- Experienced in Vulnerability management and remediation.
- Scanning the network and provide the scan reports to operational teams.
- Mitigate vulnerabilities identified in Security scans.
- Worked on McAfee VSE product for Stop worms, spyware, and viruses, get high - performance security, Lessen damage from outbreaks.
- Manage and perform Nessus and Nmap scans before all production releases and analyze vulnerabilities and report to all stakeholders.
- Experience with the NIST 800-82, 800-53, C2M2 and CSF Frameworks and taking their tenants, putting together an implementation plan, and applying them to real world situations and practices.
- Experience configuring and deploying modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM.
- Working knowledge of McAfee Nitro SIEM and log management technologies.
- Conducts penetration testing and vulnerability assessment followed by preparation of detailed reports.
- Performs vulnerability assessments and penetration testing using automated tools on web applications.
- Worked on McAfee HIPS product for Get the broadest IPS coverage, Safeguard against malicious threats, Get automatic security updates, Protection around the clock.
- Experience with identity and access management solutions such as LDAP, Active Directory, XAML, SAML and multi factor authentication
- Experience in planning, developing, implementing, monitoring and updating security programs, and advanced technical information security solutions, and sound knowledge in SOX and PCI compliance requirements and understanding of NIST and ISO standards
- Extensive experience in MS PKI, Entrust PKI, cryptography, data security and certificate management systems.
- Proficient with Digicert Trust Protection platform for Digital certificate lifecycle management.
- Experience on provisioning certs to application stores through Digicert.
- Conduct network Vulnerability Assessments using tools to evaluate attack vectors, Identify System Vulnerabilities and develop remediation plans and Security Procedures.
- Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and prioritizing them based on the criticality.
- Experience in supporting Symantec Endpoint Protection 12.1 workstation clients in an enterprise environment. Installation, configuration, and day-to-day management of Symantec Endpoint Protection
- Experience with network monitoring with SIEM Crowd strike and Wireshark, Information Security & Network security configuration and functions.
- Experience in Automated and Manual Penetration Testing, Contractor Assessments, Source Code Review, Controls Assessment. Software Development of Custom Compliance Modules, Attacks, and Exploitation for Nessus and Metasploit.
- Experience with industry recognized SIEM (Security Information and Event Management) solutions such as IBM QRadar, Splunk, and LogRhythm.
- Monthly Reviews carried out over the Vulnerability Assessments and Penetration testing. Raising issues against any High severity vulnerabilities in the Scan reports.
- Antivirus McAfee Virus Scan Enterprise, Symantec Endpoint Protection Suite
- Conducts vulnerability scans and penetration tests to meet PCI requirements.
- Experience in supporting, operation and troubleshooting the problems.
- Written nmap scanner and multithreaded python program to brute-force an ftp server using password file.
- Collected data dumps over TCP (IPv4), UDP, LDAP, HTTP and analyzed log files on UNIX and Linux systems to detect system performance, vulnerability and threat incidents in Client, Server, and Cloud environments.
- Strong grasp of TCP/IP and common Internet fundamentals such as DNS, DHCP, NTP, SMTP, HTTP, etc.
Tools: Kali Linux, Tableau, Lotus Notes, ERP - SAP, Visio, Qlikview, Oracle, Identity and access management
Security Web Applications: TCP/IP OWASP, Nessus, Grabber, Zed Attack, Skipfish Hydra, Firewall, IDS, IPS
Languages and Database: SQL, C++, Visual Basic, Java script, JSON, Python, go, ASP. Powershell, Bash
Networking & Frameworks: DNS, DHCP, UDP, ISO 27001/27002 , SSO, SAML, NAT, PCI-DSS
Continuous Monitoring: Vulnerability Management, Web Application Scanning, Threat Protect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance, Sourcefire, Crowd strike, Rapid7
DLP: Websense, Symantec & McAfee, Crowd strike
End Point Security: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Symantec McAfee Email SecurityGateways GUI & CLI McAfee Network Data Loss Prevention (2 years), McAfee NITRO SIEM - Security Information and Event Management (1 year)SIEM: IBM QRadar security manager, Grfana, LogRhythm, IBM Qradar 7.3.2, Basic knowledge on MacAfee nitro
Event Management: RSA Archer, Blue Coat Proxy, Splunk, NetWitness, LogRhythm, HP Arcsight
PenTest Tools: Metasploit, NMAP, Wireshark and Kali
Security Software: Nessus, Ethereal, NMap, Metasploit, Snort, RSA Authentication
Frameworks: NIST SP 800-171, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS
INFORMATION SECURITY ENGINEER
- Identify shortcomings in our security posture and Assist in investigations related to security events.
