SUMMARY

• Around 6+ years of experience in Information Security; Developed, managed and contributed in different Security Programs.
• Specialized in areas of Information Technology (IT) such as Network Security, Cybersecurity, Information Assurance (IA),SecurityAssessment & Authorization (SA&A), Risk Management, System Monitoring.
• Specialized in areas such as Certification and Accreditation (C&A), Risk Management, Autantication & Access Control, System Monitoring, Regulatory Compliance, Physical and environmentalsecurity, Incident Response, and Disaster Recovery.
• Skilled in Vulnerability and Risk Assessment; Data Loss Prevention; Private and Public key Cryptography; Security standards and frameworks; Identity and Access Management; Active Directory, ACL and Server management
• Expertise in Governance, Compliance and Policy development as well as management.
• In depth knowledge of Software development technology (SDLC) and application security.
• Excellent analytical and problem solving skills as well as inter - personal skills in interacting wif team members, clients and top management as well

TECHNICAL SKILLS

Skill: Windows, SQL Server, LDAP, Wireless Network, TCP/IP, ACL tools, DMZ, Checkpoint, Endpoint Protection, Vulnerability Scanning, Risk management, file and folder encryption, CSRF, LAN/WAN Administration, full disk encryption, decryption, firewall logs, network monitoring, routing, virtualization, load balancer, cryptography, IDS (AlienVault) and IPS (Snort), VPN, VOIP, SIP, Database migrations, OWASP Top 10, NIST.

Languages: C++, JAVA, JAVA Script, ASP.NET, CSS, HTML, Linux.

Industrial tools: Symantec Endpoint Protection, IBM Endpoint Protection, VMware, McAfee, Nessus, QNX, Log rhythm, BitLocker, Carbon Black, Bit9, Qualys Guard, Credent, Burp Suite, ArcSight, Fortify, Hp web Inspect.

PROFESSIONAL EXPERIENCE

Confidential, Indianapolis, IN

Security Analyst

Responsibilities:

• Serve as the primary privacy and information protection Subject Matter Expert.
• Maintain multiple Security Operational Policies and Plans, and test regularly.
• Work closely wif the CSO on development and implementation of policies to address security issues
• Maintain current knowledge of applicable data protection laws and regulations (HITRUST, HIPAA, CMS FWA etc.), and monitor advancements in best practices. Work towards HITRUST certification for organization through self-assessment and third party audit. Working in group towards annual SOC2 report.
• Assist wif the development/implementation of corrective action plans for mitigation of privacy and data protection risk, and provide general guidance on how to mitigate such risk
• Review daily and periodic data to identify, report, and remedy vulnerabilities
• Manage the process to determine root cause of incidents. Provide forensics expertise for security incidents and investigations
• Work on Internal Employee Training (security awareness training, compliance training, Disaster Recovery training etc.) and effectiveness
• Perform risk assessment on third party vendors. Review vendor policies and security program.
• The main duties include doing research, collecting data, developing secure strategies, and maximizing productivity also oversee implementing security principals while following strict privacy policies. Conducting assessments of overall security posture of the company.

Confidential, Peoria, IL

Information Security Analyst

Responsibilities:

• Periodically reviewed network architecture, webapplicationsand hosts forsecuritygaps.
• Conducts systems and network vulnerability scans in order to identify and remediate potential risks and threats to the system
• DevelopedSecurityAssessment Plans (SAP); preparedSecurity Test and Evaluation (ST&E) Plans, coordinated meetings and examinations; analyzed automated scan results; Populate the Requirement Traceability Matrix (RTM) wif ST&E results; Performed Risk Analysis; CreatedSecurityAssessment Report (SAR); Created POA&M, and assisted wif findings remediation.
• Review and update of the SystemSecurityPlan (SSP) using NIST SP 800-18 guidelines.
• In depth knowledge of Governance, Risk and Compliance Management.
• Performed vulnerability scans, webapplicationand penetration test simulations to identify vulnerabilities. Created detailed mitigation reports based on network assessment test results.
• Expertise in file folder and full disk encryption; LDAP; analyzed logs; performed DLP (Data loss prevention); securing data at rest and in motion along wif Endpoint Protection; concept building and policy formulation using regular expression (REGEX); implementing BCP/DR (Business Continuity Plan / Disaster Recovery)
• Lead Project forSecurityStandards, Risk Mitigation, NIST and CyberSecurity requirements
• Created and assisted systemsecuritydocuments and theSecurity Plan, which contains all necessarysecurityprocedures, instructions, operating plans, and guidance.

