SUMMARY:

• Experienced Security Consultant with 8 years of IT experience with a focus on designing and developing security solutions.
• Skilled & technically proficient with multiple firewall solutions, network security, and information security practices.
• Manage SOX and PCI compliance program, controls and remediation efforts
• Knowledge and experience in standard security and regulatory frameworks including ISO 27001/31000 , NIST 800 - 71, HITRUST CSF and PCI DSS.
• Served as Security SME for Centers for Medicare and Medicaid Services (CMS) major applications.
• Worked on many Cisco and Siemens control system devices supporting modern manufacturing environment.
• Establish roadmaps for implementing policies and standards to align with COBIT Managed Security
• Expertise in Gathering and analyzing metrics, key risk indicators and maintain scorecards defined within the area of information security to ensure our information security program is performing effectively and efficiently. Familiar with general security risk management principals and best practices.
• Supported the information security audit and third-party assessment initiatives during planning, execution, and remediation phases, as well as coordinating and tracking remediation activities.
• Liaison between the audit/assessment teams and Information Security management.
• Familiar with threats and vulnerabilities, latest trends and risks and be able to understand the technical remediation action steps or plans and communicate them effectively to teams within the organization
• Managed policy exceptions with Business Unit requestors and coordinate the annual exception review process.
• Perform ongoing gap analysis of policies, procedures, and practices as they relate to established guidelines outlined by NIST, OMB, and FISMA.
• Worked directly with various teams to document exceptions, identify compensating controls, and remediation action plans accordingly.
• Support security compliance initiatives and assessments including responses to client security organization audits, questionnaires.
• Provided process improvement suggestions for more effective management and review of exceptions.
• Supported and helped mature the security risk management program. Familiar with general Governance, Risk and Compliance (GRC) programs with specific knowledge of vendor risk and policy management.
• General knowledge in the areas of IT management, acquisition and maintenance of systems, system operations and Information security control activity.
• Knowledge and experience in standard security and regulatory frameworks including ISO 27001/31000 , NIST 800-71, HITRUST CSF and PCI DSS.
• Experienced in the design and deployment of Palo Alto, SourceFire, Checkpoint Firewalls & Blue Coat Proxy
• Knowledge in planning, design, implementing and troubleshooting, complex networks and advanced technologies.
• Been a focal contact for departments client Policies and Standards based Audit for ISO/IEC 27001:2013 Standard.
• Experienced in design, installation configuration, Administration and troubleshooting of LAN/WAN infrastructure and security using Cisco routers/Switches/firewalls.
• M onitored and researched Cyber Threats with a direct & indirect impact to the organization internally.
• Assisted in Symantec HIDS/NIDS Setup using HPSA implementation and provided status reports.
• Experience in Security Information and Event Management Tools like IBM QRadar, Splunk and RSA Archer.
• Worked on Fireeye for Management Systems and for Threat Intelligence.
• Involved in Network Based appliance as a distribution hub for Malware Security Intelligence.
• Experienced working on Solarwinds SIEM to instantly improve security and compliance.
• Performed system administration tasks such as network/system troubleshooting, patching operating systems and applications at NOC stations.
• Advanced knowledge in Cisco Switches and Routers Configurations.
• Advanced knowledge in TCP/IP suite and routing protocols, such as OSPF, BGP, and EIGRP.
• Conduction of Security Awareness and Network training for NOC and SOC staffs.
• Drafted and installed Checkpoint Firewall rules and policies.
• Experienced in conducting Disaster Recovery drills, and following best practices for network operations and security.
• Commendable experience in auditing, implementing & managing HIPAA, SOX, GLBA, FFIEC, ISO, NIST, PCI DSS, FISMA, SAS 70 I & II Standards/Guidelines.
• Expertize skillset includes solutions for clients in the financial, retails, chemical & technology services domain.
• Extensive experience in balancing Information Security requirements by having a broader perspective on the business process of security administration.
• Hands on skills includes end-to-end security management (security aspects in all stages of product development) and end-to-end product development (from functional design of the system to testing and deployment).

