SUMMARY

• Experienced Cyber Security Consultant with Seven years of IT experience with a focus on designing and developing security solutions.
• Experience in analyzing Security logs generated by Intrusion Detection/Prevention Systems, firewalls, network flow system, and Anti - virus.
• Skilled & technically proficient with multiple firewall solutions, network security, and information security practices.
• Expertise in improving the Risk and Control functions against Governance, Risk Management and Compliance (GRC).
• Supported the information security audit and third-party assessment initiatives during planning, execution, and remediation phases, as well as coordinating and tracking remediation activities.
• Become a trusted advisor in Symantec DLP with our customers and clients.
• Successfully fulfilled business requirements to protect data leakage from Data-at-rest, Data-in-use and Data-in-motion.
• Experience in Implementing and managing Symantec Data Loss Prevention version 14.6, 15.0, and15.0 MP1.
• Extensive experience with Symantec DLP architecture and implementation for enterprise level.
• Experience with Symantec DLP upgrades and patches.
• Implementing and supporting several of the following McAfee products: ePO, VSE, ENS, DLPe, HIPS
• McAfee Engineer on proof of concept / pilot of Device Control in McAfee Data Loss Prevention (DLP), McAfee Move.
• Develop McAfee related SOPs (standard operating procedures).
• Provided real time intrusion detection host-based monitoring services using Symantec End point.
• Deployed in the cloud and on-premises using Amazon Web Services (AWS) and Single- Server Support.
• Configured and deployed Symantec HIDS on Windows Server 2008 and 2012 and desktops.
• Experienced with Symantec DLP Policies (DLP templates) compliance and regulation standards such as SOX, PCI, and HIPAA.
• Installed and maintained security infrastructure, including IPS, IDS, log management, and security assessment systems. Assessed threats, risks, and vulnerabilities from emerging Security issues.
• Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Experience in integrating Data Loss Prevention (DLP) policy between the CASB and network DLP to improve policy uniformity and consistency.
• Configuration and maintenance of SIM/SIEMS tool - QRadar, Splunk & Arcsight.
• Industry Experience with SOC and 24/7 operations.
• Lead the definition and implementation of POCs around PKI and other certificate related technologies
• Penetration Testing: Conduct manual security assessments on web applications, perimeter networks, and internal networks and identify critical vulnerabilities to discuss with information technology teams to understand the risk, resulting in speedy remediation.
• Hands on skills include end-to-end security management (security aspects in all stages of product development) and end-to-end product development (from functional design of the system to testing and deployment).

TECHNICAL SKILLS

Security Software: Nessus, Ethereal, NMap, Metasploit, Snort, BASE.

Frameworks: NIST SP 800-171, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS.

Security Technologies: Symantec DLP, MacAfee EPO, Qradar, Splunk

Qualys Continuous Monitoring: Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance.

Event Management: RSA Archer, Blue Coat Proxy, Splunk

PenTest Tools: Metasploit, NMAP, Wireshark and Khali

Frameworks: NIST SP 800-171, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS

Security: McAfee epo, Symantec DLP, Log Rhythm, Tanium

Firewalls: Check Point, ISA 2004/2006, Palo Alto PA 3000/5000

Operating Systems: Windows, NT, Windows 98/XP/ 2000/2003/2007 , MS-DOS, Linux

PROFESSIONAL EXPERIENCE

Confidential, Stamford, CT

Sr. Security Consultant

Responsibilities:

• Installed and configure Symantec DLP to protect confidential Data in motion, Data in use, and Data at rest.
• Work closely with the information security team and security project management office to roll out a DLP solution in compliance.
• Administration and initial configuration of Symantec DLP and CASB cloud security.
• Implementation and support of DLP (Data Loss Prevention) Security tools like Symantec NDLP and Skyhigh CASB for Amazon AWS Implement, troubleshoot, integrate, and support vulnerability management, Data Loss Prevention (DLP), Cloud Access Security Broker (CASB)
• Planning, risk and control assessment of Skyhigh CASB to enhance visibility to user interaction to enterprise data in the cloud.
• Performed three tiers Installation of Symantec DLP for Production.
• Upgrade Symantec DLP version 15.0, 15.0.1 MP1, and 15.1.
• Installed and configure Enforce Server Administration console to manage Endpoints, policies, policy rules, Agent groups, Incidents, manage DLP servers, and etc.
• Installed and Configure Endpoint Prevent and Discover detection server to protect Data in use.
• Performed vendor File share scan with Symantec DLP by setting up Site-to-site VPN.
• Create connection to LDAP servers, Configure Active directory server connection, and schedule directory server indexing.
• Implement daily standard operating and sustainment procedure (e.g. DLP system health check, policy/rule tuning/implementation, policy and Incident maintenance, event categorization, and Incident reporting).
• Troubleshoot Symantec DLP Issues and provided support remotely for DLP issues.
• Customized and fine-tuned DLP policies to reduce rate of false positives in alerts and align them with business needs incident response. Configure HIPPA, HITECH, PII, PCI, SOX, and PHI policies and rules.
• Configuring, implementing and maintaining all security platforms and their associated software, such as routers, switches, firewalls, intrusion detection/intrusion prevention, anti-virus, and SIEM.
• Involved in Security Operation, Vulnerability and Risk Assessment, alerting report generation and analysis with various security tools (Splunk, McAfee ePO, Symantec DLP, Imperva, Sourcefire (IDS/IPS), FireEye. Bluecoat Proxy, etc
• Responsible for performing application whitelisting using Microsoft and MacAfee Applocker tools.
• Consolidating analysis of suspicious Splunk data security event logs (Windows Defender, AppLocker, Audit Events, successful malicious.
• Experience with AppLocker, Host Intrusion Protection (Anti-Virus), instruction to users and event logs.
• Responsible for capturing security and privacy requirements for clients to be compliant with Payment Card Industry (PCI)
• Install and configuring SSL certificates on new and existing McAfee ePO servers.
• Migrated Symantec 12.1 Endpoint Protection to McAfee ePO Orchestrator 8.8 Endpoint Protection
• Intelligence gathering, incident response, malware analysis and Malware Analysis.
• DLP Profile deployment report for detecting servers and Update DLP policies - Incident Analysis
• Excellent Understanding of upgrade SIEM ( ESM, ELM, Receivers)
• Performing periodic vulnerability testing and assisting in remediation efforts.
• Responsible for installing, deploying, and tuning the DLP solution for the enterprise to include Endpoint and Network DLP solution.
• Utilize ArcSight SIEM to monitor and investigate security-related incidents
• Engineering, configuring and deploying Enterprise SIEM/SEM solutions.
• Manage Splunk (SIEM) configuration files like inputs, props, transforms, and lookups. Upgrading the Splunk Enterprise and security patching.
• Create policies, alerts and configure using SIEM tools (Splunk )
• Monitor and investigate security incidents and alerts with arcsight, FireEye, Palo Alto, Source Fire and McAfee EPO.
• Identified, documented and investigated suspicious events in intrusion detection systems (IDS) and SIEM tools.
• Plan, deploy, modify and update IDS/IPS systems for the entire network.
• Well versed in working within PCI and HIPAA regulated networks.
• Experience in supporting Symantec Endpoint Protection 12.1 workstation clients in an enterprise environment. Installation, configuration, and day-to-day management of Symantec Endpoint Protection
• Installed and maintained security infrastructure, including IPS, IDS, log management, and security assessment systems. Assessed threats, risks, and vulnerabilities from emerging Security issues.
• Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level.
• Designed Symantec DLP architecture, implemented Symantec DLP.
• Worked with Symantec DLP upgrades and patches.
• Monitoring and analyzing network traffic, Intrusion Detection Systems (IDS) and Instruction Prevention Systems (IPS), security events and logs.
• Analyzed threats to corporate networks by utilizing SIEM products (Arcsight and LogRhythm) to assess the impact on client environments.
• Provided leadership in architecture and implementing security solutions towards Qualys and SIEM tools like Arcsight, Solutionary and LogRhythm.
• Incident handler for the CIRT, including log analysis, forensics, and malware investigation
• SOC and/or CIRT operational experience

Confidential, San Diego, CA

Information security analyst

Responsibilities:

• Experience in Security Incident handling SIEM using RSA Envision and Confidential QRadar products.
• Security incidents to provide management oversight to the incident process.
• Implementing cloud access security broker (CASB) solutions to act as central control points to set policy, monitor behavior, and manage risk across all cloud services simultaneously
• Perform tuning of the Security Incident and Event Manager (SIEM) filters and correlations to continuously improve monitoring.
• Responsible for working with Endpoint Management team to manage software deployment to PCs using tools such as 2008/2012 Active Directory, Microsoft WSUS patching, Anti-virus and endpoint protection using McAfee ePO. Creation and management of PC Build Images WinXP and Win7, and application for PCI security policies.
• Procedure all deployment and step by step document for all ePO related troubleshooting
• Configure new repositories for multiple regions. Set up the band width to stabilize the network traffic.
• Deploy Agent, and VSE package from the ePO console to fix the corrupt Agents/VSE
• Troubleshoot all kind of issue related with McAfee and ePO.
• Constant interface with customers to expedite resolution and remediation of phishing attempts and malware events.
• Expert Understanding to develop the complex Use Cases, Universal device support Modules on the QRadar SIEM. Expert in installing and configuring Splunk forwarders on Linux, UNIX and Windows.
• Expert in installing and using Splunk apps for UNIX and Linux (Splunk nix).
• Experience with deployment of Symantec DLP- Endpoint Prevent, Network Prevent for Email, and Network Prevent for Web, Network Discover, and ITA. In-depth experience with Symantec DLP in an enterprise environment. Experience with architecting Symantec DLP Platforms. Experience analysing Symantec DLP events and reports. Experience tuning Symantec DLP to reduce false positives and improving detection rates.
• Provided penetration testing for PCI, SOX, HIPAA, and compliance with ISO 27000.
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Monitoring and remediating daily security alerts generated by end users with the tools like Intel/McAfee SIEM, ForcePoints Websense, and Intel/McAfee EPO 5.X and also responsible for effectiveness of tools and scans, as well as assessing and tracking risk of exposure.
• Manage Splunk (SIEM) configuration files like input, props, transforms etc.
• Upgrading the Splunk (SIEM) Enterprise and security patching.
• Well versed in both remote and on-site user Splunk (SIEM) Support
• Centralizing the storage and interpretation of logs using Splunk(SIEM) System
• Vulnerability Management: Configured Qualys Guard Tool for Vulnerability Analysis of Devices and Applications. Monitored them constantly through the dashboard by running the reports all the time.
• Installed, Configured Symantec End Point Protection on laptops used for remote connectivity
• Familiarity with security and testing tools such as Burp Suite, Nmap, Zenmap, OpenVAS, Nessus
• Used remediation techniques for all collected vulnerabilities and if it is very high severe vulnerability
• Provided leadership in architecting and implementing security solutions towards SIEM tools like Splunk.
• Prepared, arranged and tested Splunk search strings and operational strings. Created and configure management reports and dashboards
• Splunk Engineer/Dashboard Developer responsible for the end-to-end event monitoring infrastructure of business-aligned applications
• Designed and implemented McAfee Data Loss Prevention (DLP) across all end-points. Created policies and keyword dictionary to safeguards intellectual property and ensures compliance by protecting sensitive data.
• Assisted in upgrading 5 McAfee ePO servers from ePO 5.1.1 to ePO 5.3.1
• Expertise in the utilization, configuration, and implementation of industry capabilities including web content filters, email security capabilities, IDS, IPS, Host Based Security System (HBSS), SEIM security practices.

