SUMMARY:

• 9+ years professional experience in Technology SDLC, Cyber + Networking in threat and vulnerability management, information security analysis, information security architecture, information security policy design, Incident Analysis, risk assessment, security incident response, and security solution implementation and administration.
• Experience in installing, configuring, supporting and troubleshooting Linux Networking services and protocols, like NIS, LDAP, DNS, NFS, DHCP, TCP/IP, Telnet, FTP, SSH, rlogin
• Configuring and maintaining Palo Alto firewalls, Cisco ASA firewalls & analysis of firewall logs using various tools
• 5+ years’ combined experience in Identity and Access Management Project Management, Business Analysis and QA Testing
• Vormetric: data security manager, tokenization, application encryption, transparent encryption, key management, encryption gateway
• Experienced in Vulnerability management and remediation.
• Technical expertise on PKI, McAfee/ AV, ePO, McAfee ESM - SIEM, threat monitoring, analysis and remediation, SOC.
• Basic knowledge on DLP.
• Scanning the network and providing the scan reports to technical teams.
• Hands on experience with Qualys Guard vulnerability management tool.
• 5+ in Agile environment using JIRA, Confluence, Visio, and SharePoint for documentation
• Good command over spoken and written communication in English.
• Knowledge of OWASP top 10 vulnerabilities, network and internet architecture, IDS-IPS.
• Knowledge with security testing methodologies.
• Experience in supporting, operation and troubleshooting the problems.
• Extensive knowledge of information security principles and practices, understanding of security protocols, standards and defense in depth.
• Diverse background with fast learning skills and creative analytical skills.
• RMAN Duplicate using Delphix tool.
• Delphix Configuration and implement ion to Refresh UAT databases
• Working in Delphix (5.0 & 7.0 Version) a Web Based ERP for Livelihood Promotion and maintaining online.

PROFESSIONAL EXPERIENCE:

Confidential, New Jersey

CYBER SECURITY BUSINESS ANALYST / PROJECT MANAGER

Responsibilities:

• Run projects from initiation through implementation
• Track progress against defined project timelines and provide updates and decision support to management and key stakeholders. Provide comprehensive analysis and recommendations
• Knowledgeable of penetration testing, vulnerability assessment, threat hunting, and security program development.
• Responded to system security related incidents and can quickly and effectively comprehend and understand a problem and take immediate corrective actions.
• Build strong partnerships with experts across the organization
• Identify, quantify and manage inherent and residual risks throughout the projects lifecycle
• Partner with and coordinate deliverables across teams globally
• Act as the immediate escalation point for all customers, stakeholders and IT Management for the services provided
• Administer and maintain the corporate DLP environments while structuring and documenting the corporate DLP infrastructure environments
• Demonstrate expertise in three-tier architecture and database administration while supporting other teams with corrective actions.
• Performed Confidential DLP environments management and support configuration as well as data security environments used in testing and configuring client sites prior to installation.
• Identifying and remediating any threats and vulnerabilities as a Security Monitoring (SOC), Triage and Escalation to T2
• Assisted with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.
• Report on team performance and KPIs and develop recommendations and run with ad-hoc projects to improve quality of service
• Uphold high standards for timely issue resolution
• Possess strong analytical, problem-solving and synthesizing skills
• Identity and Access Management Business Analyst on several external/client facing applications
• Using Qualys Vulnerability Management tool to aid in manual pen-testing in red teaming work
• Working with Red team to do application testing, Web application testing etc
• Administrating Carbon Black to do host based monitoring for red team.
• Perform penetration testing for internal network and follow-up end to end with security vendor for the web application PT and make sure that vulnerabilities are addressed.
• Gathered required for an Convergence project through discussions with Business, IT, developers, and engineers
• Facilitated meetings to clarify and break down security requirements for Identity Convergence project
• Worked in Security Incident and Event Monitoring SIEM platform - IBM Qradar.
• Investigated potential or actual security violations or incidents to identify issues and areas that required new security measures or policy changes.
• Created High level requirements, Epic Stories, Functional Flows and Use Cases
• Created requirements around JWT and SAML Issuance to external/Service Providing Application
• Created requirements around LDAP and User ID creations and Logins, Forgot Password, and Temporary Pins
• Implemented vulnerability management (VM) processes and Nexpose Rapid 7, BurpeSuite and security solutions.
• Assisted in testing efforts
• Working with red team in SOC to apply security awareness to Cyber Kill Chain management as well as using moving target defense approach.
• Worked on a client reference data/master data project within Prime Brokerage - revolving around the full client relationship lifecycle including client on-boarding, KYC, and other related business processes.
• Documented current and future state process flow, workflow and data flow diagrams.
• Documented Functional requirements documents and business requirements documents to streamline the current broken on-boarding processes.
• Documented specifications to create a central source of client profile data and integrating it with the CRM sales systems and client on-boarding systems.
• Gathered requirements from front and middle office users and collaborated with tech teams.
• Vormetric: data security manager, tokenization, application encryption, transparent encryption, key management, encryption gateway
• Vulnerability assessment, penetration testing, Risk assessment, Threat management, Security advisories, compliance audits, IT security assessment.
• Conducted gap analysis and data mapping between systems.
• Created user interface mockups and wireframes.
• Participated in working groups and design sessions.
• RMAN Duplicate using Delphix tool