TECHNICAL SKILLS:

Qualys Continuous Monitoring: Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents and Asset Management

Event Management:: RSA Archer, Blue Coat Proxy, Norse, Splunk, NTT Security, LogRhythm

PenTest Tools: Metasploit, NMAP, Wireshark and Khali

Frameworks: NIST SP 800-171, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS

Security Intelligence: WhiteHat Web Security, iDefence, NTT Security, LogRhythm.

Switches: Cisco Catalyst VSS 1440 / 6513 / 6509 / 4900 / 3750- X / 2960

Routers: Cisco Routers ASR 1002 / 7606 / 7304 / 7206 / 3945 / 2951 / 2600

Firewalls: Check Point, ISA 2004/2006, Palo Alto PA 3000/5000

Routing: OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing

Switching: VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging

Protocols: TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS

Nexus: Nexus 7010 / 5548 UP / 5020 / 2232 PP / 2248 TP / 1000 V

UCS: Fabric Interconnect 6248/6120, IOM 2208/2204/2104 , B200 M2, HP VC FLEX-10

ANS: F5 BIG-IP LTM 6900/6400, Array APV 5200/2600/TMX 5000, Cisco CSM, CSS

VPN: ASA 5520, Cisco Concentrator 3030, Nortel Contivity Extranet 1500

NMS: NAM, Sniffer, Solarwinds NPM, Cisco Secure ACS 5.2, CiscoWorks

Operating Systems: Windows, NT, Windows 98/XP/ 2000/2003/2007 , MS-DOS, Linux

Networking: Conversant in LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Fiber, Firewalls/IPS/IDS

Hardware: Dell, HP, CISCO, IBM, SUN, CheckPoint, SonicWall, Barracuda Appliances, SOPHOS email appliances

PROFESSIONAL EXPERIENCE:

Confidential, Akron, Ohio

Information Security Analyst

Responsibilities:

