SUMMARY

• Multi - faceted, resourceful and forward-thinking security professional with 23 years of relevant experience, related proficiency and a background in network security, cyber security and network engineering. Strong technical qualifications with hands-on experience in providing technology solutions that improve efficiency, productivity and profitability.
• Proficient in delivering effective issue resolution and technical support utilizing various system software and tools. Adept at managing large scale networks, security planning and Implementation.
• Proven ability to work in complex environment, manage multiple projects, establish priorities and achieve organizational goals. Enthusiastic individual and an excellent communicator, recognized ability to establish and maintain relationships across cross-functional teams and diverse individuals at any levels.

TECHNICAL SKILLS

Hardware: Cisco Catalyst Switches, Cisco Nexus Switches, Cisco UCS, Cisco ASA Firewalls, HP Servers, Barracuda, SAN technologies, FireEye CMS, EMS and MAS

Software: Windows AD, McAfee Solid Core, McAfee ePO, McAfee TIE, McAfee Active Response, Symantec Corporate edition, FTK, Encase, SAN SIFT, Redline, Remnux, Remworkstation, Cisco IDSM, McAfee IDS, McAfee SIEM, McAfee TIE, McAfee ENS, IBM Qradar SIEM, IBM Qradar logging server, Cisco Firesight IPS, Lancope Stealthwatch, Tanium, Redseal, Qualys, Nessus, Snort, Security Onion, Pfsense

Operating System: Windows Operating System, Linux and MAC OS.

PROFESSIONAL EXPERIENCE

Confidential, Columbia, MD

Senior Cyber Security Analyst

Responsibilities:

• Team Lead with extensive experience in Confidential ’s Global IT SOC operations responsible for day to day security monitoring of Confidential ’s global WAN and datacenters.
• Extensive experience in threat modeling, threat analysis, IOC enrichment, TTPs and cyber threat hunting.
• Responsible for SOC Blue team engagement using tools like Qradar SIEM, Qradar logging server, Cisco Firesight IPS, Lancope Stealth Watch, FireEye CMS, FireEye Web MPS, FireEye Email MPS, Websense, Proxy servers and Packet Analyzers.
• Responsible for SOC Red Team engagement using tools like Metasploit, Wireshark, Back Track, John the Ripper, darkcomet and Retina in penetration testing. Familiarity with meterpreter, cobalt strike, pupy and empire.
• Leveraging external threat intelligence sources like IBM X-force, Isight, ThreatQ, AlienVault, Isight and Bitsight to perform proactive hunts within the corporate networks and cloud environment.
• Performs Endpoint forensics and threat mitigation using McAfee ePO, McAfee TIE, McAfee Active Response, Symantec Endpoint Protection Manager.
• Reversing malware through static, automated, behavioral and code analysis using tools like Exif Tool, Binwalk, Olly Debug, Wireshark, Process Hacker, Process Explorer, Process Monitor, FireEye MAS, Cuckoo sandbox, Virustotal and Hybrid-Analysis
• Performing computer forensics using tools like Encase, FTK, SANSift, Mandiant Redline and Volatility.
• Responsible for e-discovery efforts for legal purposes
• Responsible for vulnerability scans to expose attack surface using tools like Nessus, OpenVAS, Retina, MBSA, Rapid 7, Redseal and Qualys.
• Extensive experience writing and implementing SOPs, Policies and adhering to incident management SLAs
• Responsible for tuning SIEM rules to facilitate security challenges
• Effective communicator of shift updates all stake holders to prevent any gaps in the incident response process
• Provide mentorship and training to Jr staff members
• Assisting with the oversight of our Security Operations Center and related log collection and analysis tools.
• Involvement in Project-related Security Tasks
• Coordinating detection, analysis and remediation activities on attacks that impact information assets
• Responsible for patch management efforts using Microsoft SCCM and WSUS
• Performs application whitelisting using McAfee Solidcore
• Configuration and data/log analysis for routers, firewalls, VPNs and other network devices.
• Design, configures and implements of network security infrastructure. (VPNs, Firewalls, IDS, Web Application Firewalls)
• Responsible for auditing corporate security systems and associated logs for suspicious or non-compliant activity (SOC and PCI Compliance).
• Serve as the organization’s POC for adherence to security procedures, controls and policies.
• Participates in internal reviews with auditors, operational risk assessments, addressing compliance and communicating known risks and mitigation strategies to upper management
• Designs, plan and implement test strategies to support the core infrastructure in the contingency environment for critical business applications to ensure business continuity.
• Team Lead for the evaluation of security tools under considerations for purchase or licensing.