- Work with our Red & Purple Teams to respond to identified threats and recommend/implement steps to better secure our systems. Be on the forefront of the industry and news related to it helping Confidential to learn from the mistakes of other companies while helping to identify solutions that will better protect Confidential systems.
- Demonstrated experience in cyber security (Endpoint hardening, advanced email threat detection & remediation, SSO, SAML, Cryptography, etc. Identify opportunities to inform the design of the systems we build within Engineering Security and participate in both the design and development of those systems.
- Working with hardening team protects fleet of production endpoints. Regardless of endpoint, we need countermeasures and visibility that will support the Engineering Security Team’s endpoint hardening initiatives and investigations & will have a broad knowledge of and experience in many security verticals.
- Experience building countermeasures based on the kill chain or ATT&CK Framework & Experience with operating systems internals (Kernels) and hardening (Linux, OS X, Windows)
- Experience with identity and access management solutions such as LDAP, Active Directory, XAML, SAML and multi factor authentication 2fa.
- Working with legal department on MSJ audit, provided security to many Confidential internal critical internet facing application require 2FA using SAML put behind One login.
Sr. information Security analysT
- Executed daily vulnerability assessments, threat assessment, mitigation and reporting activities to safeguard information assets and ensure protection has been put in place on the systems.
- Sound knowledge in Metasploit Framework and Social Engineering.
- Implemented and maintained McAfee Endpoint Encryption system to protect computers.
- Managing endpoint encryption and IT security applications.
- Strong knowledge of identity and authentication management and their architecture, management of PKI infrastructure built on Microsoft and certificate management platforms such as Venafi.
- Conduct Malware analysis and investigate behavioral characteristics of each incident utilizing IDS monitoring tools.
- Worked closely with key members of the Governance, Risk and Compliance (GRC) business for activities related to identity management, compliance, and internal/external audits.
- Performed wireless pen testing using Aircrack-ng and analyzed the network using Wireshark. Found network vulnerabilities using Nexpose and analyzed web application using HP Fortify.
- Use Splunk Enterprise Security to configure correlation search, key indicators and risk scoring framework.
- Experience on vulnerability assessment and penetration testing using various tools like BurpSuite, DirBuster, OWASP ZAP Proxy, NMap, Kali Linux, and Metasploit.
- Working on different tools for static(checkmarx) and dynamic(Netsparker) security code analysis(SAST and DAST).
- Investigate DDoS attacks, Fire-eye, Source-fire, malwares, web sense event that are prone. Connectors are set for the entire IDS/IPS appliance.
- Assessment guidance/standards used; NIST SP 800-30, NIST 800-53, NIST 800-171, ISO27002, ISO27005, to ensure regulatory compliance and proper assessment of risk.
- Develop documentation for new/existing policies and procedures in accordance with Risk Management Framework (RMF), NIST SP 800-30 requirements.
- Malware Analysis - full spectrum analysis of malicious code both dynamically and statically using tools such as Wireshark, RegShot, Process Monitoring tools, and debugging tools such as IDA pro and Olly debugger etc.
- Responsibility for policy configuration for all the McAfee components and the same is deployed to the clients.
- Proficient in Penetration testing based on OWASP Top 10 vulnerabilities like XSS, SQL injection, CSRF, Source code review assessment.
- Utilize Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), McAfee Endpoint Encryption Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tool
- Designed Symantec DLP architecture, implemented Symantec DLP.
- Worked with Symantec DLP upgrades and patches.
- Monitoring and remediating daily security alerts generated by end users with the tools like Intel/McAfee SIEM, Force Points Websense, and Intel/McAfee EPO and also responsible for effectiveness of tools and scans, as well as assessing and tracking risk of exposure.