• Evaluate enterprise risks, document processes and systems in flowchart and narrative form, and design audit programs.
• Planning and implementing overall risk management process.
• Create technical and managerial level reports and risk assessments for Cloud based applications and infrastructure
• Identify processes/procedures for how to handle a cloud security event, including forensic isolation and mitigation with Digital Forensics and Incident Response (DFIR/IR) teams
• Develop ISO-based controls that address regulatory requirements associated with PCI, HIPAA and SOX.
• Create/ enhance tools for Risk Management. Also create tools to help partners to better manage project and funds.
• Direct and perform reviews of internal control procedures and security for systems under development and/or enhancements to current systems.
• Preparing, Implementing and Testing of Project specific Business Continuity Plan (BCP)
• Conducting Full Interruption Test to ensure the BCP preparedness
• Participated in all kind of BCP Activities (Business Continuity Plan)
• Investigate the security logs, mitigation strategies and responsible for preparing Generic Security incident report
• Reported the status of projects the ISSM/ISSO office was working, to local management.
• Review and updated System Security Plan (NIST SP 800-18), Risk Assessment (NIST SP 800-30), and Security Assessment Report (NIST SP 800-53A).
• Evaluates POA&M activities to ensure identified
• Conduct FISMA complaint security control assessments to ascertain the adequacy of management, operational, technical and privacy controls.
• Other responsibilities: Site ISSM/ISSO. Ensured site systems were compliant with required local and national security standards
• Compliance standards and frameworks such as PCI, NIST 800-53, HIPAA, HITRUST and Privacy standards and frameworks such as Generally Accepted Privacy Principles (GAPP)
• Reviewing and documenting Risk Assessment and mitigation strategies
• Perform system and information control reviews to include system development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery, and system maintenance.
• Identify gaps and area of opportunities in the process followed and suggest ways to fix them
• Configure network scans, schedule network scans to run with bandwidth usage and ensure accurate vulnerability assessment analysis results are generated and disseminated to system owner/ISSM/ISSO
• Security SME for new interface between CMS and private insurance community
• Worked with independent auditing firms (EY, Deloitte) on SOX audits.
• Perform direct assist for the external auditor for SOX testing.
• Replaced the external auditor hired to perform SOX ITGC testing for SEC.
• Responsible for real time proactive monitoring of complex systems and response to known and emerging threats against the EY network via intrusion detection software
• Familiar with Splunk, Fidelis XPS, IP Address Management (IPAM), Microsoft Active Directory Application Mode (ADAM), Firewalls, SEP, and Stealth-watch knowledge base
• Conduct security assessments on networks and Industrial Control System (ICS), design cyber security solutions, support implementation of those solutions, and identify security trends and practices.
• Creates and maintains authentication records for all flavours of UNIX (Linux, AIX, and Solaris) and Windows, as well as for databases using Basic and Cyber-Ark Vault authentication records. Scope includes entire Novartis global data centers and work sites using QualysGuard.
• Experience with security tools from various vendors to include: Cisco, CheckPoint, IronPort, McAfee, Symantec, Sourcefire, Sophos, ArcSight, Tenable, Juniper, Imperva, BlueCoat, Encase, FireEye, Bitlocker
• Conduct operational, compliance, financial and investigative audits
• Monitored Security Management Console for Security Operation Centre (SOC) for ensuring confidentiality, Integrity and Availability of Information systems.
• Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, Solutionary and LogRhythm.
• Managed Cyber Security threats through prevention, detection, response, escalation and reporting in effort to protect Enterprise IT Assets through Computer Security Incident Response Team (CSIRT).
• Responsibilities for CSIRT included SIEM, Context Filtering, Web Security, Incident Tracking, IPS/IDS and Malware Analysis.
• Developing customized Shell scripts in order to install, manage, configure multiple instances of Splunk forwarders, indexers, search heads, deployment servers.
• Used SPLUNK forwarders to provide reliable and secure collection and delivery of data to the Splunk platform for indexing, storage and analysis.
• Provide regular support guidance to Splunk project teams on complex solution and issue resolution.
• Assisted administrators to ensure whether SPLUNK is actively and accurately running and monitoring on the current infrastructure implementation.
• Responsible to check the SPLUNK logs for web server so as to avoid server time down during production.
• Managing TCP hosts through SPLUNK deployment server. Pushing configurations and grouping servers to push similar configurations at the same time.
• Worked on setting up Splunk to capture and analyze data from various layers Load Balancers, Web servers and application servers.
• Device Vulnerability and Threat management with Cyber Security Team
• DLP- Data Loss Prevention monitoring and investigations using Risk Fabric & Symantec Enforcer
• Stealth Watch for Net Flow and Network Security Monitoring
• Training new Employees in Security Incident Management Procedures
• Monitor security functionality (IDS/IPS and Endpoint) and report daily operational metrics; provide scheduled management reports on risk status of network infrastructure, applications, internet activity, email filtering, vulnerability management and security metrics
• Designed core scripts to automate Splunk Maintenance and alerting tasks.
• Expert in Analyzing the Security Related Logs from various sources using SIEM system which creates alerts whenever it detects Anamolous Transactions and also blocks malicious activities.
• Designed core scripts to automate Splunk Maintenance and alerting tasks.
• Provided necessary designs and implemented security solutions for egress/ingress points using the IPS/IDS sensors across the networks to provide better incident handling and event monitoring.
• Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce the risk of vulnerability to IT assets.
• Developed various functions including identifying, protecting, detecting, responding and recovering for performing concurrent and continuous operation of dynamic security risk.
• Provided suggestions and inputs for Global Security Council and Privacy as a part of project consulting towards Information Security and Cyber Intelligence.
• Designed and implemented methods to discover risk in in-house products and services and track them to resolve by providing solutions.
• Planning audit activities, including coordination, scheduling, reporting results, and follow up.
• Monitored RSA Archer as a Security Management Console to see Data Loss Prevention Events, ePO Detections, SourceFire Events Classifications, Bluecoat Malware Detections and Analysis of WhiteHat Web Application security scanning.
• Implement necessary security controls and enhancements on the ICS.
• RSA Archer used as an audit management tool for inputting various information and dashboards to showcase to improve the risk and control functions against Risk, IT Governance and Compliance.
• Opened, Assigned and closed the tickets assigned in SOC Security Management Console towards Qualys for various Remediation Process and Patch Management Process.
• Support security compliance initiatives and assessments including responses to client security organization audits, questionnaires.
• Created & Managed Lifecycle Plan for proper usage of the scanners all over the network and planned future deployments.
• Experienced working on Solarwinds SIEM to instantly improve security and compliance
• Vulnerability Management: Configured Qualys Guard Tool for Vulnerability Analysis of Devices and Applications. Monitored them constantly through the dashboard by running the reports all the time.
• Created Asset Groups, scheduled Scans/Reports for smooth remediation process and assigned the correct sensors to those scanners placed in the network.
• Managed all the scans including discovery maps, authentication scans to ensure proper scheduling, reporting and smooth functioning of IP’s.
• Managed Qualys Cloud Agents. Assisted in installing them over the devices, servers or also for remote users.
• Scanned the entire devices using the cloud agents whenever needed for employees working from home and provided the solutions to fix the vulnerabilities.
• Managed a Vulnerability Remediation Team (VRT) for reporting all the scan reports and guided them to fix the vulnerabilities and patches using the QID’s, Bugtraq ID’s and CVE ID’s from knowledge base from vendors.
• Worked on Qualys Web Application Scanning for monitoring the Web Applications, filtering and crawl scoping to detect the vulnerabilities in the web applications and fix them.
• Managed to secure the devices across entire network by using the ThreatProtect Module from Qualys. Measured the level of Severity of devices to fix the issues arising from them by providing solutions.

