SUMMARY:

• An Information Systems professional who has a background in Security Engineering, and IT Security with Masters.
• I am always looking for opportunities to increase my Knowledge in the IT area. An Information Security expert with focus on Cyber security Splunk, continuous monitoring, access control and compliance.
• Performed IT and security risk assessments and audits on multiple companies and performed corporate risk analysis Entrusted with large volumes of sensitive information recognizing privacy and confidentiality requirements.

TECHNICALSKILLS:

• Splunk
• Sentinel One
• SIEM
• Akamai incident management e Drive Encryption
• McAfee
• Imperva DAM
• WIPS
• Proxy
• Crowd Strike
• Data Pipe
• DDos Analysis
• Bot Detection NCDC
• EVTK Tool
• Bit9
• Zscaler
• Scansafe
• FireEye
• DNS logs
• Shield Ticketing System
• Service Now
• PaloAlto Firewalls
• Cireson
• BlueCoat
• Symantec DLP
• Cisco IronPort
• Nexpose.

PROFESSIONAL EXPERIENCE:

Cyber Security Analyst

Confidential - Tulsa, Oklahoma

• Maintains records of security monitoring and incident response activities, utilizing case management and ticketing technologies
• Administrative duties monitoring Outlook email using Cisco IronPort security
• Monitoring of security events in the SIEM, as well as other security feeds, and communications (email, phone, chat, and other communications.
• Reviewed client mobile applications for security compliance, with a focus on malware and potentially harmful behavior.
• Security incidents to provide management oversight to the incident process.
• Perform tuning of the Security Incident and Event Manager (SIEM) filters and correlations to continuously improve monitoring
• Triage security alerts and events.
• Manage IDS/IPS systems as well as handled incident response.
• Discovered methods and implemented strategies to target specific networks, computer systems, specific hardware or software.

Information Security Analyst

Confidential - Wakefield,MA

• Security operations, monitoring, incident response and investigation
• Tuning and updating security tools including SIEM (McAfee ESM \ Nitro), IDS/IPS, DLP, Web Proxy.
• Develop content and workflows as required.
• Respond to incidents by analyzing digital evidence and ensure proper documentation and tracking
• Provide intrusion detection expertise to support timely and effective decision making.

Cyber Security Analyst

Confidential, Beaverton, OR

• Proactively monitor, identify, and remediate information security events and intrusions.
• Identify Proxy logs Using Splunk and Crowd Strike depending on the threat detected.
• Identification of Phishing Emails on Nike s Network.
• Conduct log analysis, proactive monitoring, mitigation, and response to network and security incident.
• Provided continuous monitoring and interpretation of threats through use of intrusion detection systems, firewalls and other boundary protection devices, and any security incident management products deployed
• Responsible for the continuous surveillance, analysis, mitigation, remediation and incident management using the Confidential ’s suite of tools.
• Perform log analysis utilizing Splunk and various other security software and tools.
• Worked on SailPoint IIQ for User access management procedures and policies.
• Respond to security events and drive issues to closure while engaging all appropriate resources.
• Create new Standard Operating Procedures while also maintaining and updating current ones as changes happen.
• Stays current on security technologies, trends, standards and best practices.
• Perform log analysis and monitor and respond to security events driving issues to closure engaging all appropriate resources.
• Responsible for document preparation of NCDC daily Report.
• Document security process and procedures
• Perform actions using Bulk UPMID s Reset & Revoke tool.
• Provide enforcement of security policies, standards and procedures.

Information Security Analyst

Confidential -ENGLEWOOD,CO

• Performed real-time proactive Security monitoring and reporting on various Security enforcement systems, such as NITRO (SIEM) , Anti-virus, Internet content filtering/reporting, malware code prevention, Firewalls, IDS & IPS , Web Security , Anti-spam, etc.
• Provide Level 2 Operations support for end user resolution investigating RSA SIEM events to determine any true intrusions.
• Identifying and remediating any threats and vulnerabilities as a Security Monitoring (SOC), Triage and Escalation to T2.
• Documenting incident results and reporting details through ticketing system
• Monitoring DDoS portals and alerting the team by reporting them using pager and opening the bridge call.
• Performed Risk and security assessments, compliance management analysis
• Providing half an hour updates on traffic by monitoring portals from ISP’s.
• Triaging emails sent by internal users depending on the categories and responding to the customers after investigating the emails.
• Researched and Supported Information Security Standards.
• Provide Rotation 24/7 On Call support.
• Formulated and configured Logger appliances and analyzed system anomalies.
• Managed, upgraded and maintained operational data flows and Arc Sight platforms.
• Maintained and modified hardware and software components, content and documentation.
• Created and documented reports, rules, trends and Dashboard.
• Analyzed ArcSight and related tools and resolved IT security failures.
• Provided guidance for equipment checks and supported processing of security requests.
• Experience in Network Intrusion detection/Intrusion Prevention System and Firewalls.
• Utilize Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools
• Security Incident handling, SIEM using RSA Envision/Arc Sight products.
• Excellent exposure to Database, VPN technologies, and Firewalls.

Security Operations Engineer

Confidential

• Analyze system logs and identify potential issues with computer systems .
• Maintained and modified hardware and software components, content and documentation.
• Initiated and integrated new technologies into existing data center environments.
• Responsible for maintaining availability, reporting and communication of the SIEM between it, its event-sources and the endpoints .
• Communicate and troubleshoot technical inquiries of co-workers and clients.
• Research methods to improve security through encryption to maintain security of information.
• Responsible for monitoring and, providing analysis in SIEM, IDS/IPS software tools.
• Create and maintain high-quality documentation of all relevant specifications, systems , and procedures.
• Assist in the development of processes to maintain business continuity and recovery standards for endpoint systems and networks.
• Excellent exposure to Database, VPN technologies, and Firewalls.