SUMMARY

• Experienced Professional as an IT Security Professional in IT Infrastructure, Vulnerability, Risk security, SOC Analyst, SIEM, Information Security, and Cyber Security.
• Completed an individual project where I provided a detailed analysis of a malicious packet capture using tools like Wireshark, Snort, Nessus and Netwitness Investigator
• Knowledge of Computer Networking Basics, SOC Components, OSI model, TCP/IP protocols, Data Backup basics, Information Threats and Attacks.
• Worked on McAfee VSE product for Stop worms, spyware, and viruses, get high - performance security, Lessen damage from outbreaks.
• Knowledge of common cyber security technology tools such as firewalls, IPS/IDS, DLP, CASB, Network access control, DDOS Mitigation, Anti-Malware, Anti-Virus, encryption, and two factor authentication
• Managing Security tools DLP, SIEM, Vulnerability scanner and Penetrations test.
• Conducts vulnerability scans and penetration tests to meet PCI requirements.
• Perform penetration testing for internal network and follow-up end to end with security vendor for the web application PT and make sure that vulnerabilities are addressed
• Experience with various Endpoint tools like McAfee EPO, Carbon Black, BigFix, Symantec EPO (IDS/IPS).
• Knowledgeable of penetration testing, vulnerability assessment, threat hunting, and security program development
• Perform vulnerability scans using Nessus and prepare reports
• Expert at implementing network security, SIEM tools, new concepts, identity management, new security technologies, securing cloud architecture, and new security controls as well as in developing innovative security controls and processes that meet business and executive requirements in order to protect information.
• Experience in Penetration testing - Expertise in detecting various vulnerabilities (including OWASP top 10) comprised over authentication, authorization, input validation, session management, server configuration, cryptography, information leakage areas
• Experience configuring and deploying modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption,
• Solid Understanding of IBM QRadar, NGFW and SDLC
• Worked on SOC department which runs 24*7 days and able to analyse all security incidents
• Have good knowledge over OWASP Top 10 2013 vulnerabilities, SDLC, SANS Top 20 and have broad knowledge and experience in LAN/WAN, Extranet, Internet, Routers etc.
• Extensive knowledge of information security principles and practices, understanding of security protocols, standards and defense in depth.
• Automated the centralized detection of security vulnerabilities with scripts for Vulnerability assessment tools like Qualys guard and Nessus.
• Information protection solutions including Monitoring, DLP and Security Auditing solutions from Symantec.
• Working on Penetration Testing Tools: Maltego, Nessus, Burpsuite, Nexpose,
• Experience with network monitoring with SIEM IBM QRadar and Wireshark, Information Security & Network security configuration and functions.
• Having Strong understanding of DLP Architecture.
• Experience working in Security Operations Center (SOC)
• Vulnerability assessment, penetration testing, Risk assessment, Threat management, Security advisories, compliance audits, IT security assessment.
• Conducted onsite penetration tests from an insider threat perspective.
• Expert in installing SPLUNK logging application for distributed environment.
• Performed host, network, and web application penetration tests.
• Developed approaches for industry-specific threat analyses, application-specific
• Penetration tests and the generation of vulnerability reports.

TECHNICAL SKILLS

Antivirus: McAfee Virus Scan Enterprise, Symantec, Endpoint Protection Suite

DLP: Websense, Symantec & McAfee

End Point Security: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, and Safe boot

IPS/IDS: McAfee IPS, HP Tipping Point, Cisco IDS, Secure Works IDS/IPS

SIEM: RSA Envision, Arc sight, Splunk security manager, IBM QRadar

MSS: Vulnerability Assessment, Content Filter, Antispam, IDS/IPS Management

Vulnerability Management Tools: Foundstone, QualysGuard, Nessus, Nmap, Nexpose, Wireshark

Security Tools: Splunk ES, McAfee Vulnerability management solutions, Burpsuite, OpenVAS, Nessus, Qualys, Solarwinds, Fore Scout

Specialization Governance, Risk & Compliance: GRC Archer, Risk Assessment, Compliance Tracking, Audits- ISO 27001, PCI, NIST, FISMA

Network Security: NIPS/NIDS, Firewall, VPN (IPsec, SSL), DLP

Endpoint Security / Information Security: Antivirus, HIPS, Encryption, HDLP, Malware Analysis, Advance Threat Protection

Content Protection: Email Security, Web Security, Application Security

SIEM Tools: McAfee SIEM, Splunk SIEM, HP Arc sight

Operating Systems: Windows, UNIX, MS-DOS, RHEL, CentOS, Kali Linux

PROFESSIONAL EXPERIENCE

Confidential, Weehawken, NJ

Cyber Security Analyst

Responsibilities:

• Analyses detected vulnerabilities and vendor reported vulnerabilities for applicability, severity, and solutions.
• Experienced with DLP, Bluecoat web sense, Proofpoint, Trend Micro, and IBM QRadar Enterprise SIEM security tools to monitor network environment
• Opened, Assigned and closed the tickets assigned in SOC Security Management Console towards Qualys for various Remediation Process and Patch Management Process.
• Hands on experience with Qualys Guard vulnerability management tool.
• Hands-on Cyber Security Experience.
• Experience on Network scanning and penetration testing using various web application security tools like Metasploit, OWASP ZAP Proxy, Nmap, Nessus
• Used automated Vulnerability assessment tools such as Nessus, Nexpose,
• Knowledge of OWASP top 10 vulnerabilities, network and internet architecture, IDS-IPS.
• Deployed Cisco Fire Sight/Firepower appliance and Cisco ASA Firepower inline.
• Identifying OWASP Top 10 Issues identifications like SQL Injection, CSRF, Insecure Cryptographic Storage, XSS and Invalidated redirects and forwards etc.
• Supporting Agile Teams in Audits.
• Design DLP architecture and handle Third party Risk Assessment and Managed SOX audits
• Ability to conduct penetration testing for well-known technologies and known security flaw concepts (cross site scripting (XSS)
• Hands on Experience on Palo Alto Next Generation Firewalls and Panorama central Management Server, Cisco ASA Firewall, Cisco FWSM, McAfee NSM, Symantec E- mail Gateway, McAfee mail Gateway & Symantec End Point Protection.
• Life-cycle management of security monitoring platforms including SIEM, Vulnerability Scanners, Intrusion Detection/Protection Systems (IDS) / (IPS), firewalls, DLP, CASB, and/or Threat Intelligence tools and processes.
• Regarded for oversight across multiple domains, including Internet web filter, email filter, email encryption appliance, security information and event management (SIEM), vulnerability scanning, DDoS solutions, and patch management solutions
• Created a standard policy and procedure manual for clients that included areas such as password protection, email encryption, smartphone safety, and company compliance.
• DLP console - Data Loss Prevention, CASB (Symantec system) AWS, Azur
• Creating case for the suspicious issue and forwarding it to Onsite SOC team for further investigation.
• Drafted and tested Systems Security Authorization Agreements (SSAA), Certification Test & Evaluation Plans and Procedures (CT&E), and Security Test & Evaluation Plans and Procedures (ST&E) for strategic and tactical Army computer systems and networks.
• Conduct Vulnerability assessment for network using Nessus
• Performed penetration testing and vulnerability management over the enterprise systems to audit the standards to comply with NIST and ISO 2700x standards.
• Provide expertise with incident response, security event monitoring, vulnerability management, asset security compliance and data loss prevention utilizing McAfee Nitro (SIEM), McAfee ePO, McAfee DLP.
• Assisted engineers with IBM QRadar troubleshooting and deployment
• Perform QRadar product support and implementation
• Experience in Waterfall and Agile development processes and integrating secure development practices into both models
• Information protection solutions including Monitoring, DLP and Security Auditing solutions from Symantec and McAfee
• Knowledge of Vulnerability Management and Assessment Process with NESSUS. Used NESSUS for scanning network & host, writing Policies, generating and analysing report.
• Familiar with threats and vulnerabilities, latest trends and risks and be able to understand the technical remediation action steps or plans and communicate them effectively to teams within the organization
• Experience with migrating from McAfee EPO to Carbon Black.
• Learn how to use the IBM AppScan standard, source editions, HP Web Inspect and QualysGuard web application scanners. Also, the security tools Metasploit and Burp Suite were utilized for manual penetration testing.
• Coordinate and conduct event collection, log management, event management, compliances automation, and identity monitoring activities using SIEM platform.
• Mentored security analysts assisting them with analyzing Snort alerts in Splunk, Snorby, and the management interface for the Cisco Firepower appliances.
• Agile development. Capable to run Scrum events and grooming sessions
• Analyzing suspicious web or email files for malicious code discovered through the SOC's own.
• Manage and tune Splunk SIEM and Cisco Firepower IPS
• Created IBM QRadar dashboards for investigations
• Antivirus McAfee Virus Scan Enterprise, Symantec Endpoint Protection Suite
• Worked on identifying the levels of vulnerabilities on applications (High, Medium and Low) inorder to provide overall security posture and prioritize the issues which are based on OWASP Top 10 scores
• Infrastructures, and advanced auditing technologies, as well as exploitation of emerging IPv6 advanced authentication and data security capabilities.
• Performing Vulnerability assessment scan using Nessus Professional for the supported Windows and Linux Servers
• Use Splunk Enterprise Security to configure correlation search, key indicators and risk scoring framework.
• Monitored Security Management Console for Security Operation Centre (SOC) for ensuring confidentiality, Integrity and Availability of Information systems
• Hands on experience in QRadar and MacAfee nitro SIEM.
• Update Nessus Plugin ID As per quarter and create scanning policy as per operating system.
• Experienced in working with Splunk authentication and permissions and having significant experience in supporting large scale Splunk deployments
• Conducted security assessment and penetration testing on organizational network.
• Ensuring all lab Production machines are up to date with respect to windows patches and McAfee updates.
• Symantec DLP and RSA DLP architecture and implementation for enterprise level companies.
• Configured and utilized Firepower IDS/IPS to ensure that corporate systems are secure from unauthorized use, viral infection, and other vulnerabilities that would compromise overall system security.
• Monitor for SOC devices health and availability
• Follow agile development methodology and completion of committed stories in every sprint
• Designed and integrated custom wireless intrusion detection system using Open Source components
• Performed real-time proactive Security monitoring and reporting on various Security enforcement systems, such as IBM QRadar (SIEM), McAfee, Internet content filtering/reporting, malware code prevention HPE Fortify, Firewalls, IDS& IPS, Web Security, Anti-spam and Fire Eye
• Automated the centralized detection of security vulnerabilities with scripts for Vulnerability assessment tools like Qualys guard and Nessus.
• Information protection solutions including Monitoring, DLP and Security Auditing solutions from Symantec.

