CAREER OBJECTIVE:

I aspire for a challenging position in a professional Organization where I can enhance my skills and strengthen them in conjunction with Organizations’ goals. A self - motivated achiever with an ability to plan and execute.

PROFESSIONAL SUMMARY:

• Experienced Professional with over 11+years of experience as an IT Security Professional in IT Infrastructure, Information Security, and Cyber Security.
• Information-security expert with a diverse technical background in enterprise networking, server infrastructure, database technologies, and system security. Strong knowledge of risk management and computer forensic tools, technologies, and methods. Experienced in IT security design and implementation with a solid understanding of disaster recovery, intrusion detection systems (IDS), intrusion protection systems (IPS), and web application firewalls (WAF). Analytical problem solver adept Confidential managing network changes and troubleshooting network issues to ensure maximum up time.
• Maintaining critical monitoring systems (Splunk - log management systems) measuring system errors logs performance and availability. Evaluation of log management solution Splunk plus open source Linux storage systems.
• Experience in supporting Symantec Endpoint Protection 12.1 workstation clients in an enterprise environment. Installation, configuration, and day-to-day management of Symantec Endpoint Protection.
• Installed and upgraded firmware and operating systems software across multiple networks and systems like Cisco, Windows and Bluecoat.
• Core technologies handled: Cisco Routers 2800 series, Cisco Switches 3500 and 2900series, Juniper E-Series (120, 320), Juniper M-Series (160, 320), Meraki WAP, etc.
• Serve in a supporting technical role in the analysis, design, implementation, and maintenance of all assigned projects; assisting IAM Architects in providing overall security, integrity, and reliability.
• Experience configuring and deploying modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM v11.X.
• Excellent knowledge and experience on multi-vendor platforms like Cisco, Juniper, Checkpoint, F5 Big-ip LTM load balancers, Bluecoat, Riverbed, Citrix, and VMware.
• Experienced working on Solarwinds SIEM to upgrade security and compliance standards and Experience with backup solutions (Symantec, Barracuda) and Firewall (Microsoft TMG, Cisco Meraki)
• Utilizes network analysis, management and monitoring tools to include but not limited to SolarWinds, BlueCoat and Pal Alto firewalls.
• Experience in Security Information and Event Management Tools like IBM QRadar, Splunk and RSA Archer
• Have Excellent written and verbal communication skills, Analytical, Problem Solving skills, highly motivated, fast learner, lead/work within a team environment.

TECHNICAL SKILLS:

Qualys Continuous Monitoring: Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance.

Event Management: RSA Archer, Blue Coat Proxy, Norse, Splunk, NTT Security, LogRhythm.

PenTest Tools: Metasploit, NMAP, Wireshark and Kali.

Security Software: Nessus, Ethereal, NMap, Metasploit, Snort, BASE.

Frameworks: NIST SP, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS.

Security Technologies: WhiteHat Web Security, iDefence, NTT Security, LogRhythm., McAfee Nitro (SIEM)McAfee ePO, McAfee Endpoint Protection Suite

Switches: Cisco Catalyst VSS 1 50- X / 2960, Cisco Meraki

Routers: Cisco Routers ASR / 2600.

Firewalls: Check Point, ISA 2004/2006, Palo Alto PA 3000/5000.

Networking: Conversant in LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Fiber, Firewalls/IPS/IDS.

Routing: OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing.

Switching: VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging.

Protocols: TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS.

Hardware: Dell, HP, CISCO, IBM, SUN, CheckPoint, SonicWall, Barracuda Appliances, SOPHOS email appliances

Nexus: Nexus 48 UP / 32 PP / 2248 TP / 1000 V.

UCS: Fabric Interconnect 6248/6120, IOM 2208/2204/2104 , B200 M2, HP VC FLEX-10.

ANS: F5 BIG-IP LTM 6900/6400, Array APV 5200/2600/TMX 5000, Cisco CSM, CSS.

VPN: ASA 5520, Cisco Concentrator 3030, Nortel Contivity Extranet 1500.

NMS: NAM, Sniffer, Solarwinds NPM, Cisco Secure ACS 5.2, CiscoWorks.

Operating Systems: Windows, NT, Windows 98/XP/ 2000/2003/2007 , MS-DOS, Linux.

