SUMMARY:

• 7+ Years of Information Technology & 5+ years of experience in Network security, SIEM tools, Security Assessments and Risk Remediation processes.
• Experience with Vulnerability & Compliance Management, Risk Assessment, Intrusion Detection, Security Incident Management, Post - Attack Investigation, Log Analysis, -Access Management, etc.
• Developed tools and performed Risk Assessment on Network, Application, and Physical Security
• Spearheaded ISO 9000 and driven system and policies for Customer Support division
• 5+ years of extensive experience in Security information and Event management (SIEM) tools like Arc Sight, RSA Security Analytics Splunk, RSA Envision and also having knowledge on QRadar and ESS Security.
• Experience working in Banking, Financial, Energy, Transportation, HealthCare and Product Engineering domain.
• Used Security Information and Event Management (SIEM), Intrusion Detection and Prevention (IDS/IPS), Data Leakage prevention (DLP) and malware investigation devices.
• Extensively worked on development and configuration of SIEM connectors for unsupported devices by HP ArcSight, RSA Security Analytics and Splunk to support controls monitoring and reporting.
• Worked on HP Service Manager, Remedy and Service Now, CMS ticketing systems to create incidents and manage the threats.
• Developed Strategic Planning Framework to gauge an organization’s current Info Sec maturity level and create roadmap for the future using COBIT 4.1&ISO 27000 standards
• Developed enterprise-wide Application Security Standards
• Experience with GLBA, SOX, HIPAA, ISO 27000, NIST, COBIT, ISO 9000
• Implemented Operating Systems, Applications, Users and Data migration projects
• Performed Proof of concept with Splunk, Tripwire, Qualys and RSA Envision tools

SKILL:

Security Products: HP ArcSight SIEM, RSA Security Analytics, Splunk SIEM, RSA Envision, Qualys Guard Scanner, IBM QRadar, Real Secure Site Protector (RSSP), Internet Scanner, Systems Scanner(part of IBM Tivoli Endpoint Manager Suite), Nmap, Solar Winds, Cisco Net Ranger IDS, TCP Dump, Wireshark, Cisco Secure ACS, Cisco Firewall, Zone Alarm Security Suite, Symantec Norton Anti-Virus,, etc.

Protocols: TCP/IP, IPX/SPX, RIP, EIGRP, TACACS+, SNMP, X.25, OSPF, PPP, NetBEUI, Frame Relay, WINS, DHCP

Application Software: MS-Exchange, SharePoint, MS-SMS, Win Proxy, Net Meeting, CA Service-IT, Cheyenne Arc Serve, Solstice Backup

Operating Systems: Sun Solaris, Linux, Windows family, Novell NetWare

Computer Hardware: Sun Ultra Enterprise and Intel based Servers and Desktops

Network Management: Compaq Insight Manager, Intel LANDesk Manager, Bay Networks Optivity, CISCO Works, EZ-LAN

PROFESSIONAL EXPERIENCE:

Confidential, Foster City, CA

Security Analyst

Responsibilities:

• Identification of the false positive/ True positive events and take action accordingly as per the requirement.
• Integration of IDS/IPS to Arcsight and analyze the logs to filter out False positives and add False negatives in to IDS/IPS rule set.
• Debugging the issues which are related to Arcsight ESM performance, reporting, collection of logs from various devices.
• Integrate log sources into ArcSight.
• Perform content and filter development to identify data, and events of interest.
• Develop filters to assist in the identification of significant events.
• Create Queries, Use Cases, Reports, Dashboards, and Correlation Rules.

Confidential, Wall Township, NJ

Security Analyst

Responsibilities:

• Worked as a Cyber security Team member and been responsible for maintaining the Qradar environment.
• Have run vulnerability scanning using Nexpose Rapid 7.
• Integrated the Falcon Crowd strike Host and few other devices to the Qradar to bring the events.
• Enhancement and fine tuning of Correlation rules on Qradar based on daily monitoring of logs.
• Was working on implementing the IBM Big Fix patch management in Qradar.
• Monitoring of day to day system health check-up, event and flow data backup, and system configuration backup.
• Recommended and Configure Daily and weekly and monthly reports in Qradar based on the Compliance requirements.
• Worked on IDS/IPS using Cisco Firepower Source.
• Configured rules, reports and dashboards in Qradar.

Confidential, Woonsocket, RI

IT Security Analyst

Responsibilities:

• Worked as part of the Security Operation Center ( Confidential ) and was responsible for maintaining different components like Log Collector, Log Decoder, Concentrator, Brokerconfiguring log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases and apps.
• Installation of Connectors and Integration of multi-platform devices with Arcsight ESM, Develop Flex Connectors for the Arcsight Unsupported devices / Custom Apps.
• Develop content for ArcSight ESM like correlation rules, dashboards, reports and filters.
• Integration of IDS/IPS to ArcSight ESM and analyze the logs to filter out False positives and add False negatives in to IDS/IPS rule set.
• Creating alerts and reports as per business requirements and Threat modelling with specific security control requirements.
• Have used Intrusion Detection and Prevention (IDS/IPS), and malware investigation devices.
• We on-boarded 2000+ devices to RSA Security Analytics for Threat detection.
• Attending weekly client meetings in that need to discuss about on boarding and content testing results status.
• Created installation and configuration and test case scenarios documents for each specific device Connectors.
• Have worked on patch management.
• Recommended security strategies based on real time threats.

