SUMMARY

• Experienced Cyber Security Consultant with 8 years of IT experience with a focus on designing and developing security solutions.
• Experience in analyzing Security logs generated by Intrusion Detection/Prevention Systems, firewalls, network flow system, and Anti - virus.
• Skilled & technically proficient with multiple firewall solutions, network security, and information security practices.
• Expertise in improving the Risk and Control functions against Governance, Risk Management and Compliance (GRC).
• Expertise in Gathering and analyzing metrics, key risk indicators and maintain scorecards defined within the area of information security to ensure our information security program is performing effectively and efficiently. Familiar with general security risk management principals and best practices.
• Utilize Kaseya and Traverse to monitor networks; remotely patch servers and workstations; monitor, quarantine, remediate security risks
• Expert level use of Kaseya for endpoint management; patching, security and remote troubleshooting
• Supported the information security audit and third-party assessment initiatives during planning, execution, and remediation phases, as well as coordinating and tracking remediation activities.
• Successfully fulfilled business requirements to protect data leakage from Data-at-rest, Data-in-use and Data-in-motion.
• Extensive experience with Symantec DLP architecture and implementation for enterprise level.
• Building, Deployment, Configuration, Management of SPLUNK Cloud instances in a distributed environment which spread across different application environments belonging to multiple lines of business.
• Provided real time intrusion detection host-based monitoring services using Symantec End point.
• Deployed in the cloud and on-premises using Amazon Web Services (AWS) and Single- Server Support.
• Configured and deployed Symantec HIDS on Windows Server 2008 and 2012 and desktops.
• Experienced with Symantec DLP Policies (DLP templates) compliance and regulation standards such as SOX, PCI, and HIPAA.
• Installed and maintained security infrastructure, including IPS, IDS, log management, and security assessment systems. Assessed threats, risks, and vulnerabilities from emerging Security issues.
• Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level.
• Designed Symantec DLP architecture, implemented Symantec DLP.
• Worked with Symantec DLP upgrades and patches.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Experience in integrating Data Loss Prevention (DLP) policy between the CASB and network DLP to improve policy uniformity and consistency.
• Configuration and maintenance of SIM/SIEMS tool - QRadar, Splunk & Arcsight.
• Trouble shoots various appliances on the SIEM platform via various Linux commands and Knowledge of capacity planning and Linux performance.
• Hands on experience of risk assessment, change management, incident management, third party risk assessment, and access control methods.
• Extensive work with Microsoft Exchange & Active Directory.
• Lead the definition and implementation of POCs around PKI and other certificate related technologies
• Deep understanding with software and security architectures as well as Intranet and Extranet security practices.

TECHNICAL SKILLS

Security Software: Nessus, Ethereal, NMap, Metasploit, Snort, BASE.

Frameworks: NIST SP 800-171, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS.

Security Technologies: Symantec DLP, MacAfee EPO, QRadar, Splunk

Qualys Continuous Monitoring: Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance.

Event Management: RSA Archer, Blue Coat Proxy, Splunk

Frameworks: NIST SP 800-171, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS

Security: McAfee epo, Symantec DLP, Log Rhythm, Tanium

Firewalls: Check Point, ISA 2004/2006, Palo Alto PA 3000/5000

Operating Systems: Windows, NT, Windows 98/XP/ 2000/2003/2007 , MS-DOS, Linux

PROFESSIONAL EXPERIENCE

Confidential

Sr. SOC Consultant

Responsibilities:

• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS/IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Apply security and software patches to our virtual servers using VMware VSphere, WSUS, Kaseya and Symantec Endpoint Protection.
• Analyzed threats to corporate networks by utilizing SIEM products (QRadar and Splunk) to assess the impact on client environments.
• Installed and configured IBM QRadar Network Insights appliance to enables attack prediction through real-time network traffic analysis.
• Integrated custom apps with QRadar to Increase efficiency and performance of security solutions.
• Proficiently upgraded and revamped existing QRadar platform that provided more actionable intelligence, including the creation of custom alerts and daily reports, custom dashboards, and training.
• Worked with IBM QRadar SIEM Integration and responsible for integrating the log sources with IBM QRadar.
• Working with Cisco Sourcefire to neutralize the potential threats.
• Designed and managed enterprise multi-tier Intrusion Detection Systems using Sourcefire.
• Execute ownership over Configuration, Installation, and Maintenance of Next Gen. Security appliances: Palo Alto, ASA, and Sourcefire.
• Installed and configure Symantec DLP to protect confidential Data in motion, Data in use, and Data at rest.
• Remediate Audits, Compliance Management, and policies, Risk, Threats by Utilizing RSA Archer Solutions.
• Work as per of SOC team to briefing on emerging threats and events in accordance to run book
• Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.
• Utilize Intrusion Detection & Prevention (IDS / IPS) to monitor malicious activities on the network. Analyze firewall logs, IPS and IDS logs to uncover malicious activity going on within the network. Initiate and recommend corrective action to the CIRT team.
• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation
• Perform cyber threat intelligence analysis, correlate actionable security events, perform network traffic analysis using raw packet data, net flow, IDS, IPS and custom sensor output as it pertains to the cyber security of communications networks, and participate in the coordination of resources during incident
• Conduct analysis, cyber threats, the discovery of its vulnerabilities, monitoring for cyber intrusions, troubleshoot and response to security incidents detected from hp Arcsight or related SIEM. IDS/ IPS, and other security applications
• Performed vendor File share scan with Symantec DLP by setting up Site-to-site VPN.
• Troubleshoot Symantec DLP Issues and provided support remotely for DLP issues.
• Customized and fine-tuned DLP policies to reduce rate of false positives in alerts and align them with business needs incident response. Configure PCI, SOX rules.
• Worked in Security Incident and Event Monitoring SIEM platform - IBM QRadar, and Splunk.
• Tested various threat vectors and present evidence of intent to create signatures/rules to mitigate specific threats.
• Deployed, Implemented and managed SIEM - IBM QRadar suite of products, QRadar SIEM, QRadar Vulnerability Manager (QVM), and QRadar Risk Manager (QRM) in AWS environment.
• Implemented and Maintained SIEM infrastructure using QRadar and Splunk in AWS environment.
• Monitor SIEM tool and triage all alerts as they come in to assure the network is safe
• Services monitored include, but are not limited to SIEM, IDS/IPS, Firewall, Cloud Environments, and Data Loss Prevention (DLP) SMTP and Web.
• Conduct tuning engagements with security engineers to develop/adjust SIEM rules and analyst operating procedures.
• Provided leadership in architecture and implementing security solutions towards Qualys and SIEM tools like QRadar, Splunk.
• Monitor critical infrastructure including firewalls, IDS/IPS devices, virtual networks, vulnerability scanners, VPNs, WANs, and disaster recovery sites.
• Worked closely on Data Privacy control frameworks and related laws and regulations (ISO 27000 series, NIST).
• Conducted Benchmarks and File Integrity Monitor checks through Policy Auditor.
• Investigated alerts created by IDS/IPS including malicious file uploads compromised servers, SQL-injections, and port scanning.
• Managed vulnerabilities with the aid of NESSUS, Web Inspect as vulnerability scanning tools to detect potential risk on single or multiple assets across the enterprise.
• Conducted Security Scans using Security Center (NESSUS) to identify System Vulnerability, risk assessment and technical report submission detailing the vulnerabilities, risk, and remediation action and review assessment results.
• Implemented ArcSight Logger within organization's syslog enclave for long-term data retention and analysis (SIEM).
• Developed Vulnerability Scanning process for all environment builds, and on-going monthly scanning reporting using Nessus.
• Monitoring of events from Data Loss Prevention (DLP) and other information security tools and determined appropriate next steps using knowledge of Corning businesses or processes.
• Utilized Security Information and Event Management (SIEM), Data Leakage Prevention (DLP), Intrusion Detection and Prevention (IDS / IPS), forensics, sniffers and malware analysis tools.
• Performed investigation, analysis, reporting and escalations of security events from multiple sources including events like intrusion detection, Firewall logs, Proxy Logs, Web servers.

Confidential, CT

Sr. Security Consultant

Responsibilities:

