- Overall 6+ Years of experience in IT Industry in Analysis,Design, Development, Implement, Test and Maintenance of Information Security policies, Applications, Cyber Analytics, Auditing and Compliance.
- Experience in Network Security, and excellent skills on tools Cain and Abel, Wireshark, Tcpdump, SPLUNK, ArcSight, Altiris, Kali Linux, McAfee ePO (enterprise Policy Orchestrator) & Qualys.
- Analyzed network protocol, routing protocols on a multi - platform.
- Capturing data filter language and reconstruct a stream of TCP session.
- Monitoring System Security vulnerabilities, Evaluate firewall change requests inflow traffic through the network hub.
- Use of decrypting encrypted passwords, Cryptanalysis attack, recording VoIP conversations.
- Managed required updates on Intrusion Detection Systems, and Security Information and Event Management (SIEM) tool rules.
- Developed Intrusion Detection System tool for a range of network using Java programming.
- Perform security analysis on entire network, perform systems auditing.
- Ability to work in Dynamic environments.
- Critically engaged in developing websites using HTML5, implementing CSS, JQuery, AngularJS.
- Working over distributed network applications run on HTTP.
- 3 years of Security Application development experience.
- Creating web design and import program to GitHub.
- I have 2 years of experience in practicing full software development life cycle.
- Experience in practicing including Agile and water fall methodologies.
- Delivered hands-on training workshops and partnered with business partners to improve training plan for enterprise policies in order to achieve overall compliance.
- Assessed critical business apps for security risks and compliance (SOX & PCI)
- Overhauled computer security incident response team (CSIRT)
- Provided security risk consulting, guidance, analysis, and requirements
- Formulated recommendations for implementing desired level of access controls across multiple platforms, which ensured successful implementation of action plans.
- Evaluated security on various systems and recommend changes to improve network integrity and prevent excessive access and potential risk.
- Conducted information owner identification, user re-certification, and group clean-up projects which insured compliance with corporate and audit policies.
- Developed and documented security evaluation test plan and procedures.
- Collaborated with business and various IT teams to deploy remediation items based on results from Pentest.
- Led technical security tool design, team coordination and security incident response.
- Assisted in the maintenance and administration of compliance systems such as GRC Archer, SharePoint, Relational Security Asset Management, CATSWeb and Remedy.
- Worked with Network Security teams to implement the new Security standards based on new NERC/FERC policies to secure infrastructure and Electric Grids.
- Conducted team project management efforts including facilitating work group meetings, tracking key deliverables, and providing formal status updates to management.
- 2+ years of experience in writing RSAWs and support in NERC/FERC- NPCCand WECCs Audit related evidences.
- Developed procedural and technical documentation for internal processes, technical systems, and technical support.
IT Lead Information Security Analyst & Compliance Analyst
- Lead onCyber Security Investigations involvingCyber Breach, Threatsin AVANGRID Groups network and support to Iberdrola Groups on live potential Cyber threats received from Global Teams(European Iberdrola and Telefonica including DHS & FBI).
- IT Governance Team Technical Lead on Critical Security investigations, Network Security issues, Asset monitoring and Encryption issues.
- Lead on Information SecurityAlerts, Incident Response, and Cyber Forensics and Telecommunication issues.
- Managing AssurX s CATSWeb Tool for Quality Management Software is used for improving quality and com pliance in AVANGRID.
- Experience in using TREND MICRO, InterScan Messaging Security Virtual Appliance tool to identify external intrusions via E-Mails, vulnerable spam mails, additionally validating email headers to avoid hackers entering into AVANGRID environment.
- Identified several vulnerabilities and recommended proper actions on web applications, Servers, Networksinfrastructure Devices that are connected to company servers.
- Responsible for action on Intrusion detection, vulnerability management, and PKI and huge experience in auditing critical incidents.
- Lead on Low Impact and Mixed Impact Network assets policies, procedures, and implementation of security Controls on NERC BES (Bulk Electric System) Assets.
- Responsible on monthly Security Patch reviews (Networks and Renewables) and monthly Indicators Scorecard reports for Senior Team review (Director, Executive Director and C.I.O) of AVANGRID.
- Excellent handling and managing skills on Critical Cyber threats and business confidential information with Team coordination with risk assessments and developing Analysis and reporting.
- Perform Vulnerability scans on Web Applications developed at AVANGRID (including UIL corp. Applications) using Quays.
- Launch Qualys scans/tests on Web-applications and analyze the reports to identify current vulnerabilities.
