SUMMARY

• A multifaceted professional, Experience and skills in threat and vulnerability management, information security analysis, information security architecture, information security policy design, risk assessment, security incident response, and security solution implementation and administration.

• Experienced IT Security Professional in threat and vulnerability management, information security analysis, information security architecture, security policy design, risk assessment, incident response, security solution implementation and administration, application security, identity and access management, and network Security.
• Extensive experience in SIEM operations and implementation, administration, implementation and monitoring. Working as a part of Threat Intelligence team performing malware analysis, advanced cyber threat detection & security advisory integration with QRadar and Splunk .
• Extensive experienced in information security and/or IT risk management with a focus on security, performance and reliability.
• Solid understanding of security protocols, cryptography, authentication, authorization and security
• Working knowledge of current IT risks and experience implementing security solutions
• Experienced in implementing multi - factor authentication, single sign-on, and identity management.
• Ability to interact with a broad cross-section of personnel to explain and enforce security measures.
• Developed and implemented security policies and procedures to ensure that systems deploy secure applications and infrastructure.
• Performed threat and vulnerability analysis by updating and enhancing threat models as requested by the clients.
• Ensure systems are able to achieve required authorizations to operate and that the underlying infrastructure is authorized.
• Reviewing current system security measures and recommending and implementing enhancements.
• Coordination of regular application and system tests and ensuring continuous monitoring of network security.
• Assistance in updating project timelines based on the security authorization requirements impacted by ongoing system upgrades and modernization.
• Experienced in Automating, Configuring and deploying instances on AWS, Azure environments and Data centers, also familiar with EC2, Cloud watch, Cloud Formation and managing security groups on AWS.
• Experienced in CyberArk Administration and troubleshooting.
• Develop best practice recommendations and versatile strategies to clients requiring EPM CyberArk, and develop requirements and architecture for successful deployment of CyberArk.
• Deployment, support and management SME for CyberArk EPM software on endpoints, including but not limited to, upgrades, single machine policies and software removal.
• Maintenance and Vulnerability Management of Hybrid infrastructure and strong experience in automating Vulnerability Management patching.
• Skilled at designing and implementing cyber security solutions for government and financial organizations that consistently reduce security costs while elevating the security status of the environment.
• Hands-on experience in Confidential Azure Cloud Services (PaaS & IaaS), Storage, Web Apps, Active Directory, Application Insights, Internet of Things (IoT), Azure Search, Key Vault, Visual Studio Online (VSO) and SQL Azure.
• In depth Knowledge of AWS cloud service like Compute, Network, Storage and Identity & access management.
• Hands-on Experience in configuration of Network architecture on AWS with VPC, Subnets, Internet gateway, NAT.
• Configuring, troubleshooting, and administering Tenable Security Center , Tenable Nessus , AppDetective , and Web Inspect .
• Implemented and configured Cisco tetration and Cisco Email security from scratch.
• Configuring and maintaining Palo Alto firewalls , Cisco ASA firewalls & analysis of firewall logs using various tools.
• Experience in providing administration support for security tools such as Tanium, Splunk, McAfee ePO, Forescout.
• Successful in initiating six separate security programs which passed all third-party audits and all established laws and regulations.
• Maintaining critical monitoring systems (Splunk - log management systems) measuring system errors logs performance and availability. Evaluation of log management solution Splunk plus open source Linux storage systems.
• Subject matter expert (SME) for DLP, Firewall, VPN, Archer, Vulnerability Management solutions, IDS/IPS/WIPS, SIEM and Endpoint Security.
• Expert at implementing network security, SIEM tools, new concepts, identity management, new security technologies, securing cloud architecture, and new security controls as well as in developing innovative security controls and processes that meet business and executive requirements in order to protect information.
• Scanning the network and provide the scan reports to operational teams.
• Mitigate vulnerabilities identified in Security scans.
• Excellent knowledge of FISMA, HIPAA and NIST Compliance usage, rules and regulations.
• Having Strong understanding of DLP Architecture, OSINT and TECHINT reconnaissance.
• Experience with Windows and Linux based vulnerability assessment tools, firewalls, IDS/IPS, Nessus, NMAP, SIEM, Splunk, Static Code Analysis, ArcSight, Rapid7.
• Industry experience on Identity and access management (IAM) Tools and fundamentals Investigation of malicious codes using Basic and advanced static and dynamic Malware analysis technique.
• Experienced using SPLUNK, DynaTrace & APPINSIGHT for monitoring.
• Experienced with common penetration testing and vulnerability assessment tools such as nmap, wireshark, Nessus, NeXpose, BackTrack, Metasploit, AppScan, WebInspect, Burp Suite, etc
• In-depth understanding of various types of network & web based attacks and remediation. Familiarity with well-known vulnerabilities and exploits.
• Experience with implementation and configuring secure Virtual Private Cloud (VPC) through private and public networks in AWS by creating various subnets, routing table, Network ACL, NAT gateways.
• Experience with identity and access management solutions such as LDAP, Active Directory, XAML, SAML and multi factor authentication.
• Identifying the critical, high, medium, low vulnerabilities in the applications based on OWASP Top 10.
• Experience in supporting Symantec Endpoint Protection 12.1 workstation clients in an enterprise environment. Installation, configuration, and day-to-day management of Symantec Endpoint Protection.

