Information Security Specialist Resume
AustiN
SUMMARY:
Security Professional with over 10 years of Intrusion Detection Systems, Incident Response, Malware Analysis, Vulnerability Research, Regulatory Compliance, and Network Forensics.
TECHNICAL SKILLS:
Experience in: Network System Security Administration.
Comfortable working with: NT W2000 Win2003 XP SQL Exchange, Firewalls, Intrusion Detection System, Security Management, Antivirus Spam Trojan Control, Content Filtering, Proxy Server, VPN, and Network Management Automation solutions.
Experienced in: Planning, Design, Implementation and Troubleshoot heterogeneous LAN WAN Network and various Network Security Products
Experienced of: Routers, Hubs, Bridge, Modems, Switches, FrameRelay, ISDN, T1 T3 Leased Line etc.
Experience in: installation, setup and administration of Confidential Windows NT server 4.0, Windows 2000 server, Windows 2003 server, DNS, DHCP, WINS, RAS, Network and Remote Printer, Fault Tolerance, Trust Relationship and Security assignment.
Expertise in: TCP IP networks Planning, Implementation and Management with Subnets, Virtual Private Networks and VLAN.
Knowledge of: TCP IP, SNMP, IPX SPX, NetBEUI, OSPF, BGP, VoIP.
Operating Systems: DOS, Windows 95, 98, Me, NT, XP, Win2000, Win2003, Linux 7.x.,Windows Vista
Technologies: ISDN, DSL, BGP, TCPIP, DNS, WINS, DHCP, RAS, VPN, NAT, SNMP, SAN.
Switches Routers: CISCO Catalyst 1900 Series switch, CISCO Routers.
Hardware: Compaq Servers, Dell PowerEdge Servers, Blade Servers, IBM @ Server X series, HP Color LaserJet 4550 Series, HP LaserJet 2200 Series. DAT Backup Drives. Mirroring, Spanned volumes, Stripe Set, Raid 5. SCSI.
Computer Languages: C, C++.
Database: Proficient in SQL Server 2005 data mining of ISA proxy data.
Firewalls: Confidential Gateway Security, Checkpoint NG Firewall, CISCO PIX Firewall, MS ISA Server, Confidential Client Security, ZoneAlarm, Sygate Personal Firewall.
Security Products: eSecurity Sentinal, LAN Guard Network Scanner, ISS Internet Scanner, eTrust Antivirus, MS Baseline Security Analyzer(MBSA), Confidential Antivirus, Confidential Web Security, Confidential Network Security, Confidential Antivirus Enterprise Edition with Management Consoles, Panda AV, AVG Antivirus, Avast Antivirus, Mcafee GroupShield Security Suite 5.1, Mcafee Antivirus for Exchange, Mcafee ePolicy Orchestrator, PestPatrol, GFI Mail Security, SSL, IPsec, Network bandwidth Traffic Analysis Tools, PRTG, Forensic method technologies.
Installers: Norton Ghost, Confidential Live State Recovery, Veritas WinInstall LE, Install Shield, Windows Remote Installation service (RIS).
Server Management: MS Application Center, MS Clustering Service, Load Balancing Services, Citrix MetaFrame.
Virtual Servers: VMware GSX Virtual server workstation V.2, 3 4, Confidential Virtual Server 2005, Confidential Virtual PC.
Mail Instant Messaging: MS Exchange 5. (Mail, chat Instant Messaging Servers), Live Communication Server .
Remote Management: Confidential PC Anywhere, MS Terminal Service VNC.
PROFESSIONAL EXPERIENCE:
Confidential, Austin
Information Security Specialist
Responsibilities:
- Lead high profile cyber security investigations.
- Lead Incident Response & Digital Forensics activities.
Confidential
Computer Forensic Consultant
Responsibilities:
- Assisting in Incident response activities for various clients
- Assisting in Digital forensic activities for clients.
Confidential, Chicago, IL
Senior Security Advisor
Responsibilities:
- Assisted in Incident response activities
- Developed tools to automate incident response
- Created IR runbooks for clients
- Developed data mining techniques to analyse cyber attacks.
Confidential, Oakbrook, IL
Senior Incident Response Specialist
Responsibilities:
- Conducted incident response and table top excersises
- Conducted various Network Intrusion investigations.
- Worked with law enforcement and legal for high priority investigations.
Confidential, Bensenville, IL
Senior Security Engineer
Responsibilities:
- Led emergency response incidents involving Botnet exfiltration activity to a foreign entity
- Received a merit for outstanding Forensic Investigation e - Discovery services from IT Human Resource Legal Outside General Counsels.