• Installed and configure Symantec DLP to protect confidential Data in motion, Data in use, and Data at rest.
• Work closely with the information security team and security project management office to roll out a DLP solution in compliance.
• Administration and initial configuration of Symantec DLP and CASB cloud security.
• Utilize Kaseya and Traverse to monitor networks; remotely patch servers and workstations; monitor, quarantine, remediate security risks
• Monitor and troubleshoot issue with client's infrastructure using various tools such as Kaseya and PRTG.
• Implementation and support of DLP (Data Loss Prevention) Security tools like Symantec NDLP and Skyhigh CASB for Amazon AWS Implement, troubleshoot, integrate, and support vulnerability management, Data Loss Prevention (DLP), Cloud Access Security Broker (CASB)
• Planning, risk and control assessment of Skyhigh CASB to enhance visibility to user interaction to enterprise data in the cloud.
• Performed three tiers Installation of Symantec DLP for Production.
• Installed and configure Enforce Server Administration console to manage Endpoints, policies, policy rules, Agent groups, Incidents, manage DLP servers, and etc.
• Installed and Configure Endpoint Prevent and Discover detection server to protect Data in use.
• Installed and Configure Network Discover server to discover data at rest and Configure Network protect to protect data at rest by Quarantine, Copy and Encrypt data.
• Performed vendor File share scan with Symantec DLP by setting up Site-to-site VPN.
• Configure AD with Enforce Server to assign appropriate policy to agent groups.
• Create connection to LDAP servers, Configure Active directory server connection, and schedule directory server indexing.
• Implement daily standard operating and sustainment procedure (e.g. DLP system health check, policy/rule tuning/implementation, policy and Incident maintenance, event categorization, and Incident reporting).
• Configure, test, and troubleshoot LDAP Manager Lookup plugins.
• Troubleshoot Symantec DLP Issues and provided support remotely for DLP issues.
• Customized and fine-tuned DLP policies to reduce rate of false positives in alerts and align them with business needs incident response. Configure HIPPA, HITECH, PII, PCI, SOX, and PHI policies and rules.
• Configuring, implementing and maintaining all security platforms and their associated software, such as routers, switches, firewalls, intrusion detection/intrusion prevention, anti-virus, and SIEM.
• Involved in Security Operation, Vulnerability and Risk Assessment, alerting report generation and analysis with various security tools (Splunk, McAfee ePO, Symantec DLP, Imperva, Sourcefire (IDS/IPS), FireEye. Bluecoat Proxy, etc
• Utilize MacAfee EPO for Data Loss Prevention (DLP).
• Responsible for performing application whitelisting using Microsoft and MacAfee Applocker tools.
• Responsible for capturing security and privacy requirements for clients to be compliant with Payment Card Industry (PCI)
• Oversaw hardware infrastructure and keep updates with latest technology
• Ensured software is patched and able to protect from threats
• Intelligence gathering, incident response, malware analysis and Malware Analysis.
• Assisted engineers with Splunk troubleshooting and deployment.
• DLP Profile deployment report for detecting servers and Update DLP policies - Incident Analysis
• Excellent Understanding of upgrade SIEM ( ESM, ELM, Receivers)
• Versatile and adaptable team player with strong analytical and problem solving skills.
• Ability to initiate things and the power to grasp business operations and concepts instantly.
• Performing periodic vulnerability testing and assisting in remediation efforts.
• Responsible for installing, deploying, and tuning the DLP solution for the enterprise to include Endpoint and Network DLP solution.
• Administer Controls & Permissions to files using PowerShell commands through SCCM.
• Update Systems to NIST - 800 Series Security Compliance Standards.
• Utilize ArcSight SIEM to monitor and investigate security-related incidents
• Support ongoing incidents from non-CIRT organizations related to cyber security
• Engineering, configuring and deploying Enterprise SIEM/SEM solutions.
• Manage Splunk (SIEM) configuration files like inputs, props, transforms, and lookups. Upgrading the Splunk Enterprise and security patching.
• Initiated projects to create disaster recovery plans for identified gaps.
• Established disaster recovery plan testing and auditing cadence.
• Create policies, alerts and configure using SIEM tools (Splunk )
• Monitor and investigate security incidents and alerts with arcsight, FireEye, Palo Alto, Source Fire and McAfee EPO.
• Use of smartcard management system to perform PKI certificate issuance, certificate updates, certificate revocation and restoration, smartcard distribution and smartcard status updates.
• Manage certificates within a private Enterprise-wide PKI.
• Revocation and Suspension of PKI certificates on NIPRNet and/or SIPRNet (CRLs and OCSP).
• Identified, documented and investigated suspicious events in intrusion detection systems (IDS) and SIEM tools.
• Plan, deploy, modify and update IDS/IPS systems for the entire network.
• Well versed in working within PCI and HIPAA regulated networks.
• Provided onsite Symantec DLP technical service and support to a large enterprise customer base.
• Installed and maintained security infrastructure, including IPS, IDS, log management, and security assessment systems. Assessed threats, risks, and vulnerabilities from emerging Security issues.
• Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level.
• Designed Symantec DLP architecture, implemented Symantec DLP.
• Worked with Symantec DLP upgrades and patches.
• Monitoring and analyzing network traffic, Intrusion Detection Systems (IDS) and Instruction Prevention Systems (IPS), security events and logs.
• Analyzed threats to corporate networks by utilizing SIEM products (Arcsight and LogRhythm) to assess the impact on client environments.
• Provided leadership in architecture and implementing security solutions towards Qualys and SIEM tools like Arcsight, Solutionary and LogRhythm.
• Incident handler for the CIRT, including log analysis, forensics, and malware investigation
• SOC and/or CIRT operational experience