TECHNICAL SKILLS

DLP: Symantec, McAfee, Websense, Cisco Email security

Endpoint Security: Symantec SEP, O365 security, Defender ATP, McAfee

IPS/IDS: McAfee IPS, Secure Works IDS/IPS, SNORT

SIEM: Splunk, Tanium, Confidential QRadar, Symantec MSS, Azure Sentinel.

Security Knowledge: Security Standards, OWASP, Cryptography, Hashing, Encryption, Virtualization, Identity Management, Incident Response, PulseSecure VPN, Firewalls, Log Analysis, Vulnerability Assessment and Penetration Testing (VAPT), Malware Analysis, LDAP, AWS MFA, SSL, AV, IDS, IPS, HTTPS, TCP, DNS, DHCP, CIP, CJIS, HIPAA, PCI, SOX, ISO.

Vulnerability Management: Rapid7 Nexpose, Qualys Guard, Nessus, Tanium, Twistlock, Carbon Black

Application and Web security Tools: OWASP, SNORT, Acunetix, Burp Suite, Nessus, Nmap, Wireshark, Grabber, Zed Attack, Skipfish Hydra, Firewall, IDS, IPS.

Platforms/Applications: Vulnerability Management, Web Application Scanning, Threat Management, Policy Compliance, Asset Management, Governance, Risk and Compliance, Software based encryption for endpoints, RSA Archer, Blue Coat Proxy, Cisco titration, Cisco Email Security.

Administration: Information Security tools, Active Directory, Windows Server 2008.

CLOUD: AMAZON WEB SERVICES, Confidential AZURE, GOOGLE CLOUD

DEVOPS TOOLS: CHEF, PUPPET, ANSIBLE, JENKINS, MAVEN, GRADLE, GIT, BITBUCKET, SUBVERSION

Firewalls: Palo Alto, Cisco ASA, SolarWinds, Check Point.

Operating System: Windows, Linux, Ubuntu, Kali, Unix.

Security Intelligence: WhiteHat Web Security, iDefence, NTT Security, LogRhythm

PROFESSIONAL EXPERIENCE

Confidential, Austin, TX

Sr. Security Engineer

Responsibilities:

• Work on a day to day basis to document vulnerabilities, launch on-site scans, schedule scans, and mitigate vulnerabilities.
• Performed real-time proactive Security monitoring and reporting on various Security enforcement systems, such as Splunk (SIEM), Endpoint Protection, ATP defender, Malware Analysis, Firewalls, IDS& IPS, Web Security etc.
• Managing all ACC systems from endpoint perspective using McAfee ePO tool which includes managing Agent, VSE, pushing client tasks.
• Experienced with Azure E5 security tools products (Defender ATP, Azure Sentinel, Azure ATP, Office 365 security, security center, Defender for Identity, Defender for endpoint.
• Daily monitoring of WAF using Akamai and provided traffic metrics.
• Developed security use-cases and provide tuning of Azure Sentinel to ensure proper alerting of security threats.
• Provided SIEM expertise for solutions such as Azure Sentinel, and other similar tools.
• Assisted is the initial SIEM deployment and oversee SIEM operations, fine-tuning SIEM and associated use cases, data queries, and dashboards.
• Provide Tier 3 support on daily incidents with Azure AD, Azure Sentinel, and MCAS.
• Assess, design, implement, and integrate enterprise security solutions including, but not limited to, next - generation firewalls, web application firewalls (WAF), intrusion prevention/detection systems (IDS/IPS), content filtering, secure log management, security information, event management (SIEM) systems, anti-malware solutions, mobile device management (MDM), User Behavioral analysis (UBA), and endpoint security solutions.
• Responsible for security patch deployment to windows and linux servers.
• Performed installation and configuration management of security systems and applications including Cisco Email Security, Cisco tetration, Burp Suite, Confidential defender ATP, including policy assessment and compliance tools, network security appliances and host-based security systems.
• Managing all ACC systems from endpoint perspective using Defender ATP tool which includes managing Agent, VSE, pushing client tasks.
• Provided leadership in architecting and implementing security solutions towards Nessus, ATP defender, Cisco tetration, Cisco Umbrella, Cisco stealthwatch and Cisco Email security.
• Created three step Security awareness program using KnowBe4 and SANS LMS.
• Investigated workstations, endpoints, servers and applications for ransomware infections using Endpoint tools.
• Develop reports that detail compliance and security gaps including risk severity level, systems impacted, business risk summary, and recommendations that re-mediate all findings.
• Administered AzureAD for providing O365 and Defender ATP permissions.
• Working closely with Threat intelligence team to monitor the environment for zero-day attacks, Phishing campaigns, blocking indicators of compromise, setting security alerts.
• Working with Forensics team to investigate critical cases, analyzing filesystems, memories, and networkflows as well traffics to find the root cause of incidents.
• Provided leadership in architecting and implementing security solutions towards Nessus and SIEM tools like Splunk, ArcSight, McAfee/ATP defender, Cisco titration, Cisco Umbrella, Cisco stealthwatch and Cisco Email security.
• Investigated workstations, endpoints, servers and applications for ransomware infections using Endpoint tools
• Deployed Symantec EP Protection Manager for IPS, SONAR behavior and Insight detection for Cryptolocker, Petya and WannaCry Variants of malware
• Eradicated and Escalated VPN login, ATP unauthorized endpoint logs & incidents using Servicenow helpdesk ticketing systems
• Identified vulnerabilities, recommend corrective measures and ensure the adequacy of existing information security controls.
• Utilized agents and scanner-based Nessus professional 8.x.x virtual machine solutions to perform cloud infrastructure audits, compliance checks, external & internal perimeter test, and credential scans with PII/PCI/PHI detections.
• Configure and upgrade Nessus and ATP defender vulnerability management console.
• Analyze various vulnerability reports and create a remediation plan for them.
• Setup new scan engines and configure firewall rules to separate scans based on different domains.
• Research all vulnerabilities present in ACC environment and to figure out various strategies to implement to secure assets and to generate the risk.
• Working on creating an entire map of firewall policies by collecting data from firewall logs and to generate firewall policies.
• Monitored Security Management Console for Security Operation Centre (SOC) for ensuring confidentiality, Integrity and Availability of Information systems.
• Experience with Risk assessment using Industry standards like NIST Rev5, HIPPA, PCI/DSS and develop Security policy as per these standards.
• Implemented vulnerability management (VM) processes and Nexpose Rapid 7, BurpeSuite and security solutions.
• Working alongside EPO and threat protection team as project manager.
• Provide regular support guidance to Splunk project teams on complex solution and issue resolution.
• Administrating Carbon Black to do host based monitoring.
• Working in SOC to apply security awareness to Cyber Kill Chain management as well as using moving target defense approach.
• Co-ordination pen testing and application security testing audits with Pen Test Tools like Metasploit, NMAP, Wireshark and Kali on Linux/Unix operating system.
• Administer Business Continuity Program including disaster recovery plans developments and coordinating disaster recovery testing activities
• Created WorkspaceOne server baselines to secure all enterprise servers to remedy finding in a security audit
• Complete testing steps listed in SOX audit IT work papers to gather evidence to support documented IT processes.
• Responsible for DLP Policy creation, testing and implementation to protect client data.
• In-depth experience with Symantec DLP in an enterprise environment
• Experience with architecting Symantec DLP Platforms.
• Integrated Okta SSO with Cisco tetration, Cisco email security, ATP defender, Nessus, and many other apps in ACC environment.
• Experienced with LDAP, Active Directory, IAM, AzureAD, SAML, Azure Identity Management.
• Experienced with Solarwinds Orion IPAM for IP address management.

