SUMMARY

• 8+ years of experience in Security operation, Threat, Vulnerability & Risk management, Identity and Access management, testing, upgrading troubleshooting, support and maintenance.
• Experience working in Amazon.com, Ameriprise Financial, E - commerce, Banking, Risk management, Access Control Management, Access Management, SSO, CyberArk and AWS Certified Cloud Practitioner.
• Supported the Security Operations Center (SOC) environment by developing content, creating rules, alerts, and use cases.
• Correlation tools enable monitoring for new attackers by correlating new domain registration with web activity.
• Conducted internal review of unauthorized software installations using Data Forensic Reports via Encase, FTK, Autopsy.
• Identifying unauthorized or malicious domains being visited in the intranet and enabling proxy blocks for such I.P.s and websites.
• Experience with Vulnerability & Compliance Management, Risk Assessment, Intrusion Detection, Intrusion Prevention, Security Incident Management, Incident response planning, Log Analysis, Access Management.
• Incident Review provided analysis workflows that reveal the priority of the incident, incident context, and impact on assets and identities.
• Software source code vulnerability Analysis using Blackduck, Veracode, HP-Fortify

TECHNICAL SKILLS

Programming Languages: Java, Python, Go, .net

Operating Systems: MS-DOS, Windows, Fedora, Ubuntu, Unix, Kali Linux

Scripting Languages: JavaScript, Python, Bash, SQL, Powershell

Security Monitoring Tools: ArcSight, Splunk, QRadar, RSA Envision, RSA NetWitness

Software Vulnerability Analysis: Veracode, HP fortify, BlackDuck Synopsis

Security Tools: Snort IDS, Nmap, Metasploit, Nessus, Wireshark, Ettercap, Tcpdump, Bitlocker, FTK, Autopsy.

Networking: TCP/IP, DHCP, DNS, Cryptography

DataBase: SQL, MySQL

Other tools and Technologies: Netbeans, Eclipse, Apache Server, H.P. Service Manager, OBIEE, VMware Professional

Forensic Tools: FTK, Autopsy, Encase

Firewall: Cisco ASA 5505

DLP: McAfee NDLP, Symantec DLP

PROFESSIONAL EXPERIENCE

Confidential

Information Security Analyst

Responsibilities:

• Build and Manage a toxic combination matrix for Bank application to ensure separation of duties.
• Work with Environment owner for SOX reporting and Risk and tech control’s Audit.
• Manage and report on Access to Banking Systems and performed User Access reviews.
• Managed and created Active Directory Groups, Faceless I.D.s, Mainframe I.D.s, Service accounts through Active directory for Internal systems access and also for Managed file transfer connections to an external vendor.
• Managed Aveska Integrations of Bank applications for Identity and Access management
• Managed CyberArk Access and maintenance of Enterprise passwords.
• Coordinate new Single Sign-On integrations for corporate users to access external Bank Vendor Applications.
• Managed and created Risk and security exceptions in Archer.
• Manage IT Security operations, Access and Identity life cycle, PAM Privileged Access management, OIM design console, provisioning, DE-provisioning, governance, recertification for consumer banking.
• Worked as a Local system administrator managing user access for multiple bank vendor applications.
• Administrate IAM - Oracle Access and Identity management (OIM).
• Served as a security expert on application development, database design, network and platform (operating system) projects, helping project teams comply with enterprise and Technology security policies, industry regulations, and best practices.
• By understanding the business requirements, identify the appropriate security requirements for each project. Developed the security model diagrams for application access.
• Worked with development teams to review application source code for security and operational risks.
• Created detailed security documentation to developers, software engineers and technical personnel when necessary.
• Provided guidance and recommendation to software architects and engineers on how to correct code related security flaws.
• Performed application security assessments and remediation activities as part of the application security program and ensures application teams adhere to the SSDLC Framework.
• Performed vulnerability testing and analysis, code review, static and dynamic code testing.
• Worked with development teams to review application source code for security and operational risks using Blackduck.
• Created detailed security documentation to developers, software engineers and
• Managed audits of vendor security processes, procedures, and compliance controls Analyze application security needs based on the sensitivity or proprietary nature of the data and work with the appropriate teams to develop and execute new or existing security technologies or processes to support the business strategy.
• Supported Audits by gathering and providing evidence on various controls for FFIEC, OFCC, SEC SOX, GLBA and PCI.
• Provided technical expertise, leadership, direction, and prioritization of work to the team members ensuring outstanding service delivery.
• Responsible for the configuration of security controls to ensure the safety of information systems assets and to protect from unauthorized access or intentional destruction.
• Implemented and managed the enforcement of all technical information security policies, procedures, and associated plans based on industry standards, best practices, and legal compliance requirements.
• Assess and document the need for all security configurations or re-configurations and work with appropriate teams to execute them as required.
• Design and implement IT Security policies and frameworks, administrate Security controls for business applications, systems, workflow creation, implement business rules and Infrastructure level access.
• Practical experience of multiple compliance frameworks - ISO 27001, COBIT, ITIL, SOX, IT general security controls, automated application and system security controls, privileged access, file integrity monitoring. security application and operations for Identity and Access Management -(Aveksa), Single Sign-On (CA-Siteminder),
• Manage SSO Projects with Application provisioning/de provisioning, Symantec DLP - Data Loss Prevention solutions, File integrity monitoring with Tripwire.
• Password vault Management (CyberArk), Risk and Security Controls exceptions (Archer), Software Vulnerability Scanning (Veracode), Infrastructure security (Blackduck), Release automation (Nolio).

