- Experienced Infrastructure engineer with 12+ years inInfrastructure(Windows, VMware&Linux servers), Networking and IT Security Analyst - SIEM (Arcsight, IBMQradar, FortiSIEM)
- Career Growth: Focus on cyber security auditing with potential advancement goals in engineering or threat analysis roles
- Served as the company compliance officer with respect to state and federal information security policies and regulations
- Expertise in network engineering, analysis, Implementation, and support very strong troubleshooting skills in Cisco Routers and Switches in enterprise environment, Outstanding interpersonal, and presentation skills.
- Experienced in handling and installing Palo Alto Firewalls.
- Strong hands on and exposure to Checkpoint & Palo Alto on a regular basis.
- Configure all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
- Configuring, Administering and troubleshooting the Checkpoint and ASA firewall.
- Responsible for Checkpoint and Cisco firewall administration across global networks.
- Configured IP addresses and subnet masks of workstations.
- Responsible for the network equipment maintenance and deployed upgrades to customer’s LANs, WANs and wireless networks.
- Installing, Configuring and Troubleshooting of Networking Equipment: Routers and Switches.
- Implemented monitoring and management protocols & network traffic filters using Standard & Extended ACLs and network monitoring tools.
- Knowledgeable in TCP/IP & OSI model, IPv4 & IPv6, NAT/PAT, TACACS+, OSPF.
- Experience in Microsoft Server 2008/2012/2016 installation, configuration, managing and maintaining.
- Experience in San / emc storage
- Experience on Security Technology used SIEM, IDS-IPS, AV
- Ability to integrate various vendor log sources into the HPE ArcSight SIEM platform
- Experienced over Tools IBM QRadar, RSA Envision, Splunk Enterprise, Fire eye and HP Arc Sight
- Manage network capacity in cooperation with the Network Operations Center (NOC). Handle escalated trouble calls and work closely with the NOC, engineering, field technicians, and telecommunications carriers to resolve service issues.
Hardware: SonicWall, SSL, CDP, Cisco routers & switches, 3COM Routers & switches, Barracuda, HP Blade Servers, Compaq, Dell, and IBM Servers
Switches: Cisco Catalyst VSS 1 50- X / 2960
Routers: Cisco Routers ASR / 2600
Firewall: Palo Alto PA-500, PA-2k, PA-3k & PA-5k series, Checkpoint R65/R70/R75 & Cisco ASA 5585, Firepower 4100 series, Firepower management Center 4500.
Network Monitoring& EndPoints: Cisco Works 2000, Wire Shark, Macfee EPO, AMP4EP
SIEM: Arcsight, QRadar, McAfee (Logger, ESM, Express),CTR(Cisco Threat Response)
Operating Systems: Windows XP, Vista, Windows 7 & 8, UNIX, SPLAT (Secure Platform), Linux, Red Hat
Networking: NAT, VTP, VLAN, L2TP, PPTP, RDP, TCP/IP, IPX/SPX, NetBEUI, UDP, ARP, NTP, EIGRP, OSPF, RIP, VoIP, SIP, SSL, VPN, ESP, 802.11 Wireless, HTTP, HTTPS, FTP, POP3, SMTP, DNS, ICMP
Confidential, Downey, CA
Sr Security Consultant
- To mitigate any Phishing emails and Spoofing mail and SpearPhising Targeting County leadership.
- Work ATA tickets assigned from client 24x7x365 managed security service expeditiously (includes reviewing and working on cases on the portal and providing details for case closure).
- Provide in-depth support for information security Cyber incidents, including, but not limited to, internal violations, hacker attacks, viruses, unauthorized system access, and identifying and recognizing incidents of compromise (IOC’s) and how they are used at the network level.
- Provide recommendations to improve information security incident response processes related to host and network security in accordance with County policies and procedures.
- Analyze and interpret system, security, and application logs in order to diagnose faults and spot abnormal behaviour.
- Experience with maintaining a secure network through configuring and managing typical security enforcing devices (i.e., firewalls, IDS/IPS, Internet proxy, etc.), knowledge of the type of events they produce, in depth experience with other common devices such as routers and switches, and the ability to troubleshoot Windows, Linux, UNIX and Midrange environment security incidents.
