SUMMARY

• Information Security Officer (ISO) - Information Security, GRC Consultant with experience in Governance, Risk, Compliance & Audit - ISO 27001, PCI, HIPAA, SOX etc. Information Security & Network security functions.
• Establish a strong GRC (Governance, Risk and Compliance) practice to ensure adherence to best practice, regulatory requirements and ISO 27001.
• Excellent knowledge of FISMA, HIPAA and NIST Compliance usage, rules and regulations
• Facilitate implementations of information security policies, account security policies and standards for logical and physical security.
• Extensive knowledge on DOCSIS 1.x, 2.0, 3.0 and 3.1 specs.
• Hands on experience with HP Arcsight, IBM QRadar, Rapid7, Forcepoint
• Perform Risk Assessment, Gap analysis & create Risk Mitigation plan.
• Perform Internal & External Audits
• Deliver niche technology projects such as DLP and forensics to catch and prevent fraud, manage overall operational aspect of DLP.
• Oversee Vulnerability assessment /penetration testing of scoped systems and applications to identify system vulnerabilities.
• Regularly worked with Incident Response team to discuss and potential escalate critical incidents after initial triage.
• Provided support 24x7 on call for escalated security incidents on a rotational basis SOC environment.
• Symantec Data Loss Prevention (DLP) administrator
• Implemented Symantec DATA Loss prevention to secure all end points. Configured and instrumented Symantec management console, Symantec management server and Symantec database on Oracle.
• Good understanding on DOCSIS CMTS/CM protocol stack.
• Solid understanding of working with NIST 800-53 framework
• Experience configuring and deploying modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM.
• Experienced working on Solarwinds SIEM to upgrade security and compliance standards.
• Responsible for conceptualizing and driving BCP as a culture, within the organization.
• Ensure IS policies are updated & reviewed.
• Hands on Experience with Rapid7 Nexpose, Metasploit and ForcePoint
• Experienced in CyberArk installation and implementation
• Manage relationships in all areas of IT and the lines of business.
• Subject matter expert (SME) for DLP, Firewall, VPN, Archer, Vulnerability Management solutions, IDS/IPS/WIPS, SIEM and Endpoint Security.
• SIEM tuning and log analysis of alerts
• Installed and configured an ArcSight ESM SIEM tool from scratch & observed device Integration of multiple Log sources with the ArcSight Connector appliance
• Analyse, troubleshoot, and remediate issues with the SIEM, frequently working with the support teams
• Black listing and White listing of web URL on Blue Coat Proxy servers and web security gateway
• Work experience on Bluecoat Proxy SG for Content filtering and URL filtering.
• Experience in installation, configuration, backup, disaster recovery, maintenance, and support of Several Unix/Linux Servers
• Powershell scripting and execution for account termination, Distribution List creation, Security Groups
• Familiarity with Websense, nCircle, Imperva, DAM, SourceFire and WAF devices and services
• Experienced with NetFlow Traffic Analyzer tool. Used it to monitor bandwidth, analyzed network traffic and CBQoS policy optimization.

TECHNICAL SKILLS

DLP: Websense, Symantec & McAfee

End Point Security: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Symantec

IPS/IDS: McAfee IPS,, SecureWorks IDS/IPS, SNORT

SIEM: , Splunk security manager, IBM QRadar, LogRhythm

MSS: Vulnerability Assessment, Content Filter, Antispam, IDS/IPS Management

Vulnerability Management Tools: Nessus, Nmap, Nexpose, Wireshark, Fortify

Security Tools: Splunk, McAfee Vulnerability management solutions, Nessus, Solarwinds, LogRhythmPlatforms/Applications: Continuous MonitoringVulnerabilityManagement, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, AssetManagement, Governance, RiskManagementand Compliance, Solarwinds, Nexpose, Rapid7EventManagement RSA Archer, Blue Coat Proxy, Splunk, NTT Security, LogRhythm, PenTest Tools Metasploit, Burpsuit, NMAP, Wireshark and Kali

Security Software: Nessus, Ethereal, NMap, Metasploit, Snort, RSA Authentication

Networking: LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Firewalls/IPS/IDS

