SUMMARY

• Information Security Analyst/ Threat Engineer with more than 6+ years of experience in analyzing Security Incidents, Vulnerability and Penetration testing, Network Monitoring, Information Security & Network security functions.
• Experience with industry recognized SIEM (Security Information and Event Management) solutions such as NITRO, Splunk, Arcsight, LogRhythm, McAfee, Symantec, QRadar and many other tools.
• Commendable experience in auditing, implementing & managing HIPAA, SOX, ISO, NIST, PCI DSS, SAS 70 I & II Standards/Guidelines.
• Administered Splunk (SIEM), ARCOS (Privilege Identity Management), DLP (Symantec), Imperva WAF tools.
• Hands on Experience with Rapid7 Nexpose, Metasploit and ForcePoint and Splunk. Security Manager to identify threats and assigned category.
• Experience configuring and deploying McAfee modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM.
• Worked using McAfee best practice standards for OWASP top 10 CIS CSC, DLP, Data classification, and Encryption standards for Contractors and employee's.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Vulnerability Management: Configured QualysGuard Tool for Vulnerability Analysis of Devices and Applications. Monitored them constantly through the dashboard by running the reports all the time.
• Monitor and investigate SOC incidents and alerts with Splunk, Sourcefire and McAfee EPO.
• Hands on Experience with Security frameworks such as NIST SP 800 - 37, HIPAA, PCI-DSS, SOX and industry standards ISO 27001, HITRUST, HITRUST CSF and PCI DSS and ISO 22301
• Experienced on the technical delivery side of Governance Risk and Compliance (GRC) projects
• Configured and deployed Symantec HIDS on Windows Server 2008, 2012 and 2014 and desktops.
• Provided training to internal SOC team on hand-off of SIEM product and Handling Symantec Encryption Desktop related tickets or issues.
• Determined enterprise information assurance and security standards
• Used SIEM threat analyst in a managed service security operation center (SOC), triaging cyber threats utilizing Splunk, QRadar, Splunk, McAfee Enterprise Security Manager (ESM) and various Cloud security tools.

TECHNICAL SKILLS

DLP: Websense, Symantec & McAfee

End Point Security: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Symantec Antivirus, HIPS, Encryption, HDLP, Malware Analysis, Advance Threat Protection

IPS/IDS: McAfee IPS, SNORT

SIEM: Splunk, IBM QRadar, Arcsight, Nitro Threat Q

MSS: Vulnerability Assessment, Content Filter, Antispam, IDS/IPS Management

Vulnerability Management Tools: Nessus, Nmap, Nexpose, Wireshark, Fortify

Security Tools: Splunk, McAfee Vulnerability management solutions, Nessus, Solarwinds, LogRhythm

Platforms/Applications: Continuous Monitoring Vulnerability Management, Web Application Scanning, Threat Protect, Blue Coat Proxy, LogRhythm, Burpsuit, NMAP, Wireshark

Content Protection: Email Security, Web Security, Application Security

Frameworks: NIST SP 800-171, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS

PROFESSIONAL EXPERIENCE

Confidential, Atlanta, GA

Sr. Cyber Security Engineer

Responsibilities:

• Analyses detected vulnerabilities and vendor reported vulnerabilities for applicability, severity, and solutions.
• Opened, Assigned and closed the tickets assigned in SOC Security Management Console towards Qualys for various Remediation Process and Patch Management Process.
• Conducted Vulnerability assessment for network using Nessus and N-Map.
• Performed penetration testing for external facing web applications. Security areas covering DMZ architecture, threat modelling, secure coding practices (i.e., OWASP standards) and vulnerability analysis were assessed for company's internal applications.
• Performed annual deep penetration testing of digital products on a prioritized basis.
• Responsible and documenting deliver penetration testing reports that are consumable by product team engineers and digital product managers.
• Demonstrated capabilities to right size the scope and testing needs to the circumstances of the product team.
• Develop and implement a tiered testing model to assist product teams in their crawl walk run journey of cyber maturity as appropriate.
• Provide technical mentorship and extensive testing resource as needed to up-level the view into the on-going hardening footprint of IoT and Digital Product systems (including all device, web, and mobile components).
• Responsible for Training, guiding, and mentoring junior to mid-level developers
• Preparing soft skills to enhance the esteemed learning process provided by the company

