- 8+ years of experience in enterprise level security by providing Endpoint security, Security Event monitoring, Data protection, Intrusion prevention/ detection systems along with Malware prevention and implementing the security policies, standards and procedures.
- Expertise in managing and providing engineering level support on security applications like FireEye HX, McAfee ePO, VirusScan Enterprise in regards to the Endpoint protection, Nexus Tenable, McAfee VM & InsightVM for Vulnerability Management, Acunetix for Web Application security scanning, FireEye NX for Web Malware protection systems, CISCO NIDS & SNORT IDS for Network level intrusion detections, FireEye EX & Proofpoint for Email Malware Protection system, Symantec DLP for Data protection, ArcSight & Splunk for SIEM and Microsoft DRM for digital rights management.
- Providing engineering level support for FireEye application like NX, EX, CMS, HX, PX, AX, McAfee ePO, VirusScan Enterprise (VSE) & Nexpose InsightVM Vulnerability Management.
- Experience in using monitoring applications like Netcool, SEVONE and SCCR which are used for checking the day to day alerts for all the security application and analyzing the security compliance posture of the organization.
- Handling Security Incident response for the organization, along with creating Splunk dashboards, alerts during security analysis.
- Performing the initial configuration and documenting the changes, implementation plans which are executed in testing environments.
- Analyze network topologies and provide recommendations and guidance on InsightVM deployment strategies
- Develop and maintain installation & user guide for Vulnerability Management application.
- Experiencing handling Acunetix environment and remediation of Web Application vulnerabilities.
- Working with External Security researchers while triaging the Web Vulnerability reports.
- Coordinating internally with multiple teams for vulnerability remediation and performing security incident analysis.
- Ensuring the secure operation of the organization's computer systems, servers, and network connections and conducting both network and user activity audits.
- Experiencing in handling more than 150k of agent populations at an enterprise level managing multiple regional servers for managing the endpoints.
- Working closely with the project managers and service owners in completing the project upgrades in timely manner.
- Determining security needs, developing and implementing solutions, and creating and enforcing security policies.
- Extensive experience and actively involved in Requirements gathering, Analysis, Reviews.
- Implemented workflow actions to drive troubleshooting across multiple event types in ArcSight and Splunk.
- Performing analysis of non - compliance machines via data pulled from SCCR and other multiple internal sources showing all managed endpoints with their DAT versions, VSE, McAfee agent, Engine version and then remediating the non-compliant agent with appropriate actions.
Networking: LAN/WAN, TCP/IP, Ethernet
Operating Systems: Windows, UNIX/Linux
IPS/IDS: NX(Web Malware Prevention System, 7k, 7300, 9450, 10450 series ), EX (Email Malware Prevention System 8300, 8420 series), AX (Live Malware Analysis 4310, 5400 series), SNORT
Firewall: Palo Alto
Data Loss Prevention: Symantec Data loss prevention
Web Vulnerability: Acunetix & Open source tools
Vulnerability Management: McAfee Vulnerability Management (MVM), Nexus Tenable, Insight VM
Endpoint Security: McAfee ePO (4.6, 5.1, 5.9), Virus Scan Enterprise (VSE 8.7, 8.8), FireEye HX (Endpoint Protection 4400, 4402 Series)
Compliance tools: Symantec Compliance Control Suite
Monitoring Applications: Netcool, SEVONE & SCCR
SIEM: ArcSight, Splunk
Confidential, New York City, NY
Security Engineer/ Analyst
- Responsible for handling Security detection and response, vulnerability management & web application assessment requests.
- Working closely with Risk management team in performing the assessments for all the Confidential hosted web applications.
- Handling phishing alerts reported by internal organization users, students, faculty members and performing investigation and mitigating the risk to the Organization.
- Responsible for handling the entire workflow for Network IDS and addressing/ fine tuning the rules to avoid false positives.
- Handling Vulnerability remediating for organization assets and coordinating with multiple team in this regard.
- Performing Web application security scanning via Acunetix for identify vulnerabilities associated within our web pages.
- Performing security analysis on Palo Alto Wildfire alerts on suspicious Network traffic.
- Handling compromised host tickets by following the incident response as per the organization operating procedures.
- Triaging bug reports reported via external security researchers and coordinating with the responsible users for remediating the reported vulnerability.
- Working with different teams in implementation of OWASP security recommendations to mitigate high risk vulnerabilities associated with internet facing web applications.
- Creating Splunk alerts based on the threat intelligence and also for identifying potential recon activities targeting Confidential assets.
