SUMMARY

• Experienced Professional in IT Infrastructure, Risk security, Information Security, and Cyber Security.
• Information - security expert with a diverse technical background in enterprise networking, server infrastructure, database technologies, and system security.
• Experience in configuration management and policy implementation.
• Configured and deployed Symantec HIDS on Windows Server 2008 and 2012 and desktops.
• Experience in data de-identification implementation, management, operational, and troubleshooting.
• Experience in vulnerability scanning g with relevant tools e.g., Nessus, HPE Fortify for SCA (Static Code Analysis) and WebInspect, and Rapid 7 Nexpose.
• Experience in managing Network infrastructure security using HPE ArcSight ESM/ Splunk for monitoring and classifying and responding to incidents and threats.
• Experienced with Symantec DLP Policies (DLP templates) compliance and regulation standards such as SOX, PCI, and HIPAA.
• Hands on Experience on vulnerability assessment and penetration testing using various tools like Burp Suite, Fiddler, ZAP Proxy, SQL map, HP Web Inspect and IBM AppScan, HP fortify, to determine the security of web application developed in different platforms like .NET, Java, AJAX, PHP and many others.
• Security assessment of online applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.
• Strong knowledge of risk management and computer forensic tools, technologies, and methods. Experienced in IT security design and implementation with a solid understanding of disaster recovery, intrusion detection systems (IDS), intrusion protection systems (IPS), and web application firewalls (WAF). Analytical problem solver adept at managing network changes and troubleshooting network issues to ensure maximum up time.
• Experience in OSINT and TECHINT reconnaissance.
• Experience with SOC and all-time operations.
• Experience configuring and deploying McAfee modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM.
• Knowledge of distributed Splunk installation with Forwarders, Clusters, Search head cluster.
• Skilled with Penetration testing (white, grey, and black box) with passive and active modules using Burp suite, Metasploit, custom scripts, and other necessary tools.
• Recommend remediation’s for flaws discovered in the penetration test.
• Expert understanding on the Cyber-Kill-Chain and APT.
• Experience with network monitoring with SIEM IBM QRadar and Wireshark, Information Security & Network security configuration and f-unctions.
• Experience in configuring deployment server, Splunk Apps and add-ons.
• Hands on experience with several vulnerability forms i.e., SQL injection, XSS etc.
• Hands on Experience with Security frameworks such as NIST, HIPAA
• Experience with NIST SP 800-53A and NIST SP 800-30.
• Experience in Palo Alto Firewall, VPN's, and networking with protocols i.e. NetBIOS, SNMP, telnet, SSH, ARP, etc.
• Implementation of DOORS Management tool as per the project requirement.
• Key member of implementation team for GDPR breach monitoring team via custom configuration of endpoint, network and email via data loss prevention (DLP), secure content gateway (SCG), and asset monitoring.
• Experience with industry recognized SIEM (Security Information and Event Management) solutions such as IBM QRadar, Splunk, and LogRhythm.
• Perform vulnerability scan with Nessus for improper configurations, missing patches, hosts, network, and insecure credentials and accounts.
• Experience with HPE Fortify for code Vulnerability analysis reviews and WebInspect scan.
• Experience with application security.
• Excellent understanding of SAST, DAST, IAST and RASP best practices.
• Having hands on experience for Documentation and log analysis

TECHNICAL SKILLS

Qualys Continuous Monitoring: Vulnerability Management, Qualys, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance.

Event Management: Splunk, Qradar, ArcSight

PenTest Tools: Metasploit, NMAP, Wireshark

Security Technologies: Symantec DLP, MacAfee EPO, Qradar, Splunk

Security: McAfee epo, Symantec DLP, Sorecefire IDS, LogRhythm, Tanium

Firewalls: Check Point, Palo Alto PA 3000/5000

Operating Systems: Windows, NT, Windows 98/XP/ 2000/2003/2007 , MS-DOS, Linux

PROFESSIONAL EXPERIENCE

Confidential, Greenfield Indiana

Information Security Engineer

Responsibilities:

• Responsible for monitoring and, providing analysis in a 24x7x365 using various SIEM, IDS/IPS tools.
• Verify that the Windows Virus Definitions on the SEPM are within 24hours from those reported by Symantec.
• Experienced in administering, upgrading, and troubleshooting problems with McAfee ePO, McAfee ENS, McAfee NDLP and McAfee NDLPE.
• Used Kali Linux to perform web application assessment to identify, validate and exploit vulnerabilities using tools like Metasploit, DirBuster, OpenVAS, Nikto, SoapUI and Nmap.
• Worked with SQLmap, an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
• Identifying the risk level (critical, High, Medium, Low) and prioritizing vulnerabilities found in web applications based on OWASP Top 10, SANS 25 and GSEC.
• Obtaining all pertinent information needed to work the incident properly.
• Following the procedures for incident hand-off to Problem Management when required.
• Schedule scans on Symantec and reviewing results and quarantine risk data
• Perform technical analysis on data de-identification tools.
• Recommended and configure Correlation rules and email alerts and reports and dashboards in QRadar Environment.
• Investigated emails using various tools such as Email Protection Systems, Malware Sandboxes, and Anti-Virus Engines.
• Produce efficient DLP policies to ensure necessary in/outbound emails are logged.
• Monitored and responded to potential security incidents using email alerts from Firewalls, Anti-Virus products.
• Perform data de-identification implementation in the non-production environment.
• Ensuring the database refresh containing any sensitive data is detected and masked as defined in the policies.
• Provide AWS Cloud based solutions with auto scale options.
• Define and manage AWS Security Groups and Network ACLs.
• Configured AWS IAM and Security Group in Public and Private Subnets in VPC.
• Conducted threat hunting analysis in ArcSight SIEM during each shift per shift report requirements.
• Utilized ArcSight to investigate incoming cases and create detail report of events during shift.
• Responsible for monitoring and detecting security incidents in Arcsight (SIEM).
• Develops rules, lists, and active channels in ArcSight ESM.
• Installing and Troubleshooting McAfee 8.8, ePO 4.5
• Working closely with Appscan, Symantec and Rapid7 for any malware activity on environment.
• Ensuring Symantec DLP policies are in place and scanning the environments for incidents.
• Assisting in DLP policy development for the non-production environment.
• Monitoring the enforce console for incidents and troubleshooting.
• Provide real time intrusion detection host based monitoring services using Symantec Endpoint.
• Assist with the development of process and procedures to improve incident response times, analysis of incidents, and overall functions.
• Provide network intrusion detection expertise to support timely and effective decision making of when to declare an accident.
• Actively monitored and responded to activity impacting various enterprise endpoints facilitating network communication and data handling (McAfee End Point Security, DLP, Splunk)
• Data Loss Prevention suit, Symantec DLP Product - Implementation and deployment as the champion team.
• Gained experience with Symantec DLP Software: DLP Cloud Prevent for Microsoft Office 365, DLP.
• Assisted engineers with Splunk troubleshooting.
• Created Splunk dashboards for investigations
• Monitor and investigate SOC incidents and alerts with McAfee EPO.
• Document all activities during an incident with status updates during the life cycle of the incident.
• Analyze network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.).
• Provide information regarding intrusion events, security incidents, and other threat indications and warning information.
• Design DLP architecture and handle Third party Risk Assessment and Managed SOX audits
• Configure and Install IBM QRadar Enterprise, Agent, and Apache Server for user and role authentication and SSO.
• Helped Customers configure and maintain their email security and anti-Spam solutions using Symantec Messaging Gateway and Symantec Mail Security for Microsoft Exchange
• Implemented Symantec DATA Loss prevention to secure all end points. Configured and instrumented Symantec management console, Symantec management server and Symantec database on Oracle.
• Experience analyzing McAfee DLP events and reports.
• Used McAfee ePolicy Orchestrator to monitor and identify potential intrusions and attacks for the Security Operations Center (SOC)
• Performed tuning of Symantec DLP to reduce false positives and improving detection rates.
• Perform command line scripting in Linux and UNIX to configure Splunk.
• Manage IBM QRadar configuration files like inputs, props, transforms, and lookups.
• Upgrading the IBM QRadar Enterprise to 6.2.3 and security patching.
• Worked on requirement management (REQM) tools like IBM rational DOORS NextGen, LDRA TBmanager, Polarian etc.
• Worked on SIEM, as well as solar winds, Symantec end to end point security for malware detection and threat analysis
• Managed and coordinated activities for multiple Data privacy information security.
• Responsibilities for CSIRT included SIEM, Context Filtering, Web Security, Incident Tracking, IPS/IDS and Malware Analysis.
• Support IT teams based on latest risks and possible remediation. Involved in integration of Splunk with Service Now, Active directory and LDAP authentication
• Used Splunk Deployment Server to manage Splunk instances and analyzed security-based events, risks & reporting.
• Deploy, configure and maintain IBM QRadar forwarder in different platforms.
• Ensuring that the application website is up and available to the users.
• Continuous monitoring of the alerts received through mails to check if all the application servers and web servers are up.
• Responsible for testing vulnerability updates for all releases and patches of IBM QRadar SIEM.
• Integration of IDS/IPS to SIEM and analyze the logs to filter out False positives and add False negatives in to IDS/IPS rule set.
• Responsible for performing vulnerability assessment on critical systems using Qualys.