Confidential, Sacramento, CA

Sr. Cyber Security Analyst

Responsibilities:

• Executed daily vulnerability assessments, threat assessment, mitigation and reporting activities to safeguard information assets and ensure protection has been put in place on the systems.
• Consulting for security assessments, recommendations and remediation using HIPAA, PCI DSS, COBIT, ISO 27001/2 and NIST frameworks
• Provided leadership in architecting and implementing security solutions towards Qualys and Splunk.
• Highly skilled in Splunk to build, configure and maintain different environments and in-depth knowledge of log analysis generated by various operating systems.
• Scheduled scans by making Asset Groups and Scan Schedule Option in Qualysguard and record issues occurring during scan. Also, schedule ad hoc scans using Option Profile.
• Conceptualized and implement DLP Program and policies.
• Managed enterprise security systems, identifying key security risks, reporting risks to management with recommendations for corrective action utilizing NIST frameworks.
• Automated the centralized detection of security vulnerabilities with scripts for Vulnerability assessment tools like Qualys guard and Splunk.
• Conduct Malware analysis and investigate behavioral characteristics of each incident utilizing IDS monitoring tools.
• Worked on multiple RSA Archer solutions i.e., Business Continuity, Compliance, Audit, Policy, Risk and Vendor Management including Findings and Issues Management, Risk Register, Risk Control Self-Assessment and Security Operations.
• Performed regular review and recertification of DLP Policies, TLS Domain whitelisting, SOP for enhancement with BU Risk.
• Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce the risk of vulnerability to IT assets.
• Documentation regarding DLP administration, scanning, reporting, and remediation.
• Monitored the Splunk system by identifying terrible missions, dashboards and wellbeing of Splunk and collaborate with individual gatherings to upgrade execution
• Symantec DLP and RSA DLP architecture and implementation for enterprise level companies.
• Monitored, analyzed and respond to network incidents and events. Participated in disaster recovery implementation and testing under NIST framework, HIPPA, & HITECH standards.

Confidential, Concord, CA

Cyber Security Threat Intelligence Analyst

Responsibilities:

• Analyzed network traffic using a SIEM. Using intelligence tools, apply attribution to IOCs or actor behaviors.
• Utilizing security tools like IBM QRadar, ThreatQ and resources to determine if PG&E systems are vulnerable.
• Proactively hunting for and research potential malicious activity and incidents across multiple platforms using advanced threat network and host-based/open source tools
• Assisted in collection of evidence for the SOC and OCC Audits. Also helped in manual testing for the password parameters of applications under SOX scope.
• Identified confidential and sensitive data (PII, PCI) using IDU data classification framework and generated reports for management review and recertification.
• Use both internal and external threat intelligence to build indicators of compromise into monitoring tools, be able to integrate these tools with one another to provide data enrichment.
• Actively preparing All Intelligence Meeting (Collecting latest Trends in Cyber Security Space), sharing the information with the all the SIOC (Security Intelligence & Operations Center) team folks.
• Collected Intelligence feeds from paid sources like FireEye, Crowdstrike, Proofpoint, Palo Alto, Recorded Future, Secureworks, opensource platforms like Alienvault, Trend Micro, My Online Security etc. and hunting for the indicators that are targeting PG&E infrastructure.
• Utilized Threat Intelligence Platform and other OSINT sources such as news articles and research papers to pull IOCs and conducted searches in McAfee ESM.
• Troubleshoot issues in SAP and applied SAP notes as required and other GRC related activities.
• Worked to improve logging in our SIEM and helped create better visibility across our network through McAfee ESM.
• Created Security Test Labs including Honeypots and Virtual Machines to catch malicious hacker IP’s, domains.
• Conducted system security assessments based on FISMA, NIST and HIPPA/PCI DSS Compliance.
• Developed ISO-based controls that address regulatory requirements associated with PCI, HIPAA and SOX.
• Maintain and employ a strong understanding of advanced threats, continuous vulnerability assessment, response and mitigation strategies used in cybersecurity operations
• Performed daily review and escalation of Data Loss Prevention (DLP) incidents using Symantec DLP.
• Conducted system security assessments based on FISMA, NIST and HIPPA/PCI DSS Compliance.
• Analyzed and researching about latest threat actors like APT28, APT29, APT30, APT32 (campaigns from Russia, China, Vietanam respectively) that are potentially targeting the company’s assets & as a threat analyst preparing the countermeasures in order to outplay the threat actors.
• Used extensive TCP/IP networking skills to perform network analysis to isolate and diagnose potential threats and anomalous network behavior.
• Prepared the reports like Daily Actionable intelligence reports, Weekly Actionable Intelligence reports based on the number of IOC's and TTP's that are actioned on daily & weekly basis & sending them over to the supervisors, management for their review & feedback.

