We provide IT Staff Augmentation Services!

Siem Security Engineer(qradar/splunk) Resume

2.00/5 (Submit Your Rating)

MN

SUMMARY:

  • Self - motivated individual with 10 years of IT experience seeks a challenging position to utilize my educational background and technical skills to improve a company’s network, systems and security posture. I performed pen testing and vulnerability testing using Kali/Linux, Burp suite, Wireshark, White Hat, Nmap, Caine and Abel. I have performed Security testing: Input and Access handling, SQLite - SQL Injection, XSS - Cross Site Scripting, CSRF - Cross-Site Request Forgery, Session / Cookie Manipulation, Logic Flaws and Buffer Overflows. Also, I have experience with incident handling (NIST SP 800) and familiarity with ISO 27001 and PCI DSS. Lastly, I have strong organizational, time-management, interpersonal and communication skills.

TECHNICAL SKILLS:

Operating Systems::Windows Server 2008 R2, Windows 95/98/2000/XP/Vista/7/10, LinuxOS(Zorin,Ubuntu11.62,PClinux,Debian,Kali,Fedora).

Software::Visual Studio 2005/2008/2010 , Gliffy, Microsoft Office products, Photoshop CC14, Illustrator, Wireshark, SonicWall, Fireye, QRadar,Nmap, C programming, HTML programming, Java Programming, PHP/Perl programming, Powerscript, Symantec security products, AVG/Avira security malware/virus removal programs, Cryptographic analysis using CryptoTool1(CT1), BitLock, WEP/WPA2 TKIP penetration tests using Cain&Abel softwarePhPMyAdnim, VPN solutions, Gmer root kit diagnostics, Secunia PSI, Wireless Solutions implementations, Comodo enterprise solutions (firewall/browsers/proxies),Apache Servers management,CAINE computer forensics.

Hardware: Intel based servers, WAN/LAN Switches and routers, RAID1-5, printer / Fax / Scanner technologies. Cisco ASA, McAfee EPO(ePolicy Orchestrator)

Network: TCP/IP, Windows file & print services, Linux Samba, O/S tools such as netstat, ethconfig, ipconfig, route, traceroute, ethereal, Nmap, UDP, p2p networks, network topologies, severs management(exchange/outlook/mail/group policies),Cisco Packet Tracer, Skybox ticket management system.

DB: MySql, SQL, phpmyadmin,PostreSql, SQlite

Compliance assessment: PCI DSS, ISO 27002/27018 , CCS, NIST Cyber Security Management, HIPPA, GLBA.

PROFESSIONAL EXPERIENCE:

SIEM Security Engineer(Qradar/Splunk)

Confidential, MN

  • Converted data types(list, raw, table) from Splunk environment to Qradar metrics
  • Designed, developed or recommended measures to ensure successful up-time of our security infrastructure
  • Designed, developed or recommended distributed computing environment architectures
  • Exhibited knowledge and ability to collaborate on SIEM functional requirements: logging, event collection, normalization, correlation
  • Storage, system access, reporting, and customization
  • Exhibited knowledge and ability to collaborate on SIEM nonfunctional requirements: monitoring, retention, reporting, regulatory and contractual considerations, high availability, disaster recovery, and success criteria.
  • Worked with key Customer personnel on macro design elements for SIEM system; such as: data/event source collection protocols and methods, asset risk weighting criteria, asset classification profiles
  • Used case frameworks, customization requirements, dashboards
  • Worked with key TR personnel on micro design elements for SOC and SIEM system; such as: data/event source phased integration plans, use cases, alert classification criteria, vulnerability management integration
  • Configured and validated secure systems and tests security products and systems to prevent security weakness.
  • Lead efforts on mission-critical security infrastructure projects
  • Provided a full-service capability in management and operations of technology platform which includes deployment, configuration, and administration.
  • Managed the engineering of technologies: Qradar, Splunk, ServiceNow
  • Created documentation
  • Built custom dashboard in Qradar console
  • Tuned QRadar to deliver optimal performance in high volume enterprise customer environments
  • Developed standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/Log Management platforms
  • Integrated QRadar with customer operations including network management and ticketing systems, and assisting customers in building operational processes around the QRadar ecosystem
  • Researched, analyzed log sources utilized for security monitoring, security and networking devices (such as firewalls, routers, anti-virus products, proxies, and operating systems)
  • Worked with application and business owners to integrate monitoring of SaaS applications into the QRadar platform by ingestion of various log sources.
  • Built custom DSM and uDSM parsers for log integration from Cloud platform
  • Conducted security investigations into customer incidents using QRadar Security Intelligence
  • Configured and troubleshooting network and security devices, various operating systems, and applications such as web, mail and database services
  • Performed all administration, management, configuration, testing, and integration tasks
  • Used perl to create arrays of variables(reference map) in order to determine rules sets that need to be tuned