Environment: Symantec Endpoint Protection, BitLocker, VMware, Active Directory Services 2008 R2, McFee, ArcSight.

Confidential, Sioux Falls, SD

Information Security Engineer

Responsibilities:

• Provided Identity and Access governance including role based access control, certification and access request.
• Developed, reviewed, and updated InformationSecuritySystem Policies, SystemSecurityPlans, andSecuritybaselines in accordance wif NIST and FISMA.
• Successfully installed, and configured SIEM platform to initiate incident response program.Leveraged SIEM tool (ArcSight) andsecurityplatforms to validate threats wifin the network.
• Configures Server Security and protection.
• Expertise in Active Directory, ACL and server management. Managed user security wif Group Policy Management. Managed GPOs (Group Policy Objects) throughout Active Directory.
• Configured and maintained applications for credit card authorization and access control; performed end to end encryption of PINS for printing secure PIN mailers.
• ConductedITcontrols risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance wif the Payment Card Industry DataSecurityStandard.
• Monitored applicable security upgrade and patching.

Environment: ArcSight, Symantec, Credent, BitLocker, Active Directory Services, ACL, VMware

Confidential

Application Security Analyst

Responsibilities:

• Reviewed application controls and monitored regulatory procedural manuals.
• Expertise in secure coding practices, code review, threat modeling, providing application security requirements, applications penetration testing and web service development.
• Managed, documented and resolved Service Requests, Security Incidents and Tasks wifin an ITSM known as Remedy Force.
• Supported development team to discover vulnerabilities, remediate risk and issues wifin code
• Provided remediation strategies for discovered vulnerabilities, cross-site request forgery and certificate pinning using secure software development.
• Adopted techniques to ensure secure application development as a part of SDLC.
• Expertise in scanning tools such as HP Web Inspect, Fortify and IBM App Scan.
• Implemented threat modeling by obtaining objectives and boundaries for identifying vulnerabilities and threat; which helps to define counter measures to prevent threat.
• Expertise in vulnerability scanning tools such as QualysGuard and Nessus.

Environment: Veracode, Qualys Guard, HP Web Inspect, Fortify and IBM App Scan, PL/SQL, Oracle 9i, Microsoft Visual C++, Telnet, Microsoft visual Source safe, Visual Basic.

Confidential

Software Engineer 

Responsibilities:

• Experience in design and development of web applications using ACP.NET, J2EE, JavaScript, HTML, CSS, JQUERY, and AJAX.
• Involved in different phases of SDLC (Software Development Life Cycle) such as requirements gathering, modeling, analysis, design and development.
• Generated Class diagrams Use case diagrams, Activity flow diagrams and Object diagrams in the design phase.
• Managed, developed, and designed a dashboard control panel for customers and Administrators using HTML, CSS, JavaScript, JQuery and RESTAPI calls.
• Consult wif customers or other departments on project status, proposals or technical issues such as software system design or maintenance.
• Assisted in Desktop Application layout design and functionality in C# and ASP.net framework.
• Performed troubleshooting, fixed and deployed many bug fixes of the two main applications that were a main source of data for both customers and internal customer service team.
• Researched, compiled data to create documents and manuals for presentation and further consideration by executives and committee.

Environment: ASP.Net, HTML5, CSS, XML, MySQL, JavaScript, C++, JQuery, MS SQL Server, T-SQL, JavaScript, Eclipse, Microsoft Visual Studio.