Environment: ThreatQ, IBM QRadar, McAfee EPO, Symantec EDS, Proofpoint, MISP (Open Source Malware Information Sharing Platform)

Confidential, Austin, TX

Information Security Analyst/ Threat Analysis / Risk Remediation

Responsibilities:

• Developed and refined procedures for Monitoring, Detecting, Reporting, Logging and Investigating Information Security Breaches
• Worked on SOC department which runs 24*7 days and able to analyze all security incidents
• Resolved Incidents while investigating & troubleshooting root causes
• Supported the implementation of RSA Archer 6.2 Regulatory and Corporate Compliance, Incident, Task and Risk Management Solutions/Use Cases and maintenance of technology for the Compliance Management.
• Worked on SAP GRC Access control Administrator activities for components ARA, EAM & ARM, perform support activities & rollout to other regions/systems.
• Investigated and researched events using SIEM (Security Information and Event Management), correlating with FW, IPS/IDS, Symantec ProxySG, Proofpoint, WAF and Web logs.
• Performed Symantec ProxySG versioning and licensing implementation and worked on Symantec Cloud and Security products
• Managed Symantec ProxySG, ProxyAV, CAS, and MAA appliances for URL Filtering Policies and deployed Symantec proxySG in explicit and transparent mode and configured identities, access policies and Custom URL categories
• Experienced with Symantec DLP Policies (DLP templates) compliance and regulation standards such as SOX, PCI, and HIPAA.
• Supported Real time analysis of Security Events or threats which was generated by network hardware and applications through SIEM tools such as HP ArcSight.
• Report audit results, managed audit resources, Plan and execute audit engagements, Managed the audit plan and Audit universe within the RSA Archer solution.
• Strong knowledge and experience in Symantec DLP workflow & architecture. Good Experience into Handling DLP False positive tickets.
• Worked on multiple RSA Archer solutions i.e., Business Continuity, Compliance, Audit, Policy, Risk and Vendor Management including Findings and Issues Management, Risk Register, Risk Control Self-Assessment and Security Operations. Troubleshot issues on all Platforms, threat remediation on Splunk Agent, VirusScan Enterprise (VSE), ENS and MNE.
• Verified that the Windows Virus Definitions on the SEPM are within 24hours from those reported by Symantec.
• Configured Qualys, Nessus Guard Tool for Vulnerability Analysis of Devices and Applications. Monitored them constantly through the dashboard by running the reports all the time.
• Conducted analysis, cyber threats, the discovery of IT vulnerabilities, monitoring for cyber intrusions, troubleshoot and response to security incidents detected from HP ArcSight and related SIEM. IDS/IPS, and other security applications.