Confidential

SOC Analyst

Responsibilities:

• The SIEM environment is consisting of one Connector Server (Linux) with software based smart connectors installed, two Logger Appliances in peer mode, one Arc Sight Express 4.0 with CORR Engine.
• There are around 270+ devices (Windows, Linux, Network Devices, Application log sources) which are integrated with Arc Sight to receive the events.
• The project is to create use cases as per the customer requirement, creating scheduled and ad-hoc reports, monitor and analyse events and to coordinate with respective teams for further action.
• Working as a Security Analyst SOC operations for monitoring, analysing logs from various Security/Industrial appliances using Arc sight SIEM tool.
• Incident reporting and management for various incident/security alerts triggered by SIEM tool.
• Log monitoring and Incident analysis for various devices such as Firewalls, IDS, IPS, Windows servers and Web Servers etc.
• Familiar with Cloud Access Security Broker ForcePoints CASB/ Integrated Identity Access management IAM
• Monitoring windows audit logs, F5 logs, IDS/IPS logs, SEPM logs, Symantec mail gateway logs, Cisco devices
• Performed weekly and monthly metrics on all systems monitoring security posture of organization in Wilmington, Delaware. Included but not limited to Symantec Endpoint Protection, Symantec Control and Compliance Suite, Symantec Critical System Protection, Qualys, Algosec Firewall Analyzer, and Algosec Fireflow, enabling visibility to senior management on security operations.
• Hands on experience on Web application Firewall (WAF), CASB, Symantec and McAfee Endpoint Malware protection with McAfee E- Policy orchestration 10.
• Created filters, active channels, queries, rules etc. in Arc Sight for monitoring purpose.
• Configured reports in Arc Sight ESM and Arc Sight Logger as per the customer requirement.
• Prepared daily, weekly, monthly reports along with their complete analysis.
• Malware detection and Analysis (Cisco AMP, Symantec Endpoint Protection).
• Advise incident management team to provide rapid response to outbreaks, problem report and follow up assistance.
• Performed real-time proactive Security monitoring and reporting on various Security enforcement systems, such as IBM QRadar (SIEM), McAfee, Internet content filtering/reporting, malware code prevention HPE Fortify, Firewalls, IDS& IPS, Web Security, Ant
• Performed penetration testing for external facing web applications. Security areas covering DMZ architecture, threat modelling, secure coding practices (i.e., OWASP standards) and vulnerability analysis were assessed
• Manage Barracuda Email security, whitelisting by Domain or IP address, adding Domains, email encryption, and adjusting spam scoring
• OWASP Top 10 Issues identifications like SQLI, CSRF, and XSS etc.
• Performed as a core-authorized member of the Nuclear Safe Guards Information, Critical Group and DST for the 10 CFR 73.54 CS Project
• Installing, patching and maintaining McAfee EPO 5.X and DLP, utilizing McAfee Orchestrator, and able to deploy DLP and reporting and working knowledge in ENS 10
• Implemented multiple tools including Symantec DLP, and QRadar SIEM
• Experience with vulnerability scanning tools (Nessus, Nmap, Zen map) • Knowledge of Vulnerability Management and Assessment Process with NESSUS. Used NESSUS for scanning network & host, writing Policies, generating and analyzing report
• Identifying OWASP Top 10 Issues identifications like SQL Injection, CSRF, XSS and Invalidated redirects and forwards etc.
• Built centralized logging to enable better debugging using Elastic Search Log stash
• Perform vulnerability assessments of Systems/Network device. Working knowledge of some Security tools like Cyber Ark, IDS/IPS, SIEM, PIM, Cisco ASA Firewalls, ACS, NMAP, Nessus and Wire shark etc.
• Provided real time intrusion detection host-based monitoring services using McAfee EPO and Carbon Black
• Managing all client systems from endpoint perspective using McAfee ePO tool which includes managing Agent, VSE, pushing client tasks, managing ODS & OAS scans
• Performed real-time proactive Security monitoring and reporting on various Security enforcement systems, such as IBM QRadar (SIEM), McAfee, Internet content filtering/reporting, malware code prevention HPE Fortify, Firewalls, IDS& IPS, Web Security, Ant
• Prioritize security incident through environment awareness and Global Intelligence.
• Applying agent level filters, creating Aggregation, Creation rules and fine tuning.
• Dashboard configuration for monitoring events.
• Configuring Alerts and creating ad-hoc Reports and scheduling report as per customer need.
• Integration of new log sources as per customer requirement.
• Connector Upgrade both locally and remotely.
• Analysing the events generated by IPS and communicate to customer with recommendations.
• Analysing events and alerts generated and communicate with respective teams for further action.
• Onshore-offshore communication on regular basis (weekly/daily as per the requirement).