Routing: OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing

Switching: VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging

Protocols: TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS

Operating System: Windows, Linux, Unix

Security Intelligence: WhiteHat Web Security, iDefence, NTT Security, LogRhythm

SIEM: Splunk, Solarwinds, Nitro, IBM QRadar, LogRhythm

Switches: Cisco Catalyst VSS 1440 / 6513 / 6509 / 4900 / 3750- X / 2960

PROFESSIONAL EXPERIENCE

Confidential

Junior Network & Firewall Engineer

Responsibilities:

• Developing organizational policies and procedures using ISO 27001, PCI-DSS, SOX, CIS control document as guide
• Performing PCI-related audits and PCI DSS assessments
• Providing IT Security risk management consultancy to clients in preparation for PCI DSS assessments
• Responsible for maintaining required PCI-DSS compliance.
• Responsible for creating high-level, detailed and data flow network diagrams to show (Card-Holder Data environment) CDE and non-CDE, Card-Holder Data (CHD) flow and in-scope and out-of-scope segments using the guidance from Coalfire.
• Panorama centralized management system to manage large scale firewall deployments. Configure, monitor and troubleshoot Zone-Based Policies, Security Policies & DMZ Policies, rules creation and modification on PA-500, PA-2k, PA-3k and PA-5k series firewalls and managed them with Panorama (M-100) centralized management system to manage large scale firewall deployments
• Implementing Zone Based Firewalling and Security Rules on the Palo Alto Firewall.
• Created new security policies, updated existing security policies as per firewall change request.
• Created document for the minimum-security configuration standard for network devices such as Palo-Alto firewalls and Nexus 9000 Edge switches in accordance with client’s Security Policy and principle from other industry standards such as National Institute of Standard and security (NIST) and Center for Internet Security (CIS) benchmarks.
• As a part of Remediation of Overly permissive rule, find out the overly permissive rules, audited log and monitored the traffic that is hitting the rule, identify source IP addresses, list of applications/ services / owners and execute the remediation plan
• Exposure to wild fire feature of Palo Alto.
• Provided support 24x7 on call for escalated security incidents on a rotational basis SOC environment.
• Assisted with the development of processes and procedures to improve incident response times, analysis of incident, and overall SOC functions
• Provided on-call after-hours Identify and Access Management support where needed.
• Conduct analysis, cyber threats, the discovery of IT vulnerabilities, monitoring for cyber intrusions, troubleshoot and response to security incidents detected from HP ArcSight and related SIEM. IDS/IPS, and other security applications.
• Daily monitoring of Solarwinds, FortiSIEM (AccelOps), Splunk, LogRhythm, Vectra (AI), Cylance, ESA, WSA, Umbrella, and Proofpoint
• Establish a strong GRC (Governance, Risk and Compliance) practice to ensure adherence to best practice, regulatory requirements and ISO 27001.
• Working with McAfee ePO for managing clients workstations for providing end point security.
• Facilitate implementations of information security policies, account security policies and standards for logical and physical security.
• Involved in creating upstream and downstream channel bonding for DOCSIS 3.x cable modems.
• Solid understanding of RSA authentication and Rapid 7 technologies and ForcePoint
• Analyzed threats to corporate networks by utilizing SIEM products (Solarwind, Algosec and Splunk) to assess the impact on client environments
• Identifying and remediating any threats and vulnerabilities as a Security Monitoring (SOC), Triage and Escalation to T2.
• Executed response and mitigation procedures for a myriad of potential security incidents escalated from US Bank’s Tier 2 SOC and create reports to reflect on our detection and mitigation strategies.
• Creating the signatures and prevent the security attacks on Palo Alto devices.
• Dealing with monitoring tools like network packet capture tools like Wireshark, etc.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs.
• Providing daily Palo Alto firewalls administration such as Threat prevention, URL filtering, IPSEC and SSL VPN's, zone-based integration, and analyzing syslog's, and utilizing wild fire feature in Panorama.
• Providing support for 2Tier and 3Tier firewall architecture, which includes Palo-Alto firewalls (PA-500, PA-2k, PA-3k and PA-5k).
• Implementing and managing traffic engineering on top of an existing Multiprotocol Label Switching (MPLS) network using Frame Relay and Open Shortest Path First (OSPF).
• Working on MPLS for redirecting data from one network node to another network node based on the shortest paths.
• Assessing risks and recommending remediation of risks and vulnerabilities and submitting reports on the scans and assessments and even conducting patching of the vulnerabilities in some instances
