SUMMARY

• Cyber security engineer with over 6+ years of IT experience, with a comprehensive knowledge of computer Information Systems Security, System Administration and Network Operations Extensive knowledge in the areas of system security, DLP, vulnerability scanning, penetration testing, risk assessment and cyber security analysis. Experience in project coordination and system implementation
• Experienced Professional with over 6+ years of experience as an IT Security Professional in IT Infrastructure, Risk security, Information Security, and Cyber Security.
• Information - security expert with a diverse technical background in enterprise networking, server infrastructure, database technologies, and system security.
• Experienced with Symantec DLP Policies (DLP templates) compliance and regulation standards such as SOX, PCI, and HIPAA.
• Hands on Experience with Security frameworks such as NIST, HIPAA
• Experience with NIST SP 800-53A and NIST SP 800-30.
• Experience in configuration management and policy implementation.
• Experience in vulnerability scanning g with relevant tools e.g., Nessus, HPE Fortify for SCA (Static Code Analysis) and WebInspect, and Rapid 7 Nexpose.
• Experience in managing Network infrastructure security using HPE ArcSight ESM/ Splunk for monitoring and classifying and responding to incidents and threats.
• Strong knowledge of risk management and computer forensic tools, technologies, and methods. Experienced in IT security design and implementation with a solid understanding of disaster recovery, intrusion detection systems (IDS), intrusion protection systems (IPS), and web application firewalls (WAF). Analytical problem solver adept at managing network changes and troubleshooting network issues to ensure maximum up time.
• Experience in in OSINT and TECHINT reconnaissance.
• Generated notification based on different templates on record content values using RSA Archer.
• Supports to generate all kinds of reports and extensively used in the workspace dashboards using RSA Archer and Forcepoint.
• Tracks all the incidents happened in all the stores and used for recovery and settlements using RSA Archer.
• Daily Data feeds to have up to date locations information of all the stores using RSA Archer.
• Leveraged Amazon Web Services through AWS console and API Integration.
• Experience with SOC and all time operations.

TECHNICAL SKILLS

Qualys Continuous Monitoring: Vulnerability Management, Qualys, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance.

Event Management: Splunk, Qradar, ArcSight

PenTest Tools: Metasploit, NMAP, Wireshark

Security Technologies: Symantec DLP, McAffe EPO, Qradar, Splunk

Security: McAfee epo, Symantec DLP, Sorecefire IDS, LogRhythm, Tanium

Firewalls: Check Point, Palo Alto PA 3000/5000

Operating Systems: Windows, NT, Windows 98/XP/ 2000/2003/2007 , MS-DOS, Linux

PROFESSIONAL EXPERIENCE

Confidential

Information Security Engineer

Responsibilities:

• Working with DLP, Bluecoat websense, Proofpoint, Trend Micro, and IBM QRadar Enterprise SIEM security tools to monitor network environment.
• Produce efficient DLP policies to ensure necessary in/outbound emails are logged.
• Ensuring Symantec DLP policies are in place and scanning the environments for incidents.
• Performed tuning of Symantec DLP to reduce false positives and improving detection rates.
• Created IBM QRadar dashboards for investigations
• Perform QRadar product support and implementation
• Automated the centralized detection of security vulnerabilities with scripts for Vulnerability assessment tools like ArcSight and Splunk.
• Designed Symantec DLP architecture, implemented Symantec DLP.
• Worked with Symantec DLP upgrades and patches.
• Implementation with NIST SP 800-53A and NIST SP 800-30.
• Perform vulnerability scans using Nessus and prepare reports.
• Monitor client environment using Security Event and Information Management (SIEM) IBM QRadar technology to centralize the storage and interpretation of logs; collect data into a central repository for trend analysis and provide automated reporting for compliance and centralized reporting, which provides more situational awareness and real-time analysis of security alerts.
• Coordinate and conduct event collection, log management, event management, compliances automation, and identity monitoring activities using SIEM platform.
• Perform research, analyze and understand log sources utilized for security monitoring focusing networking devices.
• Develop, implement, and execute standard procedures for administration, content management, change management, version/patch management, and lifecycle management of the SIEM.
• Responsible for monitoring and, providing analysis in a 24x7x365 using various SIEM, IDS/IPS tools.
• Schedule scans on Symantec and reviewing results and quarantine risk data
• Perform technical analysis on data de-identification tools.
• Recommended and configure Correlation rules and email alerts and reports and dashboards in QRadar Environment.
• Investigated emails using various tools such as Email Protection Systems, Malware Sandboxes, and Anti-Virus Engines.

