SUMMARY

• Cyber Security Analyst with experience in Analyzing Security Incidents, Vulnerability and Penetration Testing, Network Monitoring, Information Security & Network Security functions.
• Experience with industry recognized SIEM (Security Information and Event Management) solutions such as Alien Vault, Splunk, Knowledgeable in FEDRAMP, Risk Management Framework (RMF) Processes and Workflow.
• Skilled in assembling security authorization package using NIST SP 800 - 60 Vol 2, FIPS 199, NIST SP 53 Rev 4, FIPS 200, NIST SP 800-18, NIST 53A, NIST SP 37 and NIST SP 137. Proficient in the preparation and updating of System Security Plan (SSP), Security Assessment Plan (SAP).

TECHNICAL SKILLS

• Security Standards-FISMA, OMB, PCI/DSS, NIST, HIPAA, SANS20, OSI/SECURITY TOOLS
• MacAfee EPO, MacAfee, Splunk, Wireshark, Snort, Tenable Nessus, Service Now, Remedy
• FISMA ARTIFACTS
• ALL Applicable NIST 800 Series e.g. FIPS 199& 200, SORN, E-Authentication, PTA, PIA, Risk Assessment, SSP, CP, CPT, ST&E, SAR, POA&M, ATO, NIST Series
• OS-Windows, VMware, Windows server 2012, MICROSOFT OFFICE
• Excel, Word, PowerPoint, OneNote, Outlook 365
• Vulnerability scanning using NESSUS, Web Inspect and NextPose

PROFESSIONAL EXPERIENCE

SOC Analyst

Confidential

Responsibilities:

• Perform cyber defense activities, evaluate and lead in deploying new security tools
• Provide communication and feedback on enclave security posture based on client defined needs and requests
• Separate true threats from false positives using network and log analysis and escalate possible intrusions and attacks
• Initiate tickets, document, and escalate to higher-level security analysts
• Perform triage of incoming issues (assess the priority, determine risk).
• Work with customers to deploy hardware and software monitoring systems
• Maintain a strong awareness of the current threat landscape.
• Provide information on security posture and threat activities to security management, auditors, and client
• Analyze and respond to security events and incidents from SIEM, Firewall, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Antivirus, Network Access Control (NAC) and other client data sources.
• Investigate security events forwarded from Level I Analysts and clients for security risk.
• Conduct tuning engagements with security engineers to develop/adjust SIEM rules and analyst response procedures.
• Escalate incidents and diagnose.
• Respond to inbound requests via phone, policies, procedures, and security practices.
• Resolve problems independently and understand the escalation procedure.
• Analyzed firewall logs, IPS and IDS logs to uncover malicious activity going on within the network. Initiate and recommend corrective actions to the CIRT team. I worked with the incident response team establishing processes and procedures that the team follows in response to incidents like data breaches, data leakage, virus outbreak and unauthorized access.
• Performed various functions like IP block, URL block, user agent block, application blacklisting and whitelisting using Palo Alto firewalls and Sourcefire IPS. Coordinate with the CIRT team to investigate and resolve security incidents.
• Ensured that users are trained on PCI/DSS and HIPAA (how to securely store, access, transmit and distribute PII, PHI and credit card information). Ensure that firewalls and intrusion prevention systems are performing data filtering to comply with PCI/DSS and HIPAA regulations.
• Performed vulnerability management using McAfee Vulnerability Manager. Actively and passively scan systems to uncover vulnerabilities and generate report on various systems. Perform monthly, quarterly and ad hoc scans and generate reports. Follow up with users to ensure that remediation efforts have been undertaken. Work in a 24/7 environment to ensure timely response to various security incidents and deliver excellent customer service.
• Created effective rules in SIEM ArcSight tool to capture real threat events and fine-tuned to avoid false positive alerts.
• Using SCCM for software Deployment and data monitoring
• Handles end users, report Incidents, problem ticketing and change management ticketing with respect to Network Security within the agreed SLA.
• Familiarity with Sarbanes-Oxley (SOX), Gramm-leach Bliley Act, PCI-DSS, FISMA, NIST 800 Series, ISO/IEC 27000 regulatory policies and guidelines.
• Implement data filtering and application firewalls to filter credit card numbers, social security numbers to comply with PCI and HIPPA.
• Provide end to end support of F5 BIG IP ASM for web application security
• Application Onboarding and Offboarding
• Application Certificate renewal
• Deployment of attack signatures to remediate against known and zero-day vulnerabilities
• Creation and Deployment of irules to manipulate application traffic
• Patches and Upgrades
• Deployment of security policies
• Performing Geoblocking activities based on IP reputation
• Provide end to end support of Cisco Ironport Email security Appliance
• Message and email tracking
• Creation and deployment of custom HAT policies
• Deployment of various email security mechanisms like DMARC, DKIM, SPF authentication, trusted partners, authenticated partners and TLS partners
• Whitelisting, Blacklisting and Quarantining of emails, IP and domain names
• Performing appliance upgrades, patches and hotfixes
• Provide end to end support of DUO Security for multi factor authentication
• Onboarding applications using various integration patterns like RADIUS, LDAPs, SSO, ADFS
• Troubleshooting users and applications’ authentication issues
• Performing patches and upgrades on the DUO Authentication proxy
• Deployment of Security policies
• Provide end to support for Symantec Protection Engine for AV Scanning
• Onboarding applications on the Symantec Protection Engine platform
• Troubleshooting issues arising during AV scanning
• Performing patches and upgrades
• Provide end to support for Guardium for Database Activity Monitoring
• Configuration of Policies
• Blacklisting and whitelisting of users
• Responding to malicious attempts on databases
• Monitoring of the STAP process
• Troubleshoot any issues arising in the deployment, configuration changes and patch activities.
• Coordinate and run Disaster Recovery exercises with Engineering, network and application teams
• Develop runbooks, knowledge articles and standard operating procedures(SOP) for operational support
• Mentor and coach junior team members

Information Security Analyst

Confidential

Responsibilities:

• Performed security control assessment using NIST 800-53A guidance.
• Developed Security Assessment Plan in preparation for the security control assessment.
• Conducted vulnerability and compliance scans of the applications and network using Nessus.
• Developed Security Assessment Report to document vulnerabilities and findings from the system document review, interview with system personnel, and the Nessus scan.
• Reviewed the system security documents for compliance, this include the System Security Plan, Risk Assessment Report, Security Assessment Plan and Report, Contingency Plan, Incident Response Plan, Configuration Management Plan, etc.
• Developed and maintained the Plan of Action and Milestones POA&M and support remediation activities, this include review of POA&M for closure.
• Aided continuous monitoring by generating Risk Assessment (RA) and updating System Security Plan and ensured security controls and supported evidence are in place.
• Supported the System Owners and ISSO in preparing Certification and Accreditation packages for the IT system and secured sensitive security systems complied with NIST Special Publication 800-53 requirements.
• Review, evaluate, Develop and update ATO packets for compliance such as BIA, RA, CPT, CP, CMP, PIA, SAR, SAP, PTA, IR, MOU, ISA and POA&Ms, SSP, DRP and SLA
• Support VA Client with Traveling and Assessing VA Facilities Internal Security Controls to determine the extent to which they are implemented, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the systems and Facilities