• Using Splunk software to search, analyze and visualize the machine-generated data gathered from the websites, applications, sensors, devices etc.
• Using Algosec to automate and simplify security operations including troubleshooting, auditing and risk analysis.
• Using Algosec to optimize the configuration of firewalls, routers, web proxies and related network infrastructure to ensure security and compliance.
• Using Algosec to centrally manage network security policies, clean up and optimize firewall policies, identify and mitigate risky firewall rules and enforce network segmentation
• Performing and maintaining gap analyses between the organization's current security state and the NIST Cyber Security Framework and Cobit 5.
• Analyzed information security data from network and applications security logs and tools such as firewalls, proxies, application vulnerability scanners, network flow data, external data sources and cyber threat intelligence to identify potential compromises.
• DLP console - Data Loss Prevention (Symantec system)
• Experience in various Solarwind tools for monitoring and management.
• Monitoring the network for alerts and analyzind the report with Network Performance Monitor
• Analyzing network bandwidth and traffic patterns with Network Bandwidth Analyzer
• Performing Network compliance, Configuration backup, Network automation and Vulnerability assessment with Network Configuration Manager
• Using Log & Event Manager for security, compliance, and troubleshooting
• Managing Subnets and IP Address and DHCP and DNS management using IP Address Manager
• Apply IPS/IDS features & Threat Prevention Mechanism to protect the data center & internal network. Also, responsible to mitigate DOS/ DDOS using Dos Protection with Palo Alto Firewall.
• Prevent Hosts from accessing malicious websites using APP-ID & URL filtering and apply DNS sinkhole on Panorama.
• Monitor and generate Palo Alto Firewall Log Reports on Traffic, Threat, Data Filtering, and URL Filtering.
• Excellent ability to influence internal and external stakeholders and build consensus - build and drive “virtual” cross-functional teams
• Experience breaking down technical problems and effective solutions to management
• Outline security problem areas for compliance, accuracy and productivity
• Detect security issues, create customer tickets and manage problems until closure, Disk/File Encryption, Data Loss Prevention, Enterprise Rights Management
• Centralized management of Anti-Virus software. Maintenance and support of McAfee, Symantec, Trend Micro and Microsoft security products
• Experience with Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, Nessus, NMAP, Splunk, ArcSight, Rapid7, Routers, Switches, LAN/WAN, TCP/IP protocols, VMware, Endpoint Security, Cloud Security, Data Loss Prevention.
• Manage the technology as a Product, including working with CISO Strategy, Architecture, Engineering and Deployment teams for end to end solution delivery
• Perform analysis of events/incidents and provide remediation suggestions to relevant owners
• Implement tasks/projects critical to the organizations Endpoint technologies (workstations, laptops, ATMs, mainframes, servers, etc.)
• Identifying and remediating any threats and vulnerabilities as a Security Monitoring (SOC), Triage and Escalation to T2. Major contributor to the Python scripting project.
• Using Symantec DLP monitored the transmission of confidential data contained in corporate emails that were sent using Microsoft Exchange and downloaded to mobile devices.
• Assisted in themonitor and set policies in EPO server, maintain updates on HBSS server, domain servers, and domain workstations, push McAfee policies to required computers, and Symantec to servers.
• Good understanding of administering and implementing SIEM, DLP, Web sense, Advance malware detection program, vulnerability assessment, and prevention,
• Installed and maintained security infrastructure, including Firewall, IDS/IPS, log management, and Security Information Event Management (SIEM) tools.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Given the authority to build and lead the effort towards the improvement and development of the Incident Response Program. Also co-opted into the Symantec Data Loss Prevention (DLP) program to keep track of potential breaches of PCI and other sensitive data in the environment.
• Authored multiple Tanium sensors using VB scripting.
• Initiated global projects deploying zScaler, Symantec Endpoint Encryption, Qualys and SourceFire NIDs.
• Create and deliver reports to business lines pertaining to endpoint security, compliance, etc
• Maintain and manage changes in running environments
• Provide security monitoring, event analysis, and countermeasure proposals
• Provide technical support, including monitoring, reporting, tool administration. This is most often done without direct interaction with the end-users
• Direct the daily progress of project work assigned to staff members, report status to management, and manage staff performance