Principle Security Engineer

Confidential, CA

  • Developed prevention techniques(USB block, incident escalation, incident evaluation, email prevent)
  • DLP Implementations endpoint/network monitor/email prevent
  • Created runbooks and diagrams for incident management
  • Created incidents metrics data for executive management
  • Assigned access roles in DLP
  • Developed schema of incident response management
  • Compliance management dashboard creation
  • Tested policies with data identifier for endpoint and network monitoring systems
  • Set up scanning data at rest, motion and endpoints
  • Created network impact analysis for DLP components scanning
  • Reviewed records management in DLP policy design
  • Implemented and tests tap and inline modules for DLP architecture
  • Designed context and content inspections for DLP scans
  • Designed and proposed EDM(exact data matching) model for DLP regulatory policy enforcement
  • Designed detection responses for incident management
  • Designed data sanitation procedures for incident mitigation
  • Designed data tagging principles
  • Deployed countermeasures to prevent data loss for rephrased or unstructured data blocks
  • Developed right taxonomy for DLP access management
  • Produced discovery scans metrics with incident remediation plans

Cyber Security Incident Analyst

Confidential, CA

  • Event monitoring, analysis, responding, and reporting for IT security incidents IT Security Incident response
  • IT security incident and vulnerability response and escalations
  • Threat detection, response and event escalations
  • Account audit log and detection anomalies
  • Detection and escalation of account privilege abuse
  • Policy compliance monitoring
  • Symantec DLP monitoring and escalations of policy violations(HIPPA/PCI/PII)
  • Stealthwatch benchmarking and network monitoring with Metasploit integration
  • Proofpoint/Messagelabs emails track and trace for phishing incidents
  • Qualys monitoring vulnerabilities and weaknesses on externally facing assets
  • Tripwire intelligence gathering asset validation
  • Firewall rules analytics(Algosec)
  • Imperva Dam predictive analytics with event monitoring escalations in database access violations/Use case engineer alert design, validation and configuration
  • Service Market Place ticket analysis handling on stolen/lost assets
  • Symantec Endpoint Protection logs analytics and event handling/escalating
  • Juniper VPN access event monitoring/Splunk
  • Blue Coat Reporter user access log information validation
  • Developed specific content necessary to implement Security Use Cases (Stealthwatch) and transformed into templates, reports, rules, alerts, dashboards.
  • Experience developing Data Analytics/Anomaly detection algorithms
  • FireEye MPS/HX malware analysis using Redline
  • Experience with incident handling(NIST SP 800)
  • APT threat intelligence and response

Jr Network Analyst

Confidential, Jamestown, ND

  • Created reports with Dell SonicWALL
  • Monitor wireless access-points for rogue access-points
  • Provided Help Desk support
  • Analyzes network topologies to determine potential issues
  • Installed current network operating server software on new or existing server-class hardware and installed communication equipment including routers, terminal servers, switches and firewalls.
  • Active directory work with domains processes and services in windows 2008 R2
  • Penetration Testing with Kali Linux, Cain &AbelWireless network analysis using Wireshark Network vulnerability testing with Nmap as well as EDB viewer to read email without an exchange server
  • Familiarity with ISO 27001, PCI DSS
  • Experience with MoonSol product line for creating physical memory copy of PC
  • FireEye NX network Security Experience
  • Security analysis using SonicWall
  • Creating vulnerability reports Nmap, Wireshark
  • Use of networking concepts such as DNS, Email, HTTP, SSL, OSI Model/DoD4, and TCP/IP protocols, Network/Server topologies implementations and application
  • Apache management/set up with addition to myphpadmin, mysql database management/query manipulation
  • VPN support/ remote assistance
  • Ethical hacking experience using Cain & Abel
  • IDS Firewall/system hardening
  • Host intrusion detection prevention experience
  • Symantec End Point Protection

IT support analyst

Confidential

  • Provided student help in the lab. Printer/scanner issues, log in issues, updated group policies for CWC host.
  • Provided help implementing PC solutions into four labs total count of 200+ computers.
  • Adept at offering quality technical help to non-technical end users.
  • Troubleshoot wireless network for West Apartments and researched solution (helped implementing new 802.11 ac beam-forming technologies).
  • Installed user workstation hardware, operating software and various application software and/or pre-configured equipment.
  • I dealt with students on daily bases for hardware and software problems resolutions
  • Risk assessment and response with violations of user license agreements
  • Procedural analysis and vulnerability management upon violations and/or anticipations
  • Ability to explain complex IT concepts in simple terms
  • Infrastructure experience supporting over 200+ systems
  • Client Imaging experience
  • Computer inventory experience
  • Encryption tools experience.

We'd love your feedback!