- Analyze & Build Qualys reports for vulnerability management System Redmine.
- Administer Avangrid Information Security testing using Qualys, SPLUNK Enterprise Security Console & manage vulnerabilities on Redmine.
- Review Egress Firewall Rules to make sure it is configured properly to monitor and protectinternal network.
- Monitor McAfee ePO (policy orchestrator) and Altiris to investigate AVANGRID/IBERDROLA devices to ensure devices were not infected with malware.
- Excellent experience in handling ITSM and Service-Now tools to raise an Incident & Change Requests/Tickets in purpose of information Security reconnaissance and to proper documentation of Audit track to support Global SOC.
- Develop and facilitateIT Sarbanes Oxley Act (SOX) Cycle-24 and Cycle-26 Update process and developing Cycle Narratives process documents in .
- Analyze and Evaluate SOX and Global Controls of AVANGRID (former IBERDROLA U.S.A); Develop/Monitoring and Evaluating evidences to Controlsstandards.
- Review and Designing Controls with complete support on Internal and External Audits performed on AVANGRID IT.
- CIP Certified, trained and supporting in developing NERC CIP documents supported by FERC Regulation.
- Excellent experience on working with External Auditors KPMG and E&Y on managing SOX Applications working on Wintel, Linux, Unix Systems (also SAP applications) and on Databases SQL, Oracle, DB2 & Hana.
- Daily work includesreview of Firewalls, IPS, Networking tools (BlueCoat reporter tool), Vulnerability Scanning Tools, using PowerShell, Vulnerability Management tool (Redmine), SPLUNK ES data review, QUALYS web Applications Scan results. Daily Network Devices alive.
- Lead on SIEM project for ArcSight, control Status and analyze project status for SIEM Evolution and project roll-out and roll-in with SPLUNK.
- Work with users/clients to discuss web applications security issues and gathering incident data and review of security violations to resolve issues with possible mitigation plan.
- Lead on monitoring security events for AVANGRID IT infrastructure and perform associated analysis, escalation, remediation, and incident response.
- Provide required assistance in maintenance of the security vulnerability scanner and support inPenetration Testing, threat and vulnerability remediation process.
- Assist in the research and development of new security technologies and analyze existing procedures, AVANGRID policies and updated security frameworks that keep AVANGRID’s security profile up to date and relevant.
- Analyzingcurrent company practices and solutions.Identified Security vulnerabilities and developed new process to over-come cyber threats.
- Support access control to various applications and confidential information.
- Experience in development, documentation, and maintenance of network security policies, processes,procedures and standards.
- Training new analysts to ensure a proper completion of access requests and solving related issues.
- Communicate with the Corporate Cyber Security team to ensure security policies and procedures are being followed and documented. Also, develop new process based on requirements.
- Involved in Software Development Life Cycle phases as Requirement Analysis, Implementation, and Designing Networks, and Estimation on time-lines for large projects.
Environment: TREND MICRO, CATSWeb, CISCO ASDM-IDM Launcher, BlueCoat Tool, Redmine, SPLUNK ES, ArcSight, QUALYS, Rapid7 Nexpose, SIP Framework, NERC CIP Frameworks, SOX Frameworks, SOX Controls, Archer Tool,ITSM, Service-Now and SharePoint.
Lead Information Security Analyst
- Reviewed user accounts and access on a monthly basis to ensure regulatory and corporate compliance
- Contributed to and participated in business continuity planning and verification
- Adhered to and enforced corporate policies regarding network security, data, and software usage
- Process re-engineered business protocols to meet the high demand of a changing business environment
- Created, modified, and disabled user accounts base on authorized forms
- Provided internal security consulting for product development and operations of services across organization. Worked with internal groups on their projects to help them achieve their goals while
- Investigated, documented, and gathered information on data security recommendations to protect
- Led intrusion detection, vulnerability management, and PKI and participated in auditing, incident
- Provided systems support as necessary for the diverse needs of the organization.
- Conducted security audit of web applications, identified several vulnerabilities and recommended corrective actions
- Trained business division employees on the need for security essentials
- Performed a review of existing procedures and updated when appropriate
- Completed requests for access to any and all applications using the procedures
- Trouble shot access problems for applications
- Trained new analysts to ensure proper completion of access requests and problem resolution.
- Performed audits; determined compliance with standards such as CobIT, PCI, GLBA, HIPAA, etc.
- Conducted site reviews, performed gap assessments, identified/monitored corrective measures.