Confidential, Woodlawn, MD

Sr. Endpoint Security Engineer

Responsibilities:

• Continuously assess threats and vulnerabilities to agency’s information systems to reduce potential damage from such events.
• Providing services such as Incident handling, Vulnerability assessment, compliance monitoring, Network intrusion detection services, forensic services.
• Management and Administration of AWS Services CLI, EC2, VPC, S3, ELB Glacier, Route 53, Cloudtrail, IAM, and Trusted Advisor services.
• Create/update Plan of action and milestone reports (POAMS) of all the servers in SSA’s environment.
• Panorama centralized management system to manage large scale firewall deployments. Configure, monitor and troubleshoot Zone-Based Policies, Security Policies & DMZ Policies, rules creation and modification on PA-500, PA-2k, PA-3k and PA-5k series firewalls and managed them with Panorama (M-100) centralized management system to manage large scale firewall deployments
• Implementing Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Created new security policies, updated existing security policies as per firewall change request.
• Providing daily Palo Alto firewalls administration such as Threat prevention, URL filtering, IPSEC and SSL VPN's, zone-based integration, and analyzing syslog's, and utilizing wild fire feature in Panorama.
• Worked on JIRA for defect/issues logging & tracking and documented all my work using CONFLUENCE.
• Design AWS Cloud Formation templates to create custom sized VPC, subnets, NAT to ensure successful deployment of Web applications and database templates.
• Created scripts in Python which integrated with Amazon API to control instance operations.
• Created weekly and monthly vulnerability reports from Nessus and collaborated with different teams to fix those vulnerabilities.
• Experienced with Docker and Kubernetes with PRISMA, Nessus vulnerability scanning, Sysdig, Azure ATP, Windows Defender ATP anti-malware.
• Secured EC2, ECS, EKS, FARGATE, and Lambda with Twistlock.
• Integrated container security with prisma cloud using Twistlock.
• Managed Amazon ECR for storing and auditing Docker images.
• Integrated cloud security solution sysdig with our kubernetes clusters.
• Provided administration support for Tanium, SharePoint, confluence, Splunk, McAfee ePO, Forescout.
• Created Splunk lookups for any server addition to the environment.
• Performed risk assessments against customer systems leveraging scan tools like NESSUS.
• Created weekly and monthly vulnerability reports from Nessus and collaborated with different teams to fix those vulnerabilities.
• Provided 24/7/365 monitoring and analysis of Security event alerts across the enterprise network agency systems and daily log events to identify potential security threats. Sources include, but not limited to, sensor alert logs, firewall logs, content filtering logs, and Security Event Manager.
• Continuously tune provided Security Information and Event Management (SIEM) System, through rule creation and engineering to reduce false positives and discover previously unknown threats.
• Responsible for capturing security and privacy requirements for clients to be compliant with FISMA standards.
• Experienced with DLP, Bluecoat Websense, Proofpoint, Trend Micro, and Confidential QRadar Enterprise SIEM security tools to monitor network environment.
• Assisted engineers with Confidential QRadar troubleshooting and deployment.
• Created Confidential QRadar dashboards for investigations.
• Experienced in upgrading the McAfee Network DLP system from version 9 to version 11 and integrating the NDLP manager into ePO.
• Perform QRadar product support and implementation.
• Automated the centralized detection of security vulnerabilities with scripts for Vulnerability assessment tools like ArcSight.
• Experience in supporting Symantec Endpoint Protection 12.1 workstation clients in an enterprise environment. Installation, configuration, and day-to-day management of Symantec Endpoint Protection.
• Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level.
• Perform research, analyze and understand log sources utilized for security monitoring focusing networking devices.
• Experience with Risk assessment using Industry standards like FISMA, NIST Rev3 and Rev4, HIPPA, PCI/DSS and develop Security policy as per these standards.
• Manage Confidential QRadar configuration files like inputs, props, transforms, and lookups. Upgrading the Confidential QRadar Enterprise and security patching.
• Create policies, alerts and configure using SIEM tools
• Assist with vulnerability scans and reporting to clients and IT departments, use of Nessus scan and Report, Review the vulnerability scan that affects the assets and find critical devices that have critical vulnerability
• Work experience with IT policies, procedures, and standards are related to doing security review using the NIST standard specifically with NIST and NIST for HIPAA security rules. Review the Logs for malicious user activities
• Deploy Confidential QRadar SIEM from scratch for security log monitoring and alerting in production environment including switches, routers, firewalls, load balancers, VPN and expand the deployment to the corporate domain.
• Performed network and host DLP monitoring and logging
• Information protection solutions including Monitoring, DLP and Security Auditing solutions from Symantec and McAfee.
• Actively used SIEM technology for searching and monitoring real time events for network security and compliance

