SUMMARY

• Experienced Technical Consultant having experience in handling Information security analyst and System Administrator responsibilities. Expertise in Cyber security & Information Assurance with deep Knowledge of Identity and Access Management security, Sail point Identity IQ, Access Control issues related to cyber systems and networks, AWS Cloud, Penetration testing methodology, malware detection techniques, recommended information assurance policies and standards.
• Expert in Vulnerability Assessment using Qualys, Nessus and Nexpose tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures.
• Assisted in integrating regulatory compliance requirements (e.g., PCI, NIST) into the organizational security roadmap.
• Hands on experience on Forcepoint and Knowledge of distributed Splunk installation with Forwarders, Clusters, and Search head cluster.
• Possess a well - balanced understanding of business relationships, business requirements, and technical solutions with ability to work collaboratively with business analysts, software testers, developers,
• Hands on experience for development, implementation, and administration of information security policies, standards, and procedures, adhering to industry best practices for clients.
• Assisted in ensuring that the corporate IT environment is secure and complies with all external audit requirements and federal standards
• Designed and facilitated new cloud security architecture at Bluemix datacenters for the ECMoC product offering using Vyatta 5400/5600, Juniper vSRX, Fortinet/Fortigate series firewalls.
• Efficient and Expert in EIGRP, OSPF, with knowledge on MPLS, BGP (including configuration and troubleshooting)
• Expertise in Gathering and analyzing metrics, key risk indicators and maintain scorecards defined within the area of information security to ensure our information security program is performing effectively and efficiently.
• Experience in vulnerability scanning g with relevant tools e.g., Nessus, HPE Fortify for SCA (Static Code Analysis) and WebInspect, and Rapid 7 Nexpose.
• Assist in the deployment and configuration of new tools and capabilities such as Nessus, Splunk, Symantec and McAfee DLP.
• Experience configuring and deploying modules and products like McAfee ePO, McAfee VSE, Cloud, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM.
• Experience in managing Network infrastructure security using HPE ArcSight ESM/ Splunk for monitoring and classifying and responding to incidents and threats.
• Supported the information security audit and third-party assessment initiatives during planning, execution, and remediation phases, as well as coordinating and tracking remediation activities.
• Liaison between the audit/assessment teams and Information Security management.
• Familiar with threats and vulnerabilities, latest trends and risks and be able to understand the technical remediation action steps or plans and communicate them effectively to teams within the organization
• Experience with SOC and 24/7 operations.
• Acunetix, Microsoft Project, Tripwire/IP360, Tenable, Project Libre, Visio, Pac2000, SharePoint, Peoplesoft & Nexus, Continuous monitoring, GIS Ware, cloudera, Hadoop, Apache, Miscrosoft application, endpoint, Security API’s, shodan API + Nmap and others.
• Extensively worked on coding using core java concepts like multithreading, collections, serialization, Synchronization, exception handling, generics, network APIs and database connections.
• Defined and oversaw security hardening standards for client's IT Infrastructure
• Coordinated with systems and network engineers to ensure servers and network devices conform to security standards, and that security devices and controls are working as designed
• Experience with industry recognized SIEM (Security Information and Event Management) solutions such as IBM QRadar, Splunk, and LogRhythm.
• Implemented SQL Alchemy which is a python library for complete access over SQL.
• Excellent understanding of computing environments Linux: RHEL-7/DEB-KALI, Windows 7/10, Server 2012/2016 and Unix Operating systems.
• Experience using persistence framework like Hibernate/JPA for mapping Java classes with database and using Hibernate Query Language (HQL).
• Perform Risk Assessment, Gap analysis & create Risk Mitigation plan.
• Strong understanding of enterprise, network, system/endpoint, and application-level security issues and risks.
• Oversee Vulnerability assessment / penetration testing of scoped systems and applications to identify system vulnerabilities.
• Excellent knowledge of FISMA, HIPAA and NIST, PIA Compliance usage, rules and regulations
• Use IBM QRadar Security Manager to identify threats and assigned category.
• Processed daily security operations and log analysis.