Confidential, Sandy springs, GA

Security Consultant

Responsibilities:

• Worked in this project as Security Consultant.
• Maintain Qradar components like Console, Event Processors, Flow processors, Event Collectors, Flow collectors to Global payments Environment for Log collection and monitoring.
• Integrate the devices like Juniper Network Secure Access, Aruba Mobility Controllers, Bluecoat, Fire Eye, ISS site protector, Checkpoint, Palo Alto, Source fire, VMware Vcenter, Symantec End point, AD servers with QRadar SIEM.
• Integrate Qualys guard scanner to Qradar to populate vulnerability information to associate internal assets.
• Recommended and configure Correlation rules and reports and dashboards in QRadar Environment.
• Have worked on Symantec anti-virus.
• Configure Network Hierarchy and Back up Rention configuration in QRadar SIEM.
• Extract customized Property value using the Regex for devices which are not properly parsed by QRadar DSM.
• Analysis of Offenses created based on different device types of logs via Correlation rules.
• Integrate different feeds to Splunk Environment.
• Integration of different devices data to Splunk Environment and also created dashboards and reports in Splunk.

Environment: QRadar SIEM, Splunk, Windows and Red hat Linux.

Confidential, Newark - CA

Sr. Information Security Engineer

Responsibilities:

• Run PCI Compliance &perimeter security scans using Qualys Guard
• Perform Risk Ranking & Risk Assessment on latest security alerts from Symantec Deep Sight, IBM XFTAS, Microsoft & Adobe Security bulletins
• Perform Network Access Control & Threat Management using ForeScout, CounterACT
• Manage web data traffic & exceptions using Cisco IronPort
• Use McAfee ePolicy Orchestrator (ePO) to centralize and streamline management of endpoint, network, content security, and compliance solutions
• Review HIPS alerts from ISS Proventia
• Perform event correlation using ArcSight SIEM and created content using Splunk
• Perform vendor management for variety of security products like Tenable, Qualys, Symantec, etc.
• Leveraged ticketing systems to manage the security incidents and responses working with cross-functional teams.

Confidential, CA

Security Analyst / Consultant

Responsibilities:

• Worked as an L-2 engineer and was responsible for configuring log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases and apps.
• Categorize the messages generated by security and networking devices into the multi-dimensional Arcsight normalization schema.
• Installation of Connectors and Integration of multi-platform devices with Arcsight ESM, Develop Flex Connectors for the Arcsight Unsupported devices / Custom Apps
• Develop content for Arcsight like correlation rules, dashboards, reports and filters, Active lists and Session list.
• Have applied several Arcsight ESM patches as per the requirement.
• Creating alerts and reports as per business requirements and Threat modelling with specific security control requirements.
• Arcsight asset modelling implementation, it is used to populate asset properties in Correlation rules and reports.
• We on-boarded 12000+ devices (Windows, Linux, IIS, DNS, DHCP, NPS, Main frame) to Arcsight ESM for monitoring.
• Integration of IDS/IPS to Arcsight and analyze the logs to filter out False positives and add True Positives in to IDS/IPS rule set.
• Integration of different devices data to Splunk Environment and also created dashboards and reports in Splunk.
• Troubleshooting the issues which are related to Arcsight ESM, logger, Oracle DB and Conapps performances.

Environment: HP ArcSight SIEM, Splunk, Windows, Linux Servers and Networking tools

Confidential

Security Consultant

Responsibilities:

• Installation of Connectors and Integration and testing of multi-platform devices with Arcsight ESM, Develop and test Flex Connectors for unsupported devices and Business applications
• Configuring and testing of log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases and applications.
• Categorize and test the messages generated by security and networking devices into the multi-dimensional Arcsight normalization schema.
• Develop and test Arcsight asset modelling, it is used to populate asset properties in Correlation rules and reports.
• Debugging the issues which are related to Arcsight performance, reporting, collection of logs from various devices.
• We on-boarded 9000+ devices to Arcsight ESM for Threat detection.
• Integration of different devices data to Splunk Environment and also created dashboards and reports in Splunk.
• Monitoring and identify any suspicious security events using the Arcsight ESM console and raise a ticket in the Dbsoc portal
• Investigate and identify events, qualify potential security breaches, raise security incident alerts and perform technical & management escalation.
• We use to receive Spam email from the DB users and we use to co-ordinate with messaging team to block mail ids.
• We use to receive the Virus alert for outbound and inbound and use to co-ordinate with Antivirus team.
• Recommended security strategies based on real time threats.

Environment: HP ArcSight SIEM, Splunk, Windows, Linux, Idefence portal, Big Fix, Archery, Request Tracker, DB symphony, Oracle.

Confidential

Security analyst

Responsibilities:

• Integration and testing of multi-platform devices with RSA Envision.
• Configuring and testing of log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases and applications through the collectors (LC, RC).
• Categorize and test the messages generated by security and networking devices into the multi-dimensional RSA Envision schema.
• Integration of IDS/IPS to RSA Envision and analyze the logs to filter out False positives and add False negatives in to IDS/IPS rule set.
• Develop and testing of content for RSA Envision like correlation rules, dashboards, reports and filters, list.
• Debugging the issues which are related to RSA Envision performance, reporting, collection of logs from various devices.
• Develop and test UDS Connectors via XML for the RSA Envision un supported devices and Business applications.
• We on-boarded 2000+ devices to RSA Envision for Threat detection.
• Attending weekly client meetings in that need to discuss about on boarding and content testing results status.
• Created installation and configuration and test case scenarios documents for each specific device Connectors.
• Recommended security strategies based on real time threats.
• Reporting Security incidents status and current network status to CSO (Chief Security Officer).

Environment: RSA Envision, Windows, Network morning tools, shell scripts and MS Office products