Confidential Dallas, TX

Information Security Analyst

Responsibilities:

• Managing PaloAlto appliance Anti-Virus, DLP, Malware, Denial of service and vulnerability protection
• Demonstrates an understanding of Identity and Access Management (IAM) and related concepts
• Plans and evaluates IAM platforms, creates technical specifications, develops and unit and basic integration testing according to specified requirements
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Automated the centralized detection of security vulnerabilities with scripts for Vulnerability assessment tools like ArcSight.
• Experience in supporting Symantec Endpoint Protection workstation clients in an enterprise environment. Installation, configuration, and day-to-day management of Symantec Endpoint Protection.
• Perform research, analyze and understand log sources utilized for security monitoring focusing networking devices.
• Develop, implement, and execute standard procedures for administration, content management, change management, version/patch management, and lifecycle management of the SIEM.
• Create technical detailed reports on the status of the SIEM to include metrics on items such as number of logging sources, log collection rate, and server performance.
• Review risk assessments completed by security team based on National Institute of Standard and Technology (NIST) and International Standard Organization (ISO) by using its methodology is based on the PDCA cycle, which builds the management system that plans, implements cybersecurity, maintains, and improve the whole system.
• Perform vulnerability scans using Nessus and prepare reports.
• Create policies, alerts and configure using CyberArk SIEM tool.
• Assisted with vulnerability scans and reporting to clients and IT departments, use of Nessus scan and Report, Review the vulnerability scan that affects the assets and find critical devices that have critical vulnerability
• Manage enterprise security systems, identifying key security risks, reporting risks to management with recommendations for corrective action utilizing NIST frameworks.
• Monitoring various event sources for possible intrusion, determine the severity and create correlation rules to detect thereat in CyberArk SIEM.
• Managed and coordinated activities for multiple Data privacy information security.
• Support IT teams based on latest risks and possible remediation. Involved in integration of Splunk with Service Now, Active directory and LDAP authentication
• Performed network and host Active Directory (LDAP) services monitoring and logging.
• Information protection solutions including Monitoring, DLP and Security Auditing solutions from Symantec and McAfee.
• Actively used CyberArk SIEM technology for searching and monitoring real time events for network security and compliance.
• Involved in designing and developing Amazon EC2, Amazon S3, Amazon RDS, Amazon Elastic Load Balancing, Amazon SWF, Amazon SQS, and other services of the AWS infrastructure.
• Experienced with common penetration testing and vulnerability assessment tools such as nmap, wireshark, Nessus, NeXpose, BackTrack, Metasploit, AppScan, WebInspect, Burp Suite, etc
• Installed and Configured Tenable Nessus scanners and performed vulnerability scans with on all the servers.
• Involved in maintaining the reliability, availability, and performance of Amazon Elastic Compute Cloud (Amazon EC2)
• Monitoring and remediating daily security alerts generated by end users with the tools like Intel/McAfee SIEM, Force Points Websense, and Intel/McAfee EPO and also responsible for effectiveness of tools and scans, as well as assessing and tracking risk of exposure.
• Deploy and support information security systems and solutions such as key management, IPS/IDS, SIEM, MDM, NAC, APT detection, and endpoint management for remote user.
• Performed Vulnerability Assessments and Data Classification and their impacts
• Suggested the Patches for windows machines with vulnerabilities identified.