• Responsible for maintaining availability, reporting and communication of the SIEM between it, its event sources and the endpoints
• Strong understanding and knowledge of risk assessment, risk procedures, security assessment, vulnerability management, penetration testing
• Improved Tanium Client Deployment Tool (CDT) enterprise-wide by multithreading commands using PowerShell.
• Use commercial scanning tools such as BurpSuite Pro, Nessus, and other commercial products to analyze systems for vulnerabilities, and provide risk reduction recommendations
• Perform network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments and social engineering assessment
• Performing manual verification of vulnerabilities to reduce false positives
• Creating comprehensive security assessment reports, Risk Metrics
• Interfacing with clients to gather information and investigate security controls
• Prepared Information Systems Agency cyber inspections by analyzing Nessus scan data, researching fix actions, and building Tanium packages.
• Using Tanium and other automation tools we were able to significantly reduce response time and man hours spent on network vulnerability's.
• Built custom Tanium sensors to fill the gaps that where left by our other data collection tools.
• On-site Security/Risk Assessments, McAfee Web Gateway, McAfee ePO and Endpoint Security deployment including Virus Scan enterprise, endpoint security 10.x, HIPS, DLP, and Proofpoint.
• Tested and performed vulnerability analysis (VA) for the client through Nessus & Qualys Guard Scan and McAfee Found stone. Also maintain endpoint protection system.
• Worked with McAfee ePO products DLP, Site Advisor Enterprise, HIPS, VSE 8.7 and 8.8, Solid core, and Endpoint Encryption.
• Daily Tripwire monitoring. Solved critical tripwire rules with errors within two different tripwire consoles.
• Managed security tools; McAfee Enterprise ePO & HIPS, Snort, Splunk, Tripwire and Qualys.
• Performed device upgrades, configuration changes, tuning, analysis, and troubleshoot on the following security platforms: Sourcefire IPS, Cisco IPS, Cisco, McAfee Intrushield, Checkpoint IPS, Proventia (NIPS/HIPS), Imperva WAF, F5 ASM, Carbon Black, Red Cloak, and FireEye.
• Assessed and reviewed current technology infrastructure to identified key risk areas and ensured a level of control was in place to handle those risks.
• Deployed and configured McAfee products for client.
• Functioned as a SME for McAfee suite of products like McAfee ePO, McAfee Endpoint Encryption, McAfee DLP Endpoint
• Assisted design and implementation of network simulation environment (sandbox) using tools like NS-3, OPNET.
• Used IBM Rational Appscan, Acunetix, Qualys, w3af for reducing risk by testing web applications prior to deployment and for ongoing risk assessment in production environments
• Exhausting Symantec DLP to monitor the transmission of confidential data (PII) contained in corporate emails that were sent using Microsoft Exchange.
• Experience in installing, configuring, managing and troubleshooting SourceFire IPS appliances and ensuring security appliances are up to date with the latest OS, Patches, Symantec DLP, McAfee ePO, Cisco, Signature updates, and vulnerability database updates.
• Development and formulation of specifications for computer programmers to use in coding, testing, and debugging of computer programs and deploying on variety of operating systems (Windows, Linux or UNIX variants).
• Conducted network and server vulnerability assessment scans plus track and report risk mitigation using Nessus OpenVAS, for systems monitoring and operations environment.
• Worked with Symantec DLP upgrades and patches
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Implemented multiple tools including Symantec DLP, and QRadar SIEM
• Network visibility and intelligent network gathering of large organizations that run complex networks using tools like ENDACE and ICINGA.
• Exhausting Symantec DLP to monitor the transmission of confidential data (PII) contained in corporate emails that were sent using Microsoft Exchange.
• Supported in the monitoring and setting policies in EPO server, maintain updates on HBSS server, domain servers, and domain workstations, push McAfee policies to required computers, and Symantec to servers
• Through teamwork, conducted security incident investigations; sniffing network traffic for unauthorized network services; reviewed and authorized request for network services such as. Modem lines, ISDN, remote access, VPN, Internet access (ISS Web filtering), and Verisign PKI.
• Maintained, monitored, and upgraded the IDS system and created custom daily reports to alert on anomalous traffic patterns and behaviors, which proved valuable in curtailing the spread of malware and mitigating Worm outbreaks using BRO IDS, Suricata IDS.
• Used Reverse engineering tools to such as IDA Pro, OllyDbg, and Imagix.
• Provide subject matter expertise with regard to applicable regulations such as PCI DSS, NIST-SP800-53, and ISO Risk assessment for best practice throughout all phases of corporate projects.