- Identify issues/problems and coordinate with customers regarding recommendations and resolution to security incidents.
- Analyze threat intelligence feeds received, and correlate ATA cases and investigations with affected customer departments.
- Work with customer departments to facilitate the telemetry ingestion into the ATA managed security service.
- Participate in regularly scheduled project review meetings and conference calls.
- Work with the MSSP vendor to review documents and information collected, and assist in the process of documenting the identification, classification, and prioritization of critical systems and data.
- Setup and execute on-demand reports requested by customer and management.
- Provide knowledge transfer and/or to Security Operations Section staff and ATA portal customers/users.
- Provide after-hours and weekend support on an as-needed basis.
- Work with the Demisto SOAR Teams to resolve the issues and write Automation Scripts
Confidential, Philadelphia, PA
Sr Network Security Analyst SME
- Ensures stability and resiliency of Cybersecurity products and services of Confidential
- Designs, analyzes, develops and/or delivers Cybersecurity products and services OF Confidential
- Host use case workshops with application and system owners to identify attack vectors and write monitoring rules to detect attacks in the Confidential environment.
- Implemented whole Project in Azure cloud.
- Employed approved defense-in-depth principles along the kill chain to eliminate risk and vulnerabilities and improves security controls in the Confidential environment.
- Partnered with the business to prioritize and deliver capabilities as defined by the strategic roadmap
- Proactively managed relationships with stakeholders through effective communications
- Took lead on the identifying threats and risks to drive the selection of cost effective security Controls
- Configured UiPath for Confidential workflow entry, legacy application integration, data logs or content migration logs, screen scraping and automated testing.
- Performed technical and non-technical (people and operations) risk and vulnerability assessments and supports incident response across Confidential
- Leads incident response, risk reviews and vulnerability assessments
- Executed research and development of proof of concept in line with emerging industry trends
- Coordinated and conducted event collection, log management, event management,compliance automation, and identity monitoring activities.
- Used ArcSight ESM and Splunk in the daily operational work and workflow and was the subject matter expert for Confidential
- Advised SOC Manager on best practices and use cases on how to use SIEM to achieve end state requirements
- SME (Subject matter expert) on SIEM and writing detection rules on the platform Scripting or programming experience in python and PowerShell
- In depth hands-on experience with security features and audit policies on Linux, Unix, and Windows operations systems
- Worked on different CLIs (Windows & *nix) for administration of Linux, Unix and Windows operating systems.
- Understand security vulnerabilities in common operating systems, web and applications, including knowledge of remediation procedures
- Able to work independently or in a team to create and optimize fraud detection rules
- Strong working knowledge of operations practices, risk management processes, principles, architectural requirements and threats and vulnerabilities in the context of Cybersecurity as well as incident response handling methodologies as they apply
- Strong knowledge of national and international laws, regulations, policies and ethics as they relate to Cybersecurity and specifically in the Chemical Manufacturing &financial industry
- Strong understanding of Agile, with the ability to work under at least one of the common frameworks Multi-skilled across the full range of team functions
- Excellent knowledge on what constitutes a network attack and the relationship to both threats and vulnerabilities along with the ability to identify systemic security issues
- Provided in-depth analysis of vulnerabilities, threats, designs, procedures and architectural design with focus on recommendations for enhancements or remediation with skill in using network analysis tools.
- Good understanding on compliance required for local, country, and/or region-specific standards for credentials, s and/or .
- Experience of mainframe and mid-range platforms.
- Proficient in the mindset for risk and control compliance to Confidential departmental and companywide standards
- Have broad understanding of at least one business area and product that they support and knowledge about the business' strategic direction
- Project Management, Customer Service and Technical Writing duties
- Cyber Security Incident and Event Monitoring (SIEM - Splunk ES, ArcSight, QRadar, Fortinet)
- Host and perimeter firewalls
- Host and network intrusion detection systems
- Logging and monitoring tools
- Antivirus or end-point security
- Data loss prevention, privileged access management
- Identity and access management
- Database access monitoring
- Vulnerability scanning
- Network full packet capture
Windows / Storage administrator
- Installing, configuring, administration of Windows 2003 Servers, Active Directory Services, DNS DHCP, FTP, LADP, WSUS, IIS Web Server and SQL Database Server, System Management Servers (SMS) Servers.
