- Over all 6 Year experience in analyzing security logs generated by Intrusion Detection/Prevention Systems (IDS/IPS), SOC, DLP, SIEM, firewalls, network flow systems, Anti - Virus, and/or other security logging sources.
- Experienced in the systems design, engineering, implementation, and operations of large - scale Enterprise network and security infrastructure including Firewalls, IDS, EDR, SIEM, Monitoring, etc.
- Expertise in scripting for automation, and monitoring using SHELL, PYTHON scripts
- Experienced in Vulnerability management and remediation.
- Scanning the network and provide the scan reports to operational teams.
- Managing with Sail Point product team for any development issues while implementing client's requirements related to product customizations and make sure to resolve at the earliest.
- Perform reverse engineering of malware samples for targeted attacks and extract network indicators to assist with computer network defense
- Strong Knowledge in Coding and execution of scripts in Python.
- Strong knowledge of risk management and computer forensic tools, technologies, and methods
- Strong skills in the area of Reverse Engineering, Code Protection and Code Optimization - reducing code redundancy, avoiding redundant database calls, choosing best implementation ways etc. to improve system performance.
- Experience in Bash Shell Scripting, SQL and Java.
- Strong knowledge in active threat hunter and curator of threat intelligence reports using OSINT & SOCMINT & passionate about defeating 3vil on the internet.
- Emphasis on monitoring and threat intelligence using various NGFW/UTM features (IDS/IPS), ProtectWise threat hunter (cyber kill chain), Nagios agent monitoring.
- Good understanding regarding insider threats, data loss prevention, and the associated controls.
- Scanning the network and providing the scan reports to technical teams.
- Demonstrated Knowledge of SANS 20 controls framework and other security frameworks
- Strong grasp of TCP/IP and common Internet fundamentals such as DNS, DHCP, NTP, SMTP, HTTP, etc.
- Extensive knowledge of information security principles and practices, understanding of security protocols, standards and defense in depth.
- Utilized Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), sniffers and open source analysis tools.
- Understanding of SIEM Implementation & its Integration with other N/W devices and Applications and the troubleshooting work.
- Expertise in Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
- Experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC)
- Expert in installing SPLUNK logging application for distributed environment.
- Hands on experience with Quays Guard vulnerability management tool.
- Experience in creating and developing correlation and detection rules, within Splunk ES to support alerting capabilities within the Threat Management Center.
- Ensures the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through the performance of formal Risk Assessments, Policy and Governance, and internal Threat Analysis in regards to a SOC environment, with the use of siem tools
- Expert Understanding to develop the complex Use Cases, Universal Device Support Modules (DSM’s) on the QRadar SIEM.
- Involved in Integration IBM Resilient IRP with IBM QRadar SIEM.
- Responsible for monitoring networks and security tools to detect suspicious and hostile activity across the Environment.
- Experience in supported for Security Operations Center (SOC). Monitor security system and diagnoses malware events to ensure no interruption of service. Identify potential threat, anomalies, and infections and provide report to the customers.
- Knowledge in monitoring network traffic for security events and perform triage analysis to identify security incidents.
- Strong knowledge in analyze Threat Patterns on various security devices and Validation of False/True positive Security Incidents and Identifying potential threat, anomalies, and infections.
- Responding to computer security incidents by collecting, analyzing, providing details evidence (network log files) and ensure that incidents are recorded and tracked in accordance with its guideline and requirements.
- Knowledge of Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Database Activity Monitoring (DAM), Data Loss Prevention (DLP), Identity and Access Management (IAM) solutions.
Operating Systems: Windows 2000, XP, 10, Windows Server 2008, 12, Linux (Red Hat)
Security / Vulnerability Tools: Snort, Wireshark, Websense, Bluecoat, Checkpoint, Symantec, Qualys Vulnerability Manager, FireEye HX, Sourcefire, Nessus.
RDBMS: Oracle 11g/10g/9i, MS-SQL Server 2000/2005/2008 , DB2 MS Access, MySQL
Networking Tools: TCP/IP, HTTP/HTTPS, SSH, SSL, DNS, SNMP Routers, Switches, Load Balancers, Cisco VPN
Monitoring Tool: Net cool, Dynatrace, TEMS, Splunk, QRadar
Confidential, Detroit, MI
Senior SOC Analyst
- Proactively hunt for and research potential malicious activity and incidents across multiple platforms using tools like Netwitness, Splunk, advanced threat network and host-based tools.