Confidential, Newport Beach, CA

Cyber Security Operations Analyst

Responsibilities:

• Managed DLP solution which included configuring and fine tuning DLP filters. Took action on alerts generated off of DLP.
• Creates and implements new insider threat processes as appropriate
• Remains current on cyber security best practices, news, issues, vulnerabilities and threats
• Supports activities related to the implementation and use of tools for insider threat intelligence gathering, analysis, and reporting.
• Performed Vulnerability Assessments using - Kali Linux / Metasploit / BurpSuite / Paros / SQLmap and many open source tools.
• Proficient in detecting application level vulnerabilities like XSS, SQL Injection, CSRF, authentication flaws etc both through automation and manual testing.
• Identified issues on session management, Input validations, output encoding, Logging, Cookie attributes, Encryption, Privilege escalations
• Participating during major incidents to support the primary Incident Manager with outage communications and logging incident timeline and other key information during an incident.
• Configures Smart Connectors on ArcSight Connector Appliance.
• Configuring and administering Arcsight loggers, ESM, and database systems.
• Used ArcSight Loggers/ESM on daily basis to investigate security alerts
• Processes vulnerability and threat data from a variety of internal and external sources to provide actionable intelligence to internal consumers.
• Create and implement Splunk Enterprise Security use cases for the Insider Threat team.
• Monitor network traffic off of QRadar SIEM and Sourcefire IDS tools for any suspicious activity.
• Experience in handling security events that affect VMware systems, applications, infrastructure, information and users using Splunk Enterprise Security.
• SIEM: Building software & application to enhance SOC operations and cohere Threat Intel interactions. Creating custom data visualization tools to interpret data correlated from event logs. Designing & implementing security content/use-cases on SIEMs, utilizing various event log sources. Delivering solutions, maintenance and support to currently deployed SIEM engines.
• Performed information security incident response and incident handling based on Working with multiple clients on Real time threat management using SIEM and solutions. Categorization and in accordance with established procedures
• Integration of different devices/applications/databases/ operating systems with SIEM.
• Monitors agencies sensors and SOC (Security Operation Center) systems for incidents and malicious activity.
• Analyze escalated email events including phishing and malware, and escalate as necessary
• Understanding and evaluating the cyber threat landscape, and assess what threats are most relevant to respective client
• Supplying actionable recommendations to other teams within the Cyber Security Center, to bolster cyber security efforts
• Managing indexes and cluster indexes, Splunk web framework, data model and pivot tables.
• Performed troubleshooting and/or configuration changes to resolve Splunk integration issues.
• Writing Splunk Queries, Expertise in searching, monitoring, analyzing and visualizing Splunk logs.
• Experience in alert handling, standard availability and performance report generation.
• Configured and scheduled Qualys Scanner in QRadar to perform scan on regular intervals
• Vulnerability Management by scanning, mapping and identifying possible security holes using Qualys Guard and Nessus scanner.