Confidential, Mountain View, CA

Cyber Security Engineer

Responsibilities:

• Responsible for conducting structured security certification and accreditation (C&A) activities utilizing the Risk Management Framework and in compliance with the Federal Information Security Modernization Act (FISMA) requirements
• Conduct testing of Sarbanes-Oxley (SOX), PCI DSS and service Organization Control (SOC) SSAE 18 Review, using COBIT AND FISCAM frameworks.
• Performed IT compliance engagements including Sarbanes Oxley (SOX) and System and Organization Controls (SOC)
• Preparing, implementation and testing of Project specific BCP
• Preparation of all the documents relating to BCP like BIA, Risk Assessment, Recovery Strategies
• Experience on conducting full interruption test to test the BCP preparedness
• Extended my support to Transition Risk Management team in reviewing RAD (RiskAgreement Document) for various Lines of Businesses.
• Coordinate the VA testing in advance with the system ISSO and the Government SOC TM to assure coordination with network maintenance, availability, and operations. Coordinate with system owner/ISSM/ISSO any necessary changes to the schedule Investigate the security logs, mitigation strategies and Responsible for preparing Generic Security incident report.
• FISMA Reporting/Governance Risk and Compliance (GRC)
• Performed risk analysis using State approved risk analysis methodology based on NIST SP 800-30 and ISO IEC 17799 methodologies.
• Provide to the appropriate systems owner/ISSM/ISSO vulnerability assessment summary reports of the testing and document the findings
• Submit to owner/ISSM/ISSO after action report from Penetration and any wireless testing
• Utilize Qualysguard as primary tool to monitor tickets and vulnerabilities.
• Utilize Qualysguard as primary tool to monitor and report Policy Compliance, based on NIST, ISO2007 and CIS Benchmarks.
• Conducted risk assessment using NIST SP 800-30, NIST SP 800-53
• Conduct Business Impact Analysis (BIA) to analyze mission-critical business functions, and identify and quantify the impact those functions if these are interrupted
• Implementing a cyber risk platform for end-to-end (ICS) and (OT) security with Dragos platform next generation technology designed it for industrial networks and provides visibility into the environment, detection of threats through behavioral analytics, and the automation of workflows including incident response data collection and analysis.
• Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, Solutionary, LogRhythm, SCCM, Altiris, LanDesk, BigFix, McAfee/Symantec, Cabon Black, NXlog.
• Deploy and support information security systems and solutions such as key management, IPS/IDS, SIEM, MDM, NAC, APT detection, and endpoint management for remote user.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Provides direct support of Symantec Network and Endpoint DLP systems including Linux based Symantec Enforce, Defender, Discover and Monitor servers as well as their Oracle support database server.
• Provide operational engineering support for Symantec Endpoint DLP clients deployed throughout the client enterprise and network monitoring/DLP monitoring systems including assisting in issue resolution, implementing DLP system/client upgrades and working with support groups to resolve conflicts between DLP and other protection mechanisms.
• Perform and document audit activities in accordance with professional standards such as COBIT, COSO and SOX internal control frameworks Audit Project.
• Coordinate special projects such as Segregation of Duties (SOD) and SOX Compliance audit.
• Update the information systems security documentation (e.g., System Security Plan, Contingency Plan, Contingency Plan Test, Business Impact Analysis, FIPS-199, eAuthentication, Privacy Threshold Analysis, Privacy Impact Assessment, System of Records Notice)
• Knowledgeable in NIST SP 800 series including SP 800-60, SP 800-53, SP 800-53A, SP 800- 18, SP 800-34, SP 800-62, SP 800-37, SP 800-137.
• Assess adequacy and efficiency of security controls by updating Security Control Assessment Plan (SCAP), Security Test & Evaluation (ST&E) Report and Security Assessment Report (SAR).
• Provide a security review of system documentation, audit logs, rule set and configuration to validate policy compliance, Report IT security incidents in accordance with established procedures.
• Plan, develop, implement, and maintain an Incident Response and Audit Program for events of interest and address Plan of Action and Milestones (POA&Ms) in continuous monitoring with various point of contact.
• Review incident response documents periodically or immediately after an indecent assess.
• Experience with EndPoint management software, such as Tanium, Sophos, Altiris, Avast, Symantec, Gravityzone, Avira, Kaspersky, Webroot, F-Secure