Confidential, Columbia, MD

Security Operations, Lead

Responsibilities:

• Responsible for incident response, malware analysis, forensic investigations, log analysis and timeline analysis.
• Development of incident response plans, workflows, and SOPs.
• Responsible for performing threat intelligence and converting intelligence to actionable detection and mitigation.
• Identify incident root cause and take proactive mitigation steps.
• Perform lessons learned activities.
• Mentor junior analysts and run brown bag training sessions.
• Review vulnerabilities and track resolution.
• Review and process threat intelligence reports.
• Develop and implement detection use cases.
• Develop and implement IDS signatures.
• Plan and creates company’s security policy, manage security products such as firewalls around the clock, perform ethical hacking into the establishment’s network in order to discover and fix any security loopholes, compile and maintain reports on the company’s security system and determine whether it is on par with the required security standards and investigate any frauds and other computer crimes.
• Analyze and assess vulnerabilities in the infrastructure (software, hardware, networks), investigates available tools and countermeasures to remedy the detected vulnerabilities, and recommends solutions and best practices. Analyzes and assesses damage to the data/infrastructure as a result of security incidents, examines available recovery tools and processes, and recommends solutions. Tests for compliance with security policies and procedures. Responsible for the creation, implementation, and/or management of security solutions.
• Oversees security monitoring, security and data/logs analysis, and forensic analysis, to detect security incidents. Investigates and utilizes new technologies and processes to enhance security capabilities to minimize risks.
• Conduct information security risk assessments, risk awareness and communicates risk to senior leadership and stakeholders.
• Familiarity with intrusion detection systems (e.g., snort) and tools (e.g., TCPDump, Wireshark).
• Technical understanding and experience with network security technology including IDS/IPS, Firewalls and network traffic analysis.
• Accurately and timely performing electronic discovery activities including data identification, collection, processing and preservation.
• Understanding of the TCP/IP protocol stack and application protocols such as SNMP, SMTP, DNS, and DHCP.
• Experience with authentication protocols for network resources including 802.1x, SSH, TACACS+, LDAP.
• Experience with security controls for WAN, LAN, WLAN, VPN and Cloud architectures.
• Hands-on experience with vulnerability scanning, firewall, antivirus & malware analysis, IDS/IPS, log correlation tools, SIEM, VMWare, NAC.
• Develop, update, and maintain relevant information security and privacy policies and interact with various departments and individuals across the organization to achieve information security objectives; perform other duties, as required.
• Lead and manage technical experts responsible for the development, design, and systems integration, from definition phase through implementation; provide technical direction for one or more technical areas.
• Designs security systems or major components of a security system, and may head a security design team building a new security system.
• Spearheaded change and risk management efforts, determined suitable resources needed and developed schedules to ensure timely project completion.
• Applied vast knowledge and experience in recommending changes and enhancing network performance, security, stability, and disaster recovery.
• Ensured third party vendor adherence to security SLAs.
• Investigated and utilized new technologies and processes to enhance security capabilities and implement improvements.
• Designed security systems or major components of the security infrastructure.
• Utilized knowledge in recommending changes and enhancing network performance, security, stability, and disaster recovery.
• Responsible for the architecture, upgrade and security of the corporate network and switching infrastructure.
• Assisted in designing and executing Trustwave web application firewall, migration and deployment of Cisco ASA 5520s to replace current Cisco PIX corporate firewalls and VPN gateways and construction and roll out of B2B customer support infrastructure using IPsec or dedicated circuits.
• Migrated 2003 servers to 2010 servers and performed capacity and network monitoring using Microsoft MOM, WhatsUp Gold, and HP OpenView.
• Executed Packet Motion’s data loss prevention tools through alerts and enforcement to protect corporate data, Deployed and managed FireEye NX10000 and 7400 to protect network security.
• Protected network integrity and security by deploying Lancope and cyber security by implementing Websense web security as well as network and cyber security by implementing nexus vulnerability scanners.
• Responsible for the implementation and management of Trustwave web application firewall.
• Implemented Rapid 7 for risk management.
• Designed, implemented and monitored IPS/IDS infrastructure to protect corporate network.

Senior Network/Security Engineer

Confidential

Responsibilities:

• Played a vital role in migrating checkpoint firewall to Cisco PIX and Cisco PIX to Cisco ASA, directing network integration of new acquisitions, deploying patch management system and managing Barracuda Spam Firewall.
• Designed, implemented network and security infrastructure spanning a WAN comprising of 70 offices worldwide.
• Secured Cisco catalyst switches, active directory infrastructure and server farm in adherence to security best practices.
• Planned, developed and implemented EMC SAN Solution, Citrix Server 4.0, and Websense for web filtering.
• Directed all aspects of corporate network development and entire project lifecycle, from project definition to project plan development, resource allocation and debriefing.
• Utilized extensive experience in aligning and supporting DNS, DHCP, WINS, SSH, SNMP, and Print Servers.
• Experienced in working with Fiber Channel, SCSI, and iSCSI, utilized Backup Exec and ARCServeIT to back up corporate data, implemented fault tolerance measures, such as RAID 5 and applied protocol analyzers to troubleshoot network problems.
• Ensured achievement of 100% uptime during business hours for all systems.
• Identified security related issues and mitigated as needed.
• Identified network related issues and addressed accordingly to ensure system availability.