SUMMARY:

• A multifaceted professional, offering more than 5+ years of experience and skills in threat and vulnerability management, information security analysis, information security architecture, information security policy design, risk assessment, security incident response, and security solution implementation and administration.
• Skilled at designing and implementing cyber security solutions for global petroleum, government and financial organizations that consistently reduce security costs while elevating the security status of the environment.
• Hands - on education and demonstration using: Linux (through a Virtual box), Nessus, Nmap, OpenVAS, Burp Suite, OWASP-ZAP, Wireshark, scripting in Bash, and Active Directory.
• Accomplished history with working with various private business and IT organizations to facilitate security architecture in order to further enhance the security stance of the company.
• Reviewed Nessus and other scan results
• Focused on cloud strategy (AWS), product marketing, competitive research, customer journey analysis, and strategic partnerships
• Solid understanding of OWASP top Vulnerabilities and other software security best practice
• Provide identification and triage of security events and alerts in a high volume, PCI DSS compliant payments processing environment.
• Individually working on CyberArk Management
• Practiced using languages Java and Python and automation combining Python, Regex, and Bash Scripting
• Implement and Manage Rapid7 Vulnerability Management and evaluate Application Securitymodule
• Adept at security policies, developing solutions, assessing environments, and interpreting standards that constantly pass the security and regulatory audits.
• Performed security scans to find software vulnerabilities based on the OWASP Top-10 Web Application specific best practices guidance and resolving them leveraging the security bug bar to assign the appropriate severity level and timelines.
• Successful in initiating six separate security programs which passed all third-party audits and all established laws and regulations.
• Comprehensive background in developing and implementing strategic technology and security road maps aligned with the needs of the business to deliver exceptional security and privacy solutions.
• Knowledgeable of penetration testing, vulnerability assessment, threat hunting, and security program development.
• Experience in implementing Role Based Access Control (RBAC) by implementing Organizational roles, Business roles, IT roles and Permissions/Entitlements in ISIM, IGI and SailPoint IIQ.
• Experience in generating and manipulating ad-hoc SQL, Sybase, DB2 and Oracle queries and reports from Remedy to be forwarded to Database Engineering group for assessment.
• Hands-on education and demonstration using: Linux (through a Virtual box), Nessus, Nmap, OpenVAS, Burp Suite, OWASP-ZAP, Wireshark, scripting in Bash, and Active Directory.
• Good knowledge on Scripting: Python, Perl, Linux/Unix Shell, Microsoft Windows CMD/PowerShell.
• Technical consultant responsible for SAP System Release Management & Enterprise Risk Management.
• Assisted in the formation and implementation of security controls for FedRAMP policies for I.T. systems and major applications in AWS, Azure, and Sales Force (PaaS, SaaS. IaaS).
• Expert at implementing network security, SIEM tools, new concepts, identity management, new security technologies, securing cloud architecture, and new security controls as well as in developing innovative security controls and processes that meet business and executive requirements in order to protect information.

TECHNICAL SKILLS:

Security Solutions: Nexpose | Metasploit | NitroSIEM/McAfee ESM | Fireeye | Nessus | Tipping Point | Splunk | Websense | Airwatch MDM | Arcsight | Cyberarks | Crowd Strike |Cisco Umbrella |Open DNS| Cisco Firepower | RSA Envision Encase |RSA Netwitness | Beyond Trust | Logrythm |Alert Logic |Cylance | Prism | Sourcefire or FirePower IPS | Cisco Ironport | Barracuda Spam Devices | Data Loss Prevention (DLP) | Snort | Various NAC. IDS/IPS, HIDS, and SIEM solutions

Others: ICS | SCADA | Cisco network devices | SASS | Microsoft Windows | UNIX and Linux | SQL | Oracle | IIS | NMap | ZMap |Masscan| Qualys | PKI Infrastructure and digital certificates | AWS | Azure | Bit 9 | Backtrack/Kali | McAfee | Symantec | Kaspersky | Lumension

Protocols: TCP/IP | UDP | HTTP | HTTPS | SSL |PYTHON| FTP | TFTP | Telnet | SNMP | ICMP | SSH | DNS | DHCP LDAP | WINS | NAT | SMTP | POP | IPSec | IMAP | SSL/IPSEC VPN | DNSSEC | iSCSI | PAT | NetBIOS | BACnet

PROFESSIONAL EXPERIENCE:

Confidential, New York

Cyber security analyst

Responsibilities:

• Performed real-time proactive Security monitoring and reporting on various Security enforcement systems, such as Mcafee NITRO (SIEM), Anti-virus, Internet content filtering/reporting, malware code prevention, Firewalls, IDS& IPS, Web Security, Anti-spam, etc.
• Implementation of Cloud Services Platform project (AWS); secure Cloud Development and migration. Prepare for approaching AWS Cloud Platform, evaluate three modules of Cloud architecture - Infrastructure as a Service (IaaS) - Platform (PaaS) - Software (SaaS) - to govern and control security management. Leverage Cloud Infrastructure and development, data migration. Protecting enterprise from potential loss.
• Ensure ongoing CyberArk system Maintenance is scheduled and completed on time
• Coordinate with cyberark support teams for escalation and resolution issues
• Implement OWASP considerations for improving Web and application security.
• Create customized OWASP rule sets for multiple virtual hosts in the web hosting environment for both ABS and other customers.
• Lead researchers and development teams to implement projects.
• Analyze and protect OWASP vulnerabilities on hosting and per website basis.
• Manage the day to day operations of CyberArk solutions including adding and deleting accts.
• Architect complex network strategies to both protect the internal and external resources of the customer (internal and external).
• Deployed IDS/IPS solutions on Networks and Servers to augment the Hardened environment.
• Colaborated with associates to determine business needs in implementing selections for OS implementation, Security Tools, pen Testing assignments, security evaluations, and risk assessments.
• Implemented OWASP standards for web application security.
• Improved security of webservers using SSL and web security tools.
• Involved in both Sever System analyzes and Security support on CyberArk as well as Support on Security on Windows servers.
• Assisted developers in remediating issues with Security Assessments which exceed OWASP standards.
• Performed application security auditing using CEH training to determine the vulnerability of applications.
• Developed and maintain solutions in enterprise environments for HIPAA, SOX, and PCI regulatory compliance.
• Created a customized Information System Security Assement Framework (ISSAF) for evaluating networks, and application security.
• Provide Level 2 Operations support for end user resolution investigating RSA SIEM events to determine any true intrusions.
• Identifying and remediating any threats and vulnerabilities as a Security Monitoring (SOC), Triage and Escalation to T2.
• Cyber security incident detection and monitoring using SIEM (Splunk, ArcSight), FireEye IDS, Symantec, Tanium & Bit9 endpoint protection, Proxy (Zscaler & IronPort)
• Proficient with Nessus, computer networks, ethical hacking, and vulnerability assessments and provided Cyber Security Analysis, Governance for global risk framework and controls, and risk reporting structures. Conducted system(s) and web application security scans, analyze results, identify and prioritize vulnerabilities, and research remediation steps. Liaise with technology teams and experts.
• Implemented and monitored security controls for I.T. systems and major applications in the cloud environment for Azure, AWS, and Sales Force (IaaS, SaaS, PaaS) using FedRAMP guidelines.
• Troubleshooting system configurations and Python scripts to restore services, set Linux firewall rules and open ports to allow communication
• Performed Vulnerability scanning on our network and make sure that vulnerabilities are addressed.
• Manage 36 Nessus Security scanners and 2 SecurityCenter servers conducting
• Created Python scripts to automate URL extraction and reputation check on VirusTotal & Domain
• IAM policies, procedures and standards Conducting Identity & access transformations and providing the following
• Researched and designed a project for Privileged Access Management (PAM) and gave findings, design and vendor specs to the engineering team for implementation
• Cyber Security Tools used are not limited to: Burp Suite Pro, Qualys, IBM Appscan (DAST Tool), Fortify SCA Professional, NMAP, NESSUS, Aircrack, InSSIDer, Heatmaps for Wireless, SQLmap, Maltego, Wireshark for Packet Analysis, Kali (and others) and various others.
• Thorough understanding of OWASP Top 10 Vulnerabilities, CWE/SANS Top 25 and CIS Critical Security Controls and evaluating web application firewall (WAF) configurations
• The Major SAP Solution Components are: SAP BI/HANA, SAP ECC6, SAP HANA for ECC6 HR, SAP BI, SAP Enterprise Portal, SAP SRM, SAP SCM, SAP GTS, SAP MDM, SAP GRC, SAP Solution Manager and SAP PI.
• Involved in end-to-end implementation of IAM solution using Oracle's suite of Identity and Access Management.
• Hands-on education and demonstration using: Linux (through a Virtual box), Nessus, Nmap, OpenVAS, Burp Suite, OWASP-ZAP, Wireshark, scripting in Bash, and Active Directory.
• Troubleshooting system configurations and Python scripts to restore services, set Linux firewall rules and open ports to allow communication
• Hands on Experience testing iRules using Browser (IE), HTTP watch, curl, Scripts (shell/batch file/Perl) and host files
• Documenting incident results and reporting details through ticketing system.
• Create Access Control Items, Services and schedule reconciliations on the integrated resources in ISIM.
• Improved business process efficiency by automation using Python to access data via REST APIs and Mongo database for data persistence and reporting.
• Manage IAM Systems consisting of CA SiteMinder, Identity Manager and eAdmin products (Arcot: Riskfort and Webfort), RSA Secure-ID infrastructure, Entrust Certificate Authority infrastructure, LDAP infrastructure.
• Researching, analyzing and understanding log sources from security and networking devices such as firewalls, routers, anti-virus products, and operating systems
