SUMMARY

• Result driven Cyber Security Analyst with 12+ years of experience in implementing and reviewing Policy documents and remediating POAMs/Incidents as well as vulnerability scanning with extensive experience with network devices (switches, routers, hubs) and continuous monitoring (SIEM). I thrive under pressure in fast - paced environment while directing multiple projects from concept to implementation and working to prevent cyber-attacks especially in business and corporate settings.
• Experienced in Vulnerability management and remediation.
• Experience configuring and deploying McAfee modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM.
• Experience with SIEM tool like Qradar, Splunk.
• Experience in planning, developing, implementing, monitoring and updating security programs, and advanced technical information security solutions, and sound knowledge in SOX and PCI compliance requirements and understanding of NIST and ISO standards
• Experience with industry recognized SIEM (Security Information and Event Management) solutions such as SNORT, Splunk, Log Rhythm and many other tools.
• Worked on McAfee HIPS product for Get the broadest IPS coverage, Safeguard against malicious threats, Get automatic security updates, Protection around the clock.
• Experienced in SIEM tool such as ArcSight to manage security events and big data analytics
• Manage and perform Nessus and Nmap scans before all production releases and analyze vulnerabilities and report to all stakeholders.
• Performs vulnerability assessments and penetration testing using automated tools on web applications.
• Switching tasks include VTP, Trunking, VLAN Change, ISL and 802.1q, IP and GRE Tunneling, VLAN, Ether Channel, STP, PVSTP and RSTP. Network security including NAT/PAT configuration, ACL, IDS/IPS and ASA/PIX Firewalls
• Implementation and troubleshooting of technologies such as MPLS VPN, IPsec VPN, DMVPN, LDAP, AAA
• Well Experienced in Protocols HSRP, GLBP, VRRP, ICMP, IGMP, PPP, PAP, CHAP SMTP and PoP3. Expertise in IP Addressing, Sub netting, VLSM and CIDR. Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists, and Route Maps
• Experience in installing and troubleshooting DNS, DHCP server. Experience in configuring VPN: Site-to-site, Site-to-SOHO, remote access VPN solutions (SSL). Experience testing Cisco routers and switches in a lab environment and deploying on site for production
• Hands on Experience in Riverbed Steelhead appliances, Riverbed Cascade Profiler, Gateway and Sensor
• Experience with configuration, installation, testing, deployment of networking devices
• Working knowledge of Solarwind Network Management software
• Configuration and Maintenance of Aruba wireless controller and access points
• Experience in installation and configuration of Splunk Enterprise
• Working experience in Checkpoint Smart dashboard, Smartview Tracker, Smartview Monitor, Smartview Report
• Experience with Palo Alto, Checkpoint, Cisco ASA, Juniper SRX, FWSM, SSL VPN (SA VPN) firewalls.
• Source fire IPS, AIP-SSM Modules on ASA, Checkpoint IPS Blades etc.
• Experience with Bluecoat Proxy, F5 Load balancer LTM and GTM.
• Expert Understanding to develop the complex Use Cases, Universal device support Modules on the QRadar SIEM.
• Perform vulnerability assessments of Systems/Network device. Working knowledge of some Security tools like Cyber Ark, IDS/IPS, SIEM, PIM, Cisco ASA Firewalls, ACS, NMAP, Nessus and Wire shark etc. Performed sniffer analysis using Network General & Wireshark, Port Security, and Cisco Nexus 2K - 7K.
• Experienced with multiple SIEM technologies (ArcSight, Splunk, QRadar, LogRhythm) and EDR solutions (Carbon Black.)
• Managing Cyber-Ark Security that offers any enterprise a wide range of services and support options to making digital vault solution a success; these services include implementation, consulting, training, maintenance, online support and vault.
• Experience in assessment of security control using NIST SP 800-53A.
• Integration of different devices/applications/databases/operating systems with QRadar SIEM.
• Good experience to provide remediation consultation to organizations and system owners, ensuring vulnerabilities are remediated IAW DISA/NIST and Cyber Threat Intelligence research
• Analyze security logs generated by Intrusion Detection/Prevention Systems (IDS/IPS), Firewalls, Anti-Virus, and/or other security logging sources and SIEM aggregators.