- Administration and maintaining Clariion CX-4 series, VNX7500/5700 and DMX-3, VMAX, Cisco UCS blades, Cisco MDS switches, Brocade switches, Mcdata switches.
- Responsible for the storage provisioning, expansion and regular health checks of Symmetrix VMAX, DMX-3, VNX7500/5700.
- Experience in allocating Storage to Open Systems - AIX, HP-UX, Linux, Solaris, Windows
- Responsible for assigning the SAN Ports for all server hardware.
- Responsible for assigning the SAN Ports for HP C-7000 and VMAX Storage array.
- Used Storage Resource Management (SRM) tools to monitor Storage Area Network infrastructure systems such as VNX 5700/7500.
- Administer Microsoft Windows Servers (Active Directory), Microsoft Workstations, and network security devices for 2000 users.
- Managed user accounts, groups, print queues and controlling access rights using Active Directory.
- Handling all Cyber Security Incidents on daily basis.
Cyber Security Engineer
- Cyber Security Team fell into two Areas (AV and Everything else (which also included firewalls),
- Incident Reporting and Response System to address Confidential security incidents (breaches), respond to alleged policy violations, or complaints from external parties.
- Serving as an official company contact point for information security, Tokenization Project.
- Privacy and copyright infringement incidents, including relationships with law enforcement entities.
- Develop and implement an ongoing risk assessment program targeting information security and privacy matters; recommend methods for vulnerability detection and remediation, and oversee vulnerability testing
- Lead MacAfee DLP engineer on network and host base DLP deployment, specializing on data at rest and data at motion component
- Supporting 90K end user nodes environment utilizing McAfee end point products via ePO server and distributed repositories (DLP, IPS, VS and ePO agents).
- Design, implementation and management of network base McAfee DLP 5000 series (25 appliances) by deploying at the access layer for monitoring and analyzing data flow of the sensitive content including deployment of McAfee DLP
- Interface with the Threat Management Center teams to identify improvements to detection and alerting capabilities within the SIEM and Data Platforms.
- Conduct continuous analysis of security threat information (viruses, malicious code, industry events, hackers and zero-day exploits, OEM weaknesses, IDS/IPS and SIEM alerting, etc.) in order to proactively asses
- Implemented Cyber security products in various disciplines such as Encryption, DLP.
- LogRhythm Log Management deployment architecture design to include Disaster recovery availability and log manager load balancing, projected growth, redundancies, upgrades, technician availability, internal, and proactive reporting/alerting
- Responsible for completing threat analysis using Security tools (BlueCoat, Qradar, Arcsight, Symantec Endpoint Protection, Splunk) Responsible for safeguarding the Company's confidential information, and assets
- Configured and managed QRadar for central logging management.
- Worked with internal groups to direct network assets to forward syslog, forward DNS logs, and install Win Collect on servers for event log forwarding to QRadar.
- Configured QRadar high availability.
- Extensive experience in Firewall technologies including general configuration, risk analysis, security policy, rules creation and modification of Check Point Next-Generation Firewalls R65, R70 & GAIA R77.30, Palo Alto Next-Generation firewalls, Bluecoat proxies and Cisco ASA
- Verifying & configuring the rule-sets on firewalls. (Firewall Change Request processing).
- Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs
- Bluecoat proxy server’s setup, configuration, upgrade and Troubleshooting with optimization of WAN Application, SSL traffic, Web traffic, URL filtering & Content filtering.
- Installation of Palo Alto (Web Application and URL filtering, Threat Prevention, Data Filtering)
- Configuration of Palo Alto Next-Generation Firewall mainly VSYS according to client topology and working on Content-ID, User-ID, App-ID
- Exposure to wild fire advance malware detection using IPS feature of Palo Alto
- Administer Palo Alto Firewalls to allow and deny specific traffic and to monitor user usage for malicious activity and future QoS.