• Leverage Archer Platform to manage products / projects, security controls, risks, Infrastructure environments, and issues. Prioritize IT/IS cyber security risks; responsible for end-to-end analysis to ensure perfect product delivery.
• Designed, deployed and supported a $1.5M project consisting of cabling, systems installation, VoIP installation, and Data Center/Recovery Site renovation project for the municipality of Cataño.
• IAM program management assistance & Privileged access management.
• Consulted with top venders about different types of software and hardware tools available. Such as IBM's Qradar, HP's Tipping Point, AccessData and Core vulnerability management.
• Implemented PKI certs for encrypted emails and digital signatures to enhance privacy and data security
• Devised corporate control validation mechanisms to enable quantitative program maturity evaluations. Tenable (nessus) and Qualys to conduct vulnerability and configuration baseline evaluation, risk assessments, and audits. Developed system hardening strategies and procedures utilizing DISA STIG, CIS and other industry accepted hardening standards.
• Scheduled to attend DoD Cyber Threat Emulation (CTE) July 15, 2018. 240 hours of instruction will include PowerShell for Incident Responders, Network Traffic Collection, Cyber Analysis, and Threat Emulation.
• Identifying and remediating any threats and vulnerabilities.
• Experience in installing, configuring and troubleshooting of Checkpoint Firewall CISCO ASA Palo Alto NSX FIREWALL and Tufin (Secure Track and Secure Change).
• In depth experience with internal, external, network, & application vulnerability assessments utilizing QualysGuard and FireEye with strong knowledge on Vulnerability Management using QualysGuard and Nexpose
• Monitoring DDoS portals and alerting the team by reporting them using pager and opening the bridge call.
• Triaging emails sent by internal users depending on the categories and responding to the customers after investigating the emails.
• SOD management and other IAM compliance related activities.
• PEM (Portable Electronic Media) alert monitoring.
• Responsible for carrying out System and network wide Vulnerability Assessment and Penetration testing to assess the security level of systems and network devices at client's networks.
• Gathering all the required information from IDS, SA and Wireshark to investigate some of the attacks like SQLi, Zmeu, RAT, etc., and escalating to T2 and following up on these tickets.
• Investigate DDoS attacks, Fire-eye, Source-fire, malwares, web sense event that are prone. Connectors are set for the entire IDS/IPS appliance.
• Maintained and covered remedy end user vulnerabilities using Symantec Endpoint Protection (SEP).
• Performed Vulnerability Assessments and Data Classification and their impacts
• Experience in various security technologies, tools both proprietary and open source such as Guidance/OpenText Software's Encase, Axiom, Volatility, SANS SIFT Workstation, SANS Windows REM Workstation, REMnux, McAfee ePO, IBM BigFix, Splunk run queries.
• Monitored and documented security incidents by running ad hoc queries using Toad for Oracle.
• Successfully delivered new SAST tool (CheckMarx) and IAST tool (Contrast) on schedule and budget.
• Perform penetration testing for internal network and follow-up end to end with security vendor for the web application PT and make sure that vulnerabilities are addressed.
• Setup McAfee Endpoint Data Loss Prevention for safeguarding sensitive data information and maintaining compliance
• Provide enhanced security solutions for web applications using the second factor authentication (2FA) such as One Time Passcode (OTP) and Multi-Factor authentication (MFA) using the Advanced Access Control in ISAM.
• Managing all client systems from endpoint perspective using McAfee ePO tool which includes managing Agent, VSE, pushing client tasks, managing ODS & OAS scans
• Create ACL's and POP's to provide restricted access controls for the back-end applications.
• Prepared system plans and executed Arc Sight architecture modifications.
• Managed, upgraded and maintained operational data flows and Arc Sight platforms.
• Maintained and modified hardware and software components, content and documentation. Azure O365 Advance Threat Protection.
• Analyzed Arc Sight and related tools and resolved IT security failures.
• Provided guidance for equipment checks and supported processing of security requests.
• Experience in Network Intrusion detection/Intrusion Prevention System and Firewalls.
• Expertise in Installing VMWARE, ESX Servers, vSphere Client and VCenter Server.
• Generate various reports using SQL for Audit and reconciliation. Responsible for ensuring data feeding into various reports is accurate and validation process in place for accuracy
• Validated and updated documented process for the CyberArk privileged access management system
• Extensive experience in Cloud and On-Prem (Hybrid) environment. AWS & Azure Cloud security experience.
• Utilize Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools
• Implemented security on critical servers to protect PII and comply with HIPAA and NIST regulations experience with FDA medical device regulation, CMS requirements etc,
• Security Incident handling, SIEM (ESEM) using RSA Envision/Arc Sight products.
• Vulnerability assessment, penetration testing, Risk assessment, Threat management, Security advisories, compliance audits, IT security assessment.
• Performed risk analyses to identify appropriate security countermeasures in accordance to various security frameworks (NIST-CSF, ISO27002, HIPAA, HITrust, SoX, PCI)..
• Implemented and monitored security controls for I.T. systems and major applications in the cloud environment for AWS, and Sales Force (IaaS, SaaS, PaaS) using FedRAMP guidelines.
• Good knowledge and experience in Installation, Configuration and Administration of Windows Servers 2000/2003, Active Directory, FTP, DNS, DHCP, TFTP, Linux OS under LAN and WAN environments.