• Implemented FireEye security with YARA rules to avoid malwares and cyber-attacks on the entire network, hands on experience on FireEye NX, EX, HX, PX and IA for forensic research and layer-7 inspection, extensive knowledge to detect malicious code in Ipv4 payload
• Configured DLP (Data leakage and protection) policies to prevent data leakage of end client
• Antivirus McAfee Virus Scan Enterprise, Symantec, Endpoint Protection Suite
• Conducts vulnerability scans and penetration tests to meet PCI requirements.
• Experience with industry recognized SIEM (Security Information and Event Management) solutions such as SNORT, Splunk, Log Rhythm and many other tools.
• Involved to configured SEP (Symantec Endpoint Protection) tool to scan systems for security threats and identify malicious software
• Hands on experience in Splunk to create various application based dashboards for security event monitoring
• Involved and responsible for deep packet inspection with experience of Wireshark, Solarwinds and Tcpdump
• Involved to configured Netflow Integrator tool which converts processes data in Syslog from various networks equipment such as edge routers, switches and firewalls
• Experience in Implementing & managing Symantec Data Loss Prevention.
• Hands-on Cyber Security Experience with Tanium Endpoint Management
• Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level.
• Experience in SOC team delivery using security analysis, investigations, reporting, Mitigation, and tuning efforts.
• Provided guidance in the planning, gathering requirements, recommendations, and implementation of data migration to Office 365, and configuration best practices
• Experience with network monitoring with SIEM IBM QRadar and Wireshark, Information Security & Network security configuration and f-unctions.
• Resolving the Sync issue Microsoft Managed Services Service Provisioning Provider (MMSSPP).
• Having Experience on creating and updating the Various PowerShell Scripts for windows, Active Directory, AzureAD and o365.
• Experience in various technical and compliance areas of Information Security
• Implementing CISCO NIDS security policies to avoid malicious attacks in the network
• Knowledge of distributed Splunk installation with Forwarders, Clusters, Search head cluster.
• Develop processes and perform investigations on all identified attacks via IPS, IDS, Firewall, Antivirus, and Data Loss Prevention Tools.
• Skilled with Penetration testing (white, grey, and black box) with passive and active modules using Burp suite, Metasploit, custom scripts, and other necessary tools.
• Create security policies in CISCO NIDS to avoid and detect network intrusions
• Monitoring the network to avoid intrusions and apply mitigation techniques using NIDS
• On-site Security/Risk Assessments, McAfee Web Gateway, McAfee ePO and Endpoint Security deployment including Virus Scan enterprise, endpoint security 10.x, HIPS, DLP, whitelisting with Solid core (File Integrity Manager, Application Manager), FireEye MTP and ProofPoint.
• Implemented FireEye security to avoid malwares and cyber-attacks on the system
• Experience in Palo Alto Firewall, VPN's, and networking with protocols i.e. NetBIOS, SNMP, telnet, SSH, ARP, etc.
• Hands on experience on FireEye NX, EX, HX, PX, and IA
• Configured Data leakage and protection policies to prevent data leakage of end client
• Expert Understanding to develop the complex Use Cases, Universal Device Support Modules (DSM’s) on the QRadar SIEM.
• Involved in Integration IBM Resilient IRP with IBM QRadar SIEM.
• Knowledge of Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Database Activity Monitoring (DAM), Identity and Access Management (IAM) solutions.
• Responsible for integration of QRadar with CarbonBlack Endpoint Security.
• Configured Tenable security center with latest version of Nessus scanner
• Configuring rules and Maintaining McAfee ePO(AntiVirus) policies for host based protection
• Troubleshooting on the high severity issues related to McAfee ePO and McAfee end-point products to avoid any business impacts
• Involved to configured Netflow Integrator tool which converts processes data in Syslog from various networks equipment such as edge routers, switches and firewalls
• Hands on experience in Splunk to create various application based dashboards

TECHNICAL SKILLS

Routing Technology: RIPV1, RIPV2, IGRP, EIGRP, IS-IS, OSPF, BGP.