- Managed security projects, updated all stakeholders of status/deliverables/work plans/metrics.
- Identified areas for improvement in Security; recommended solutions to achieve clients' goals.
- Prepared and distributed security assessment reports to business.
- Oversaw and conducted vulnerability assessments using Nexpose.
- Work on executing internal and external penetration testing, and providing support team critical vulnerabilities and follow-up on remediation
- Responsible for ensuring daily functionality of security tools and for proper implementation of escalation procedures
- Proposed configuration changes for a production Splunk instance to improve search efficiency and enhance utility for analysts
- Developed field extractions, macros and dashboards in Splunk in an effort to streamline incident
- Configured virtual lab for static and dynamic malware analysis, and analyzed malware samples to extract indicators of compromise
- Threat and Vulnerability Management using Qualys scanner. Used Policies and workflows to identify and rank vulnerabilities in order to evaluate risk. Reported findings to asset owners and management in order to remediate vulnerabilities and remove risk or to acquire formal risk acceptance
- Responsible for SOX reporting for the departments applications to the Auditors.
- Responsible for overseeing ethical hacking of company network.
- Involved in Vendor relations and negotiations for procurement of new hardware and software solutions to be implemented in the network.
- Performed risk assessments to ensure corporate compliance
- Developed agenda for quarterly audit program
- Conducted security event monitoring for corporate wide in-scope applications
- Performed application security and penetration testing using Qualys.
Technologies Used: Wireshark, Qualys, Nexpose, Splunk, ITSM Remedy, TrendMicro, MySQL, SharePoint.
Information Security Analyst
- Served as the team's primary curator of documentation for security engineering and incident response procedures.
- Worked on security tools such as Wireshark tool to identify the Users IPs to validate alive IPs and purpose of validating ports for devices under troubleshoot.
- Planned and implemented meaningful risk-based and performance-based metrics tools in R for the Information Security Team.
- Wrote tools to create and automate security reports such as stale accounts and administrative group changes enterprise-wide.
- Planned, implemented, and administrated our Guardium database activity monitoring system enterprise-wide.
- Developed security testing framework and performed a full suite of security tests on Android handsets to provide security
- Increased the number of security reviews performed utilizing the same resources
- Assisted in the support and preparation of IT systems and applications risk assessments.
- Reviewed, updated, and maintained all IT and Information Security policies to comply with financial institution regulatory requirements. Tracked and monitored that employees sign policies indicating that they read and agree to abide by policy provisions. Followed up with employees as needed, and respond to questions and concerns related to the policy. Elevated issues as needed to management.
- Documented incident response findings for reported customer and internal information security breaches.
- Supported information security projects that address regulatory compliance gaps.
- JDBC connection is used to connect My SQL database.
- Insert, retrieve, update and delete queries are used to access the data from MySQL database.
- Coding and developing using Swing, JSP pages.
- Testing various components and application that runs the User interface to show the detection of unauthorized ports.
- Perform network analysis and security analysis and contribute in designing upgraded network tools.
- Analyzing, troubleshooting and evaluating network issues and resolve on-site.
- Ensure the incoming security traffic passes through network.
- Manage, assign, and maintain the list of network addresses.
- Vulnerabilities monitoring at regular time intervals.
- Maintain VPN concentrators, upgrade routers and other network equipment.
- Develop documentation and maintain the security policies, processes, and standards and network security architecture and project plans.
- Immediate responses for security vulnerabilities.
- Creating security layers to develop new level of security with high complexity in network security.
- Managed Java application based on Spring and Hibernate frameworks with XML/XSLT running on Web Sphere
- Developed frontend Java application using JFrameBuilder, Editplus, Java and jQuery
- Used Eclipse IDE to develop Java project with integrate process and environment.
Technologies Used: MySQL, Swing, Spring, XML, JFrameBuilder, Editplus.
OS: LINUX, UNIX/AIX, Windows.
Programming Languages: C / C++ or C#, Java J2EE, Shell scripting and Python.
Databases: MySQL, Oracle, DB2 & Hana (SAP Applications)
Technologies: Big Data and Cyber Security (Information Security)
Frameworks: CouldEra, Oracle VM, Apache Hadoop, MapReduce, Spring Framework, ArcSight, SPLUNK, CATSWeb and SharePoint.
Graph Tools: Gephi
Security Tools: TREND MICRO, SIP, Cisco ASDM-IDM Launcher, Wireshark, BlueCoat, tools on Kali Linux, McAfee ePO, Splunk, CATSWeb& Qualys.