TECHNICAL SKILLS

Networking: Packet Analysis (tcpdump, Wireshark), IDS (Bro, Snort), Splunk, Firewall, IDS/IPS, Access Control

Systems Administration: Active Directory, DNS, FTP, SSH, DHCP, SMB, HTTP, Virtualization (ESX)

Vulnerability Assessment: Nmap, Nessus, Ettercap, Metasploit, Honeypots (honeyD, inetSim), BurpSuite

End Point Security: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Symantec McAfee Email Security Gateways GUI & CLI, McAfee Network Data Loss Prevention, McAfee NITRO SIEM Security Information and Event Management.

Platforms/Applications: Continuous Monitoring Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance, Solarwinds, Nexpose, Rapid7 Event Management RSA Archer, Blue Coat Proxy, IBM QRadar, NTT Security, LogRhythm, PenTest Tools Metasploit, Burpsuit, NMAP, Wireshark and Kali

Security Software: Nessus, Ethereal, NMap, Metasploit, Snort, RSA Authentication, PIA

Programming Languages: C, C++, Java, Python, JavaScript, Linux, PowerShell

Networking: LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Firewalls/IPS/IDS

Protocols: TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS, NetBIOS, SNMP, TLS etc.

Domain Knowledge: Risk Management, BCP/DRP, ISO 27001, COBIT, Vulnerability SWOT analysis, Cryptography, Incident Response, Penetration Test, Risk Assessment, SCADA Security, SCADA Audits, SIEM, NIST, FIPS

PROFESSIONAL EXPERIENCE

Confidential, Dover, NH

Sr. Cyber Security Engineer

Responsibilities:

• Experienced with DLP, Bluecoat websense, Proofpoint, Trend Micro, and IBM QRadar Enterprise SIEM security tools to monitor network environment
• Worked on tools like Information security and Group Policy, Symantec Data Loss Prevention, Symantec End- Point Protection Manager, Symantec Endpoint Encryption, Windows Server Update service, Bluecoat Proxy, Syslogs, GFI.
• Experienced primary Voltage secure data encryption engineer heading up the International Project encryption servers worldwide.
• Oversee Vulnerability assessment/penetration testing of scoped systems and applications to identify system vulnerabilities.
• Application support for tripwire, research and understand all aspects up tripwire and troubleshooting as well as find other ways to automate practices. Would help other teams with in cyber security as well for any projects dealing with Nessus tools vulnerability management, risk and compliance in NERC standards.
• Lead a team of cloud security engineers in various areas of expertise to execute complex solutions to meet delivery timelines.
• Recognize, adopt, utilize and teach best practices in cloud security engineering
• Internal Network Vulnerability Assessments to enhance the Information Security culture of an organization through identifying, analyzing and reporting the gaps which may be used to threaten the CIA of information.
• Converting existing AWS infrastructure to server less deployed via Terraform or AWS Cloud formation.
• Frame works used ISO 27001 ISMS, PCI DSS, SSAE16, OWASP, SANS, Forcepoint.
• Monitored and researched Cyber Threats with a direct & indirect impact to the organization internally.
• Experience on Nessus VA and BurbSuite PT with Implement RSA SecurID
• Multi model Consulting on different frameworks & standards like ITIL, COBIT, SDI, CMMI & ISO 2000, ISO 9001.
• Security Consultant specializing in Data Loss Prevention and large infrastructure encryption.
• Security Engineer for Proof Point Email Gateway Security.
• Develop reference architectures and proof of concept implementations of cloud security environments
• Responsible for architecting, implementing and supporting of cloud based infrastructure and its solutions.
• Manage all repeated threats to all systems and perform vulnerability tests.
• Responsible for the design, development, and implementation of new and innovative solutions to protect lucid sensitive data and strengthen data protection capabilities.
• Support IT teams based on latest risks and possible remediation Vulnerability remediation of VBlock Infrastructure. Involved in integration of Splunk with Service Now, Active directory and LDAP authentication
• Used Splunk Deployment Server to manage Splunk instances and analyzed security based events, risks & reporting.
• Experienced with Handling Cloud environments (AWS and Cloud)
• Simplified knowledge sharing by creating and maintaining detailed and comprehensive documentation and necessary diagrams.
• Managing the enterprise infrastructure of the System Security team, such as configuration of File Integrity Monitoring systems, Data Loss Prevention (DLP) toolsets, enterprise Antivirus solutions, and endpoint encryption.
• Assisted internal users of Splunk in designing & maintaining production-quality dashboard, assisted team to understand the use case of business and provided technical services to projects, user requests & data queries.
• Combat operations IN Signals and info sec operations. Worked with NERC CIP, Tripwire, Tenable and IP360 Enterprise 8.6.
• Responsible for network monitoring using Splunk, Archsight, and Security Center.
• Responsible for Web UI development in JavaScript using jQuery, Angular2, and AJAX.
• Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce the risk of vulnerability to IT assets.
• Using Tenable and IP360, Tripwire to control vulnerabilities and mitigate them by severity.
• Developed an intelligence-driven security approach for threat detection, which helped
• Responsible for conducting structured security certification and accreditation (C&A) activities utilizing the Risk Management Framework and in compliance with the Federal Information Security Modernization Act (FISMA) requirements.
• Performed enterprise security and Cloud security specific solutions such as: IAM, Identity Governance, SIEM, Key Management & Encryption access keys, Public, Private and Hybrid cloud solutions
• Assisted in day to day EPO Security Alert threats by response using SIEM ( Security Information & Event Manager ) Security tools Nessus and ArcSight to track down security threaten workstations, virtual servers and devices on the Confidential Network.
• Tracking the receipt, implementation, and compliance of information assurance vulnerability assessment and documenting information assurance initiatives ensure that systems, networks, and data adhere to security policies and procedures. Risk Management, Vulnerability Management, Intrusion Prevention, Incident Response.
• Adding new vulnerabilities to the Vulnerability Database for various platforms with proper exploits.
• Experience in Amazon AWS Cloud Administration which includes services like: EC2, S3.
• Managing various industries standard SIEM, IPS, PIA, CASB, Firewalls, Gateways, VBlock, Rapid7 Virus and Endpoint Managers
• Taken care of multi-threading in back end java beans.
• Experience in supporting Symantec Endpoint Protection 12.1 workstation clients in an enterprise environment. Installation, configuration, and day-to-day management of Symantec Endpoint Protection.
• Automated the centralized detection of security vulnerabilities with scripts for Vulnerability assessment tools like ArcSight and Splunk.
• Provide information regarding intrusion events, security incidents, and other threat indications and warning information
• Responsible for Continuous Integration (CI) and Continuous Delivery (CD) process implementation using Jenkins along with LINUX Shell scripts to automate routine jobs.
• Performs advanced problem identification and resolution, performance monitoring and capacity planning functions for all Cloud infrastructure
• Deploying TrueCrypt Drive Encryption to all State Trooper laptops and desktops
• Have experience in cloud platform like AWS.
• Run internal and external Network Vulnerability scans at least quarterly after any significant change in network such as a new system component, installations, changes in network topology, firewall rule modifications and product upgrades.
• Analysing vulnerability using scanning tools (Nessus, Qualys Guard) provided to us by our client to remove false positives before creating and delivering a final report.
• Utilize Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), McAfee Endpoint Encryption Data Leakage Prevention (DLP), PIA, Forcepoint, forensics, sniffers and malware analysis tools.
• Responsible for monitoring and, providing analysis in a 24x7x365 Security Operation Center (SOC) using Splunk SIEM, IDS/IPS tools.
• I have been part of several engagements deploying encryption and protecting data as well as training helpdesks around the globe. I am currently running a 32,000 computer encryption with McAffee's whole disk encryption and ePO along with device control/DLP.

Confidential, Provo, UT

Sr. Cyber Security Engineer/Analyst

Responsibilities:

• Establish a strong GRC (Governance, Risk and Compliance) practice to ensure adherence to best practice, regulatory requirements and ISO 27001.
• Adept with QRadar, Symantec PCAP, Symantec CloudSOC, PAN Firewall, PAN WildFire, PAN TRAPS, PAN Redlock, FireEye, ThreatQ, Microsoft SCEP, Microsoft O365 Security and Compliance Portal, ProofPoint,
• Working with McAfee ePO for managing client's workstations for providing end point security.
• Facilitate implementations of information security policies, account security policies and standards for logical and physical security.
• Worked on SIEM, as well as solar winds, Symantec end to end point security for malware detection and threat analysis.
• Experience with national, international, and/or sectoral cloud security assurance/compliance regimes and frameworks such as Federal Risk and Authorization Management Program (FedRAMP), Federal
• Responsible for performing application penetration testing on web, thick client, and other types of applications to identify significant vulnerabilities that threaten the confidentiality, integrity, and availability of customer systems.
• Implementation and configuration of the network infrastructure in Business environment.
• Installation and maintenance of McAfee Drive Encryption used to encrypt all workstation hard drives in the environment to secure the data stored on them
• Installation, maintenance and monitoring of McAfee Data Loss Prevention Endpoint, one piece of the Removable Media Encryption suite
• Installation "maintenance and monitoring of McAfee File and Removable Media Protection, the second piece of the Removable Media Encryption suite
• Setup and configuration of test benches includes configuring Cisco UCM, 29xx/3800 series routers, Cisco 7975/9971 IP Phones, RSVP gateways, POE switches and Media servers, implemented all VMware configurations for CUCM installs using vSphere.
• Implemented and configured CASB solution including Netskope to secure the enterprise with a cloud.
• Tested and certified new software such as Tanium Protect (an access control software) and PEGA trouble ticketing software.
• Audit Support: Facilitated the PCI DSS external audit for the client, took charge of end to end co- ordination and support during the onsite assessment.
• Oversee the design and development of security solutions and manage cross-platform integration of a range of on-premised and public cloud security designs and configurations, Amazon CloudFront and Amazon Route 53.
• Troubleshooting day to day issues in IT infrastructure in Business Environment tools like Splunk, ArcSight, Solutionary, PIA, LogRhythm, SCCM, Altiris, LanDesk, BigFix, McAfee/Symantec.
• Automated DLP Incident metrics using splunk. Developed monthly, weekly metrics and dashboards using splunk.
• Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, ArcSight, Solutionary, LogRhythm, SCCM, Altiris, LanDesk, BigFix, McAfee/Symantec.
• Configured Advance CyberArk integration with AD through LDAP, 2factor authentication & email integrations.
• Utilizing Tanium Endpoint Security to create reports to resolve various information security issues.
• Experience with Risk assessment, Cobit I help Malware Analysis.
• Coordinates closely with disaster recovery and data security teams.
• Enhancing Risk culture across the organization based on COSO framework. Applying and implementing COSO framework across organization
• Allocate/coordinate work within a team/project. Provides value input into risk reports. Presents reports to the business areas and CTS management.
• Working as Device Management in-charge to provide technology support, install, maintain, upgrade, and troubleshoot server's issues, networks, other security products, providing solutions to complex hardware/software problems.
• Working as a dedicated resource for a Scrum Project to provide timely firewall support and configuration for ongoing high priority Scrum Projects.
• Vulnerability Assessment and Management (Nessus & Qualys), Security risk analysis; reporting using SPLUNK.
• Conduct daily IDS analysis/monitoring for potential compromise, intrusion, deficiency, significant event or threat to the security posture and security baseline and numerous activity against spam.
• Utilize Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools
• Implemented multiple tools including Symantec DLP, and QRadar SIEM.
• Deploying and configuring McAfee products for client. Providing SME for McAfee suite of products like McAfee ePO, McAfee Endpoint Encryption, McAfee DLP Endpoint
• Manage IBM QRadar configuration files like inputs, props, transforms, and lookups. Upgrading the IBM QRadar Enterprise and security patching.
• Leading a SOC team for cyber incidence and compliance towards PCI DSS, NIST framework.
• Installed, configured and administered Splunk Enterprise Server and Splunk Forwarder on Redhat Linux and Windows servers.
• Configuration and Maintenance of MPLS between satellite locations and Data center. Rule Management for MPLS routers.
• Tracks all the incidents happened in all the stores and used for recovery and settlements using RSA Archer.
• Experience with SIEM platforms (Splunk, Qradar, McAfee/Nitro, Arcsight, LogRhythm, Carbon Black)
• Administration experience of CyberArk vault with Safe creation, integration with LDAP and other authentication methods & Creation of policies and reports in PVWA.
• Had to deal with SIEM solutions such as Rapid7 Nexpose, Forcepoint, Splunk
• Experience in analyzing the logs and Trouble Shooting issues in Integration of other applications using CA SiteMinder (Access Management) and Identity Management tools along with LDAP and Web-server agents and Siteminder federation services.
• Projects that installed, deployed and/or maintained multiple security solutions for security tools such as Nexpose Rapid 7, Comodo, Qualys, threat stop.
• Installation and configuration of CyberArk Vault, Password Vault Web Access (PVWA), Central Password Manager (CPM) and Privileged Session Manager (PSM) in Prod and PIA.
• Working on the Security tools like Deep Security, HIPPM, Nessus, and Symantec Control Compliance Suite 11.