Network Products: CISCO Routers 1700, 1800, 2500, 2600, 2800. CISCO High End Routers 3600, 3800, 7200, 12010, 12404. CISCO Switches 1900, 2950, 2950, 2960G. CISCO Campus Switches 3550XL, 4948 Core Catalyst 4503, 4507 RE, Catalyst 6500/6503/6507 ,Nexus 2000, 5000, 7000 series

Antivirus & Endpoint protection: Cisco CSA, Symantec Enterprise Edition, MacAfee Enterprise Edition.

Security & VPN: ASA 5505 Firewall, AIP SSM, CSC SSM, FWSM, Fortigate, Cisco CSM, ACL-Access Control List, IPS/IDS, NAT, PAT, Cisco ACS, Juniper Net Screen firewall, Palo Alto Firewalls, Windows Patch Management (WSUS).

Security Tools / Devices/ Software: End-point protection and Anti-virus by SEPM, URL or web filter by Websense, Wireshark, Email or content filter IronPort, Intrusion Detection and Protection (IDS/IPS) by FireEye, Vulnerability management by QualysGaurd, Palo-alto Firewalls, FireMon, Splunk, SolarWinds, Algosec, Cisco Switches and Routers, Cisco ISE & NAC, Cisco ASA 55XX(5512,5525,5525-X) and Firepower and Cisco IOS, NX OS, and Security Appliances/Tools such as Akamai (CDN and WAF) and F5 Networks, WAF technology, Cisco IPS and Palo Alto IPS, StealthWatch, SIEM tools, ESA, WSA, MFA, Cisco Umbrella, Cisco AMP for Endpoints and also Bluecoat Proxy, Cloud-Infrastructure (AWS, Azure, GCP).

LAN Technology: IEEE 802.11, Token Ring, Workgroup, Domain, HSRP, DNS, Static, VLAN, STP, VTP, Ether Channel, Trunks.

WAN Infrastructure: Leased Line, ISDN/Dial-Up, Frame Relay circuits, Metro Ethernet.

Scripting: Bash, Unix, Python scripts on firewall configure.

WAN Technologies: HDLC, PPP, ATM, SONET, MPLS, VPN, IPsec-VPN.

Wireless & Wi-Fi: Canopy Wireless Device (point to point/point to multipoint), DLink Wireless (point to point), DLink Access Point, CISCO 1200 series Access Point, and Linksys Wireless/Wi-Fi Router.

Operating Systems & Tools: Cisco IOS, Windows NT 4.0 (Desktop/Server), Windows 2000/2003/2008 Server, Windows XP/Windows 7/8, LINUX, Solaris, Active Directory, Apache Server, MS Exchange server, VERITAS Volume Manager.

PROFESSIONAL EXPERIENCE

Confidential

Cyber Security Engineer

Responsibilities:

• Managed database assets (inventory) and vulnerability management scans utilizing Tripwire Compliance Configuration Manager (CCM), IP360 and Nessus.
• Responsible for the planning and deployment of Nessus within the organization.
• Managing the enterprise infrastructure of the System Security team, such as configuration of File Integrity Monitoring systems, Data Loss Prevention (DLP) toolsets, enterprise Antivirus solutions, and endpoint encryption.
• Supported customers on various implementation of Windows Azure AD, MS office 365, Azure Single Sign On, On-premise, Single Sign On, Windows Azure.
• Provided expertise with incident response, security event monitoring, vulnerability management, asset security compliance and Data Loss Prevention utilizing McAfee Nitro (SIEM), McAfee ePO, McAfee DLP
• Managed Security and Compliance Dashboard inside Office 365 Tenant.
• Administration of Cyber Ark Privilege Accounts and Vaulting services.
• Build Safes and add servers into the safes as needed. Troubleshoot and fix all problems that arose in Cyber Ark due to ill-usage of the cyber ark from different users.
• Reviewed security logs (LogRythm SEIM) to ensure compliance with policies and procedures and identifies potential anomalies.
• Integrated IDS/IPS to ArcSight ESM and analysed the logs to filter out False positives and add False negatives in to IDS/IPS rule set
• Well versed in both remote and on-site user Splunk (SIEM) Support
• Centralizing the storage and interpretation of logs using Splunk (SIEM) System
• Worked in Security Incident and Event Monitoring SIEM platform - IBM Qradar, and Splunk.
• Responsible for applying standards for each platform (Windows, Unix, Middleware etc.) with application like Symantec Control Compliance Suite
• Experience in SOC (Security Operation Center) to facilitate strong planning as per security protocol needed Analyse main Steps in IT Governance & Familiar with Cyber Security Process and ISO/NISI/ANSI Standard.
• Successfully completed Version upgrade projects of the existing SIEM platforms - LogRhythm and FortiSIEM
• Created installation and configuration and test case scenarios documents for each specific device Connectors
• Experience Configuring and managing AzureAD Connect, AzureAD Connect health, Microsoft Azure Active Directory.
• Configured and resolved Azure AD Connect sync issues.
• Having Experience of Creating and Managing the users and groups in Azure AD.
• Successfully established and tested Azure AD Tenant for production.
• Cyber Ark Vault Maintenances. Building CyberArk safes and adding different applications/portfolios in the safes.
• Active Directory group/user authentication and maintenances.
• Conduct risk assessments regularly; ensure measures raised in assessments were implemented in accordance with risk profile, and root-causes of risks were fully addressed following NIST 800-30 and NIST 800-37.
• Authentication and Authorization of Privilege users working with Cyber Ark and Access Management.
• General managing of Cyber-Ark Security that offers any enterprise a wide range of services and support options to making digital vault solution a success; these services include implementation, consulting, training, maintenance, online support and vault scripting, SIEM, and Digital Certification supporting.
• Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level. Designed Symantec DLP architecture, implemented Symantec DLP. Worked with Symantec DLP upgrades and patches. Implemented Symantec DLP Policy and Content Blade creation and tuning. Provided input into customer's operational and processes and procedures.
• Performed Serialization Validation - Antares System (Print & Check System - serialize and aggregate products) validation and testing of customer communication (Serial Number Management) with PCI.
• Provide onsite Symantec ™ DLP technical service and support to a Large Enterprise customer base.
• Conducted threat hunting analysis in ArcSight SIEM during each shift per shift report requirements.
• Utilized ArcSight to investigate incoming cases and create detail report of events during shift.
• Responsible for monitoring and detecting security incidents in Arcsight (SIEM).
• Develops rules, lists, and active channels in ArcSight ESM.
• Experience in SOC team delivery using security analysis, investigations, reporting, Mitigation, and tuning efforts.
• Configured Nessus Scanner with latest security center version
• Integrated different devices data to Splunk Environment and also created dashboards and reports in Splunk
• Provided oversight of all changes to corporate firewalls, including pre-implementation analysis and approval, and post-implementation auditing. Identifying and remediating any threats and vulnerabilities as a Security Monitoring (SOC), Triage and Escalation to T2.
• Monitored and identified any suspicious events using the ArcSight ESM console and raise a ticket
• Responsible to implement and deploy Symantec DLP, McAfee ePO and NIDS policies to protect organization against latest threats
• Responsible to monitor traffic status, appliance and server health check to verify functionality
• Working closely with Appscan, Symantec and Rapid7 for any malware activity on environment.
• Ensuring Symantec DLP policies are in place and scanning the environments for incidents.
• Assisting in DLP policy development for the non-production environment.
• Monitoring the enforce console for incidents and troubleshooting.
• Provide real time intrusion detection host based monitoring services using Symantec Endpoint.
• Assist with the development of process and procedures to improve incident response times, analysis of incidents, and overall functions.
• Provide network intrusion detection expertise to support timely and effective decision making of when to declare an accident.
• Actively monitored and responded to activity impacting various enterprise endpoints facilitating network communication and data handling (McAfee End Point Security, DLP, Splunk)
• Data Loss Prevention suit, Symantec DLP Product - Implementation and deployment as the champion team.
• Document all activities during an incident with status updates during the life cycle of the incident.
• Analyze network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.).
• Provide information regarding intrusion events, security incidents, and other threat indications and warning information.
• Design DLP architecture and handle Third Party Risk Assessment and Managed SOX audits
• Configure and Install IBM QRadar Enterprise, Agent, and Apache Server for user and role authentication and SSO.
• Helped Customers configure and maintain their email security and anti-Spam solutions using Symantec Messaging Gateway and Symantec Mail Security for Microsoft Exchange
• Entirely responsible to perform production changes/upgrades via informing to all responsible teams and stakeholders
• Involve in weekly and monthly meeting with other teams to review and discuss about upcoming production changes and policy modification
• Versed in PCI-DSS, HIPAA, ISO-27001/ 2, NYSDFS, GDPR, COBIT, CIS Controls, and ABA Cybersecurity compliance regimes.
• Maintain and responsible to assess compliance score of each network asset in the infrastructure to align with government configuration policy
• Create Policies, Procedures, Reports, Metrics, and provide network and host-based security to each host within the organization
• Work under the direction of the Team Leader to maintain security devices and show practical experience in managing SIEM environments, FireEye standalone devices such as NX, EX and HX, NIDS, UNIX servers, and packet capture devices
• Analyse logs and events from the solution and provide threat analysis reports and Build custom security policies and application signatures
• Review and ongoing assessment of malware analysis techniques, intrusion detection/intrusion prevention, SIEM, application access control, Antivirus, and other network component policies
• Configure, implement and maintain all security platforms and their associated software, such as Linux based standalone devices, windows servers, UNIX servers, intrusion detection/intrusion prevention, SIEM
• Ensure network security best practices are implemented through auditing: database servers, traffic analyser sensors, firewall rules, change control, and monitoring.
• Configured Intrusion policies, health policies and system policies in for network traffic analysis
• Worked and configured Netflow Integrator tool which converts processed data to Syslog from edge routers, switches, firewalls then send to Splunk

