SUMMARY:

• Experienced Cyber Security Consultant with a focus on designing and developing security solutions.
• Experience in analyzing Security logs generated by Intrusion Detection/Prevention Systems, firewalls, network flow system, and Anti - virus.
• Skilled & technically proficient with multiple firewall solutions, network security, and information security practices.
• Expertise in Gathering and analyzing metrics, key risk indicators and maintain scorecards defined within the area of information security to ensure our information security program is performing effectively and efficiently. Familiar with general security risk management principals and best practices.
• Supported the information security audit and third-party assessment initiatives during planning, execution, and remediation phases, as well as coordinating and tracking remediation activities.
• Successfully fulfilled business requirements to protect data leakage from Data-at-rest, Data-in-use and Data-in-motion.
• Implementing and supporting several of the following McAfee products: ePO, VSE, ENS, DLPe, HIPS
• McAfee Engineer on proof of concept / pilot of Device Control in McAfee Data Loss Prevention (DLP), McAfee Move.
• Develop McAfee related SOPs (standard operating procedures).
• Building, Deployment, Configuration, Management of SPLUNK Cloud instances in a distributed environment which spread across different application environments belonging to multiple lines of business.
• Provided real time intrusion detection host-based monitoring services using Symantec End point.
• Configured and deployed Symantec HIDS on Windows Server 2008 and 2012 and desktops.
• Experienced with Symantec DLP Policies (DLP templates) compliance and regulation standards such as SOX, PCI, and HIPAA.
• Installed and maintained security infrastructure, including IPS, IDS, log management, and security assessment systems. Assessed threats, risks, and vulnerabilities from emerging Security issues.
• Trouble shoots various appliances on the SIEM platform via various Linux commands and Knowledge of capacity planning and Linux performance.
• Hands on experience of risk assessment, change management, incident management, third party risk assessment, and access control methods.
• Deep understanding with software and security architectures as well as Intranet and Extranet security practices.

TECHNICAL SKILLS:

Security Software: Nessus, Ethereal, NMap, Metasploit, Snort, BASE.

Frameworks: NIST SP, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS.

Security Technologies: Symantec DLP, McAffe EPO, QRadar, Splunk

Qualys Continuous Monitoring: Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance.

Security: McAfee epo, Symantec DLP

Firewalls: Check Point, ISA 2004/2006, Palo Alto PA 3000/5000

Operating Systems: Windows, NT, Windows 98/XP/ 2000/2003/2007 , MS-DOS, Linux

PROFESSIONAL EXPERIENCE:

Confidential, Houston, TX

Sr. Information Security Analyst

Responsibilities:

• Installed and configure Symantec DLP to protect confidential Data in motion, Data in use, and Data at rest.
• Work closely with the information security team and security project management office to roll out a DLP solution in compliance.
• Installed and configure Enforce Server Administration console to manage Endpoints, policies, policy rules, Agent groups, Incidents, manage DLP servers, and etc.
• Installed and Configure Endpoint Prevent and Discover detection server to protect Data in use.
• Performed vendor File share scan with Symantec DLP by setting up Site-to-site VPN.
• Configure AD with Enforce Server to assign appropriate policy to agent groups.
• Create connection to LDAP servers, Configure Active directory server connection, and schedule directory server indexing.
• Implement daily standard operating and sustainment procedure (e.g. DLP system health check, policy/rule tuning/implementation, policy and Incident maintenance, event categorization, and Incident reporting).
• Troubleshoot Symantec DLP Issues and provided support remotely for DLP issues.
• Customized and fine-tuned DLP policies to reduce rate of false positives in alerts and align them with business needs incident response. Configure HIPPA, HITECH, PII, PCI, SOX, and PHI policies and rules.
• Configuring, implementing and maintaining all security platforms and their associated software, such as routers, switches, firewalls, intrusion detection/intrusion prevention, anti-virus, and SIEM.
• Involved in Security Operation, Vulnerability and Risk Assessment, alerting report generation and analysis with various security tools (Splunk, McAfee ePO, Symantec DLP, Imperva, Sourcefire (IDS/IPS), FireEye. Bluecoat Proxy, etc
• Utilize Mcafee EPO for Data Loss Prevention (DLP).
• Responsible for performing application whitelisting using Microsoft and Mcafee Applocker tools.
• Responsible for capturing security and privacy requirements for clients to be compliant with Payment Card Industry (PCI)
• Assisted engineers with Splunk troubleshooting and deployment.
• DLP Profile deployment report for detecting servers and Update DLP policies - Incident Analysis
• Excellent Understanding of upgrade SIEM ( ESM, ELM, Receivers)
• Ability to initiate things and the power to grasp business operations and concepts instantly.
• Performing periodic vulnerability testing and assisting in remediation efforts.
• Responsible for installing, deploying, and tuning the DLP solution for the enterprise to include Endpoint and Network DLP solution.
• Utilize ArcSight SIEM to monitor and investigate security-related incidents
• Support ongoing incidents from non-CIRT organizations related to cyber security
• Engineering, configuring and deploying Enterprise SIEM/SEM solutions.
• Manage Splunk (SIEM) configuration files like inputs, props, transforms, and lookups. Upgrading the Splunk Enterprise and security patching.
• Create policies, alerts and configure using SIEM tools (Splunk )
• Monitor and investigate security incidents and alerts with arcsight, FireEye, Palo Alto, Source Fire and McAfee EPO.
• Identified, documented and investigated suspicious events in intrusion detection systems (IDS) and SIEM tools.
• Plan, deploy, modify and update IDS/IPS systems for the entire network.
• Provided onsite Symantec DLP technical service and support to a large enterprise customer base.
• Monitoring and analyzing network traffic, Intrusion Detection Systems (IDS) and Instruction Prevention Systems (IPS), security events and logs.
• Provided leadership in architecture and implementing security solutions towards Qualys and SIEM tools like Arcsight, Solutionary and LogRhythm.
• Incident handler for the CIRT, including log analysis, forensics, and malware investigation