Confidential

Cyber Security Analyst

Responsibilities:

• Managed DLP solution which included configuring and fine tuning DLP filters. Took action on alerts generated off of DLP.
• Creates and implements new insider threat processes as appropriate
• Configures Smart Connectors on ArcSight Connector Appliance.
• Configuring and administering Arcsight loggers, ESM, and database systems.
• Used ArcSight Loggers/ESM on daily basis to investigate security alerts
• Processes vulnerability and threat data from a variety of internal and external sources to provide actionable intelligence to internal consumers.
• Create and implement Splunk Enterprise Security use cases for the Insider Threat team.
• Monitor network traffic off of QRadar SIEM and Sourcefire IDS tools for any suspicious activity.
• SIEM: Building software & application to enhance SOC operations and cohere Threat Intel interactions. Creating custom data visualization tools to interpret data correlated from event logs. Designing & implementing security content/use-cases on SIEMs, utilizing various event log sources. Delivering solutions, maintenance and support to currently deployed SIEM engines.
• Performed information security incident response and incident handling based on Working with multiple clients on Real time threat management using SIEM and solutions. Categorization and in accordance with established procedures
• Understanding and evaluating the cyber threat landscape, and assess what threats are most relevant to respective client
• Supplying actionable recommendations to other teams within the Cyber Security Center, to bolster cyber security efforts
• Managing indexes and cluster indexes, Splunk web framework, data model and pivot tables.
• Performed troubleshooting and/or configuration changes to resolve Splunk integration issues.
• Writing Splunk Queries, Expertise in searching, monitoring, analyzing and visualizing Splunk logs.
• Configured and scheduled Qualys Scanner in QRadar to perform scan on regular intervals
• Vulnerability Management by scanning, mapping and identifying possible security holes using Qualys Guard and Nessus scanner.

Confidential

Information Security Analyst

Responsibilities:

• Performed network and host DLP monitoring and logging
• Information protection solutions including Monitoring, DLP and Security Auditing solutions from Symantec and McAfee.
• Conducted Security Risk Assessment on all new applications, IT Systems or changes to existing IT systems to verify if they satisfy established security baseline before adoption into Corporate Regional offices.
• Conducted Security Risk Assessment on new Vendors and annual Vendor Risk Assessment.
• Assisted management in authorizing the IT Systems for operation on the basis of whether the residual risk is at an acceptable level or whether additional compensating controls should be implemented.
• Designed processes in Archer using workflows, notifications, and data feeds.
• Assisted teams in the design and development of management reporting and dashboards from the designed solution in Archer.
• Coordinated with system owners and ISSOs across the organization to ensure timely compliance
• Participated in meetings to discuss system boundaries for new or updated systems to help determine information types for categorization purposes. Determined the classification of information systems to aid in selecting appropriate controls for protecting the system.
• Worked with Palo Alto Panorama management tool to manage all Palo Alto firewall and network from central location.
• Configured and troubleshooting DHCP issues on Switches.
• Created of Network diagrams on Visio.
• Install and configure the Qradar SIEM including all its components, local & or remote log collectors.
• Worked on SIEM tool Qradar for reporting and data aggregation

Confidential

Information Security Analyst

Responsibilities:

• Manage daily operational service monitoring activities over of the SOC security infrastructure.
• Daily monitoring of event collection, security intelligence and emerging threat information sources including SIEM, vendors, researchers, websites, newsfeeds and other sources.
• Create new content and manage existing notable events in Splunk Enterprise Security → Worked with Security Operations Centre (SOC) to fine-tune the False-Positives from the existing SIEM Rules.
• Working with Security Operations Center (SOC) to find the existing log gaps and provide a better data analysis to increase the overall security coverage.
• Manage Splunk Enterprise to collect, monitor, and analyze machine data.
• Performed/Assisted in installation, configuration, troubleshooting and maintenance of SIEM Agents, Log Managers/Collectors, and SIEM Central Managers/Aggregators.
• Deploying Splunk; creating Port mirroring/ installing Splunk/ Install Stream Application on Splunk/ Setting up Sys log in Cent OS/ installing Universal Forwarder.
• Used Splunk Enterprise Security for real time monitoring, to prioritize the acts and for rapid investigations. Worked with SIEM team monitoring notable events through Splunk ES.
• Deploy, configure and tune Flow data within SIEM; must also document how such data is to be used during event triage.
• Network Monitoring and security scanning utilizing Nessus Vulnerability scanning.
• Handling SIEM events and response in critical environments (Email Threat Analysis, Web Threat Analysis, Malware Analysis, etc.).
• Analyze multiple network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine and apply proper remediation actions and escalation paths for each incident.
• Actively monitored and responded to activity impacting various enterprise endpoints facilitating network communication and data handling (McAfee End Point Security, DLP, Splunk)