- Implemented Positive Enforcement Model with the help of Palo Alto Networks.
- Working knowledge of the TCP/IP protocol suite, TCP/IP headers and packets, and commonly used TCP/UDP ports and associated services.
- Experience working on PA 500’s to PA 7000’s, used application layer to control access.
- Performed firewall configuration using command line and have completed firmware upgrades.
- Supported zone based moves with access control changes.
Confidential, Houston, TX
- Cyber security team member handing daily incident escalated by Tier 1/Tier 2 Analysts
- Troubleshooting of active directory, DNS, DHCP, monitoring server performance and logs
- Build\Repair\Manage 3100 Windows Virtual Machine Servers via VSphere ESXI 5.5\6.0
- Installing and configuring windows 2003/2008 servers as a guest OS on the Physical/Virtual Machines
- Installing and configuring of Active Directory Services, DNS and IIS & FTP. Server Management and Monitoring for Daily checks, Event Viewer, Alerts
- Add/Delete Users, Group, OU in Active directory. Set Local and Domain security policy on Users of Active Directory
Cyber Security Engineer
- Responsible for setting up the infrastructure environment with majority of Cisco & Palo Alto appliances apart from various other equipment.
- Researched, designed, and replaced aging Checkpoint firewall architecture with new next generation Palo Alto appliances serving as firewalls and URL and application inspection.
- Palo Alto design and installation (Application and URL filtering, Threat Prevention, Data Filtering)
- Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
- Successfully installed Palo Alto PA-3060 firewalls to protects Data Center and provided L3 support for routers/switches/firewalls
- Manage Microsoft project task to migrate from Cisco ASA firewalls to examine purpose firewalls.
- Maintaining Visio drawings and SCOM for servers, routers and switches.
- Implemented Positive Enforcement Model with the help of Palo Alto Networks.
- Configured and maintained IPSEC and SSL VPN's on Palo Alto Firewalls.
- Implemented Zone Based Firewalling and Security Rules on the Palo Alto Firewall
- Exposure to wild fire feature of Palo Alto.
- Implementation of McAfee nitro (SIEM Tool) in the organization.
- Configuration troubleshooting on SIEM for data sources.
- Assisted in monitor and set policies in Epo server, maintain updates on HBSS server, domain servers, and domain workstations, push McAfee policies to required computers, and Symantec to servers.
- Review QRADAR SIEM Events and Alerts to determine root cause. Complete weekly status reports of threats open and closed. Research and development projects.
- Having depth Knowledge and working experience in QRadar and Qualysguard
- Monitoring and creating reports in Qradar.
- Having successful experience in installation of Qradar Software in Lab setup
- Monitored and contained threats using SIEM Qradar, Log Rhythm
- Third Party VPN migration from old data center to new data center.
- Maintained and managed networks running EIGRP and BGP routing protocols.
- Regularly performed firewall audits around CheckPoint Firewall-1 solutions for customers.
- Provided tier 3 support for CheckPoint Firewall-1 software to support customers.
- Work on Checkpoint Platform including Provider Smart Domain Manager. Worked on configuring, managing and supporting Checkpoint Gateways.
- Configuration of routing protocols EIGRP and BGP for small to medium sized branches based on company branch standards, including redistribution and route maps.
- Access Point refresh and implementation at various sized branches and locations.
- Implementation of VOIP IP Phones at branches and upgrading old branch Avaya analog phones with Cisco IP Phones, configuration ports to support VOIP, IP Helpers, Voice VLAN, & QoS.
- Used network monitoring tools such as Spectrum to ensure network connectivity and protocol analysis tools to assess and pinpoint networking issues causing service disruption.
- Worked with management and various departments to develop procedures and troubleshoot problems as they arose.
- Work closely with network personnel to ensure dependencies are maintained.
- Replaced end-of-life routers and switches within the environment.
- Performed switch replacement and added new devices to stacks.
