SUMMARY

• Experienced Professional with over 5+ years of experience as an IT Security Professional in IT Infrastructure, Information Security, and Cyber Security.
• Working knowledge of Tripwire Enterprise Console, Tripwire Log center, IP360.
• Experience with Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, Nessus, NMAP, SIEM, Splunk, ArcSight, Rapid7, Routers, Switches, LAN/WAN, TCP/IP protocols, VMware, Endpoint Security, Cloud Security.
• Implementing and supporting several of the following McAfee products: ePO, VSE, ENS, DLPe, HIPS
• McAfee Engineer on proof of concept / pilot of Device Control in McAfee Data Loss Prevention (DLP), McAfee Move.
• Develop McAfee related SOPs (standard operating procedures).
• Building, Deployment, Configuration, Management of SPLUNK Cloud instances in a distributed environment which spread across different application environments belonging to multiple lines of business.
• Provided real time intrusion detection host - based monitoring services using Symantec End point.
• Deployed in the cloud and on-premises using Amazon Web Services (AWS) and Single- Server Support.
• Configured and deployed Symantec HIDS on Windows Server 2008 and 2012 and desktops.
• Experienced with Symantec DLP Policies (DLP templates) compliance and regulation standards such as SOX, PCI, and HIPAA.
• Installed and maintained security infrastructure, including IPS, IDS, log management, and security assessment systems. Assessed threats, risks, and vulnerabilities from emerging Security issues.
• Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level.
• Designed Symantec DLP architecture, implemented Symantec DLP.
• Worked with Symantec DLP upgrades and patches.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Configuration and maintenance of SIM/SIEMS tool - QRadar, Splunk & Arcsight.
• Trouble shoot various appliances on the SIEM platform via various Linux commands and Knowledge of capacity planning and linux performance.
• Hands on experience of risk assessment, change management, incident management, third party risk assessment, access control methods.
• Extensive work with Microsoft Exchange & Active Directory.
• Industry Experience with SOC and 24/7 operations.
• Strong knowledge of PKI concepts, patterns and practices.
• Lead the definition and implementation of POCs around PKI and other certificate related technologies
• Experience in packet analysis and reverse engineering.
• Deep understanding with software and security architectures as well as Intranet and Extranet security practices.
• Penetration Testing: Conduct manual security assessments on web applications, perimeter networks, and internal networks and identify critical vulnerabilities to discuss with information technology teams to understand the risk, resulting in speedy remediation.
• Understand PKI and SSL key management.
• Strong decision-making skills: ability to make decisions, follow through on key tasks, and know when to include others/resources to reach informed decision
• Hands on skills includes end-to-end security management (security aspects in all stages of product development) and end-to-end product development (from functional design of the system to testing and deployment).

TECHNICAL SKILLS

Security Software: Nessus, Tripwire, Ethereal, NMap, Metasploit, Snort, BASE.

Frameworks: NIST SP 800-171, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS.

Security Tools: Symantec DLP, McAffe EPO, IBM Qradar, Splunk

Qualys Continuous Monitoring: Vulnerability Management, Web Application Scanning, Threat Protect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance.

Event Management: RSA Archer, Blue Coat Proxy, Splunk

Penetration Test Tools: Metasploit, NMAP, Wireshark and Khali

Frameworks: NIST SP 800-171, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS

Security: McAfee EPO, Symantec DLP, LogRhythm, Tanium, Tripwire, IP 360 and Qualys.