Confidential, Mahwah, NJ

Information Security Analyst

Responsibilities:

• Manage daily operational service monitoring activities over of the SOC security infrastructure.
• Daily monitoring of event collection, security intelligence and emerging threat information sources including SIEM, vendors, researchers, websites, newsfeeds and other sources.
• Create new/tune existing correlation searches and notable events in Splunk Enterprise Security.
• Perform threat hunt activities using various logs in Splunk (Windows events, network).
• Create new content and manage existing notable events in Splunk Enterprise Security → Worked with Security Operations Centre (SOC) to fine-tune the False-Positives from the existing SIEM Rules.
• Working with Security Operations Center (SOC) to find the existing log gaps and provide a better data analysis to increase the overall security coverage.
• Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality.
• Security assessment of online applications to identify the vulnerabilities in different categories like Input and data Validation, Authentication, Authorization, Auditing & logging.
• Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite, and HP Web Inspect.
• Conducts regularly review of Global Security Incidents as well as reports and update the same to the internal teams.
• Root cause analysis for detected network intrusions, malware infections, and various identified anomalous activities.
• Helped Customer configure and maintain their email security and anti-Spam solutions using Symantec Messaging Gateway and Symantec Mail Security for Microsoft Exchange
• Manage Splunk Enterprise to collect, monitor, and analyze machine data.
• Performed/Assisted in installation, configuration, troubleshooting and maintenance of SIEM Agents, Log Managers/Collectors, and SIEM Central Managers/Aggregators.
• Deploying Splunk; creating Port mirroring/ installing Splunk/ Install Stream Application on Splunk/ Setting up Sys log in Cent OS/ installing Universal Forwarder.
• Used Splunk Enterprise Security for real time monitoring, to prioritize the acts and for rapid investigations. Worked with SIEM team monitoring notable events through Splunk ES.
• Deploy, configure and tune Flow data within SIEM; must also document how such data is to be used during event triage.
• Network Monitoring and security scanning utilizing Nessus Vulnerability scanning.
• Handling SIEM events and response in critical environments (Email Threat Analysis, Web Threat Analysis, Malware Analysis, etc.).
• Analyze multiple network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine and apply proper remediation actions and escalation paths for each incident.
• Performed investigation, analysis, reporting and escalations of security events from multiple sources, including events, like intrusion detection, firewall logs, proxy logs, and web servers.
• Responsible for monitoring and, providing analysis in a 24x7x365 using various SIEM, IDS/IPS tools.
• Provide network intrusion detection expertise to support timely and effective decision making of when to declare an accident.
• Actively monitored and responded to activity impacting various enterprise endpoints facilitating network communication and data handling (McAfee End Point Security, DLP, Splunk)
• Data Loss Prevention suit, Symantec DLP Product - Implementation and deployment as the champion team.
• Gained experience with Symantec DLP Software: DLP Cloud Prevent for Microsoft Office 365, DLP.
• Assisted engineers with Splunk troubleshooting.
• Created Splunk dashboards for investigations
• Monitor and investigate SOC incidents and alerts with McAfee EPO.
• Document all activities during an incident with status updates during the life cycle of the incident.
• Analyze network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.).
• Provide information regarding intrusion events, security incidents, and other threat indications and warning information.
• Design DLP architecture and handle Third party Risk Assessment and Managed SOX audits

Confidential

Security Analyst

Responsibilities:

• Monitored and investigated suspicious network activities, endpoints and threats utilizing a variety of tools such as ArcSight, Splunk, Carbon Black, FireEye, Cisco Talos, WireShark and Nessus
• Installation, Configuration, up gradation, troubleshooting & maintaining Antivirus Products from Symantec
• Experience with deployment of Symantec DLP- Endpoint Prevent, Network Prevent for Email, and Network Prevent for Web, Network Discover, and ITA.
• Responsible for supporting customers with Symantec products including Ghost Solution Suite, Deployment Solution, and Symantec Endpoint Protection
• Deploying Cisco WSA and Bluecoat ProxySG (Web Security Appliance) S170 for URL Filtering Policies.
• Experience working on network monitoring tools like, SOLAR WINDS, CISCO works, Wireshark and Splunk.
• Worked on SIEM, as well as solar winds, Symantec end to end point security for malware detection and threat analysis.
• Cleaned Symantec Anti-virus environment and brought previously unprotected machines into compliance with security policy
• Configuring rules and maintaining Palo Alto firewalls and analysis of firewall logs using various tools.
• Investigated network access errors as well as network logs using Splunk.
• Promoted awareness of information security issues among system owners and executive leadership to ensure they understand and adhere to systems security policies and procedures.
• Defined, established and managed security risk metrics and track effectiveness.
• Performed periodic reviews of process controls and technical controls to ensure.