Confidential, Jersey City, NJ

Security Analyst

Responsibilities:

• Setup scan for confidential data stored on the endpoint including laptops and desktops in order to inventory, secure, or quarantine data.
• Monitors and blocks confidential data from being transferred, sent, copied, or print by desktops or laptop PC users.
• Managed universal Symantec DLP policies with a centralized platform for detection, incident remediation workflow and automation, reporting, system management and security.
• Manage system events and messages. Worked with saved system reports, configure event thresholds and triggers, enable syslog server, log review, configure system alerts, and configure enforce server to send email alerts.
• Manage the Security Incident and Event Management (SIEM) infrastructure
• Design, Deploy, support and maintain Splunk cluster infrastructure in a highly available, geo-redundant configuration Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the firm's enterprise security platforms
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Analyze network traffic and various log data and open source information to determine the threat against the network required response, containment, investigation, and remediation.
• Responsible for incident response, tuning, system administration, operations and maintenance of the Security Incident and Event Management (SIEM) system
• Experience with deployment of Symantec DLP- Endpoint Prevent, Network Prevent for Email, and Network Prevent for Web, Network Discover, and ITA. In-depth experience with Symantec DLP in an enterprise environment. Experience with architecting Symantec DLP Platforms. Experience analyzing Symantec DLP events and reports. Experience tuning Symantec DLP to reduce false positives and improving detection rates
• Responsible for DLP Policy creation, testing and implementation to protect client data information leakage
• Created Standard operating procedures for DLP SMTP(Email), HTTP/s(WEB), SharePoint Incident investigation, third party domain whitelisting, DLP Access provisioning and Incident Response
• Cleaned Symantec Anti-Virus Environment and brought previously Unprotected Machines into Compliance with Security Policy.
• Monitor the performance of Splunk via the Splunk Monitoring Console.
• Push configurations and updates to multiple Splunk Enterprise instances via the Splunk Deployment Server
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Implemented multiple tools including Symantec DLP, and QRadar SIEM.
• Conceptualize and implement end-user DLP training materials, enterprise-wide encryption system, Symantec Data insight integration, and Symantec DLP/data security environments support.
• Risk analysis and security control gap analysis from information & network security perspective.
• Managing security incidents in the organization, key member of Incident Response Team.
• Managed day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.

Confidential

Technical associate - Information security

Responsibilities:

• Data Loss Prevention suit, Symantec DLP Product - Implementation and deployment as the champion team
• Deployment of Data loss prevention across the network - Data in motion, Data in Use & data at Rest servers
• Reviewed encryption logs and DLP logs to regulate use base technological risk violations
• Analyzed the Network Attack, blocks, detects and regular Health Checkups in the real environment
• Prepared the Knowledge Transfer document of Process and Technical specifications guide for the Transition/Internal purpose
• Data Loss Prevention suit, Symantec DLP Product - Implementation and deployment as the champion team
• Deployment of Data loss prevention across the network - Data in motion, Data in Use & data at Rest servers
• Performed tuning of Symantec DLP to reduce false positives and improving detection rates
• Network Access Control - Implementing a secure solution to identify network devices and profiling the Network devices to allow or disallow access based on the device type
• Signature Updates Deployment on the Management Components and all the Individual IPS/IDS devices
• Intrusion Prevention System - IDS/IPS Implementation and Upgrade for Site Protector
• Refined IPS Policy and Creating Rules according to the Security Standard