Firewalls: Check Point, ISA 2004/2006, Palo Alto PA 3000/5000

Operating Systems: Windows, NT, Windows 98/XP/ 2000/2003/2007 , MS-DOS, Linux, MAC

PROFESSIONAL EXPERIENCE

Sr. Information Security Analyst

Confidential - Minneapolis, MN

Responsibilities:

• Configuring, implementing, troubleshooting and maintaining all security platforms including Tripwire security application, IP 360 and their associated software, such as routers, switches, firewalls, intrusion detection/intrusion prevention, anti-virus, and SIEM.
• Optimized Tripwire to capture data and events, filter out unneeded items, and configure tripwire application itself to run efficiently.
• Documented Tripwire operations, configurations, and changes.
• Configured and reviewed Tripwire to filter out, confirm, and/or identify false positives.
• Patched and tested new and old versions of Tripwire.
• Involved in Security Operation, Vulnerability and Risk Assessment, alerting report generation and analysis with various security tools (Splunk, McAfee ePO, Symantec DLP, Imperva, Sourcefire (IDS/IPS), FireEye. Bluecoat Proxy, etc
• Responsible for capturing security and privacy requirements for clients to be compliant with Payment Card Industry (PCI)
• Administration of Splunk (SIEM), ARCOS (Privilege Identity Management), DLP (Symantec), Imperva WAF tools.
• Experienced with, DLP, Bluecoat websense, Proofpoint, Trend Micro, Nexpose (Rapid7) and Splunk Enterprise SIEM security tools to monitor network environment
• Assisted engineers with Splunk troubleshooting and deployment.
• DLP Profile deployment report for detecting servers and Update DLP policies - Incident Analysis
• Excellent Understanding of upgrade SIEM (ESM, ELM, Receivers)
• Versatile and adaptable team player with strong analytical and problem solving skills.
• Ability to initiate things and the power to grasp business operations and concepts instantly.
• Performing periodic vulnerability testing and assisting in remediation efforts.
• Responsible for installing, deploying, and tuning the DLP solution for the enterprise to include Endpoint and Network DLP solution.
• Administer Controls & Permissions to files using PowerShell commands through SCCM.
• Update Systems to NIST - 800 Series Security Compliance Standards.
• Utilize ArcSight SIEM to monitor and investigate security-related incidents
• Support ongoing incidents from non-CIRT organizations related to cyber security
• Engineering, configuring and deploying Enterprise SIEM/SEM solutions.
• Manage Splunk (SIEM) configuration files like inputs, props, transforms, and lookups. Upgrading the Splunk Enterprise and security patching.
• Initiated projects to create disaster recovery plans for identified gaps.
• Established disaster recovery plan testing and auditing cadence.
• Create policies, alerts and configure using SIEM tools (Splunk)
• Monitor and investigate security incidents and alerts with arc sight, FireEye, Palo Alto, Source Fire and McAfee EPO.
• Use of smartcard management system to perform PKI certificate issuance, certificate updates, certificate revocation and restoration, smartcard distribution and smartcard status updates.
• Manage certificates within a private Enterprise-wide PKI.
• Revocation and Suspension of PKI certificates on NIPRNet and/or SIPRNet (CRLs and OCSP).
• Identified, documented and investigated suspicious events in intrusion detection systems (IDS) and SIEM tools.
• Plan, deploy, modify and update IDS/IPS systems for the entire network.
• Well versed in working within PCI and HIPAA regulated networks.
• Provided onsite Symantec DLP technical service and support to a large enterprise customer base.
• Experience in supporting Symantec Endpoint Protection 12.1 workstation clients in an enterprise environment. Installation, configuration, and day-to-day management of Symantec Endpoint Protection
• Installed and maintained security infrastructure, including IPS, IDS, log management, and security assessment systems. Assessed threats, risks, and vulnerabilities from emerging Security issues.
• Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level.
• Designed Symantec DLP architecture, implemented Symantec DLP.
• Worked with Symantec DLP upgrades and patches.
• Monitoring and analyzing network traffic, Intrusion Detection Systems (IDS) and Instruction Prevention Systems (IPS), security events and logs.
• Analyzed threats to corporate networks by utilizing SIEM products (Arcsight and LogRhythm) to assess the impact on client environments.
• Provided leadership in architecture and implementing security solutions towards Qualys and SIEM tools like Arcsight, Solutionary and LogRhythm.
• Incident handler for the CIRT, including log analysis, forensics, and malware investigation
• SOC and/or CIRT operational experience
• Updating antivirus (MacAfee) policies to protect against individual threats based on specific intelligence in coordination with other teams e.g. CIRT and Threat Intelligence.
• Monitoring of events from Data Loss Prevention (DLP) and other information security tools and determined appropriate next steps using knowledge of Corning businesses or processes.
• Utilized Security Information and Event Management (SIEM), Data Leakage Prevention (DLP), Intrusion Detection and Prevention (IDS / IPS), forensics, sniffers and malware analysis tools.
• Worked in Security Incident and Event Monitoring SIEM platform - IBM Qradar, and Splunk.
• Participated on PCI audits.
• Policy and Rule Management in Symantec DLP.
• Experience with Symantec Vontu DLP product
• Experience with deployment of Symantec DLP- Endpoint Prevent, Network Prevent for Email, and Network Prevent for Web, Network Discover, and ITA