• Coordinating and supporting the implementation of the response strategies with other parts of the enterprise or constituency, including IT groups and specialists, physical security groups, information security officers (ISOs), business managers, executive managers, public relations, human resources, and legal counsel using Log Analysis, Log Management.
• Conducted risk assessment evaluating security of Web applications and related infrastructure, defining risk matrix, providing technical and executive reports with detailed findings, recommending mitigation strategies and performing cost-benefit analysis
• Conducted Web security related incident responses while supporting investigations of security violations
• Participated in planning, designing, installing and configuring new Firewall policies.
• Created and tested Cisco router and switching operations using OSPF routing protocol, Cisco ASA Firewalls, and MPLS switching for stable VPNs.
• Supported core network consisting of Cisco7200 series routers running multi area OSPF.
• Worked on network-based IT systems such as racking, stacking, and cabling
• Experience in managing Active Directory Domain Controllers, DNS and DHCP Servers
• Extensive experience in Windows Servers and Active Directory Administration, DNS and DHCP Servers
• Migrating Users, Groups, Workstations and Application windows servers from source domain to Target domain using QMM and Active Directory Domain
• Created Active Directory Group policies to Enforce Domain and OU Level Security of Users and Computer objects
• Expertise in Migrating Group and Exception Policies from one domain to another domain in Active Directory forest
• Back-up and restore Hyper-V hosts, virtual machines, Active Directory Domain Services (AD DS), and file and web servers by using Windows Server Backup
• Experience in deployment and configuration of Active Directory Domain Services (AD DS) in a distributed environment
• Implement Group Policy, perform backup and restore, and monitor and troubleshoot Active Directory - related issues with Windows Servers
• Deploy other Active Directory server roles such as Active Directory Federation Services (AD FS) and Active Directory Certificate Services (AD CS)
• Experience in configuring domain controller security, account security, password security, and Group Managed Service Accounts (gMSA)
• Experience in planning and preparation for directory synchronization and managing identities with directory synchronization
• Experience in directory synchronization by using Microsoft Azure Active Directory Connect (Azure AD Connect)
• Managed service providers/vendors relationships from a project and technology perspective.
• Worked with the basic communication protocols like TCP/IP.
• Proactively monitored including a weekly review of log files, reports, weekly Knowledge Base updates, etc. to determine the health and performance of Secures appliances.
• Worked on Routing and Switching issues including OSPF, RIP, VLAN's.
• Design and Implementation of VoIP& Data Networks for new buildings, expansions, and remodels at a company platform.
• Experience in solarwind to log and even the suspicious activity and security threats, conducting an investigation and respond to mitigate issues in real-time, which include blocking IP addresses, disable accounts, changing privileges and permissions and killing applications.
• Network Performance Monitor tool for F5, BIG-IP, Wireless network monitoring.
• Experienced with NetFlow Traffic Analyzer tool. Used it to monitor bandwidth, analyzed network traffic and CBQoS policy optimization.
• Performed IP address planning, designing, installation, configuration, testing, maintenance, and troubleshooting in complete LAN, WAN development.
• Implemented and Maintained Routing Protocols EIGRP and OSPF in the Network.
• Configured and Maintained the Local Network using 2900, 6500 series Switches and 2800 series Routers. Configured and installed the 3600 series Router.
• Implemented strategies for operating systems, virus protection, mail systems and Internet Access services
• Performed scheduled Virus Checks & Updates on all Servers & Desktops.
• Powershell scripting and execution for account termination, Distribution List creation, Security Groups
• Resolved all computer related problems, monitored and maintained system functionality and reliability by identifying ways to prevent system failures
• Created and implemented filters on the Routers for security purposes.
• Installed and managed network devices including Hubs and Switches.
• Provide hardware and software support to end users
• Computer repair and upgrades, software and firmware updates and support. Also including fax machines, printers, network, firewall, back-ups and connection issues
• Experience in implementation Software and Hardware update Windows Patching, Windows Software Packaging
• Diagnosed hardware and software issues, replacing hardware components, assembling and preparing custom desktops, performing data backups and transfers