SUMMARY

• A multifaceted professional, having extensive experience and skills in threat and vulnerability management, information security analysis, information security architecture, information security policy design, risk assessment, security incident response, and security solution implementation and administration.
• Skilled at designing and implementing cyber security solutions for global petroleum, government and financial organizations that consistently reduce security costs while elevating the security status of the environment.
• Accomplished history with working with various private business and IT organizations to facilitate security architecture in order to further enhance the security stance of the company.
• Use IBM QRadar Security Manager to identify threats and assigned category.
• Knowledge of Vulnerability Management and Assessment Process with NESSUS. Used NESSUS for scanning network & host, writing Policies, generating and analyzing report.
• Worked on McAfee VSE product for Stop worms, spyware, and viruses, get high - performance security, Lessen damage from outbreaks.
• Experience with architecting Symantec DLP Platforms.
• Experience in qualys Modelling during Requirement gathering and Design phases.
• Worked on identifying Venafi as the solution for enterprise key and certificate management.
• Experience analyzing Symantec DLP events and report
• Expert in installing SPLUNK logging application for distributed environment.
• Monitored and researched Cyber Threats with a direct & indirect impact to the organization internally.
• Assisted in Symantec HIDS/NIDS Setup using HPSA implementation and provided status reports.
• Experience in Security Information and Event Management Tools like IBM QRadar, Splunk and RSA Archer.
• Worked on Fireeye for Management Systems and for Threat Intelligence.
• Comprehensive background in developing and implementing strategic technology and security road maps aligned with the needs of the business to deliver exceptional security and privacy solutions.
• Antivirus McAfee Virus Scan Enterprise, Symantec, Endpoint Protection Suite
• Experience with industry recognized SIEM (Security Information and Event Management) solutions such as SNORT, Splunk, Log Rhythm and many other tools.
• Having Strong understanding of DLP Architecture.
• Good experience working security management tool McAfee ePolicy Orchestrator (ePO) console and deploying the McAfee agents on the client side.
• Verifying the incidents by using Symantec Vontu DLP and solves queries within SLA time
• Perform Risk Assessment, Gap analysis & create Risk Mitigation plan
• Configured and involved to set up architecture of WAF(web application firewall) to inspect http traffic with content filtering feature to prevent against SQL injection, cross-site scripting, buffer overflow, cookie poisoning and security misconfiguration
• Hands on experience in Active Directory and scripting language such as Python, Shell Script, XML and Perl
• Strong understanding of enterprise, network, system/endpoint, and application-level security issues and risks.
• Oversee Vulnerability assessment / penetration testing of scoped systems and applications to identify system vulnerabilities.

TECHNICAL SKILLS

Qualys Continuous Monitoring: Vulnerability Management, Web Application Scanning, Threat Protect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance.

Cyber security solution: FireEye CMS, NX, EX, HX, IA, PX

IDS/IPS: Cisco FMC1500, FMC2000, FMC3500

Compliance tool: Symantec control compliance suite

Packet capture: Netflow integrator, Wireshark, Solarwinds, Tcpdump

E-Mail security: FireEye email security (EX series)

Event Management: RSA Archer, Blue Coat Proxy, ArcSight, Splunk, LogRhythm

PenTest Tools: Metasploit, NMAP, Wireshark and Kali.

Security Software: Nessus, NMap, Metasploit, Snort

Frameworks: NIST SP 800-171, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS.

Security Technologies: WhiteHat Web Security, iDefence, NTT Security, LogRhythm, McAfee Nitro (SIEM), McAfee ePO, McAfee Endpoint Protection Suite

SIEM: IBM QRadar security manager, Splunk, LogRhythm, IBM Qradar 7.3.2, Basic knowledge on MacAfee nitro

Security Tools: IBM QRadar, McAfee Vulnerability management solutions, Nessus, Solarwinds, LogRhythm, CyberArk, Nmap, Tripwire, Symantec Endpoint Security

Firewalls: WAF (Fortinet fortiweb, Imperva), checkpoint, ASA

Scripting Languages: Python, XML, Shell script, Perl

Operating Systems: Windows2008, Windows-2012, UNIX, Linux, Ubuntu

Databases: Oracle, MS SQL, Sybase

Switches: Cisco Catalyst VSS 1440 / 6513 / 6509 / 4900 / 3750- X / 2960

Routers: Cisco Routers ASR 1002 / 7606 / 7304 / 7206 / 3945 / 2951 / 2600

Networking: Conversant in LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Fiber, Firewalls/IPS/IDS

Routing: OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing

Switching: VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging

Protocols: TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS

PROFESSIONAL EXPERIENCE

Confidential, Weehawken-NJ

Cyber Security Specialist

Responsibilities:

• Performed real-time proactive Security monitoring and reporting on various Security enforcement systems, such as Mcafee NITRO (SIEM), Anti-virus, Internet content filtering/reporting, malware code prevention, Firewalls, IDS& IPS, Web Security, Anti-spam, etc.
• Provide Level 2 Operations support for end user resolution investigating RSA SIEM events to determine any true intrusions
• Identifying and remediating any threats and vulnerabilities as a Security Monitoring (SOC), Triage and Escalation to T2
• Perform Vulnerability scanning on our network and make sure that vulnerabilities are addressed
• Implementing IBM Security Software Tool Qradar at the Client’s Environment
• Involved in working on Data Monitoring Tool IBM Guardium
• Conceptualize and implement DLP Program and policies
• Monitoring the network to avoid intrusions and applied mitigation techniques using NIDS/HIPS through standard vendor devices such as CISCO Firesight and Firepower(sourcefire)
• Working as Analyst SOC Operations for monitoring, analyzing logs from various security/ Industrial appliances using Qradar and Splunk
• Web Application Penetration Testing, targeting applications to detect and exploit common vulnerabilities such as the OWASP
• Install and manage Symantec DLP for testing in the environment for security compliance
• Creation, development, and/or restructuring of DLP programs from conception to fully perational state
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies
• Network and host DLP monitoring and logging
• Information protection solutions including Monitoring, DLP and Security Auditing solutions from Symantec
• Experience with network monitoring with SIEM IBM QRadar and Wireshark, Information Security & Network security configuration and functions
• Developed approaches for industry-specific threat analyses, application-specific penetration tests and the generation of vulnerability reports
• Implemented IDS(intrusion detection system)/IPS(Intrusion prevention system)security policies to avoid and analyze malicious attacks in the network, created signature based custom rules in IDS/IPS to trigger network intrusions events
• Vulnerability Management: Configured QualysGuard Tool for Vulnerability Analysis of Devices and Applications. Monitored them constantly through the dashboard by running the reports all the time
• Performed ITGC reviews and SOX compliance audit and participated in the planning and execution of audits
• Conduct Vulnerability scans by using Nessus
• Responsible for assisting in leading SOX implementation, developing the Internal Audit and the IT Audit function
• Responsible for using cutting edge solutions for Data Loss Prevention DLP
• Implementing QVM (Qradar Vulnerability Manager) and QRM (Qradar Risk Manager) with IBM Qradar and performing Scan Policies, Profiles, device configurations etc.
• Develop and Deploy automated intelligence ingestion with scripting and API integration and Implementation
• Creating Customization of Alert Email Notification Template instead of using default Template.
• Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, Solutionary and LogRhythm
• Managing Security tools DLP, SIEM, Vulnerability scanner and Penetrations test. Perform automated and manual security assessments to identify configuration and patch related vulnerabilities using commercial and open source tools
• Documenting incident results and reporting details through ticketing system
• Researching, analyzing and understanding log sources from security and networking devices such as firewalls, routers, anti-virus products, and operating systems
• Conducting QRadar training sessions for SOC teams and consultants
• Providing half an hour updates on traffic by monitoring portals from ISP's
• Managing all client systems from endpoint perspective using McAfee ePO tool which includes managing Agent, VSE, pushing client tasks, managing ODS & OAS scans
• Provide network security monitoring, reporting, and incident handling with SIEM took such as IBM Qradar, Splunk
• Use Splunk Enterprise Security to configure correlation search, key indicators and risk scoring framework
• Prepared system plans and executed Arc Sight architecture modifications
• Managed, upgraded and maintained operational data flows and Arc Sight platforms
• Maintained and modified hardware and software components, content and documentation
• Created and documented reports, rules, trends and Dashboard
• Performed research regarding Python Programming and its uses and efficiency
• Analyzed Arc Sight and related tools and resolved IT security failures
• Provided guidance for equipment checks and supported processing of security requests
• Experience in Network Intrusion detection/Intrusion Prevention System and Firewalls
• Utilize Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools
• Upgrading and Troubleshooting of Linux based Qradar servers and managing them through server management consoles and jump boxes
• Vulnerability assessment, penetration testing, Risk assessment, Threat management, Security advisories, compliance audits, IT security assessment
• Worked with IBM Qradar SIEM Integration and responsible for integrating the log sources with IBM Qradar
• Monitor and investigate SOC incidents and alerts with McAfee EPO

Confidential, Dublin, CA

Information Security Specialist

Responsibilities:

• Information System Security Officer (ISSO) for USDA networks; managing system Assessment and Authorization (A&A) Packages
• Oversight of security assessments to ensure compliance with FISMA requirements (FIPS, NIST, etc.)
• Experience with drafting Privacy Impact Assessments, Privacy Threshold Analyses, as well as Business Impact Analyses, and System Security Plans
• Drafting SPLUNK security audit reports
• Troubleshooting different types of log source devices including network devices, windows and Linux devices, endpoint Managers, IDS, IPS, Proxy devices and more. Also working with the HA systems in the Qradar deployment
• Designing architecture, implementation and Troubleshooting Cyber Security solutions like Mcafee, HP ARC SIGHT SIEM, IBM Q Radar and Splunk Solution
• Data Loss Prevention suit, Symantec DLP Product - Implementation and deployment as the champion team
• Deployment of Data loss prevention across the network - Data in motion, Data in Use & data at Rest servers
• Gained experience with Symantec DLP Software: DLP Cloud Prevent for Microsoft Office 365, DLP
• Analyzed the Network Attack, blocks, detects and regular Health Checkups in the real environment
• System penetration testing utilizing Nessus, Nmap, Wireshark, VMWare, Kali Linux
• Lead for the Vulnerability Management Program to ensure timely remediation
• Developed a correlated picture of what is occurring right now in an enterprise through integration of information from a variety of devices with QRadar SIEM tool, then normalizing and correlating the information to develop modules that provides real-time (or near real-time) reporting in SOC
• Provide orientation and training to office personnel and new interns
• Technical writing of policies, SOP’s and guidelines
• Responsibility for policy configuration for all the McAfee components and the same is deployed to the clients
• Use Splunk Enterprise Security to configure correlation search, key indicators and risk scoring framework
• Produce efficient DLP policies to ensure necessary in/outbound emails are logged
• Conducted IT-Security standards/compliance audits and assessments
• Vulnerability analysis and consultation of the Research Information System Enterprise Network architecture
• Performed tuning of Symantec DLP to reduce false positives and improving detection rates
• Wrote and enhanced the processes and procedures to apprehend the Network anomaly behavior in Qradar Network Anomaly Detection Manager
• Provide informative and high-level report to the research project sponsor and board executives
• Established weekly security reports and trend analysis. Oversaw continuous operation for all cyber incidents alerts
• Creation of a security dashboard for executive stakeholders to utilize for accurate and up to date incident response information on demand
• Working as Analyst SOC Operations for monitoring, analyzing logs from various security/ Industrial appliances using Qradar and Splunk
• Use Splunk Enterprise Security to configure correlation search, key indicators and risk scoring framework
• Successful migration of the development team into Microsoft Azure Infrastructure as a Service (IaaS) platform
• Conducted onsite penetration tests from an insider threat perspective
• Performed host, network, and web application penetration tests
• Experience with industry recognized SIEM (Security Information and Event Management) solutions such as SNORT, Splunk, Log Rhythm and many other tools
• Deployed in the cloud and on-premises using Amazon Web Services (AWS) and Single- Server Support
• Analyzed Symantec DLP events and reports
• Created Reports based on log sources integrated with Qradar for the Customer requirement
• Responsibility for policy configuration for all the McAfee components and the same is deployed to the clients
• Analysis of Offenses created based on vulnerability management tools such as: Rapid7
• Responsible for applying latest security standards on various platforms (Windows,Unix,Middleware,Solaris,AIX,etc.) through Symantec CCS(control compliance suite) tool to Identify security gaps and pinpoint vulnerabilities to prioritize remediation and reduce risk and automate compliance assessments for over 100 regulations, mandates, and best practice frameworks including GDPR, HIPAA, NIST, PCI and SWIFT
• Suggested the Patches for windows machines with vulnerabilities identified
• Install, test, and/or evaluate customer DLP equipment and software
• Implemented FireEye security with YARA rules to avoid malwares and cyber-attacks on the entire network, hands on experience on FireEye NX,EX,HX, PX and IA for forensic research and layer-7 inspection, extensive knowledge to detect malicious code in Ipv4 payload

Confidential, Orlando, FL

Cyber Security Analyst

Responsibilities:

• Coordinate and manage team activities during assessment engagements
• Establish schedules and deadlines for assessment activities
• Monitor controls post authorization to ensure continuous compliance with the security requirements
• Update the controls changes from NIST-800 53 rev 3 to NIST-800 53 rev 4 and control assessment changes from NIST-800 53A to NIST 53A rev4
• Used automated Vulnerability assessment tools such as Nessus and Nexpose
• Monitoring and remediating daily security alerts generated by end users with the tools like Intel/McAfee SIEM, Force Points Websense, and Intel/McAfee EPO and also responsible for effectiveness of tools and scans, as well as assessing and tracking risk of exposure
• Working on SIEM, Threat and Vulnerability management
• Performing vulnerability assessment using Nessus and Nexpose
• Experience analyzing Symantec DLP events and reports
• Assist management in authorizing the IT Systems for operation on the basis of whether the residual risk is at an acceptable level or whether additional compensating controls should be implemented plans, training and testing were executed appropriately and discuss lessons learnt
• Coordinate with system owners and ISSOs across the organization to ensure timely compliance
• Creating the reports based on operating systems and vulnerabilities provide the reports to concern technical team
• Involved and responsible for deep packet inspection with experience of Wireshark, Solarwinds and Tcpdump
• Comprehensive knowledge in ITSM ticketing tools such as ServiceNow and JIRA Service Desk
• Analyzed information systems to meet Department of Defense (DoD) security requirements
• Managed Cyber Security threats through prevention, detection, response, escalation and reporting in effort to protect Enterprise IT Assets through Computer Security Incident Response Team (CSIRT)
• Experience with identity and access management solutions such as LDAP, Active Directory, XAML, SAML and multi factor authentication

Confidential

Cyber Ark Engineer

Responsibilities:

• Primary responsibilities include Installation and configuration of CyberArk Vault, Vault Client, Active CPM, Network load balanced CyberArk PVWA, Clustered CyberArk PSM and PSM SSH proxy Architecture and design.
• Managed or implemented Cyber Ark/OPAM/Thycotic or similar PAM vendor solutions.
• Configuration of multiple Privilege accounts across the organization and Administration of CyberArk.
• Upgrading CyberArk suite of products from 8.6 to 9.2.1. (CPM, PSM, EPV, PVWA & AIM).
• Support on Active Directory Domains, it has 50 Domain controllers with single forest multiple domains environment.
• Network Application scans using CyberArk DNA and Beyond Trust Retina - Wireshark.
• Coordinated with CyberArk support teams for escalation and resolution of issues in Prod & DR and Configured Event notification engine (ENE) with CyberArk.
• Responsible for developing information security risk identification, classification, triaging and mitigation
• Implemented and maintained CA PAM solution protecting 4000+ GIS managed servers, devices and applications.
• Prepare project activities and work packages in regards to PAM implementation and tracking operating and/or product changes.
• Worked on creating the Identity access to the employees and managing the certifications and provisioning accordingly with the Sail point IdentityIQ.
• Responsible for design and implementation of Sail Point’s IdentityIQ.
• Worked with the enterprise architecture team, Security Governance, and Policy team
• Good understanding of administering and implementing SIEM, DLP, Web sense, Advance malware detection program, vulnerability assessment, and prevention,
• Providing technical input on Identity solutions with SAP systems looking to consume IAM services. Providing SAP Basis and Security better awareness and information on how IAM services will support their efforts.
• Cyber Ark Upgrade, PAM Cyber Ark Implementation, SOC/SIEM Replacement Project (Fire Eye), IAM Implementation.
• Had to deal with SIEM solutions such as Rapid7 Nexpose, Force point, Splunk
• Identified Security Target and Target of Evaluation using Cyber Ark Privileged Account Security Solution v9.1
• Scripted mass policy, target application and ID creation in CA PAM, reducing initial rollout time. Also held virtual workshops and training sessions which ensured CA PAM user productivity and acceptance globally.
• Worked closely with CA PAM product support team providing feedback on defects and improving user experience.
• Primary responsibilities include Installation and configuration of CyberArk Vault, Vault Client, Active CPM, Network load balanced CyberArk PVWA, Clustered CyberArk PSM and PSM SSH proxy Architecture and design.
• Managed an Active Directory site; replication schedules, site links and boundaries, used ADUC to create and manage computer, user and group accounts in an Active Directory environment.
• Administer PAM deployments and support ongoing expansions, maintenance upgrades, patching etc.
• Categorize the messages generated by security and networking devices into the multi-dimensional IBM Qradar normalization scheme.
• Develop content for IBM Qradar like correlation rules, dashboards, reports and filters, Active lists, and Session list.
• Developed and customized configurations, Email templates, rules in Sail Point IdentityIQ.
• Implementation of Sail point IIQ, Role Based Access Control (RBAC), Governance and Access Certification in Sail point.
• Solid Knowledge of TCP/IP and OSI models
• Worked with all Metasploit Exploitation techniques
• Conducting security workshops and presentations for the clients.
• Duties involves participation in managing technologies, evaluating new technologies, continuous improvement of SLA, customer meetings, implementing new solutions as asked by customer.
• Address Audit & Compliance remediation with enterprise projects (Ex. O365, Multi-Factor Authentication, Cyber Ark Implementation etc.)
• Mitigation of the risks using CyberArk, Aveksa and policy changes on servers On boarding applications and configuration of privileged accounts in Cyber Ark.