- Monitor the performance of Splunk via the Splunk Monitoring Console.
- Installation, Configuration, Upgradation, Monitoring, Troubleshooting and Testing activities performed on Checkpoint and Juniper Firewalls.
- Candidate will drive deployments of Splunk while working side by side with the customers to solve their unique problems across a variety of use cases.
- Collaborate across the entire organization to bring Splunk access to product and technical teams to get the right solution delivered and drive future innovation gathered from customer input.
- Build indicators of compromise into monitoring tools using internal and external sources to integrate these tools with one another to provide data enrichment
- Strong TCP/IP networking skills used in performing network analysis. Also isolate and diagnose potential threats and anomalous network behavior
- Conduct senior level log analysis, proactive monitoring, mitigation, and response to network and security incidents
- Analyze traffic, review logs and identify potential security threats.
- Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
- Perform static and dynamic malware analysis on virtual servers with proper documentation and steps for removal on infected systems.
- Triage security events and carry out incident response steps.
- Examine malicious code to understand key components and execution flow using disassemble and debugger
- Interact with malicious programs by redirecting and intercepting network traffic to properly explore its capabilities
- Analyze malicious Microsoft Office, RTF, and PDF files
- Assisted in monitor and maintain server systems. Install server hardware and operating systems.
- Participated in the product selection and installation of QRadar Security Information Event Manager SIEM consisting of multiple collectors and a high-performance MS SQL database
- Designed and implemented enterprise SIEM systems: centralized logging, NIDS, alerting and monitoring, compliance reporting, based on QRadar 7.0 SIEM.
- Responsible for QRadar SIEM monitoring and configuration aligned to internal PCI and SOX controls
- Manage the day-to-day log collection activities of source devices that send log data to SIEM QRadar.
- Cleaning up log sources auto-discovered in QRadar by identifying duplicates, correcting mis-identified log sources, and identifying log sources from their logs.
- Configuration trouble shooting on SIEM for data sources.
- Dashboard / Enterprise dashboard customization for various teams based on the log source type requirements.
- Experienced in Operations Center environment team such as: Computer Emergency Response Team (CERT), Computer Incident Response Team (CIRT)
- SIEM troubleshooting and processing assigned enhancement request for various SIEM issues.
- Access control for browsing, Authentication for all hits from browsing on proxy servers, maintenance of proxy logs for forensic purpose
- Identifies, validates and documents substation asset classifications. Maintains substation asset tracking systems and databases as well as the credential management system.
- Serves as a team member that properly prepares for and address incidents across the organization, a centralized incident response team is formed and is responsible for analyzing security breaches and taking any necessary responsive measures.
- Implementation, configuration and support of Checkpoint and ASA firewalls for clients.
- Understanding the whole network & requirement of the organization.
- EPS calculation and storage calculation as per compliance.
- Understanding of various OS, web, database and application servers and respective integration mechanism.
- Define logging as per customer’s requirement.
- Integration of different data sources like Linux servers, windows servers, web servers, databases, security controls, network elements.
- Responsible for end device configuration to push / pull logs to/from SIEM receivers.
- Fine tuning of default rules, reports and alarms.
Confidential, Austin TX
- Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives
- SOC Lead for integration of CISCO Sourcefire IPS with QRadar by using Estreamer Protocol.
- Provided support in identifying malicious network activity, threats impacting network operations and developing appropriate countermeasures, eliminating network threats and vulnerabilities.
- Collecting data on Attacks to help SOC engineers create reports for auditing purposes.
- Integration of different devices/applications/databases/ operating systems with QRadar SIEM.
- QRadar SIEM v7.2 Administration with SIEM EPS tuning, distributed deployment architectures
- Part of deployment team where parsing several Log sources are integrated into QRadar through mid-layer such as F5 for PCI and Syslog services.
- Migrating existing Reports and Alerts from RSA envision to IBM QRadar.
- Tuning, Configuration, False Positive Reduction, Custom Log Source Extension development and administration of QRadar.
- Aggregate, correlate, and analyze log data from network devices, security devices and other key assets using QRadar.
- Responsible for Incident handling and response, with knowledge of common probing and attack methods, viruses, botnets and other forms of malware. Correlating events from a Network, OS, Applications or IDS/Firewalls and analyzing them for possible threats.