Confidential, Hillsboro, Oregon

Cyber security analyst

Responsibilities:

• Executed daily vulnerability assessments, threat assessment, mitigation and reporting activities to safeguard information assets and ensure protection has been put in place on the systems.
• Managed vulnerability scanning with Tenable Security Center with Nessus and Assessed architectures for cloud security in the DHS Biometric system modernization migrating to the AWS federal cloud in two AWS regions and for client Management and Situational Awareness systems.
• Led gap analysis of multiple information security frameworks including PCI/DSS and ISO 27001 and developed
• Analyzes detected vulnerabilities and vendor reported vulnerabilities for applicability, severity, and solutions.
• Maintain McAfee ePO environment in optimum performance and compliance standards.
• Automated the centralized detection of security vulnerabilities with scripts for Vulnerability assessment tools like Qualys guard and Splunk.
• Used SIEM tool Qradar on adding the newly build windows and Linux log servers and creating policies for different alerts.
• Design solutions that integrate with the current IAM platform including provisioning, de-provisioning and integration of applications for authentication.
• Conducted onsite penetration tests from an insider threat perspective
• In depth experience with internal, external, network, & application vulnerability assessments utilizing QualysGuard and FireEye.
• Assist and train staff and students on cyber security programs Python.
• Researching, providing analysis, and conducting POC for new functionality which allowed end users to access highly privileged non-personal accounts to perform DB, Server, and Application maintenance without the need of taking the account out of CyberArk.
• End to End Vulnerability Management services - Qualys tool.
• Experienced SOC Analyst in a Hybrid Cloud Environment and worked on SIEM, Threat and Vulnerability management.
• Monitor Threats and Security events on McAfee and Bit 9.
• Conduct Malware analysis and investigate behavioral characteristics of each incident utilizing IDS monitoring tools.
• Reduced dependencies on internal network resources and improved the resiliency of critical SQL server and web applications by leading a project to plan, develop, and implement the move to Azure, including transfer of development systems, operations, and data.
• Knowledge on data lake storage generation 1 and generation 2.
• Contributed leadership on security visibility and tools during AWS cloud-transformation
• Identified, contained, eradicated, and recovered systems during security incidents (Encase Cyber, CyberArc)
• Use Splunk Enterprise Security to configure correlation search, key indicators and risk scoring framework.
• Doing Policy compliance using Qualys Guard.
• Developed Black Box Security test environments & conducted tests as part of team for precautionary measures.
• Developed approaches for industry-specific threat analyses, application-specific penetration tests and the generation of vulnerability reports.
• Supported DevOps-centric automation technologies including PowerShell, Puppet and Chef for rapid (Agile) system deployments and in-house production code releases.
• Experience in Windows physical and virtual desktops and laptops, UNIX / Linux Servers, Windows servers, Database as well as RSA (EMC), McAfee (Intel), FireEye, Symantec endpoint security tools and good knowledge of SAN technology.
• Procured, configured and implemented HP's Tipping Point (IPS), IBM's Qradar (SIEM), AccessData Network/computer forensics) and Core Insight (vulnerability management and penetration tester) across a midsize.
• Knowledge in security tools firewalls, IDS's, Web content filtering and content filtering solution. Cisco, Checkpoint, Fort iGATE, Snort, EIQ SecureVue,
• Experienced in working with Splunk authentication and permissions and having significant experience in supporting large scale Splunk deployments.
• Support access administration and provisioning RSA two-factor authentication for VPN and all endpoints to ensure proper IAM with policies and procedures.
• Extensive IBM cloud experience, PGP and SEE encryption software
• Consulted with top venders about different types of software and hardware tools available. Such as IBM's Qradar, HP's Tipping Point, AccessData and Core vulnerability management.
• Responsibility for policy configuration for all the McAfee components and the same is deployed to the clients.
• Suggested the Patches for windows machines with vulnerabilities identified.
• Threat intelligence for work in vulnerability management.
• Administer and maintain the corporate DLP environments while structuring and documenting the corporate DLP infrastructure environments.
• Developed and matured the HIPS endpoint protection for servers and workstations, configured policies and monitored events against intrusions or suspicious activity
• Performed Symantec DLP environments management and support configuration as well as data security environments used in testing and configuring client sites prior to installation.
• Designed ePO Reports based on customer requirements.
• Experience installing, configuring and troubleshooting AAA servers (Funk/SBR Radius 6.0)
• Identity management system experience working on RSA secured ID system and token distribution for a two factor authentication of the NIH remote access users
• Lab tested juniper NAC appliance (IC controllers) and Cisco NAC
• Familiar with FIPs-140 compliance, PCI, HIPPA, NIST standards etc.
• Troubleshooting issues related to McAfee ePO servers (5.x), VSE 8.x and HIPS
• Investigation for false positives for issues with Qualys with the help of support.
• Managing ePO version 5.3 and VSE 8.8 for large enterprise network.
• Installing and configuring new ePO server.
• Assisted with the implementation of Rapid 7 insight vm on the corporate network.
• Monitoring McAfee dashboard for updated DAT versions in all the client.
• Developed and implemented a management attention to CIS Vendor Risk assessment deliverables.
• Monitoring and updating the Stores Closing details in McAfee and Bit9 console.