Confidential

Security Analyst

Responsibilities:

• Maintain overall system health of the SIEM and Smart Connectors and monitor their performance via active channels and dashboards.
• Identification and designing of use cases that address specific enterprise needs for active alert triggering and firing of the Security Events.
• Develop and test new correlation content and use cases using SIEM filters, rules, data monitors, active lists, and session lists to channelize the network flow and proper identification of the incidents and their pattern.
• Creation of reports and trends in the SIEM tool to facilitate the classification and availability of the data being interpreted.
• Efficient application of Packages and SIEM archive utilities to backup and support Manager Deployments.
• Addition and maintenance of SIEM users and permissions.
• Identification and designing of use cases that address specific enterprise needs for useful alert triggering and firing of the Security Events.
• Monitoring the IDS for suspicious network traffic, malicious activity, and potential DDOS attacks.
• Monitoring Phishing activities are targeting different regions (primarily USA) and enforcing the controls for bringing them down.
• Developed Python scripts to automate repetitive tasks.
• Developed Bash scripts to generate alerts.
• Supported the Security Operations Center (SOC) environment by developing content, creating rules, alerts, and use cases. Application security, Intrusion Detection systems IDS, networks (protocols, ports and packets), performed Sever hardening, Security and Vulnerability Assessment, Penetration and Compliance testing with EMC, BMC, Ethereal sniffer, Nmap, MacAfee and Security level testing.
• Developing security alerts used by the SOC, to alert against malware, penetration/intrusion, password locks, brute force.
• Upgrade and Optimize Splunk setup with new discharges. Setup Splunk Forwarders for new application levels brought into Environment.
• Created Situational awareness dashboards to give custom views of Risk per domain, asset, or identity.
• Incident Review provides analysis workflows that reveal the priority of the incident, incident context, and impact on assets and identities.
• Correlation tools enable monitoring for new attackers by correlating new domain registration with web activity.

Confidential

Security Analyst

Responsibilities:

• Monitoring suspicious executable installations on an hourly basis on the host systems through IDS, taking preventive actions, and providing resolutions.
• Tracking the IDS for suspicious network traffic, malicious activity, and potential DDOS attacks.
• Monitoring Phishing activities are targeting different regions (primarily USA) and enforcing the controls for bringing them down.
• Investigating Envision Reports regarding potential security violations and suspicious data uploads.
• Investigating Ad-hoc security issue requests received from the support region.
• Creating alerts and reports as per business requirements and Threat modeling with specific security control requirements.
• Drive complex security-focused deployments of Splunk while working side by side with the admins to solve their unique problems across a variety of use cases.
• Assessing the performance of Splunk Enterprise Security and its various processes using Splunk on Splunk analytics.
• Integrating multiple new devices on the network and related data into Splunk Enterprise Security through forwarder deployment.
• Providing necessary recommendations to the firm to understand their security posture and requirements.
• Investigate and identify events, qualify potential security breaches, raise security incident alerts, and perform technical & management escalation.
• RSA Device Registering in MFA and troubleshooting
• Monitoring RSA User logs and analysing the logs

Confidential

Risk Analyst

Responsibilities:

• Role modifications, creations, according to the business, needs proper documentation.
• Accessed User info system (New user, Roles, Authorizations, User, T-codes) through SUIM regularly.
• Involved in creating mass users, deleting mass users, locking, and unlocking mass users.
• Responsible for day to day technical support and resolution of security issues.
• Resolve user’s daily problems (lock, unlock, and reinitialize passwords, no access to a transaction).
• Monitoring the online background jobs and resolved the issues if any background job failed.
• Conduct transaction and account reviews to detect fraudulent behavior and abuse, investigate fraud trends and signals, and measure reviewer quality.
• Collaborate with cross-functional partners in Engineering and Product to expose and escalate product vulnerabilities, troubleshoot technical issues, and improve our automated detection systems.