We provide IT Staff Augmentation Services!

Cyber Security Incident Response And Risk Analyst Resume

Washington, DC

WORK EXPERIENCE:

Cyber Security Incident Response and Risk Analyst

Confidential, Washington, DC

Responsibilities:

  • Use Arcsight ESM to do log correlation and investigate incidents like virus outbreak, worm outbreak, outbound traffic to blacklisted destinations, policy violations, botnet activity etc.
  • Do proactive investigations and uncover vulnerabilities, discover patterns and apply fixes and countermeasures before these became major incidents.
  • Deploy Arcsight connectors on critical systems to make sure that these systems are feeding logs to ESM.
  • Respond to incidents in a timely manner to limit damage to users and to the company s reputation.
  • Coordinate with the vulnerability management and PCI teams to make sure that systems processing credit card information are in compliance and up to date with the latest patches.
  • Use McAfee ePolicy Orchestrator to deploy and manage various products like, McAfee Agent, VirusScan Enterprise, DLP, HIPS, Endpoint Encryption etc
  • Perform OnDemand Scans on systems to quarantine, clean or delete malicious executables and infected files.
  • Perform routine maintenance tasks, updates and patching of McAfee ePO server.
  • Coordinate with McAfee support to acquire new signatures and deploy them to guard against Ransomeware, new viruses etc.
  • Respond to phishing attempts and block emails or domains involved in these phishing attempts.
  • Coordinate with users and scan systems targeted by phishing emails to eradicate the potential of any malware infection.

Security Engineer

Confidential, Cary, North Carolina

Responsibilities:

  • Intrusion Prevention and Detection. Use Sourcefire s Confidential File Trajectory to track when systems were infected, the point of entry of malware, computers that have downloaded or executed the malware and how the malware is spreading. This helps me prioritized which systems need help first. For example, to undertake remediation efforts, I would often prioritized systems that have executed the malware to those that have only downloaded the malware.
  • With Sourcefire Confidential s application blocking, I would simply block the applications that are introducing the malware until a patch is released. This is done either by blocking the application or its SHA. For example, I would block java.exe to prevent java zero day exploits until a patch is released.
  • With Sourcefire, I analyzed files to see if they are malicious. High risks computers show computers that have already been infected by the malware. I would drill down to see the source and destination IP address, username of that IP address and even the URL where the malicious file came from. This information is critical when I do threat root cause analysis.
  • Analyze firewall logs, IPS and IDS logs to uncover malicious activity going on within the network. Initiate and recommend corrective action to the CIRT team.I worked with the incident response team establishing processes and procedures that the team follows in response to incidents like data breaches, data leakage and unauthorized access.
  • Perform various functions like IP block, URL block, user agent block, application blacklisting and whitelisting using Paloalto firewalls and Sourcefire IPS. Coordinate with the CIRT team to investigate and resolve security incidents.
  • Troubleshoot network connectivity, latency using tools Wireshark.
  • Manage McAfee antivirus, McAfee host intrusion prevention, perform office scans and update DAT files. This helped mitigate threats at the level of endpoints.
  • Responsible for identity and access management using Active Directory and token based authentication (Junos pulse).
  • Ensure that users are trained on PCI and HIPAA(how to securely store, access, transmit and distribute PII, PHI and credit card information). Ensure that firewalls and intrusion prevention systems are performing data filtering to comply with PCI and HIPAA regulations.
  • Perform vulnerability management using McAfee Vulnerability Manager. Actively and passively scan systems to uncover vulnerabilities and generate report on various systems. Perform monthly, quarterly and ad hoc scans and generate reports. Follow up with users to ensure that remediation efforts have been undertaken. Work in a 24/7 environment to ensure timely response to various security incidents and deliver excellent customer service.
  • Track firewall changes and compliance with PCI - DSS using Tufin secure track. Implement data loss prevention, data filtering to increase data security.
  • Creating IPSEC tunnels between various sites under Confidential network for secure communication and transfer of data. Troubleshoot connectivity issues between sites.
  • Troubleshooting Juniper SSL VPN issues. Assist remote users with difficulty connecting to the network using Junos pulse
  • Patching and updating various security appliances, firewalls, Juniper SSL VPN appliances SA6500, Sourcefire IDS etc and making sure that security appliances and antivirus have the latest signatures
  • Use ServiceNow to open and resolved tickets and also generate RFCs. I also worked with the Remedy Ticketing system before transitioning to Service Now

Sr. Security Technical Support Analyst

Confidential, Washington, DC

Responsibilities:

  • Conduct systems and network vulnerability assessments in order to identify and remediate potential risks. Provide information security awareness and training throughout the organization.
  • Perform daily system monitoring, analyze logs, verify the integrity and availability of all hardware, server resources, systems and key processes, and application logs.
  • Ensured security logs and audit trails were reviewed in accordance with established schedules and procedures.
  • Familiarity with Sarbanes-Oxley (SOX), Gramm-leach Bliley Act, PCI-DSS, FISMA, NIST 800 Series, ISO/IEC 27000 regulatory policies and guidelines.
  • Implement data filtering and application firewalls to filter credit card numbers, social security numbers to comply with PCI and HIPPA.
  • Use McAfee Virus Scan Enterprise to scan systems for virus infection; totally isolate infected PCs from the network until they have been re-imaged.
  • Perform vulnerability scans using McAfee Vulnerability manager and produce reports on vulnerable systems.
  • Researched new developments in IT security in order to recommend develop and implement new security policies, standards, procedures and operating doctrines. Provide intrusion detection, incident response and continuous monitoring in a 24/7 secured datacenter based on cyber security events. Assist the CIRT team whenever help is needed
  • Upgrade software on various security devices, firewalls, IPS/IDS.
  • Use Sourcefire IPS to detect and prevent network based intrusions.
  • Perform access control requests such as adding, modifying and deleting user account and group policy (GPO) within Active Directory. Reset password and enable/disabled user account .
  • Install and update Antivirus(McAfee Endpoint Protection) on desktops and laptops
  • VPN setup on laptops and mobile devices for remote connection. Troubleshoot RSA Secure ID hard and soft tokens. Use RSA authentication manager to trouble remote access issues.
  • Install and configure Cisco Anyconnect VPN software on users’ laptops and tablets for remote connection to the House domain.
  • System hardening; ensuring that only approved and necessary applications are running on PCs. Laptop and mobile device encryption.
  • Download, test and deploy patches using Windows Server update Services (WSUS)
  • Monitor HIDS/HIPS via McAfee and Trend Micro. Scan systems to quarantine and eliminate malware.
  • Uninstall unnecessary software from users PCs to reduce the Attack Surface.
  • Identify vulnerabilities, recommend corrective measures and ensure the adequacy of existing information security controls.
  • Organize forums and train employees on security awareness programs.
  • Use Remedy BMC to create, follow up, manage and resolve tickets according to SLAs
  • Use Wireshark for packet capture and analysis.

Security Engineer

Confidential, Rockville, MD

Responsibilities:

  • Monitor the security of critical systems (e.g., e-mail servers, database servers, web servers, etc.) and changes to highly sensitive computer security controls to ensure appropriate system administrative actions, investigate and report on noted irregularities.
  • Troubleshoot RSA secure ID for remote access.
  • Utilized Security Information and Event Management (SIEM) to analyze, correlate logs and respond to incidents.
  • Use WSUS to download, test and install updates and various patches
  • Regularly update all firewalls, routers, scanning tools. Make sure all firewalls and intrusion prevention and detection systems are having the latest signatures.
  • Investigate potential or actual security violations or incidents in an effort to identify issues and areas that require new security measures or policy changes in SOC environment.
  • Secure medical equipment in the GSK large and small scale manufacturing plant. Respond to alarms from medical equipment and notify on call technician.
  • Organize training for security officers and end users on a regular basis.
  • Troubleshoot and resolved computer operating software/hardware, database problems and provided technical support as requested.
  • Anti-Virus updates to make sure that they have all the latest signatures.
  • Configured and implemented Microsoft BitLocker on all laptops. Monitor endpoint protection for all user laptops and desktops.
  • Work hand in hand with Information Assurance team to insure that all computers are up to date with latest patches and updates.
  • Tested new software with various operating systems and updated software for users as released by vendors.
  • Ensured all systems operated, maintained, and information disposed on the system is in compliance with organizational information security policies.
  • Setup, configure and images new desktops and laptops. Installation of approved software on user desktops and laptops.

Helpdesk Engineer

Confidential

Responsibilities:

  • Provided advanced technical support for over 5.000 customers for Windows XP, 7, 8.
  • Used Enterprise BMC Remedy to manage, track, and update customer and helpdesk tickets.
  • Demonstrated adept customer service skills, flexibility and drive to perform in an intense working environment, and ability to follow standard procedures when troubleshooting in a complex network environment.
  • Provide tier 2 and 3 remote and in-person assistance to end-users; troubleshot, diagnose, and resolve hardware, software, OS, and connectivity issues.
  • Configured and deployed workstations, file servers, domain controllers, and software
  • Troubleshooting IE 9, 10, 11, Firefox and Google Chrome
  • Use Bomgar Representative Console for remote connection and troubleshooting users PCs, laptops, tablets and smartphones
  • Password reset, Create, administer, unlock, manage user accounts in Active Directory
  • Set up Airwatch MDM agent on iPhones, iPads and Android Smartphones and tablets for secure access to corporate email, contacts and calendar. Use Blackberry Enterprise Server 5.0 and 10.0 to configure, deploy and manage older and newer Blackberry devices.
  • Use McAfee Virus Scan Enterprise to scan systems for virus infection; totally isolate infected PCs from the network until they have been re-imaged.
  • Import, export, troubleshoot pst and ost files outlook data files. Manage Exchange Server 2010.
  • Troubleshooting outlook 2007, 2010 and 2013 using Inbox Repair tool/Scanpst.exe.
  • Microsoft office 2010 and 2013 installation. Support and troubleshoot MS Word, Excel, Outlook, Lync, PowerPoint, Visio, and Project. Troubleshooting Symantec enterprise vault outlook ad-in.

Hire Now