SUMMARY

• 10+ Years of software professional experience in Information Technology& Enterprise Security. 6+ years of extensive experience in Security information and Event management (SIEM) tools like Arc Sight, plunk Dashboard development and infrastructure monitoring, RSA Envision and QRadar.
• Experience working in Banking and Financial, Energy and Product Engineering domain.
• Extensively worked on development and configuration of SIEM connectors for unsupported devices by Arcsight, and RSA Envision.
• Prepared industry specific content and integration of multiple feeds like databases, Applications and network and Security devices logs to analyze potential threats and security risks.
• Create user acceptance testing scripts, scenarios, validation and ongoing system monitoring and support.

TECCHINICAL SKILS:

Programming Language: C, C++, Java/J2E, .Net, HTML, DHTML and VBScript

Operating Systems: MS - DOS, Windows, Mac OS, Linux

Scripting Languages: Shell and Perl

Security Tools / SIEM: HP ArcSight, Splunk, RSA Envision, QRadar & Alien Valut

Other Tools & Technologies: AD/LDAP, Networking, Cryptography, Firewalls, TCP/IP, SMTP, UDP, ModBus Knowledge, Hadoop, SAP HANA, MPP, MS OFFICE

DBMS: Oracle, Microsoft SQL Server, MS Access, MySQL

GUI/IDE Tool: VB6.0, SAP GUI, Eclipse

PROFESSIONAL EXPERIENCE:

Confidential, Maryland

Incident Analyst / Security Engineer II

Environment: QRadar SIEM, Carbon Black

Roles & Responsibilities:

• Worked in dis project as Incident Analyst.
• Analysis of Offenses created based on different device types of logs via Correlation rules.
• Observed and analyzed traffic in order to learn valuable lessons from non malicious actors and to determine countermeasures against such threats.
• Enhancement and fine tuning of Correlation rules on QRadar based on daily monitoring of logs.
• Interacted with cyber intelligence analysts conducting threat analysis operations within teh client organization.
• Provided high level analysis on security data to identify significant activity.
• Analysing offenses with Carbon black Process and Binary Search.
• Make recommendations to senior management on results of analysis and work closely with other Information Technology groups to refine and enhance security controls.

Confidential, CA

Security Consultant

Environment: Arcsight SIEM, Splunk, Windows, Linux.

Roles &Responsibilities:

• Worked in dis project as Security Consultant.
• Configuring log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases and apps.
• Categorize teh messages generated by security and networking devices into teh multi-dimensional Arcsight normalization schema.
• Installation of Connectors and Integration of multi-platform devices with Arcsight ESM, Develop Flex Connectors for teh Arcsight Unsupported devices / Custom Apps
• Develop content for Arcsight like correlation rules, dashboards, reports and filters, Active lists and Session list.
• Creating alerts and reports as per business requirements and Threat modelling with specific security control requirements.
• Arcsight asset modelling implementation, it is used to populate asset properties in Correlation rules and reports.
• We on-boarded 6000+ devices (Infrasture devices and Security devices and applications) to Arcsight ESM for monitoring.
• Integration of IDS/IPS to Arcsight and analyse teh logs to filter out False positives and add True Positives in to IDS/IPS rule set.
• Integration of different devices data to Splunk Environment and also created dashboards and reports in Splunk
• Troubleshooting teh issues which are related to Arcsight ESM, logger and Conapps performances.

Security Consultant

Confidential

Environment: QRadar SIEM, Splunk, Windows and Red hat Linux.