Confidential, Denver, CO

Security Operations Center Analyst

Responsibilities:

• Configured, upgraded and fine-tuned the DLP policies to meet the changing needs & improve Security Metrics
• Developed information security risk identification, classification, triaging and mitigation
• Worked with the enterprise architecture team, Security Governance, and Policy team daily
• Assisted in collection of evidence for the SOC and OCC Audits. Also helped in manual testing for the password parameters of applications under SOX scope.
• Performed Vulnerability Assessment and Penetration Testing of Web Applications and Web Services following OWASP & WASC methodologies
• Racked (LAN/WAN/WLAN/MPLS/VoIP/VPN/Network Security) for multiple offices and colocation data centers.
• Documented all activities during an incident and provide leadership with status updates during the life cycle of the incident.
• Provided information regarding intrusion events, security incidents, and other threat indications and warning information to the client.
• Assisted with the development of processes and procedures to improve incident response times, analysis of incident, and overall SOC.
• Administered and implemented SIEM, DLP, Web sense, Advance malware detection program, vulnerability assessment, and prevention,
• Supported Incident Reporting and Management for various incident/security alerts triggered by SIEM tool. Log monitoring and Incident analysis for various devices.
• Escalating security Incidents to parties responsible for remediation or additional analysis.
• Conducted network vulnerability assessments using tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures.
• Managed multiple security devices in order to protect the Enterprise’s network - Vulnerability Scanners including Nessus and Qualys Guard, Malware Detection using McAfee End Point Security, Intrusion Detection using McAfee HIPS and SIEM using IBM QRadar.
• Installation and configuration of a new Microsoft Windows Server 2016 (DHCP, Active Directory, DNS, Group Policies).
• Performing white-box vulnerability assessment for applications developed in Microsoft Technologies for the OWASP Top 10 vulnerabilities.
• Configuration of major features like LAN IP Configuration and DHCP Server Configuration, Live IP configuration, Services, Port forwarding and Rules, Firewall and analyzing Diagnostics and Logs.
• Set-up Virtual Private Networks with appropriate user access control as per security policies and roles.
• Worked on QRadar products including ESM, Express, Loggers and Connectors and deployed manager, logger and http web as a service on Qradar appliances.
• Prepared and reviewed Authorization to Operate (ATO) packages (i.e. SSP, RA, CMP, ISCP, DRP, IRP and PIA) for systems and facilities using NIST publications.
• Performed Vulnerability Assessments and taking the required counter actions and measurements to ensure the security of the IT infrastructure / systems.

Confidential

Security Engineer

Responsibilities:

• Assessed and built a Data Protection Program through data classification skills and a clear understanding of privacy standards and regulations
• Supported Data Loss Prevention suit, Symantec DLP Product - Implementation and deployment as the champion team
• Deployed Data loss prevention across the network - Data in motion, Data in Use & data at Rest servers
• Reviewed Encryption logs and DLP logs to regulate use base technological risk violations
• Gained experience with Symantec DLP Software: DLP Cloud Prevent for Microsoft Office 365, DLP Cloud Storage, Cloud File Sync and Share, and security product capabilities
• Deployed in the cloud and on-premises using Amazon Web Services (AWS) and Single- Server support
• Analyzed Symantec DLP events and reports
• Performed tuning of Symantec DLP to reduce false positives and improving detection rates
• Designed and implemented the firewall configuration from scratch which includes failover configure, NAT, interface configuration, SNMP and syslog configuration, maintain backup to Syslog server
• Configured routing protocols like EIGRP, OSPF & BGP and troubleshooting layer3 issues
• Troubleshooting of CISCO Routers like ping, trace route and basic issues.
• Designed IP Addressing schemes, VLAN tables and Switchport assignments, Trunking and Ether-channel implementation.
• IPSec Site to Site and Remote Access, SSL VPN tunnels, review debug messages to troubleshoot the VPN issues.
• Network Access Control - Implementing a secure solution to identify network devices and profiling the Network devices to allow or disallow access based on the device type
• Signature Updates Deployment on the Management Components and all the Individual IPS/IDS devices
• Intrusion Prevention System - IDS/IPS Implementation and Upgrade for SiteProtector
• Analyzed the Network Attack, blocks, detects and regular Health Checkups in the real environment
• Prepared the Knowledge Transfer document of Process and Technical specifications guide for the Transition/Internal purpose
• Ensured smooth transition for all the Security Applications, Preparing Team Metrics report and Project status report weekly/monthly presenting to the Customer. Client facing role and Understand the Customer requirement.
• Data Loss Prevention suit, Symantec DLP Product - Implementation and deployment as the champion team
• Deployment of Data loss prevention across the network - Data in motion, Data in Use & data at Rest servers