- Experienced professional with 6+ years of experience in Cyber Security and Network Security.
- A Certified Ethical Hacker.
- Superior Knowledge of TCP/IP, firewalls, routers, IDS and IPS systems.
- Strong Knowledge of Network protocols and technologies.
- Experience with various Vulnerability management tools such as Nessus, Nexpose, GFI languard, Qualys.
- 3+ years of Experience in Qradar, Alienvault, Splunk SIEM tools to secure organization network.
- Experience with Log Management and Event Management.
- Expertise in investigation and incident response of security events.
- Developed strategies to enhance cybersecurity of organization.
- Performed Penetration testing for large enterprise networks.
- Experience with security assessment of PCIDSS, HIPAA, SOX compliances.
- Protected confidentiality, integrity and availability of information and information systems of organization.
- Performed security monitoring of clients, servers, applications and network infrastructure
- Performed internal audits to ensure compliance requirements are met.
Operating Systems: Windows 10, Mac OSX, Linux, Ubuntu.
IDS/IPS: Snort, Sourcefire.
Firewall: Cisco PIX, ASA
SIEM: Qradar, Splunk, Alienvault.
Vulnerability Management & Penetration testing tools: Nessus, Rapid 7 Nexpose, Qualysguard, Nmap, Retina Security Scanner, GFILanguard, Metasploit, Kali Linux.
Forensic/Malware: Encase, FireEye, Wireshark.
Endpoint Security: Confidential EPS, Confidential EPS, Confidential, Kaspersky.
Security Standards: PCIDSS, HIPAA, SOX
Networking Concepts and Protocols: OSI Model, TCP/IP, UDP, IPV4/V6, Subnetting, RIP, IGRP, DNS, ICMP, SNMP, ARP.
Confidential, Chicago, Illinois
- Performed Log collection and monitoring using Qradar.
- Integrate infrastructure devices and security devices to Qradar SIEM.
- Configure network hierarchy and backup retention configuration of Qradar.
- Analyzed offenses generated by vulnerability management tools.
- Performed vulnerability scanning and remediation using Nessus.
- Developed security policies and best practices to maintain confidentiality, integrity and availability of organizational data.
- Performed system maintenance such as antivirus scans and security upgrade using Confidential Endpoint Security to secure workstations and organization network.
- Analyze and respond to malware events on workstations generated my anti - virus scans.
- Analyze logs from firewall, security devices and endpoints to detect possible intrusion.
- Ensured security controls and in place and risks are remediated.
- Calculated risk rating and generate security assessment reports.
Environment: QradarSIEM,Splunk, Nessus VM, Confidential Endpoint Security, SourceFire, Snort.
Confidential, Arlington, VA
- Aggregate, correlate and analyze log data from network devices, security devices using Qradar.
- Analyzed offenses created based on different device logs via correlation rules.
- Responsible for maintaining, reporting and communication of SIEM between event-sources and endpoints.
- Manage incident response and trouble ticket lifecycles.
- Create and maintain support documentation and procedures for IDS/IPS and SIEM solutions.
- Conduct network vulnerability assessment using Rapid7 Nexpose to evaluate attack vectors, identify system vulnerabilities.
- Developed remediation plans and security procedure to combat vulnerabilities.
- Monitored network for intrusion using SourceFire IDS and Snort.
- Monitored and troubleshoot network security issues of corporate network.
- Analyzed outbound traffic patterns at various internet gateway device locations using log analysis tool Splunk.
- Analyzed and monitored logs of Firewalls.
- Managed endpoint security of workstations using Confidential Endpoint Security.
- Capture and analyze network packets with Wireshark to detect possible intrusion.
- Worked with various departments to improve detection of security incidents and intrusions.
- Developed draft process to determine valid business traffic in corporate network.
Environment: Qradar, Splunk, Nexpose, Nessus, Wireshark, SourceFire, Snort, Symatec Endpoint Security.
Information Security analyst
- Conduct network monitoring and intrusion detection analysis to detect intrusions in system.
- Maintain and manage hosted Alienvault SIEM implementation in organizational networks.
- Investigate suspicious network activity, evaluate risk and propose effective solutions for risks identified.
- Configure snort and create signatures based on intrusions.
- Create company policies and procedures for email, network usage and access control.
- Managed security of workstations in organizational network using Confidential Endpoint security.
- Captured and analyzed network packets to detect possible intrusion using Wireshark.
- Performed Vulnerability management using tools like Nessus, Nexpose, Qualys and generated report on high-level vulnerabilities.
- Conducted security assessment and penetration testing on organizational network.
- Investigate and respond to firewall, security device alerts and escalate to concerned teams.
Environment: Alienvault SIEM, Wireshark, Nexpose, Qualys, Nessus, Confidential Endpoint Security, Snort.
- Configure networking devices such as servers, routers, switches, firewall before deployment
- Troubleshoot network related issues in organization.
- Draft monthly reports of network efficiency to observe if changes are needed.
- Perform required network updates on regular basis.
- Perform software updates, system backup, recovery procedures.
- Configure user accounts and password criteria for additional security.
- Configure firewall and restrict network access to unauthorized users.
- Design system configuration and enforce system standards to establish networking environments.
- Design WAN, LAN, internet and intranet.
- Communicate with project managers and stake holders to ensure project is in-sync with customer requirements.
Environment: Cisco Firewall, Windows Servers, Routing Protocols, Switching Protocols, Wireshark.