Confidential, Hamilton, NJ

Cyber security Engineer

Responsibilities:

• Experience in Security Incident handling SIEM using RSA Envision and IBM QRadar products.
• Security incidents to provide management oversight to the incident process.
• Perform tuning of the Security Incident and Event Manager (SIEM) filters and correlations to continuously improve monitoring.
• Configure new repositories for multiple regions. Set up the band width to stabilize the network traffic.
• Deploy Agent, and VSE package from the ePO console to fix the corrupt Agents/VSE
• Troubleshoot all kind of issue related with McAfee and ePO.
• Configured, operated and trouble shooted customer network intrusion and malware
• Constant interface with customers to expedite resolution and remediation of phishing attempts and malware events.
• Experience with deployment of Symantec DLP- Endpoint Prevent, Network Prevent for Email, and Network Prevent for Web, Network Discover, and ITA. In-depth experience with Symantec DLP in an enterprise environment. Experience with architecting Symantec DLP Platforms. Experience analyzing Symantec DLP events and reports. Experience tuning Symantec DLP to reduce false positives and improving detection rates.
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Monitoring and remediating daily security alerts generated by end users with the tools like Intel/McAfee SIEM, ForcePoints Websense, and Intel/McAfee EPO 5.X and also responsible for effectiveness of tools and scans, as well as assessing and tracking risk of exposure.
• Manage Splunk (SIEM) configuration files like input, props, transforms etc.
• Upgrading the Splunk (SIEM) Enterprise and security patching.
• Well versed in both remote and on-site user Splunk (SIEM) Support
• Centralizing the storage and interpretation of logs using Splunk(SIEM) System
• Vulnerability Management: Configured Qualys Guard Tool for Vulnerability Analysis of Devices and Applications. Monitored them constantly through the dashboard by running the reports all the time.
• Installed, Configured Symantec End Point Protection on laptops used for remote connectivity
• Familiarity with security and testing tools such as Burp Suite, Nmap, Zenmap, OpenVAS, Nessus
• Maintains network performance by performing network monitoring and analysis, and performance tuning, troubleshooting network problems. Skilled using Burp Suite, NMAP, Qualysguard, Nessus.
• Implemented essential changes to enhance reporting, communications, and work flow related to VM and patching teams.
• Provide Approvals for Software/Application Installations, Site review for web access, McAfee EPO exceptions, and Vulnerability exceptions
• Provided leadership in architecting and implementing security solutions towards SIEM tools like Splunk.
• Prepared, arranged and tested Splunk search strings and operational strings. Created and configure management reports and dashboards
• Develop procedures and conduct the monthly patch cycle to keep the Microsoft patch revisions current.

Confidential

Cyber Sec Consultant

Responsibilities:

• Setup scan for confidential data stored on the endpoint including laptops and desktops in order to inventory, secure, or quarantine data.
• Monitors and blocks confidential data from being transferred, sent, copied, or print by desktops or laptop PC users.
• Managed universal Symantec DLP policies with a centralized platform for detection, incident remediation workflow and automation, reporting, system management and security.
• Manage the Security Incident and Event Management (SIEM) infrastructure
• Collaborate across the entire organization to bring Splunk access to product and technical teams to get the right solution delivered and drive future innovation gathered from customer input.
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies
• Created Standard operating procedures for DLP SMTP(Email), HTTP/s(WEB), SharePoint Incident
• Automated DLP Incident metrics using splunk.
• Developed monthly, weekly metrics and dashboards using splunk.
• Proficient in writing splunk queries, dashboards and log analysis
• Cleaned Symantec Anti-Virus Environment and brought previously Unprotected Machines into Compliance with Security Policy.
• Monitor the performance of Splunk via the Splunk Monitoring Console.
• Push configurations and updates to multiple Splunk Enterprise instances via the Splunk Deployment Server
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Implemented multiple tools including Symantec DLP, and QRadar SIEM.
• Conceptualize and implement end-user DLP materials, enterprise-wide encryption system, Symantec Data insight integration, and Symantec DLP/data security environments support.
• Risk analysis and security control gap analysis from information & network security perspective.
• Managed day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.