Confidential, Chevy Chase, MD

Sr . Cyber Security Engineer

Responsibilities:

• Experience with many of the following technologies/roles: Privileged Account Management, Two-Factor Authentication, Web filtering, Web Application Firewalls, Virtualized computing environments, Encryption-at-rest and encryption-in-transit, Vulnerability Management.
• Installation and configuration of networks and network devices such as web application firewalls, network firewalls, switches, checkpoint firewall, squid firewall, blue coat proxy and routers.
• Network Security configuration, audit, and management of Windows servers. Installation, configuration, audit, and management of security tools.
• Security configuration, audit, and management of applications and databases. Leading security incident investigations, including basic forensic analysis and reporting. Deploying, automating, maintaining and managing AWS cloud based production system, to ensure the availability, performance, scalability and security of productions systems.
• Maintenance and monitoring of network and host intrusion detection and prevention technologies. Implementing security controls. Experience with using a broad range of AWS technologies (e.g. EC2, RDS, ELB, EBD, S3, VPC, Glacier, IAM, CloudWatch, KMS) to develop and maintain an Amazon AWS based cloud solution, with an emphasis on best practice cloud security.
• Implemented physical and procedural safeguards for information resources within the facility. Communicate effectively with senior management, peers, staff, and customers both inside and outside the corporation.
• Administered access to information resources and makes provisions for timely detection, reporting, and analysis of actual and attempted unauthorized access to information resources.
• Proposed and assisted with the acquisition of security hardware/software. Develops and maintains access control rules. Experience with VOIP systems.
• Maintains user lists, passwords, encryption keys, and other authentication and security-related information and databases.
• Experience using DAST tools to detect potential vulnerabilities such as HP Webinspect, SolarWinds, Zap, Burp, Tenable, Splunk, Alertlogic, Symantec Endpoint Protection, Zscaler, McAfee security, Portswigger, Fiddler, Wireshark, Nmap, JIRA, Sonatype, Coverity. Experience in Palo Alto Networks and Firewall. Experience in maintaining local and remote networks.
• Lead the design, implementation, and migration of enterprise infrastructure and application services to software defined networks. Experience in Palo alto networks and firewall. Configure and manage AWS/Azure cloud infrastructure.
• Develops and leads procedure for testing disaster recovery plan. Provides help-desk-style assistance.
• Administered MS Windows Server, Red Hat Linux Server, and Network/Security Administration.
• Advanced knowledge of Cisco wireless LAN controllers, Cisco access points, Cisco ISE, Cisco routers, Cisco L2/L3 switches, Cisco Prime, Generic Routing Encapsulation, load balancing (F5 BIG-IP Local Traffic Manager, Cisco Load Balancer, Citrix, Azure load balancer), QOS, PBR, WCCP, VPN, NAT, VoIP, IPSec, Multicast, DNS services, MPLS networks, LAN, WAN, Juniper Networks Firewall, Cisco ASA firewalls and network and routing protocols (Ethernet, TCP/IP, SNMP, VLAN Trunking, BGP, OSPF, ISIS, EBGP,IBGP,RIP).
• Excellent written and verbal communication skills. Ability to create, update and maintain technical documentation. Ability to work independently. Experience with ServiceNow.
• Provided guidance and policy regarding the administration of all computer security systems and their corresponding or associated software, including endpoint security, intrusion detection systems, and application whitelisting.
• Participated in strategic security relationships between internal resources and external entities, including government, customers, vendors, and partner organizations.
• Experience with using a broad range of AWS technologies (e.g. EC2, RDS, ELB, EBD, S3, VPC, Glacier, IAM, CloudWatch, KMS) to develop and maintain an Amazon AWS based cloud solution, with an emphasis on best practice cloud security. Extensive experience hands-on Azure IaaS / PaaS. Experience designing and building Azure solutions. PowerShell experience as it relates to Azure, AD, and Office 365.