Confidential

Security Engineer

Responsibilities:

• Managed on boarding projects such as security hardware/software implementations and updates
• Manually Installed McAfee NDLP Prevent 10.x ISO.file and configured in McAfee ePO server
• Provided assistance to management with administration and configuration of critical enterprise security systems and software such as McAfee ePO, McAfee DLP, McAfee Complete Endpoint Protection-Enterprise, Proofpoint, etc.
• Provided expertise with incident response, security event monitoring, vulnerability management, asset security compliance and Data Loss Prevention utilizing McAfee Nitro (SIEM), McAfee ePO, McAfee DLP
• Managed McAfee ePO A/V environment using ePO console to pull reports to validate security protection compliance via DAT file updates, and take appropriate action to correct issues found within the ePO environment
• Generated security reports utilizing enterprise security systems such as McAfee McAfee ePO
• Provided technical security proposals, security presentation, installing and configuring Checkpoint and Palo Alto firewalls, VPN networks and redesigning customer security architectures
• McAfee WGW / Email Gateway - Managed proxy health and deployment of white and black lists
• Responsible for IMS (Incident Management System), an application for reporting issues
• Reviewed and created the FW rules and monitoring the logs as per the security standards in Checkpoint and Net screen Firewalls
• Researched, designed, and replaced aging Checkpoint firewall with new next generation Palo Alto appliances serving as firewalls and URL and application inspection
• Assist in the implementation, setup, and management of Symantec DLP (Data Loss Prevention)
• Provided real time intrusion detection host based monitoring services using Symantec End point
• Installed and maintained security infrastructure, including IPS, IDS, log management, and security assessment systems. Assessed threats, risks, and vulnerabilities from emerging secrity issues
• Designed, tested, and implemented security infrastructure including centralized logging, IDS, HIDS
• Performed malware analysis using various tools (e.g. Encase, HBGary FireEye, NetWitness, IDA Pro). Conducted analysis on captured user, computer, and network security events, in a near-real time environment, to determine security vulnerabilities, policy violations, and malicious behavior