Roles & Responsibilities:

• Worked in dis project as Security Consultant.
• Maintain QRadar components like Console, Event Processors, Flow processors, Event Collectors, Flow collectors to Orion Environment for Log collection and monitoring.
• Integrate Infrastructure devices and Securiy devices and also applications to QRadar SIEM.
• Integrate Vulnerability scanner to QRadar to populate vulnerability information to associate internal assets.
• Recommended and configure Correlation rules and reports and dashboards in QRadar Environment.
• Configure Network Hierarchy and Back up Rention configuration in QRadar SIEM.
• Extract customized Property value using teh Regex for devices which are not properly parsed by QRadar DSM.
• Monitoring of day to day system health check-up, event and flow data backup, and system configuration backup.
• Analysis of Offenses created based on different device types of logs via Correlation rules.
• Integrate different feeds to Splunk Environment.
• Enhancement and fine tuning of Correlation rules on QRadar based on daily monitoring of logs.
• Integration of different devices data to Splunk Environment and also created dashboards and reports in Splunk.
• Recommended and Configure Daily and weekly and monthly reports in QRadar and Splunk based on Compliance requirements.

Senior Security Analyst

Environment: Arcsight SIEM, Request Tracker, Windows, Linux.

Confidential

Roles & Responsibilities:

• Installation of Connectors and Integration and testing of multi-platform devices with Arcsight ESM, Develop and test Flex Connectors for unsupported devices and Business applications
• Integration of IDS/IPS to Arcsight and analyse teh logs to filter out False positives and add False negatives in to IDS/IPS rule set.
• Configuring and testing of log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases and applications.
• Categorize and test teh messages generated by security and networking devices into teh multi-dimensional Arcsight normalization schema.
• Develop and testing of content for Arcsight like correlation rules, dashboards, reports and filters, Active lists and Session list.
• Develop and test Arcsight asset modelling, it is used to populate asset properties in Correlation rules and reports.
• Debugging teh issues which are related to Arcsight performance, reporting, collection of logs from various devices.
• Monitoring and identify any suspicious security events using teh Arcsight ESM console and raise a ticket in teh SOC portal
• Investigate and identify events, qualify potential security breaches, raise security incident alerts and perform technical & management escalation.
• Identification of teh false positive/ True positive events and take action accordingly as per KOPs.
• We use to receive Spam email from teh RB users and we use to co-ordinate with messaging team to block mail ids.
• We use to receive teh Virus alert for outbound and inbound and use to co-ordinate with Antivirus team.
• Recommended security strategies based on real time threats.

Confidential, Minneapolis

Security analyst

Environment: RSA Envision, Windows

Roles & Responsibilities:

• Integration and testing of multi-platform devices with RSA Envision.
• Configuring and testing of log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases and applications through teh collectors (LC,RC).
• Categorize and test teh messages generated by security and networking devices into teh multi-dimensional RSA Envision schema.
• Integration of IDS/IPS to RSA Envision and analyse teh logs to filter out False positives and add False negatives in to IDS/IPS rule set.
• Develop and testing of content for RSA Envision like correlation rules, dashboards, reports and filters, list.
• Debugging teh issues which are related to RSA Envision performance, reporting, collection of logs from various devices.
• Develop and test UDS Connectors via XML for teh RSA Envision un supported devices and Business applications.
• Attending weekly client meetings in dat need to discuss about on boarding and content testing results status.
• Created installation and configuration and test case scenarios documents for each specific device Connectors.
• Recommended security strategies based on real time threats.

Confidential

Engineer, Network Management

Responsibilities:

• LAN and WAN management of Confidential
• Configuring and troubleshooting of Cisco Routers (1841, 3745), Cisco Switches (2950)
• Configuring and troubleshooting BGP, OSPF, Protocols and VoIP phones.
• Configuring and troubleshooting site-to-site VPN setup with our client routers.
• Backup and recovery of IOS files of routers.
• Configuration & Maintenance, Windows 2003 Server, EMS Server, Antivirus Server, Printers and firewall rules.
• Managing teh clients on a daily basis using enterprise management solution (EMS) as per teh service level Agreement (SLA) terms.
• Performing resolutions using remote control utilities like VNC, net meeting, remote desktop
• Updating teh security features, patches, anti-virus updates on workstations and servers.
• Call management with respective vendors for proper functioning of IT infrastructure.
• Remote assistance for teh client staff for troubleshooting of IT related issues.
• Application Support and Log management.