- Created change controls through Remedy ticketing system
Confidential, San Francisco, CA
Cyber Security Consultant
- Experience with convert Checkpoint VPN rules over to the Cisco ASA solution. Migration with both Checkpoint and Cisco ASA VPN experience.
- Hands on experience and good working knowledge with Checkpoint Firewall policy provisioning.
- Configured Routing protocols such as RIP, OSPF, EIGRP, static routing and policy based routing.
- Team member of Configuration of Cisco 7206 router with VPN and Configuration of Catalyst switches.
- Create and test Cisco router and switching operations using OSPF routing protocol, ASA Firewalls, and MPLS switching for stable VPNs.
- Configuration and troubleshooting link state protocols like OSPF in single area and multiple areas.
- Redesign of Internet connectivity infrastructure for meeting bandwidth requirements.
- Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500.
- Involved in the troubleshooting aspects of complex network infrastructure using the routing protocols like EIGRP, OSPF & BGP.
- Configuring VLANs/routing/NATing with the firewalls as per the network design.
- Responsible for Cisco ASA firewall administration, Rule Analysis, Rule Modification.
- Configuration and maintenance of PIX and ASA firewall systems.
- Expertise in implementing L2 technologies including VLAN's, VTP, STP, RSTP and Trunking.
- Expertise in implementing routing protocols RIP, RIP V2, EIGRP, OSPF, and BGP.
- Configuring and Troubleshooting Route Redistribution between static, RIP, EIGRP OSPF & BGP protocols.
- Document network diagrams and network changes in Visio
- Configured Security policies including NAT, PAT, VPN's and Access Control Lists.
- Configuring IPSec VPN on Cisco Firewall.
- Monitor and maintain a global network of 700+ Cisco SourceFire IDS/IPS devices and 100+ HP ArcSight SIEM servers/appliances (connectors/loggers) by:
- Deploying/installing and upgrading SourceFire and ArcSight server operating systems and related software packages. Installing periodic software version upgrades, security patches (including quarterly Oracle patches), and virus definition updates.
- Utilizing ArcSight Smart Connectors, Logger appliances and HBSS server log analysis to verify proper SIEM security event flow.
- Implemented, configured BGP WAN routing, converting OSPF routes to BGP (OSPF in local routing).
- Packet capturing, troubleshooting on network problems with Wireshark, identifying and fixing problems.
- Performing cyber monitoring, providing analysis using various tools like Wireshark, Solarwinds etc.
- Implementation and configuration of F5 Big-IP LTM-6400 load balancers.
- Responsible for LogRhythm Log Management Design, Implementation, Administration, Reporting and Log Analysis
- Reviewed SIEM alarms and respond/assign to appropriate resolution team
- Assisted in log investigation for IR research/resolution
- Did SIEM report generation and analysis
Confidential, Phoenix, AZ
Network Security Engineer
- Checkpoint/ASA Firewall Management, including DMZ and Network Segmentation.
- Maintain overall client platform stability, security, and supportability to ensure the customers firewalls are running properly.
- Provide technical oversight and guidance to delivery teams to ensure components fit into the overall technical architecture.
- Provide technical mentoring to peers and partner organizations.
- Resolve Cyber security problems that involves Intrusion Detection, Firewalls, DMZ, Load Balancing, Routers, VPNs, and common network level vulnerabilities.
- Configure Cisco routers, switches, and wireless access points.
- Configure and install Cisco equipment.
- Monitored and troubleshot network outages, LAN & WAN issues.
- Organize and update network documentation.
- VPN setup and administration, this includes Portal, B2B, and AnyConnect.
- Maintain and upgrade Cisco Security Manager and Cisco Prime NCS.
- Configuration and Implementation of Wireless Controllers and Access Points.
- Responsible for day to day Support and Enhancement of Network Infrastructure.
- Review scan findings with clients and provide technical and business recommendations for addressing vulnerabilities.
- Netback up tuning to increase performance and catalog backup using Vault on a daily basis and send media offsite for disaster discovery.
UNIX System Administrator
- Worked as Unix Administrator in IT infrastructure environment providing server administration, application administration and automation solutions to support business objectives for Confidential ’s Client in Europe and North America.