PROFESSIONAL EXPERIENCE:

Confidential, Tigad, Oregon

Cyber Security Architect

Responsibilities:

• Monitored Security Management Console for Security Operation Centre (SOC) for ensuring confidentiality, Integrity and Availability of Information systems.
• Migrated from Cisco 2900 series router to cisco Meraki switch and configured layer 3 settings on Cisco Meraki switches.
• Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, Solutionary and LogRhythm.
• Responsible for Designing, Securing, and Managing local and remote networks consisting of Cisco, Meraki,
• Validated system security architecture requirements balancing stakeholder needs and mission constraints with security principles and policy
• Simultaneously provided the internal Audit, Governance, and control standards on multiple enterprise wide technology projects
• Monitored and administration of McAfee ESM (Nitro)SIEM
• Also participated in regular upgrade and maintenance of Infrastructure, Installing, configuring, and maintaining Cisco Switches (2900, 3500, 7600, 3700 series, 6500 series) Cisco Routers (4800, 3800, 3600, 2800, 2600, 2900, 1800, 1700, 800) Cisco Router and Switches, Juniper Routers and Firewalls, Nexus 7k,5k & 2k, f5 BIG IP, Palo Alto Firewalls, BlueCoat Proxy and Riverbed Steelhead appliances.
• Worked on Palo Alto Firewalls PA-3020, PA-3050, PA-5020, PA-5050, PA-5060 series.
• Responsible for working with Endpoint Management team to manage software deployment to PCs using tools such as 2008/2012 Active Directory, Microsoft WSUS patching, Anti-virus and endpoint protection using McAfee ePO. Creation and management of PC Build Images WinXP and Win7, and application for PCI security policies.
• Identify true positive incidents from McAfee SIEM v11.02 and perform incident management life cycle using service
• Participate in Architecture Review and Security Council Review boards to define and explain the strategic Information Security direction and work with cross-organizational IT areas
• Manually Installed Mcafee NDLP Prevent 10.x ISO.file and configured in mcafee epo server.
• Provide assistance to management with administration and configuration of critical enterprise security systems and software such as McAfee ePO, McAfee DLP, McAfee Complete Endpoint Protection-Enterprise, Proof point etc.
• Configuring and deploy Cisco Catalyst 2960 and Meraki MS350 switches along with Meraki MR52 wireless access points, and Meraki MV21 security cameras for upgrading existing sites and new branch sites
• Utilize McAfee ePO and Microsoft SCCM for endpoint management.
• Manage enterprise security systems, identifying key security risks, reporting risks to management with recommendations for corrective action utilizing NIST frameworks.
• Manage McAfee ePO A/V environment, using ePO console to pull reports to validate security protection compliance via DAT file updates, and take appropriate action to correct issues found within the ePO environment.
• Meet with project teams and other system architects to develop system designs and project plans that include the appropriate security controls and meet security standards
• Define and implement the IAM control framework.
• Enforce daily, weekly, and monthly Identity and Access Management (IAM) controls
• Adherence to ISO standards and active involvement in process enhancement and development
• Assist with oversight of the implementation of system upgrades and modifications, including planning, testing, scheduling, and coordinating. Ensure that change management and defined IAM procedures for all assigned systems are executed in accordance with client policies and procedures.
• Assist customers on upgrade & deployment of EPO, VSE, HDLP, Nitro/SIEM, SAE, and MA.
• Working on setup Cisco ASA 5555-X firewall on IPsec VPN, Palo Alto IPsec VPN and Global Protect VPN, and AWS VPN solution
• Ability to perform first-case resolution for the LogRhythm SIEM platform in the case of a late heartbeat, silent log source alert, or critical component alert.
• Support Veterans Affairs Information system and Network, maintain HIPPA Confidentiality, Integrity via vulnerability scanning and testing for OWASP Top Ten Application/Infrastructure Security vulnerabilities.
• Oversight and governance on IBM IES (Integrated Enterprise Solutions), ART (Access Request Tool) and ACT (Access Certification Tool) Integration projects
• Managed Cyber Security threats through prevention, detection, response, escalation and reporting in effort to protect Enterprise IT Assets through Computer Security Incident Response Team (CSIRT).
• Responsibilities for CSIRT included SIEM, Context Filtering, Web Security, Incident Tracking, IPS/IDS and Malware Analysis.
• Generate security reports utilizing enterprise security systems such as McAfee ePO.
• Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce the risk of vulnerability to IT assets.
• Provide expertise with incident response, security event monitoring, vulnerability management, asset security compliance and data loss prevention utilizing McAfee Nitro (SIEM), McAfee ePO, McAfee DLP.
• Experience in security engineering, system and network security, authentication and security protocols, applied cryptography, and application security.
• Design DLP architecture.
• Documentation regarding DLP administration, scanning, reporting, and remediation.
• Knowledge transfer to customers.
• Conducting network and application penetration tests. These assessments involve manual testing, analysis, and exploitation as well as the use of automated vulnerability scanning/testing tools such as map, Nessus, Metasploit / Metasploit Pro, and Burp Suite Professional.
• Symantec DLP and RSA DLP architecture and implementation for enterprise level companies.
• Monitor, analyze and respond to network incidents and events. Participate in disaster recovery implementation and testing under NIST framework, HIPPA, & HITECH standards.
• Vulnerability Management: Configured Qualys Guard Tool for Vulnerability Analysis of Devices and Applications. Monitored them constantly through the dashboard by running the reports all the time.
• Establish a strong GRC (Governance, Risk and Compliance) practice to ensure adherence to best practice, regulatory requirements and ISO 27001
• Configuration, troubleshooting, and management of Websense Data Security (DLP).
• Implementation of DLP.
• Managed all the scans including discovery maps, authentication scans to ensure proper scheduling, reporting and smooth functioning of IP’s.
• Managed a Vulnerability Remediation Team (VRT) for reporting all the scan reports and guided them to fix the vulnerabilities and patches using the QID’s, Bugtraq ID’s and CVE ID’s from knowledge base from vendors.
• Managed to secure the devices across entire network by using the ThreatProtect Module from Qualys. Measured the level of Severity of devices to fix the issues arising from them by providing solutions.