Confidential, Mather, CA

Network Security Analyst

Responsibilities:

• Coordinate and manage team activities during assessment engagements.
• Establish schedules and deadlines for assessment activities.
• Monitor controls post authorization to ensure continuous compliance with the security requirements.
• Update the controls changes from NIST-800 53 rev 3 to NIST-800 53 rev 4 and control assessment changes from NIST-800 53A to NIST 53A rev4
• Identified IT Controls to optimize/consolidate/remove for SOX vs. Compliance purposes.
• Completing onsite/remote interviews with the client to ensure compliance in accordance with the NIST guidelines.
• Performed vulnerability scanning on web applications and databases to identify security threats and vulnerabilities.
• Ensured security policies, procedures, and recommendations comply with NIST, FISMA, organizational guidelines, and technical best practices.
• Developed Business Continuity plans for Global Information Technology Security Services.
• Write GSS & Infrastructure Implementation statements in Riskvision.
• Review Regional Offices' artifacts and implementation statements in Riskvision
• Updates & closes regional offices Findings/POA&M
• Ensured security policies, procedures, and recommendations comply with NIST, FISMA, organizational guidelines, and technical best practices.
• Facilitate FISMA Continuous Monitoring Test Cases NIST 800-53 Rev 4 Update.
• Conduct Security Risk Assessment on all new applications, IT Systems or changes to existing IT systems to verify if they satisfy established security baseline before adoption into Corporate Regional offices.
• Conduct Security Risk Assessment on new Vendors and annual Vendor Risk Assessment.
• Assist management in authorizing the IT Systems for operation on the basis of whether the residual risk is at an acceptable level or whether additional compensating controls should be implemented. plans, training and testing were executed appropriately and discuss lessons learnt
• Coordinate with system owners and ISSOs across the organization to ensure timely compliance
• Participate in meetings to discuss system boundaries for new or updated systems to help determine information types for categorization purposes. Determine the classification of information systems to aid in selecting appropriate controls for protecting the system.