Confidential

Cyber Security Analyst

Responsibilities:

• Conducted onsite penetration tests from an insider threat perspective.
• Performed host, network, and web application penetration tests.
• Analysis of Offenses created based on vulnerability management tools such as: Rapid7
• Developed Black Box Security test environments & conducted tests as part of team for precautionary measures.
• Developed approaches for industry-specific threat analyses, application-specific penetration tests and the generation of vulnerability reports.
• Information protection solutions including Monitoring, DLP and Security Auditing solutions from Symantec and McAfee.
• Configuring Dashboards, Reports, Notifications and Real time alerts in McAfee Nitro SIEM.
• Conducted Security Risk Assessment on all new applications, IT Systems or changes to existing IT systems to verify if they satisfy established security baseline before adoption into Corporate Regional offices.
• Conducted Security Risk Assessment on new Vendors and annual Vendor Risk Assessment.
• Assisted management in authorizing the IT Systems for operation on the basis of whether the residual risk is at an acceptable level or whether additional compensating controls should be implemented.
• Designed processes in Archer using workflows, notifications, and data feeds.
• Assisted teams in the design and development of management reporting and dashboards from the designed solution in Archer.
• Administration knowledge on Symantec Bright mail Gateway, Symantec Endpoint protection (12.1.6) and Symantec PGP.
• Administration knowledge on Symantec Bright mail Gateway, Symantec Endpoint protection (12.1.6) and Symantec PGP.
• Coordinated with system owners and ISSOs across the organization to ensure timely compliance
• Participated in meetings to discuss system boundaries for new or updated systems to help determine information types for categorization purposes. Determined the classification of information systems to aid in selecting appropriate controls for protecting the system.
• Worked with Palo Alto Panorama management tool to manage all Palo Alto firewall and network from central location.
• Create, modify and tune the McAfee Nitro SIEM rules to adjust the specifications of alerts and incidents
• Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce the risk of vulnerability to IT assets.
• Performed risk assessments to ensure corporate compliance.
• Developed detailed remediation reports and recommendations for compliance and security improvements across industries based on changing threats.
• Performed Vulnerability Assessments and Data Classification and their impacts
• Suggested the Patches for windows machines with vulnerabilities identified.
• Performed application security and penetration testing using IBM Appscan.
• Integrated Nitro Log sources on customer critical servers/devices
• Performed security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS)
• Participate in Security Assessments of networks, systems and applications.
• Reviewed and involved in the Web Sphere Application server hardening process from Security Team.
• Utilized monitoring tools to identify cyber security alerts of active threats, intrusions, and compromises

Confidential

Cyber Security engineer

Responsibilities:

• Executed hardware installation and testing
• Upgraded operating system and maintenance
• Managed physical security
• Helped in hardware troubleshooting
• Analysed network traffic using Wireshark
• Managed access for various role
• Implemented different patches on different systems
• Experienced in Web based penetration testing
• Provided technical analysis and assisted with technical security projects
• Provided hands on training for course work
• Assisted on forensic analyses using forensic tools to find case specific information
• Reviewed Digital Forensics evidence using Encase
• Implemented Web and Network Security
• Performed Network vulnerability analysis using different security tools
• Examined Foot Printing Methodologies
• Implemented IDS and IPS
• Implemented Web Application Firewall
• Monitored and update security systems from time to time
• Prepared and maintained necessary documents relating to data security systems
• Determined OWASP TOP 10 vulnerabilities on web application like SQL injection, XSS, session hijacking, etc.

E