Confidential, Chicago, IL

Sr. Cyber and Network Security Analyst

Responsibilities:

• Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, Solutionary, LogRhythm, SCCM, Altiris, LanDesk, BigFix, McAfee/Symantec.
• Push configurations and updates to multiple Splunk Enterprise instances via the Splunk Deployment Server
• Involved in Cisco Meraki Enterprise Cloud deployment for Corporate HQ, Co-Locations and 500+ branches with distinct SSIDs with Corporate and Public network.
• Experience with SIEM platforms (Splunk, Qradar, McAfee/Nitro, Arcsight, LogRhythm, Carbon Black)
• Configured and deployed Cisco ASA Meraki MX84 firewalls with site-to-site IPsec VPN tunnels to connect smaller branch sites back to the data center
• Provided administration and support on Bluecoat Proxy for content filtering and internet access between site and VPN client users.
• Deployment and Management of Bluecoat proxies in the forward proxy scenario as well as for security in reverse proxy scenario.
• Drafted the primary governance and oversight manual used by 2nd Line of Defence risk professionals to ensure a consistent, repeatable, and measurable implementation of the Bank’s Operational Risk Management framework.
• Monitor the performance of Splunk via the Splunk Monitoring Console.
• Candidate will drive deployments of Splunk while working side by side with the customers to solve their unique problems across a variety of use cases.
• Collaborate across the entire organization to bring Splunk access to product and technical teams to get the right solution delivered and drive future innovation gathered from customer input.
• Design, Deploy, support and maintain Splunk cluster infrastructure in a highly available, geo-redundant configuration Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the firm’s enterprise security platforms
• Use Carbon Black (CB Defense), McAfee Nitro and Splunk Enterprise SIEM security tools to monitor environment
• Provides detailed reporting on current state of IAM controls (i.e. KRI reporting)
• Liaise with IT Security groups worldwide
• Assist in user re-certifications, reconciliations, system profile review, third party applications validation and other IAM related reviews
• Support daily IAM BAU process and requests from user community as needed
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Monitoring and remediating daily security alerts generated by end users with the tools like Intel/McAfee SIEM, ForcePoints Websense, and Intel/McAfee EPO 5.X and also responsible for effectiveness of tools and scans, as well as assessing and tracking risk of exposure.
• Vulnerability Management: Configured Qualys Guard Tool for Vulnerability Analysis of Devices and Applications. Monitored them constantly through the dashboard by running the reports all the time.
• Experience with IDS/IPS/SIEM and related security tools and technologies, such as Nitro / McAfee SIEM v11.01
• Also deploying Cisco ASA and Bluecoat ProxySG (Web Security Appliance) for URL Filtering Policies.
• Responsible for all aspects of the Corporate Operational Risk Management program Confidential Windhaven andThomasPartners,including risk governance, risk identificationand assessment, risk monitoring and reporting, risk measurement, and risk mitigation and control optimization. Worked in close collaboration with executive management, senior managers, corporate legal, corporate compliance, and other professional staff to ensure that the organizations maintained effective internal control frameworks of policies, programs, procedures, authorities, and responsibilities to accomplish timely and accurate risk management programs.
• Co-ordinating pen testing and application security testing audits with PenTest Tools like Metasploit, NMAP, Wireshark and Kali on Linux/Unix operating system.
• Administer Business Continuity Program including disaster recovery plans developments and coordinating disaster recovery testing activities
• Conduct vulnerability scans to support to our risk/threat/vulnerability management program including resolving risks and the documentation of any residual risks.
• Monitor daily backups and EPO logs
• Manage EPO for Servers and Desktops/laptops company wide. Apply updates as needed. Resolve client issues, and perform routine updates to client systems.
• Provide backup support for web filtering solution-white/black lists to ensure traffic is protected.
• Managed Cyber Security threats through prevention, detection, response, escalation and reporting
• Monitoring and remediating daily security alerts generated by end users with the tools like Intel/McAfee SIEM, Force Points Websense, and Intel/McAfee EPO and also responsible for effectiveness of tools and scans, as well as assessing and tracking risk of exposure.
• Installing, patching and maintaining McAfee EPO 5.X and DLP, utilizing McAfee Orchestrator, and able to deploy DLP and reporting and working knowledge in ENS 10.
• Identifies, analyzes, monitors and minimizes complex areas of risk that pertain to information technology.
• Work with Windows Operating systems for the building, configuring, and troubleshooting of Windows 2003, 2008, 2008 R2, 2012, and most currently 2012 R2 and support x86 hardware regarding storage requirements and use x86 tools such as Dell Open Manage and IBM Director.
• Deploy and support information security systems and solutions such as key management, IPS/IDS, SIEM, MDM, NAC, APT detection, and endpoint management for remote user.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Implemented multiple tools including Symantec DLP, and QRadar SIEM.
• Monitored Security Management Console for Security Operation Centre (SOC) for ensuring confidentiality, Integrity and Availability of Information systems.