- Identified and remediated security gaps and risks where the PCI DSS 2.0
- Worked with the Network Infrastructure team to identify, isolate, and resolve Wireless Intrusion Prevention system failures.
Confidential, Waukegan, IL
Senior Security Consultant
Responsibilities:
- Major responsibilities included Security Event Triage Review, Vulnerability Assessment, Security Investigation, Incident Response Management, and Malware Analysis.
- Developed data mining techniques to detect, analyze and remediate emerging threats within IPS IDS SIEM which resulted in discovering and remediation of known and unknown threats in the enterprise network.
- Directly responsible for discovering Zero Day Threats, which aided Confidential to release Emergency Signatures protection worldwide.
- Conducted and participated in the weekly Dynamic Tuning Process meetings within the team which led to the remediation of emerging and existing threats within the enterprise network.
- Received Gold Star for quality of work, project deliverables and partnership established through cross team collaboration with corporate clients.
Confidential, Redmond, Washington
Network Security Analyst
Responsibilities:
- Network Security Analyst responsible for all Tier 1 triage of security events on the corporate network. This includes virus outbreak management, security policy assessment and compliance, intrusion detection, incident investigation and remediation.
- As an analyst, I have performed first line of defense for noticing anomalous behavior in the network environment or on individual workstations and also have been the first point of contact for internal employee requests and complaints.
- Performed Initial investigation of intrusion complaints, employee misconduct policy violation, file transfer monitoring, Proxy log analysis, Event Log Monitoring, SEM Correlated Event, ACS event analysis, Incidence Response, Software Security Incidence Response Plan and provided on demand analysis and threat evaluation.
- Performed Network traffic analysis using ISS deployment of 100+ sensors across Microsofts enterprise network.
- Evaluated emerging threats, investigated 0-Day alerts, exploit code, high volume outbreaks, external intruders and unauthorized transfer of Confidential intellectual property, which were achieved through Watch, Alert Triage, Mobilize, Assess, Stabilize, Remediate Recover process.
- Conducted analysis on data and events, based on a set criteria. If the criteria for an incident were met, then the incident is moved to the Triage Alert phase to determine the type of event, the estimated level of impact, the degree of risk, and the initial severity. Also, conducted assessment for vulnerabilities and compliance with established security policies.
- Performed investigation for infected systems by executing host analysis, thereby searching for and obtaining new malware samples currently undetected by AV vendors and Triage and submit virus samples for further analysis.
- Skilled in handling malicious executables, performing initial assessment using strings, binary review determining packer and payload. Established standard operating procedure for host investigation.
- Delivered documentation of reports of intrusion, hacks and other suspicious activities, which required coordinating investigations, gathering relevant system information, event log analysis and system state to determine the cause and scope of the incident.
- Participated in outbreaks of malware on the network, identified new vulnerabilities and attack techniques to coordinate response on intrusions, rrespond to scanning probe complaints, Triage Intrusion Reports and also determine if any other assets were involved at risk based on the root cause of Investigation and remediate to protect the assets from similar exposure. Performed post-outbreak remediation of hosts to ensure compliance with security policies.
- Daily analysis of proxy logs for unidentified executables and misuse of network resources (P2P). Classified unknown executables in a Client Agent software and perform scan across the network to identify machines which are infected and open cases through CRM Case Management system.
- Performed security risk assessment for corporate users requesting direct Internet access.
Confidential
Senior Security Engineer
Responsibilities:
- Managed complete implementations and upgrades of firewalls ( Confidential ) for various clients.
- Managed complete implementations of Computer Forensic Analysis using Confidential Incident Manager.
- Managed complete implementations of Intrusion Detection systems based on Confidential Manhunt and Confidential Network Security for various clients. Many of these installations include remote 24*7 monitoring for any suspicious activity and steep response times.
- Managed multitude of IPSec based VPNs using products from vendors like Confidential .
- Managed complete implementation of Confidential Mail Security with Antispam feature using BrightMail Technology.
- Managed complete implementation and designing of Antivirus for desktops machine using Confidential Antivirus Corporate Edition.
- Managed complete implementation of Backup and Recovery using Bare Metal Recovery tool like Confidential Ghost and Live State Recovery.
- Performed information security audits for various clients covering risk assessment and internal controls review in the areas of disaster recovery, business continuity planning, infrastructure, network and application security for compliance with applicable laws and standards using Confidential Enterprise Security Manager.
- Consulted the security policy development process for clients.
- Helped the sales team to generate more revenue through pre-sales consultations and presentations.