SUMMARY:

• Diverse experience working for Confidential services on security, privacy and regulatory compliance projects across a wide range of technologies, industries and traditional IT. Hands - on as well as strategic architect.
• Implemented strong security controls, including the supporting processes, networking, application, operating system, and security software technologies required in controlled environments.
• SIEM - QRadar, Arcsight
• Application whitelisting - Bit9
• Data loss protection/prevention (Vontu, Websense)
• Vendor service programs and automation
• ISO 27001 - Framework to implement Enterprise policy, risk-profile and compensating processes and tools
• Knowledge of Top 10 OWASP web application security Risks
• Other tools: NetIQ security Analyzer, QualysGuard, Dumpsec, Velosecure, Nessus, Snort, TripWire
• Knowledge and experience in HIPAA, Gramm Leach Bliley Act, Sarbanes Oxley, PCI DSS, ISO 27001, ISO 177999
• Comfortable with programming in Python, Perl and PHP/JS

PROFESSIONAL EXPERIENCE:

Confidential, Washington, DC

Senior Security Administrator

Responsibilities:

• Administration of Arcsight Appliances
• Upgrade Collector appliances and console
• Certificate Management

Confidential

Senior Security Architect

Responsibilities:

• Designed, Developed, Provisioned and Managed several Log Sources - traditional and custom through uDSM/LSX
• Correlation rules to capture security offenses, and developed customized security offense monitoring reports
• Manage diverse QRadar appliances and Administration
• SIEM EPS tuning of the distributed deployment architectures
• Responsible for managing Vulnerability reports from multiple sourcesEnhanced the design of Flow sources on edge and internal and completed deployment
• Implemented Organizational SIEM policy - Enforced and implemented collection of event logs for Windows infrastructure to report through Wincollect
• Integrated Threat Advisories (X-Force and other advisories) and designed controls to proactively monitor for attacks
• Maintain the most recent QRadarUpgrade/Patches and apps for threat monitoring (most recent WannaCry, Petya, malware dectedtion and alert)

Confidential, BLOOMINGTON, IL

Senior Security Architect

Responsibilities:

• QRadar Vulnerability manager and Threat Manager (QVM and QTM)
• Added few Custom Log Sources via UniversalDSM/LSX - QID adding/mapping and creating building blocks/rules.
• Created custom searches, custom reports, rules, reference sets and reference maps.

Confidential, HOFFMAN ESTATES, IL

Senior Security Architect

Responsibilities:

• Using Security logs from different sources, investigate security related incidents.
• These incidents ranged from recon, intrusions, malware, APT, DDoS, unauthorized access, and insider attacks that required an in-depth investigations
• BuildinguDSM’s for unsupported log types
• Experience with QID adding/mapping and creating building blocks/rules.
• Responsible for any critical updates patching, DSM updates and submit PMRs for any QRadar bugs
• Creation of several Use Cases monitored by SOC and worked with Security operation center to investigate incidents while monitoring attacks on network - few ex., heartbeat response, Citadel, ZAT, RAT, etc.
• Created several reports for management, reports to monitor critical servers required for PCI/SOX
• Creation of several custom fields that extracts key fields from log sources such as IDS/IPS (sensor location, Action taken for attacks), AV Trend Micro (Files affected, action taken), etc.
• Bit9
• Created policies for blocking, banning and white listing software
• Created rules to take action based on rating and reputation
• QualysGuard
• Vulnerability management and patching - feeds into QRadar Asset DB

Confidential, San Jose, California

Consulting IT Security Expert

Responsibilities:

• Assess DLP needs and recommend next steps
• DLP implementation design and deployment including data classification, data identification, reviewing network segments for protection, scope network gears and list high level ecosystem changes
• Initialize DLP implementation to align with management objectives and incident response process
• Policy creation and testing, Policy communication, Policy enforcement & Hand-off
• DevelopedArcsightrules, channels, and analysis methodology
• Wrote Use Cases to identify security events such as traffic from bad actors, AV failed recovery, malware attack, etc.
• Coordinated and conducted event collection, event management, compliance automation and identified monitoring activities through ArcsightESM

