SUMMARY

• Experienced in Vulnerability management and remediation.
• Scanning the network and provide the scan reports to operational teams.
• Mitigate vulnerabilities identified in Security scans.
• Worked on McAfee VSE product for Stop worms, spyware, and viruses, get high - performance security, Lessen damage from outbreaks.
• Manage and perform Nessus and Nmap scans before all production releases and analyze vulnerabilities and report to all stakeholders.
• Experience with the NIST 800-82, 800-53, C2M2 and CSF Frameworks and taking their tenants, putting together an implementation plan, and applying them to real world situations and practices.
• Experience configuring and deploying modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM.
• Working knowledge of McAfee Nitro SIEM and log management technologies.
• Conducts penetration testing and vulnerability assessment followed by preparation of detailed reports.
• Performs vulnerability assessments and penetration testing using automated tools on web applications.
• Worked on McAfee HIPS product for Get the broadest IPS coverage, Safeguard against malicious threats, Get automatic security updates, Protection around the clock.
• Experience with identity and access management solutions such as LDAP, Active Directory, XAML, SAML and multi factor authentication
• Experience in planning, developing, implementing, monitoring and updating security programs, and advanced technical information security solutions, and sound knowledge in SOX and PCI compliance requirements and understanding of NIST and ISO standards
• Extensive experience in MS PKI, Entrust PKI, cryptography, data security and certificate management systems.
• Identifying the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and prioritizing them based on the criticality.
• Experience in supporting Symantec Endpoint Protection 12.1 workstation clients in an enterprise environment. Installation, configuration, and day-to-day management of Symantec Endpoint Protection
• Experience with network monitoring with SIEM IBM QRadar and Wireshark, Information Security & Network security configuration and functions.
• Expert in installing SPLUNK logging application for distributed environment.
• Monthly Reviews carried out over the Vulnerability Assessments and Penetration testing. Raising issues against any High severity vulnerabilities in the Scan reports.
• Antivirus McAfee Virus Scan Enterprise, Symantec Endpoint Protection Suite
• Conducts vulnerability scans and penetration tests to meet PCI requirements.
• Experience in supporting, operation and troubleshooting the problems.
• Written nmap scanner and multithreaded python program to brute-force an ftp server using password file.

TECHNICAL SKILLS

Tools: Kali Linux, Tableau, Lotus Notes, ERP - SAP, Visio, Qlikview, Oracle, Identity and access management

Security Web Applications: TCP/IP OWASP, Nessus, Grabber, Zed Attack, Skipfish Hydra, Firewall, IDS, IPS

Languages and Database: SQL, C++, Visual Basic, Java script, JSON, Python, Bro, ASP.NET MVC, Powershell, PowerBI, STIX

Networking & Frameworks: DNS, DHCP, UDP, ISO 27001/27002 , SSO, SAML, NAT, PCI-DSS

Continuous Monitoring: Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance, Sourcefire, Nexpose, Forcepoint, Rapid7

Cloud Technologies: Amazon Web Services (AWS) SDK, Dynamo DB, Lambda, Elastic Beanstalk

Application Servers: Apache Tomcat, AWS Lambda, AWS Elastic Beanstalk

DLP: Websense, Symantec & McAfee

End Point Security: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Symantec McAfee Email SecurityGateways GUI & CLI McAfee Network Data Loss Prevention (2 years), McAfee NITRO SIEM - Security Information and Event Management (1 year)SIEM: IBM QRadar security manager, Splunk, LogRhythm, IBM Qradar 7.3.2, Basic knowledge on MacAfee nitro

Event Management: RSA Archer, Blue Coat Proxy, Splunk, NetWitness, LogRhythm, HP Arcsight

PenTest Tools: Metasploit, NMAP, Wireshark and Kali

Security Software: Nessus, Ethereal, NMap, Metasploit, Snort, RSA Authentication

Frameworks: NIST SP 800-171, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS

PROFESSIONAL EXPERIENCE

Confidential

INFORMATION SECURITY ENGINEER

Responsibilities:

• Identify shortcomings in our security posture and Assist in investigations related to security events.
• Be on the forefront of the industry and news related to it helping UBER to learn from the mistakes of other companies while helping to identify solutions that will better protect UBER systems.
• Provided Azure Security and Compliance reviews and solutions for government systems to facilitate the secure and compliant use of Azure for government agencies and third-party providers building on behalf of government.
• Algosec Firewall Analyzer, Tufin
• Built proof of concept (POC) for Localization to use AWS for some transcoding workloads. AWS services used were EC2, S3, Lambda, Elastic Transcoder. Second phase would be to add Captions and Digital Rights Management (DRM).
• Demonstrated experience in cyber security (Endpoint hardening, advanced email threat detection & remediation, SSO, SAML, Cryptography, etc. Identify opportunities to inform the design of the systems we build within Engineering Security and participate in both the design and development of those systems.
• Provide incident and policy analysis for existing controls and help drive expansion for greater data visibility and loss prevention technologies in the information security environment.
• Working with hardening team protects fleet of production endpoints. Regardless of endpoint, we need countermeasures and visibility that will support the Engineering Security Team’s endpoint hardening initiatives and investigations & will have a broad knowledge of and experience in many security verticals.
• Experience building countermeasures based on the kill chain or ATT&CK Framework & Experience with operating systems internals (Kernels) and hardening (Linux, OS X, Windows)
• Used GZIP with AWS Cloud front to forward compressed files to destination node /instances.
• Experience with identity and access management solutions such as LDAP, Active Directory, XAML, SAML and multi factor authentication 2fa.
• Checkpoint Firewall Provider-1/SmartConsole, MobileIron Mobile Device Management, Remedy, Assyst, and ServiceNow Ticketing System, RSA VPN Authentication, Sourcefire IDS/IPS, Tipping Point IPDS and SMS Management server systems, Bluecoat Web Protection, BackBox Database Utility, Tufin report system, Cisco ASA/PIX site-to-Site VPN, Log Management, and Log Analysi
• Deployed the following Azure services to enable IT Security and IT Operations to move applications into the Azure cloud environment by allowing for monitoring and alerting: Azure Operations Management Suite (OMS), Service Map, Network Watcher, and Wire Data
• AWS CLI Auto Scaling and Cloud Watch Monitoring creation and update
• Working with legal department on MSJ audit, provided security to many uber internal critical internet facing application require 2FA using SAML put behind One login.

Confidential - Syracuse, NY

Sr. information Security analysT

Responsibilities:

• Executed daily vulnerability assessments, threat assessment, mitigation and reporting activities to safeguard information assets and ensure protection has been put in place on the systems.
• Gather testing tools and methodologies and perform step by step Penetration testing by enumerating information.
• Vulnerability assessment and penetration testing VAPT including Physical VAPT.
• Sound knowledge in Metasploit Framework and Social Engineering.
• Perform Digital forensics and Incident Response (IR) using tools Autopsy, Magnet, Stinger, etc. 28 DOL agencies
• Worked on AWS designing and followed Info security compliance related guidelines.
• Conduct internal and external security audits based on standard cybersecurity frameworks from ISO 27002, COBIT, NIST, OWASP and Cloud Security Alliance
• Using Google’s proprietary tools to perform Static and Dynamic analysis of the application (SAST and DAST)
• Experienced with DLP, Bluecoat websense, Proofpoint, Trend Micro, and IBM QRadar Enterprise SIEM security tools to monitor network environment
• New OT network environments, as well as working with vendors to improve their network and application designs to better suit our needs.
• Configured AWS Identity Access Management (IAM) Group and users for improved login authentication.
• Implemented and maintained McAfee Endpoint Encryption system to protect computers.
• Managing endpoint encryption and IT security applications.
• Managed Cyber Security threats through prevention, detection, response, escalation and reporting in effort to protect Enterprise IT Assets through Computer Security Incident Response Team (CSIRT).
• Responsibilities for CSIRT included SIEM, Context Filtering, Web Security, Incident Tracking, IPS/IDS and Malware Analysis.
• Strong knowledge of identity and authentication management and their architecture, management of PKI infrastructure built on Microsoft and certificate management platforms such as Venafi.
• Conduct Malware analysis and investigate behavioral characteristics of each incident utilizing IDS monitoring tools.
• Worked closely with key members of the Governance, Risk and Compliance (GRC) business for activities related to identity management, compliance, and internal/external audits.
• Performed wireless pen testing using Aircrack-ng and analyzed the network using Wireshark. Found network vulnerabilities using Nexpose and analyzed web application using HP Fortify.
• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
• Ensure IT and OT (ICS / SCADA) Systems are configured in accordance with NIST SP 800-53, SP 800-82 and the Risk Management Framework. Provide input to system owners on remediating deficiencies.
• Performed real-time proactive Security monitoring and reporting on various Security enforcement systems, such as Splunk (SIEM), Anti-virus, Carbon Black, Malware Analysis, Firewalls, IDS& IPS, Web Security etc.
• Experience in supporting Symantec Endpoint Protection 12.1 workstation clients in an enterprise environment. Installation, configuration, and day-to-day management of Symantec Endpoint Protection.
• Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level.
• Use Splunk Enterprise Security to configure correlation search, key indicators and risk scoring framework.
• Experience on vulnerability assessment and penetration testing using various tools like BurpSuite, DirBuster, OWASP ZAP Proxy, NMap, Kali Linux, and Metasploit.
• Provide expertise with incident response, security event monitoring, vulnerability management, asset security compliance and data loss prevention utilizing McAfee Nitro (SIEM), McAfee ePO, McAfee DLP.
• Working on different tools for static(checkmarx) and dynamic(Netsparker) security code analysis(SAST and DAST).
• Investigate DDoS attacks, Fire-eye, Source-fire, malwares, web sense event that are prone. Connectors are set for the entire IDS/IPS appliance.
• Assessment guidance/standards used; NIST SP 800-30, NIST 800-53, NIST 800-171, ISO27002, ISO27005, to ensure regulatory compliance and proper assessment of risk.
• Develop documentation for new/existing policies and procedures in accordance with Risk Management Framework (RMF), NIST SP 800-30 requirements.
• Malware Analysis - full spectrum analysis of malicious code both dynamically and statically using tools such as Wireshark, RegShot, Process Monitoring tools, and debugging tools such as IDA pro and Olly debugger etc.
• Experienced in working with Splunk authentication and permissions and having significant experience in supporting large scale Splunk deployments

Confidential

Information Security analysT

Responsibilities:

• Designing architecture, implementation and Troubleshooting Cyber Security solutions like Mcafee, HP ARC SIGHT SIEM, IBM Q Radar and Splunk Solution
• Conducted onsite penetration tests from an insider threat perspective.
• Migration of Data Center and Perimeter Security technologies to Cloud security Technologies
• Designing architecture, implementation and Troubleshooting Vulnerability Assessment and Penetration testing solutions using Nessus, Nmap and Qualys.
• Perform daily DLP Incident monitoring, analysis and reporting, solution checks, client interaction, and day-to-day DLP operations.
• Support IT teams based on latest risks and possible remediation. Involved in integration of Splunk with Service Now, Active directory and LDAP authentication
• Experience with Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, HIPS/HIDS, Nessus, NMAP, SIEM, Splunk, Rapid7 Nexpose and InsightVM, WAF, routers, switches, VMware, Endpoint Security, Cloud Security, Symantec Endpoint Protection.
• Lead the deployment, installation, and configuration of Symantec DLP, as well as Enforce, Network Monitor, Network Discover, Web Prevent, Email Prevent, and Endpoint Agent.
• Expertise in development of Information Security Programs based on frameworks such as NIST 800-16, NIST 800-50, NIST 800 -53, ISO 27002, COBIT 5.0, FFIEC, GLBA, SOX, PCI & PII with IT Risk drivers KPI's and KRI's to ensure Financial regulatory compliance and data security.
• Providing proper remedy to fix vulnerability in the client network after analysing security incident queries alerted by ArcSight Performing Vulnerability Assessments and taking the required counter actions and measurements to ensure the security of the IT infrastructure / systems.
• Developed various functions including identifying, protecting, detecting, responding and recovering for performing concurrent and continuous operation of dynamic security risk.
• Performed host, network, and web application penetration tests.
• Analyzes and assesses vulnerabilities in the infrastructure (software, hardware, networks).
• Investigates available tools and countermeasures to remedy the detected vulnerabilities and recommends solutions and best practices.
• Review and updated System Security Plan (NIST SP 800-18), Risk Assessment (NIST SP 800-30), and Security Assessment Report (NIST SP 800-53A).
• Experience with Carbon Black endpoint security platform detecting malicious behavior and prevents malicious files, Anti-Malware defense.
• Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, Solutionary, LogRhythm, SCCM, Altiris, LanDesk, BigFix, McAfee/Symantec.
• Responsible for monitoring and, providing analysis in a 24x7x365 Security Operation Center (SOC) using various SIEM, IDS/IPS tools.
• Experience configuring and deploying McAfee modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM.
• Administered Venafi PKI as part of a team.
• Analysis of Offenses created based on vulnerability management tools such as: Rapid7
• Developed Black Box Security test environments & conducted tests as part of team for precautionary measures.
• Developed approaches for industry-specific threat analyses, application-specific penetration tests and the generation of vulnerability reports.
• Tests for compliance with security policies and procedures. May assist in the creation, implementation, and/or management of security solutions.
• Create, modify and tune the McAfee Nitro SIEM rules to adjust the specifications of alerts and incidents

Confidential

SECURITY ANALYST

Responsibilities:

• Generated user access reports from Mainframe, Servers, Databases, job schedulers, code migrators, TFS, Active Directories (AD) using SQL, Oracle, PowerShell, Cherwell tickets etc. including writing, and testing codes.
• Configuring Dashboards, Reports, Notifications and Real time alerts in McAfee Nitro SIEM.
• Troubleshoot and resolve computer/network issues by providing both on-site and remote support.
• Installation, Configuration and Administration of Web Servers (IIS and Apache)
• Coordinated meetings with application data owners, security admins, report generators, and developers to verify data accuracy, identify security gaps, vulnerabilities, and authorizing controls in their production applications.
• Performing Internal audits to ensure IT Compliance.
• Experienced with tools like Metasploit/Qualys/Network forensics technologies management console also supporting day to day security operation function by managing NitroSecurity (McAfee Acquired) SIEM
• Information protection solutions including Monitoring, DLP and Security Auditing solutions from Symantec and McAfee.
• Managing SIEM - Net forensics, its prevention controls, Penetration testing
• Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce the risk of vulnerability to IT assets.
• Responsible for testing vulnerability updates for all releases and patches of IBM QRadar SIEM.
• Integration of IDS/IPS to SIEM and analyze the logs to filter out False positives and add False negatives in to IDS/IPS rule set.
• Developed knowledge pertaining to Information security standards (NIST, ISO) related to information security and privacy practices (HIPAA, SSA, PCI, SOX) and effectively transferred knowledge to team members.
• Working as part of the IT Compliance team and managing IT Security
• Tested and performed vulnerability analysis (VA) for the client through Nessus & Qualys Guard Scan and McAfee Found stone. Also maintain endpoint protection system.
• Analyzed credit card number disclosure events via McAfee DLP.
• In depth knowledge of TCP/IP, IEEE 802.11, wireless, & routing protocols
• Administering multi Server windows LAN, WAN.