Confidential

IT Security Analyst

Responsibilities:

• Assisted in client network maintenance, effectively performed troubleshooting end-to-end between two sites and effectively managed network migration.
• Supervised initial network installation using CISCO networking devices and tuning, monitoring, and correlation of security events with QRadar SIEM, FireEye, Imperva WAF and WebSense
• Planned, performed, monitoring, analyzing and managing Grey Box, BlackBox and Whitebox Application Security assessments using tools and manual analysis for OWASP Top 10 vulnerabilities
• Installed and Upgraded all versions of McAfee EPolicy Orchestrator server and wrote policies via McAfee Privilege Management SW least privileged" access for standard user accounts to obtain elevated access for daily operations and end-point security - enterprise wide
• Created written process and procedure for the Vulnerability Management Program.
• Performed daily review and escalation of Data Loss Prevention (DLP) incidents using Proofpoint DLP and McAfee DLP solutions.
• Information leakage Assisted in upgrading 5 McAfee ePO servers from ePO 5.1.1 to ePO 5.3.1.
• Rolled out of McAfee VirusScan for Linux to 150+ Linux servers
• Installing and configuring of McAfee ESM and Confidential OpenPages and components and integration of various data sources in McAfee Nitro.
• Installed, operated and supported MacAfee EPO, CA-Etrust console, Symantec Endpoint Protection Manager Console, SOPHOS, TrendMicro. Antispam Brightmail, Symantec Mail Security, Cisco IronPort.
• Implemented, configured, and managed McAfee ePO, IPS, Email Gateway, SIEM.
• Installation and configuration of a new Confidential Windows Server 2016 (DHCP, Active Directory, DNS, Group Policies).
• Designed and implemented security policies using ACL and IP Tables; configured Cisco Routers ( ) using OSPF, EIGRP, etc.
• Performing white-box vulnerability assessment for applications developed in Confidential Technologies for the OWASP Top 10 vulnerabilities.
• Configuration of major features like LAN IP Configuration and DHCP Server Configuration, Live IP configuration, Services, Port forwarding and Rules, Firewall and analyzing Diagnostics and Logs.
• Set-up Virtual Private Networks with appropriate user access control as per security policies and roles.
• Performing Vulnerability Assessment and Penetration Testing of Web Applications and Web Services following OWASP & WASC methodologies
• Security Tools: McAfee Web gateway, McAfee Nitro, Cyber Eason, McAfee ePo, RSA Envision
• Racking (LAN/WAN/WLAN/MPLS/VoIP/VPN/Network Security) for multiple offices and colocation data centres.
• Ensured smooth transition for all the Security Applications, Preparing Team Metrics report and weekly/monthly Project status report presenting to the Customer.

Confidential

SOC Analyst

Responsibilities:

• Working as a Security Analyst in SOC operations for monitoring, analyzing logs from various Security/Industrial appliances using Arc sight SIEM tool. knowledge of LAN, WAN, TCP/IP, Spanning-tree, Metro, Ipv6, and MPLS
• Configure Cisco VPN 3000 Concentrator to allow VPN clients.
• Created filters, active channels, queries, rules etc. in Arc Sight for monitoring purpose.
• Configured reports in Arc Sight ESM and Arc Sight Logger as per the customer requirement.
• Prepared daily, weekly, monthly reports along with their complete analysis.
• Malware detection and Analysis (Cisco AMP, Symantec Endpoint Protection).
• In-depth understanding of various Data compliance regulations such as PII, GDPR, HIPAA and PCI-DSS.
• Performed real-time proactive Security monitoring and reporting on various Security enforcement systems, such as Splunk (SIEM), McAfee, Internet content filtering/reporting, malware code prevention HPE Fortify, Firewalls, IDS& IPS, Web Security, Ant
• Performed penetration testing for external facing web applications. Security areas covering DMZ architecture, threat modelling, secure coding practices (i.e., OWASP standards) and vulnerability analysis were assessed
• Installing, patching and maintaining McAfee EPO 5.X and DLP, utilizing McAfee Orchestrator, and able to deploy DLP and reporting and working knowledge in ENS 10
• Implemented multiple tools including Symantec DLP, and McAfee SIEM.