- Provided UNIX infrastructure, operations and support for IBM RS/ 26-M80) servers and pSeries servers running IBM AIX 4.3.3, 5.1, 5.2.
- Performed installation, periodic maintenance updates and applied APAR fixes.
- Responsible for performance tuning of AIX systems, applying upgrades to AIX (current version 4.3.x to upgrade 5.2).
- Configured volume groups and logical volumes, extended logical volumes for file system growth needs using Logical Volume Manager (LVM) commands.
- Maintained availability, increased capacity & performance of production machines by upgrading their hardware (disks, CPU, memory, Io board, power cooling unit, mother board etc.) & firmware.
- Maintained Cyber security protecting the data on the system by modifying the file and directory permission. Analyzed system performance, Reallocated of kernel resources.
- Performed process automation, scheduling of processes using CRON jobs.
- Installed and configured Oracle 8i in Solaris OS. Worked with DBA team in tuning kernel parameters for database setup and performance.
- Installed SYSMON software on Solaris 7 and monitored the system performance.
- Configured and installed servers for Solaris 7 using Custom jumpstart installations for the workstations through jumpstart server.
- Worked in the project of configuring NIS Servers (Master and Slave) and NIS clients and maintained system and custom configuration files in NIS maps.
- Maintained intranet DNS environment by configuring Primary and Secondary Domain Name Servers and DNS clients.
- Reconfigured IBM Total Storage SSA Raid arrays ( /O20), periodically updated microcode’s for array components, performed problem determination and advanced diagnostic procedures using diag and SSA service aids.
- Performed administrative tasks such as System Startup/shutdown, Backup strategy, Printing, Documentation, User Management, Security, Network management, dumb terminals and devices carried out
Confidential, Mason, OH
- Application Deployment and Support to E Biz Support Operations. To maintain a world class eBusiness & Application Development, QA and support Infrastructure through robust processes, Open Standards, Best of the Breed software, utilities and tools with the intention of providing a common end-user experience across the GECF eBusiness infrastructure.
- 24*7*365 eBusiness Operations Support for all eBusiness related issues.
- Application Infrastructure support to Project Teams deploying on eBusiness platform.
- Application performance testing, analysis/metrics management
- Application deployment /build across multiple environments
- Single Sign On (SSO) deployment/support across multiple environments Maintain digitized change control, escalation, and user ticketing tools.
- Assist with Functional Specifications development. Assist with Technical Specification development. Review / Approve Application Infrastructure Architecture (3 hrs per Week)
- Problem Resolution. Reports directly to the Project Manger Collections Technology GECF America. Contributing in charting, building and sustaining the project team (4 hrs per week)
- Be the escalation pointing for process related issues. Plan, schedule and conduct process monitoring. Provide technical expertise on Siteminder, LDAP and WebLogic servers. (5 hrs per week)
- Design / troubleshoot / support of windows 2000, Windows 2003/NT, Linux based systems. Application support for Intel based Architectures. (5 hrs per week)
- Implementing and configuring network services like DNS, DHCP, WINS and RAS for Network operations and remote connectivity. Administered the users and groups using the Windows 2000 native tools (5hrs per week)
- Customized system policies for user’s environment. Implementing Backup policies and restoring the data. ISP Installation and Creating Web Sites. Configuring IIS 6.0 (6 hrs per week).
- Replicating and Clustering in IIS 6.0. Fault Tolerance and Load Balancing.
- Performance and stress Testing. Installation of operating system on INTEL machines.
- Disk space partitioning as per the system and application requirement (4 hrs per week)
- Setting up EEPROM PARAMETERS (BOOT PROM parameters). Installation and verify of systems packages. Installation and verification of system patch’s. (5 hrs per week).
- Managing and addition of new users using command line or using GUI Admin tool- Managing password policies through the /etc. shadow file. Monitoring the system access using command who, finger or last. (3 hrs per week)
- Additional responsibilities taken fixing the Motherboard, Hardware for Dell Latitude D600/D610’s Laptops and Application Troubleshooting for the escalated Issues.