Cyber Security Analyst

Confidential, Princeton, New Jersey

Responsibilities:

• Experience in Security Incident handling SIEM using RSA Envision and IBM Qradar products.
• Security incidents to provide management oversight to the incident process.
• Supported Continuity of Operations planning, and plan for IP360 backup and recovery.
• Perform tuning of the Security Incident and Event Manager (SIEM) filters and correlations to continuously improve monitoring.
• Responsible for working with Endpoint Management team to manage software deployment to PCs using tools such as 2008/2012 Active Directory, Microsoft WSUS patching, Anti-virus and endpoint protection using McAfee ePO. Creation and management of PC Build Images WinXP and Win7, and application for PCI security policies.
• Expert Understanding to develop the complex Use Cases, Universal device support Modules on the QRadar SIEM. Expert in installing and configuring Splunk forwarders on Linux, UNIX and Windows.
• Expert in installing and using Splunk apps for UNIX and Linux (Splunk nix).
• Experience with deployment of Symantec DLP- Endpoint Prevent, Network Prevent for Email, and Network Prevent for Web, Network Discover, and ITA. In-depth experience with Symantec DLP in an enterprise environment. Experience with architecting Symantec DLP Platforms. Experience analyzing Symantec DLP events and reports. Experience tuning Symantec DLP to reduce false positives and improving detection rates.
• Administer Patching and Compliance systems using SCCM.
• Provided penetration testing for PCI, SOX, HIPAA, and compliance with ISO 27000.
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies.
• Network and host DLP monitoring and logging
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Monitoring and remediating daily security alerts generated by end users with the tools like Intel/McAfee SIEM, Forcepoint’s Websense, and Intel/McAfee EPO 5.X and also responsible for effectiveness of tools and scans, as well as assessing and tracking risk of exposure.
• Manage Splunk(SIEM) configuration files like input, props, transforms etc.
• Upgrading the Splunk(SIEM) Enterprise and security patching.
• Well versed in both remote and on-site user Splunk (SIEM) Support
• Centralizing the storage and interpretation of logs using Splunk(SIEM) System
• Worked to develop CIRT within organization to handle a potential future breach instance.
• Vulnerability Management: Configured Qualys Guard Tool for Vulnerability Analysis of Devices and Applications. Monitored them constantly through the dashboard by running the reports all the time.
• Installed, Configured Symantec End Point Protection on laptops used for remote connectivity
• Familiarity with security and testing tools such as Burp Suite, Nmap, Zenmap, OpenVAS, Nessus
• Used remediation techniques for all collected vulnerabilities and if it is very high severe vulnerability
• Maintains network performance by performing network monitoring and analysis, and performance tuning, troubleshooting network problems. Skilled using Burp Suite, NMAP, Qualys guard, Nessus.
• Implemented essential changes to enhance reporting, communications, and work flow related to VM and patching teams.
• Provide Approvals for Software/Application Installations, Site review for web access, McAfee EPO exceptions, and Vulnerability exceptions
• Provided leadership in architecting and implementing security solutions towards SIEM tools like Splunk.
• Prepared, arranged and tested Splunk search strings and operational strings. Created and configure management reports and dashboards
• Splunk Engineer/Dashboard Developer responsible for the end-to-end event monitoring infrastructure of business-aligned applications
• Designed and implemented McAfee Data Loss Prevention (DLP) across all end-points. Created policies and keyword dictionary to safeguards intellectual property and ensures compliance by protecting sensitive data.
• Develop procedures and conduct the monthly patch cycle to keep the Microsoft patch revisions current.
• Assisted in upgrading 5 McAfee ePO servers from ePO 5.1.1 to ePO 5.3.1
• Expertise in the utilization, configuration, and implementation of industry capabilities including web content filters, email security capabilities, IDS, IPS, Host Based Security System (HBSS), SEIM security practices