- Ensure the SOC analyst team is providing excellent customer service and support.
- Designed SOA based data service (for data domain) serving master data to authorized systems.
- Monitors agencies sensors and SOC (Security Operation Center) systems for incidents and malicious activity.
- Executed daily vulnerability assessments, threat assessment, and mitigation and reporting activities in order to safeguard information assets and ensure protection has been put in place on the systems.
- Performing security analysis and identifying possible vulnerabilities in eliciting the key derivation function, create Vulnerability Assessment report detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities.
- Conduct log analysis, proactive monitoring, mitigation, and response to network and security incident. Analyze security event data from the network (IDS sensors, firewall traffic).
- Administrative Office 365 (Exchange Online, SharePoint Online, and skype for business (Lync))
- Setup and manage alerts to monitor activity on business critical information as required.
- Develop custom applications using InfoPath and other Out of the Box SharePoint features and functionality.
- Provided second level support for the Symantec Endpoint Protection Antivirus System Provided after-hours support for the Production environment, generated and provided documented reports for the Threat Remediation Management Team.
- Put together E-Business Operations documentation for the Symantec Endpoint Protection Management environment.
- Implemented and configured firewall changes within the Symantec Protection environment according to Internal Compliance approved Specifications/recommendations.
- Responsible for maintaining availability, reporting and communication of the SIEM between it, its event-sources and the endpoints.
- Responsible for the management, design, and dissemination of relevant data from the global security information and event management (SIEM) system.
- Assisted in designing, implementing and evaluating applications, systems and utilities relevant to Active Directory services.
- Perform static and dynamic malware analysis on virtual servers with proper documentation and steps for removal on infected systems. .
- Experienced on configuration, installation, and patches upgrades of Tripwire Log Centre on windows environment.
- Interacts with end users, including first responders and explosive experts, identifying and aligning user needs with Tripwire resources.
- Experience with Firewall Administration, Rule Analysis, Rule Modification.
- Recognizes potential, successful, and unsuccessful intrusion attempts and compromises through analysis of relevant event logs and supporting data sources. Utilized Sourcefire, Wireshark
Confidential, Greenfield, IN
IT Security Engineer
- Implementation of SIEM tool.
- Create new content and manage existing notable events in Splunk Enterprise Security
- Worked with Cyber Security Operations Centre (CSOC) to fine-tune the False-Positives from the existing SIEM Rules.
- Working with Cyber Security Operations Center (CSOC) to find the existing log gaps and provide a better data analysis to increase the overall security coverage.
- Manage Splunk Enterprise to collect, monitor, and analyze machine data.
- Performed/Assisted in installation, configuration, troubleshooting and maintenance of SIEM Agents, Log Managers/Collectors, and SIEM Central Managers/Aggregators.
- Deploying Splunk; creating Port mirroring/ installing Splunk/ Install Stream Application on Splunk/ Setting up Sys log in Cent OS/ installing Universal Forwarder.
- Used Splunk Enterprise Security for real time monitoring, to prioritize the acts and for rapid investigations. Worked with SIEM team monitoring notable events through Splunk ES.
- Deploy, configure and tune Flow data within SIEM; must also document how such data is to be used during event triage.
- Network Monitoring and security scanning utilizing Nessus Vulnerability scanning.
- Handling SIEM events and response in critical environments (Email Threat Analysis, Web Threat Analysis, Malware Analysis, etc.).
- Analyze multiple network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine and apply proper remediation actions and escalation paths for each incident.
- Managing and maintaining Windows NT, 2000, 2003, 2008 and 2012 server administration Remote Administration using Terminal Services.
- Performed Windows user administration, managing user accounts, permissions, User rights, Account policies, Security policies and performed software and hardware maintenance.
- Hands on experience on Remedy7.2, AF Remote, and HP Open view, TEPS, HP insight manager, IBM Director, etc.
- Primary troubleshooting and knowledge in Windows clusters.
- Monitoring & managing Weekly server reboots.
- Performing Disk clean-ups and disk management for windows OS drives
- Working on high CPU and Paging file issues
- Performing daily checks to ensure stability in the environment
- Experience in fixing IBM (RSA) and HP (ILO) connectivity with Blade and Brick Servers
- Working on file/folder restoration issues on user’s requests.
- Hands on experience in network devices like port resets, logs collections, investigations, etc.