Environment: IBM Qradar, Splunk, Windows, Nessus Scanner,Rapid 7 Nexpose,McAfee Network Security Platform (NSP),Java and Python Shell scripting,SymantecDLP, and SEP.

Confidential

Firewall Security Engineer

Responsibilities:

• Hands on experience in configuration of VPN technologies (i.e. PPTP, L2TP, IPSEC, DMVPN)
• Worked on Cisco 7200, 3825, 890, Cisco Catalyst 6509E, 6513, 3750, Cisco Nexus 5K, Cisco 2800 Series Router
• Worked on design and implementation of Cisco Meraki MX64, MX400, MX320 for specifically DMVPN with split tunneling
• Responsible for Palo Alto configuration and troubleshooting of User-ID, APP-ID, Content-ID through Panorama
• Managed Fortigate 50,500 and 1000 series through Fortimanager
• Worked on design and implementation of Cisco Cloud Web Security with Cisco 1800,1900,2800 series routers with split tunneling
• Worked on configuration of Bluecoat Threat Pulse Cloud web proxy in all field sites
• Implemented DMVPN connecting to Head Office and the branch offices. Configured remote access VPN solutions for remote user using Juniper SSL VPN
• Configured NAT, Security Policies, and SNMP in SRX for CCTV sites
• Working experience in EIGRP, BGP, OSPF
• Advanced knowledge, design, installation, configuration, maintenance and administration of CheckPoint Firewall R75 up to R77.20 version, SecurePlatform Installation, VPN
• Responsible to manage Checkpoint cluster and troubleshooting experience with Smartview tracker, Smartview monitor, kdebug and zdebug
• Experience in Aruba Wireless controller, i.e. Provisioning AP, Troubleshooting Wireless issue with users, Wireless profiles, etc.
• Worked on Netscout packet sniffing tool for troubleshooting
• Worked on JUNOS Space to integrate all CCTV site for monitoring and Configuration purposes
• Upgraded about 900 Juniper devices using JUNOS Space to recommended code
• Extensive knowledge in troubleshooting Juniper SRX210he & EX2200, EX4200 and EX4550 Switches
• Working knowledge on Network Management tool SOLARWINDS to support all field and CCTV sites
• Responsible for configuration and maintenance of Riverbed Steelhead appliances, Riverbed Cascade Profiler, Cascade Gateway and Cascade Sensor
• Experience of Network Physics to get reports for troubleshooting purposes
• Hands on experience in Splunk Enterprise for Alert throttling and troubleshooting of incident
• Worked on Juniper SSL VPN appliance for troubleshooting issues for remote users
• Have experience with Nessus scan which gives Vulnerability scan of network and provided detailed report and its mitigation
• Cisco AMP for endpoint installation, managing policies, exclusions, Vulnerability report, threat detection and mitigation
• Managing AV defender solution from RMM which is Solarwind’s product to monitor all server’s, Workstation’s or Network device’s health
• Installation and configuration of Cisco Umbrella, which is Web filtering solution from Cisco. This includes installation of VAs and registering all Domain controller to cloud to gather all security events and apply policies accordingly
• Configuration, Installation and troubleshooting for Cisco Meraki which includes APs, Switches and Firewall