Nstat, ZenMap, AirCrack, NetStalker, etc.
• Worked on Cisco Layer 2 switches (spanning tree, VLAN).
• Knowledge of IP traffic flow, sniffing, capturing and monitoring of live traffic streams using Wireshark.
• In-depth experience with Symantec DLP in an enterprise environment.
• Experience with architecting Symantec DLP Platforms.
• Experience with Check Point R75-40 Smart-Dashboard, Anti-bot/Anti-Virus, IDS/IPS and Threat cloud Managed Security service (SOC) .
• Monitoring the network for suspicious activity using various tools splunk.
• Reviewing Security logs on end user machines and analyzing root cause.

Confidential

Security Engineer

Responsibilities:

• Performed network and host DLP monitoring and logging
• Information protection solutions including Monitoring, DLP and Security Auditing solutions from Symantec and McAfee.
• Conducted Security Risk Assessment on all new applications, IT Systems or changes to existing IT systems to verify if they satisfy established security baseline before adoption into Corporate Regional offices.
• Maintained operational efficiency of client DLP programs.
• Reviewed business requirements and conducted task analysis.
• Implemented business procedures and DLP security programs.
• Suggested expansions for DLP programs as per business requirements.
• Formulated system policies by conversion of business information.
• Documented requirements specifications and user manuals.
• Assisted in interfacing with business units and teams.
• Generated customized reports and installed customer equipment.
• Formulated and configured Logger appliances and analyzed system anomalies.
• Designed and developed Splunk architecture components and related upgrades.
• Prepared system plans and executed Splunk architecture modifications.
• Managed, upgraded and maintained operational data flows and Splunk platforms.
• Created and documented reports, rules, trends and Dashboard for Splunk.
• Analyzed Splunk and related tools and resolved IT security failures.
• Provided guidance for equipment checks and supported processing of security requests.
• Conducted Security Risk Assessment on new Vendors and annual Vendor Risk Assessment.
• Assisted management in authorizing the IT Systems for operation on the basis of whether the residual risk is at an acceptable level or whether additional compensating controls should be implemented.
• Coordinated with system owners and ISSOs across the organization to ensure timely compliance
• Worked with Palo Alto NGFW Panorama management tool to manage all Palo Alto NGFW firewall and network from central location.
• Install and configure the Splunk SIEM including all its components, local & or remote log collectors.
• Worked on SIEM tool Splunk for reporting and data aggregation
• Used SIEM tool Splunk on adding the newly build windows and Linux log servers and creating policies for different alerts
• Security Audit, Budget Violation, Operational Violation, Best practice check in client AWS environment.
• Troubleshooting connectivity and perform connector installation and tune configurations, conditions, filters, aggregations, and correlation for the flow of events for Splunk SIEM.
• Gathered data and perform monthly reports for Splunk SIEM.
• Conduct regularly health checks and content tuning.
• Provide continued maintenance and development of bug fixes and patch sets for existing web applications.
• Implemented and managed Splunk ESM and Connectors at multiple locations.
• Executed database tuning and troubleshooting processes and updated configuration files.
• Working with Client teams to find out requirements for their Network Requirements.
• Monitor performance of network and servers (Microsoft and Linux) to identify potential problems and bottleneck.
• Provided technical support on hardware and software related issues to remote production sites.
• Monitored controls post authorization to ensure continuous compliance with the security requirements.
• Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce the risk of vulnerability to IT assets
• Updated the controls changes from NIST-800 53 rev 3 to NIST-800 53 rev 4 and control assessment changes from NIST-800 53A to NIST 53A rev4
• Assisted in deployment of AWS (Amazon Web Services) database and encryption, reducing operational costs by 50%.