Confidential

Security Analyst

Responsibilities:

• Experience in Accelops & ArcSight SIEM solutions (Security Incident Event Management) for analytic driven IT operations management including performance and availability monitoring.
• Excellent understanding of secure data storage and transport implementations (E.g. PGP, SSH, SSL, IPSEC).
• In depth knowledge of TCP/IP, IEEE 802.11, wireless, & routing protocols.
• Experienced in Compliance Standards (SO/IEC 27001, PCI DSS, and SOX.).
• Coordinated efforts for privileged account password resets with server, DBA and application teams by leveraging Quest and CyberArk to adhere to current compliance guidelines and procedures.
• Set up Access Control Items (ACI) to define permissions to the users to access various resources as per their job duties.
• Supervised the creation of all Not Personal Accounts (NPA) accounts, safes, password resets, unlocking and terminating user/privileged accounts in CyberArk, at times involving Quest, according to procedures.
• Create ACL's and POP's to provide restricted access controls for the back-end applications.
• Monitored and documented security incidents by running ad hoc queries using Toad for Oracle.
• Experience installing & configuring of Cisco PIX, ASA & FWSM (Firewall service module).
• Strong Windows system administration and security assessment skills including Active Directory.
• Experience analyzing network traffic captures and network mapping using WireShark, Nstat, ZenMap, AirCrack, NetStalker, etc.
• Experience in web-filtering using Cisco FirePower 6.1.0. Configured Tufin Secure Track for checkpoint firewall to analyze the firewall rules. Use Tools such as Tufin for Firewall Policy optimization and rule base Clean up.
• Knowledge of email and web filtering Proofpoint, Websense & McAfee Site Adviser.

  Strong organizational, problem-solving, written and communication skills.

• Tools used, Web Inspect, Metasploit, Nessus, Archer, Solarwinds, CyberArc, Vontu, Splunk and Retina.
• Performed threat hunting using Crowd Strike Falcon Insight Utilized
• Development and some day-to-day operations of the IAM processes supported by the SailPoint products.
• Installing and Troubleshooting McAfee 8.8, ePO 4.5
• Scanning the network for Free ware's, Nonstandard software's and open shares
• Handling escalations from the L1 team for Security related issues.
• Installing and troubleshooting Windows OS in Lab.
• Installing and troubleshooting VM.