Confidential, Branchburg, New Jersey

SECURITY ANALYST / PROJECT MANAGER

Responsibilities:

• Statistical analysis, ongoing reports, charts, diagrams, strategic decision making
• Data analytics, data gathering, performance, strategical planning
• Financial and operational planning, performance, analysis
• Conducted onsite penetration tests from an insider threat perspective.
• Performed host, network, and web application penetration tests.
• Analysis of threats detected by vulnerability management tools.
• Developed Black Box Security test environments & conducted tests as part of team for precautionary measures.
• Conduct Malware analysis and investigate behavioral characteristics of each incident utilizing IDS monitoring tools.
• Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce the risk of vulnerability to IT assets.
• Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, LanDesk, BigFix, McAfee/ Confidential .
• New product introduction, strong working relationships with internal and external partners, governmental entities, public and private sectors, actively participating in cross- functional teams and operational meetings.
• Involved IR teams (Incidence Response).
• Controlling of resource mobilization and utilization
• Development, implementation and collection of information required to track business activity, work efficacy, and other operating performance measurement criteria
• Design, modification, and/or maintenance of processes, policies and procedures.
• Redesign when appropriate for maximum efficiency Confidential
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Implemented multiple tools including Confidential DLP, and QRadar SIEM.
• Developed approaches for industry-specific threat analyses, application-specific penetration tests and the generation of vulnerability reports.
• Providing business-focused project management and consulting expertise on client engagements
• Manage enterprise security systems, identifying key security risks, reporting risks to management with recommendations for corrective action utilizing NIST frameworks.
• Participate in Security Assessments of networks, systems and applications.
• Reviewed and involved in the WebSphere Application server hardening process from Security Team.
• Utilized monitoring tools to identify cyber security alerts of active threats, intrusions, and compromises
• Advising client executives as they lead their organization through significant change initiatives
• Project managing client engagements, including managing diverse streams of work and project teams
• Proactively identify project issues, risks and time/cost impact issues
• Actively manage and communicate issues, risks and status
• Conducting research, analysis, financial modeling, and project oversight for client engagements
• Developing and delivering presentations and extremely high quality client deliverables
• Managing client relationships
• Identifying and securing new business opportunities and renewing existing client engagements
• Sharing knowledge and lessons learned with other Centerline Partners’ staff and clients
• Leading initiatives to build firm infrastructure such as marketing, product development, operations, etc.
• Analyzing, designing, and documenting business and functional requirements for projects
• Generating use cases to capture and document requirements
• Mcafee: EPO 5.3, DLP9.4 Encryption 7.1.3, VSE 8.8.0, Endpoint security 10.5, Encyption11. Vormetric: data security manager, tokenization, application encryption, transparent encryption, key management, encryption gateway

Confidential, Secaucus, New Jersey

QUALITY ASSURANCE/ SECURITY ANALYST

Responsibilities:

• In depth experience with internal, external, network, & application vulnerability assessments utilizing QualysGuard
• Ensured that the IT Security guidelines were effectively implemented to protect or identify threats and took appropriate counteractions.
• Handled tickets with Resilient and co relating them to provide good incident response system.
• Technical expertise on PKI, McAfee/ AV, ePO, McAfee ESM-SIEM, threat monitoring, analysis and remediation, SOC.
• Worked as a part of Security Operations Centre in Intrusion Analysis Team for managing and monitoring IPS/IDS devices across corporate locations.
• Worked on writing the Use cases, User stories by using the Rational Tools such as Requisite Pro and RTC for the health care web application.
• Written Functional Decomposition document by gathering the services
• Worked on the agile methodologies more on the conducting sprint retro meetings, sprint review meeting, daily stand up meetings and client meetings
• Experienced in Compliance Standards (SO/IEC 27001, PCI DSS, and SOX.).
• Performed testing by getting the test data and testing on all the possible scenarios for an application
• Checking latest definitions status on Confidential, SEPM and SEP Clients.
• Creating Confidential Endpoint Protection policies based on a specified design.
• Designed Functional Test Cases; Assisted Business Users in UAT testing effort
• Managed/Tracked defects and communicated back to QA for re-testin
• Identified and reconciled errors in client's data to ensure accurate business requirements.