- Experience on vulnerability assessment and penetration testing using various DAST & SAST tools like BurpSuite, DirBuster, NMap, Nessus, IBM App Scan, Kali Linux etc .
- Design ePO Reports based on customer requirements.
- Used Digicert Software to secure and protect cryptographic keys and digital certificates.
Information Security analysT
- Designing architecture, implementation and Troubleshooting Cyber Security solutions like Mcafee, HP ARC SIGHT SIEM, IBM Q Radar and Splunk Solution
- Conducted onsite penetration tests from an insider threat perspective.
- Migration of Data Center and Perimeter Security technologies to Cloud security Technologies
- Designing architecture, implementation and Troubleshooting Vulnerability Assessment and Penetration testing solutions using Nessus, Nmap and Qualys.
- Expertise in development of Information Security Programs based on frameworks such as NIST 800-16, NIST 800-50, NIST 800 -53, ISO 27002, COBIT 5.0, FFIEC, GLBA, SOX, PCI & PII with IT Risk drivers KPI's and KRI's to ensure Financial regulatory compliance and data security.
- Developed various functions including identifying, protecting, detecting, responding and recovering for performing concurrent and continuous operation of dynamic security risk.
- Performed host, network, and web application penetration tests.
- Analyzes and assesses vulnerabilities in the infrastructure (software, hardware, networks).
- Investigates available tools and countermeasures to remedy the detected vulnerabilities and recommends solutions and best practices.
- Review and updated System Security Plan (NIST SP 800-18), Risk Assessment (NIST SP 800-30), and Security Assessment Report (NIST SP 800-53A).
- Experience with Carbon Black endpoint security platform detecting malicious behavior and prevents malicious files, Anti-Malware defense.
- Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, Solutionary, LogRhythm, SCCM, Altiris, LanDesk, BigFix, McAfee/Symantec.
- Responsible for monitoring and, providing analysis in a 24x7x365 Security Operation Center (SOC) using various SIEM, IDS/IPS tools.
- Experience configuring and deploying McAfee modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM.
- Analysis of Offenses created based on vulnerability management tools such as: Rapid7
- Design, develop and implement penetration tools and tests and also use existing ones to handle penetration testing activities.
- Participate in Security Assessments of networks, systems and applications.
- Utilized monitoring tools to identify cyber security alerts of active threats, intrusions, and compromises.
- Generated user access reports from Mainframe, Servers, Databases, job schedulers, code migrators, TFS, Active Directories (AD) using SQL, Oracle, PowerShell, Cherwell tickets etc. including writing, and testing codes.
- Configuring Dashboards, Reports, Notifications and Real time alerts in McAfee Nitro SIEM.
- Troubleshoot and resolve computer/network issues by providing both on-site and remote support.
- Installation, Configuration and Administration of Web Servers (IIS and Apache)
- Coordinated meetings with application data owners, security admins, report generators, and developers to verify data accuracy, identify security gaps, vulnerabilities, and authorizing controls in their production applications.
- Performing Internal audits to ensure IT Compliance. management console also supporting day to day security operation function by managing NitroSecurity (McAfee Acquired) SIEM
- Information protection solutions including Monitoring, DLP and Security Auditing solutions from Symantec and McAfee.
- Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce the risk of vulnerability to IT assets.
- Responsible for testing vulnerability updates for all releases and patches of IBM QRadar SIEM.
- Integration of IDS/IPS to SIEM and analyze the logs to filter out False positives and add False negatives in to IDS/IPS rule set.
- Developed knowledge pertaining to Information security standards (NIST, ISO) related to information security and privacy practices (HIPAA, SSA, PCI, SOX) and effectively transferred knowledge to team members.
- Working as part of the IT Compliance team and managing IT Security
- Tested and performed vulnerability analysis (VA) for the client through Nessus & Qualys Guard Scan and McAfee Found stone. Also maintain endpoint protection system.
- Analyzed credit card number disclosure events via McAfee DLP.
- In depth knowledge of TCP/IP, IEEE 802.11, wireless, & routing protocols
- Administering multi Server windows LAN, WAN.