Confidential, Seattle

DLP consultant

Responsibilities:

• Performed risk assessment and data classification - customized existing DLP policies to re-align with data classifications and potential data leaks
• Wrote Incident management playbook with ESM as the core tool
• Responded to day-to-day requests relating toArcsightreports
• TunedArcsightESM data quality to improve ISMS process efficiency
• Assisted other analysts usingArcsightand other tools to detect and respond to IT security incidents.
• Wrote Use Cases to identify attacks such as Zero Access Trojan, Dictionary attack, etc. and worked with SOC to remediate in a timely manner
• Manage ISO-27001 program
• Manage Vendor security program

Confidential

Consulting Vendor Risk Manager

Responsibilities:

• Responsible for Vendor Security Program - designed the vendor security policy based on the data classification of Confidential .
• Designed semi-automated process to examine and categorize each vendor based on risk - designed vendor questionnaire based on SIG standards, designed the automated risk based vendor rating
• Using Archer, designed actionable triggers based on vendor supplied information to categorize risk-ranking of vendor management - Triggers included ordering the internal/external VA scans using QualysGuard
• Developed and Implemented vendor automation work flow (with Archer tools suite)
• Review QualysGuard reports to validate that the automated system categorization of vendor is appropriate and oversee the vulnerability remediation process

Confidential

SME, Security Incident Management Consultant

Responsibilities:

• Review Information security incident reports and provide periodic management recommendations - Arcsight, Antivirus, IDS/IPS
• Perform threat based risk assessment

Confidential, Cupertino, CAlifornia

IT Security Program Manager

Responsibilities:

• Responsible for Incident investigation and reporting
• Manage escalations, review log data & Forensic reports
• Managed the development and deployment of the most anticipated enterprise security project ‘ Confidential ’ that takes the existing Threatcon to the next level.
• Confidential is an enterprise service that delivers global security threats in real-time
• Security Metrics development and reporting

Confidential, San Jose, California

Senior Security Consulting Manager

Responsibilities:

• Led a team of Security Engineers to execute Security Incident investigation and Incident responses
• Handled escalation, facilitated emergency meetings after reviewing and analyzing log data
• Performed Forensic data capture for legal investigations
• Developed ISO 17999 and ISO 27001 based Program to assess clients security posture and manage security projects
• Analyze security gaps to comply with SOX 404, SAS 70 and PCI regulations.
• Led team to execute security audits - sample engagements below.
• Hands-on auditing of clients network infrastructure - Firewall, Cisco Routers, IDS sensors, Web security, Active directory, TACACS, RADIUS, VPN, etc.
• Hands-on auditing of financial platforms - Mainframe (AS400), Windows with Active directory.
• Penetration tools: NetIQ security Analyzer, QualysGuard, Dumpsec, Velosecure.
• Perform General Computer Controls (GCC) and Application Control review for Sarbanes-Oxley, Section 404 requirements
• Auditing of SAP FI including User Master Record, negative postings,Profiles, authorization Objects, Program Access, Fields, Authorizations, Restricting access, services, work processes, system and custom transactions, ABAP programs, ABAP/4 Data dictionary, SAP user ids at operating system level, Change control directories, trace and log files and SAP customizing access
• Performed security review of platforms including Windows/Unix, AS400, UNIX, PBX, Voice Response Unit, Cisco PIX firewall, Checkpoint Firewall
• Designed a comprehensive risk matrix for an Investment management company to address combination of technical, operational and procedural safeguards.
• Challenges included identifying and understanding networks, infrastructure, development and application level practices, global dissimilar practices and merger cultures for security, compliance and governance. Developed and implemented standard operating procedures for managers and senior managers for Windows, UNIX and network groups.