- Performing external recon activities using open source tools to identity the attack surface of Confidential and take remediation activities based on the recon results.
- Monitoring Splunk dashboards and performing security incident response for identified security events.
- Exploring multiple open source tools for identifying and remediating web application vulnerabilities.
- Coordinating with remote locations for establishing a process on vulnerability remediations and Incident response.
- Training remote site administrators on both InsightVM and Acunetix vulnerability testing & remediation.
Confidential, Weehawken, NJ
Security Engineer/ Analyst
- Responsible for daily health check for the enterprise security applications and troubleshooting the issues identified during the health checks.
- Managing enterprise level security applications like McAfee ePO, VirusScan Enterprise, Symantec DLP (Data loss prevention), McAfee VM & Tenable (Vulnerability Management), FireEye wMPS(Web Malware protection systems), eMps (Email Malware Protection system), HX (Endpoint Protection system) & AX (Live Malware Analysis), SIEM (ArcSight and Splunk) and monitoring application like Netcool, SCCR. Working knowledge on Cisco NIDS application
- Coordinated with third-party vendors for web application security reports.
- Working closely with respective teams in addressing the identified application vulnerabilities.
- Managed application level security testing for internally developed applications.
- Engineering level working and investigating the FireEye HX issues and troubleshooting the issues to fix the production issues.
- Representing the Change Management board meeting for the changes raised in regard to the FireEye, McAfee, Tenable applications.
- Successfully deployed approximately 30k agents each global regions and performed the initial configuration activates on HX.
- Performing in the initial configuration and deploying the FireEye appliance into production having experience on NX, EX, HX, CMS and AX.
- Involved in daily operations of investigating threats discovered through SIEM.
- Ensured antivirus definitions and products were updated via the McAfee ePO server.
- Implement data classification to enhance support of DLP capabilities and protect firm.
- Responsible for using cutting edge solutions for Data Loss Prevention DLP.
- Document deployment of FireEye products.
- Created Splunk app for Enterprise Security to identify and address emerging security threats through the use of continuous monitoring, alerting and analytics.
- Used SPLUNK forwarders to provide reliable and secure collection and delivery of data to the Splunk platform for indexing, storage and analysis.
- Responsible for troubleshooting issues, configuring new rules, and also assisting with any technical design issues that arise during this time.
- Performed log analysis for ArcSight content filter request
- Getting approval from the CAB for the change request after validation.
- Taking the backup of the ePO Server Snapshot & also all the critical folders related to ePO
- Reviewed DLP logs to regulate use base technological risk violations
- Leading the remediation activities by providing support to Operation team and assisting in remediation activities surrounding clients with proper McAfee client installations.
- Giving a Manual DAT Update & Wake-Up-Agent Call for the machines which are having previous order DAT
- Involved in Security & Compliance Team to ensure Security & Compliance is met or strictly followed within the Organization as per the Industry Standards
- Ensuring all the McAfee Security products (McAfee Agents/McAfee VSE) are installed in the user's machines with the latest patches and also the DAT Files and Engines are up to date.
- Supporting McAfee Vulnerability Manager Server and providing vulnerability sets.
- Deployment of identified McAfee hotfix/patches on McAfee ePO Server
- Expanded Vulnerability Management servers to multiple locations to increase scan coverage.
- Coordinated with developers with to utilize Vulnerability Manager to provide data feed for in house application to review the affected systems for remediation
- Uncovered endpoint disk encryption gaps through assessment (audit) in global environment that drove security team to implement standard for endpoint encryption resulting in single source of truth for reporting and remediation.
- Debugging & troubleshooting of security incidents
- Performed day to day monitoring activity to check the security and compliance.
- Managing the safe boot central database & furnishing information request for the customer.
- Troubleshooting and providing end level of support safe boot related issues.
- Monitor the security of critical systems (e.g., e-mail servers, database servers, web servers, etc.) and changes to highly sensitive computer security controls to ensure appropriate system administrative actions, investigate and report on noted irregularities.
- Investigate potential or actual security violations or incidents in an effort to identity critical resources.
- Analyze vulnerabilities discovered and devise Vulnerability Management process.
- Manage and execute client assessments.
- Develop and implement cyber security site procedures, policy and standards.
- Supported the access recertification program by responding to and remediating identified vulnerabilities in security access on IT Security owned servers and applications.
- Responding to security incidents and helping in improving the Compliance percentage
- Installing and Updating Patches, MacAfee Antivirus. On Daily Antivirus reports.
- Managed and deployed McAfee End Point Protection software using McAfee ePolicy Orchestrator (ePO).