Confidential

Cyber Security Analyst

Responsibilities:

• Monitor controls post authorization to ensure continuous compliance with the security requirements.
• Update the controls changes from NIST rev 3 to NIST rev 4 and control assessment changes from NIST A to NIST 53A rev4.
• Conceptualize and implement DLP Program and policies and also participated in Cisco Meraki router installs and administration.
• Install and manage Symantec DLP for testing in the environment for security compliance.
• Creation, development, and/or restructuring of DLP programs from conception to fully perational state.
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies.
• Network and host DLP monitoring and logging.
• Information protection solutions including Monitoring, DLP and Security Auditing solutions from Symantec.
• Responsible for using cutting edge solutions for Data Loss Prevention DLP.
• In-depth experience with Symantec DLP in an enterprise environment.
• Experience with architecting Symantec DLP Platforms.
• Experience analyzing Symantec DLP events and reports. plans, training and testing were executed appropriately and discuss lessons learnt.

Confidential

Cyber Security Admin

Responsibilities:

• Working as part of the IT Compliance team and managing IT Security .
• Monitoring the network for suspicious activity using various tools splunk.
• Incident Handling, tracking and responding to all incidents of network attacks.
• Reviewing Security logs on end user machines and analyzing root cause.
• Performing Internal audits to ensure IT Compliance.
• Scanning the network for unapproved software's and data's.
• Analyzing user's browsing activities through Splunk tool and Mandiant.
• Ensuring all lab Production machines are up to date with respect to windows patches and McAfee updates.
• Working closely with other SOC/CIRT teams across Asia pacific.
• Installing and Troubleshooting McAfee 8.8, ePO 4.5
• Scanning the network for Free ware's, Nonstandard software's and open shares.
• Handling escalations from the L1 team for Security related issues.
• Installing and troubleshooting Windows OS in Lab.
• Installing and troubleshooting VM.

Confidential

Security Engineer

Responsibilities:

• Reporting of all malfunctions, diagnose and recommended solutions
• Resolved all LAN/WAN connectivity other issues.
• Performing OS updates and upgrading application.
• Maintaining all shared resource and monitor free and utilized disk space.
• Responsible of setting up projector, audio/video devices for meetings and lectures.
• Keeping and tracking inventory of all loaner laptops issued to students and staffs.
• Responsible of writing and updating training manuals.
• Install and configure the Qradar SIEM including all its components, local & or remote log collectors.
• Worked on SIEM tool Qradar for reporting and data aggregation
• Used SIEM tool Qradar on adding the newly build windows and Linux log servers and creating policies for different alerts
• Security Audit, Budget Violation, Operational Violation, Best practice check in client AWS environment.
• Coordinated with Network Administrator regarding BGP/OSPF/EIGRP routing policies and designs, worked on implementation strategies for the expansion of MPLS VPN networks.
• Troubleshooting the Network Routing protocols (BGP, MPLS EIGRP and RIP) during the Migrations and new client connections.
• Responsible for notifying systems owners of potential events and remediation. Responsible for drafting and conducting daily briefings to customers.
• Designing and maintaining production-quality Splunk dashboards.
• Working with Client teams to find out requirements for their Network Requirements.
• Monitor performance of network and servers (Microsoft and Linux) to identify potential problems and bottleneck.
• Coordinate with System Admin and perform task as directed.
• Maintaining computer hardware and assist students and staff on onsite issues.
• Performing installation of requested software as per semester requirements.