Cyber Security Analyst

Confidential, Dublin, OH

Responsibilities:

• Manage the Security Incident and Event Management (SIEM) infrastructure
• Collaborate across the entire organization to bring Splunk access to product and technical teams to get the right solution delivered and drive future innovation gathered from customer input.
• Design, Deploy, support and maintain Splunk cluster infrastructure in a highly available, geo-redundant configuration Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the firm's enterprise security platforms
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Analyze network traffic and various log data and open source information to determine the threat against the network required response, containment, investigation, and remediation.
• Responsible for incident response, tuning, system administration, operations and maintenance of the Security Incident and Event Management (SIEM) system
• Experience with deployment of Symantec DLP- Endpoint Prevent, Network Prevent for Email, and Network Prevent for Web, Network Discover, and ITA. In-depth experience with Symantec DLP in an enterprise environment. Experience with architecting Symantec DLP Platforms. Experience analysing Symantec DLP events and reports. Experience tuning Symantec DLP to reduce false positives and improving detection rates
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies.
• Network and host DLP monitoring and logging
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies
• Responsible for DLP Policy creation, testing and implementation to protect client data. information leakage
• Created Standard operating procedures for DLP SMTP(Email), HTTP/s(WEB), SharePoint Incident investigation, third party domain whitelisting, DLP Access provisioning and Incident Response
• Automated DLP Incident metrics using splunk. Developed monthly, weekly metrics and dashboards using splunk.
• Proficient in writing splunk queries, dashboards and log analysis
• Cleaned Symantec Anti-Virus Environment and brought previously Unprotected Machines into Compliance with Security Policy.
• Monitor the performance of Splunk via the Splunk Monitoring Console.
• Push configurations and updates to multiple Splunk Enterprise instances via the Splunk Deployment Server
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• • Implemented multiple tools including Symantec DLP, and QRadar SIEM.
• Conceptualize and implement end-user DLP training materials, enterprise-wide encryption system, Symantec Data insight integration, and Symantec DLP/data security environments support.
• Risk analysis and security control gap analysis from information & network security perspective.
• Managing security incidents in the organization, key member of Incident Response Team.
• Utilization and operation of Security software such Splunk, Tanium, McAfee ePO
• Managed day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.

Information Assurance Engineer

Confidential

Responsibilities:

• Testing and implementing customized software templates for various environments and customers.
• Deployed software and tools within enterprise systems and ensuring efficiency and effectiveness of these tools by continuously monitoring and User awareness/training.
• Demonstrated Technical Information Assurance leadership in the planning and implementation of over 300 requirements/safeguards tailored specifically for each Mission purpose and risk assessment.
• Successfully analyzed over 800 security Questionnaire responses and completed ICD 503 documentation within a 45day period in compliance with NIST 800-53 rev 4
• Transferred over 200 Projects within Xacta Risk Management tools to meet stringent deadlines and constraints while ensuring data integrity.
• Subject matter expertise in integrating various Security controls, policies & procedures, Workflow enforcement, Access permissions, reverse engineering business process to facilitate enterprise compliance and efficiencies.
• Development/implementation of automated web-based applications for enterprises.