SUMMARY

• Experienced Technical Consultant having experience in handling Information security analyst and System Administrator responsibilities.
• Expertise in Cyber security & Information Assurance with deep Knowledge of Identity and Access Management security, Sail point Identity IQ, Access Control issues related to cyber systems and networks, AWS Cloud, Penetration testing methodology, malware detection techniques, recommended information assurance policies and standards.
• Expert in Vulnerability Assessment using Qualys, Nessus and Nexpose tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures.
• Assisted in integrating regulatory compliance requirements (e.g., PCI, NIST) into the organizational security roadmap
• Hands on experience on Forcepoint and Knowledge of distributed Splunk installation with Forwarders, Clusters, and Search head cluster.
• Possess a well - balanced understanding of business relationships, business requirements, and technical solutions with ability to work collaboratively with business analysts, software testers, developers
• Hands on experience for development, implementation, and administration of information security policies, standards, and procedures, adhering to industry best practices for clients.
• Assisted in ensuring that the corporate IT environment is secure and complies with all external audit requirements and federal standards
• Hands on experience on FireEye NX,EX,HX, PX,and IA
• Designed and facilitated new cloud security architecture at Bluemix datacenters for the ECMoC product offering using Vyatta 5400/5600, Juniper vSRX, Fortinet/ Fortigate series firewalls.
• Efficient and Expert in EIGRP, OSPF, with knowledge on MPLS, BGP (including configuration and troubleshooting)
• Expertise in Gathering and analyzing metrics, key risk indicators and maintain scorecards defined within the area of information security to ensure our information security program is performing effectively and efficiently.
• Experience in vulnerability scanning g with relevant tools e.g., Nessus, HPE Fortify for SCA (Static Code Analysis) and Web Inspect, and Rapid 7 Nexpose.
• Assist in the deployment and configuration of new tools and capabilities such as Nessus, Splunk, Symantec and McAfee DLP.
• Experience configuring and deploying modules and products like McAfee ePO, McAfee VSE, Cloud, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM.
• Experience with endpoint security solutions for application whitelisting; application blocking, HIPS; antivirus, DLP (Bit9, Carbon Black, McAfee, Beyond Trust, etc.)
• Experience in managing Network infrastructure security using HPE ArcSight ESM/ Splunk for monitoring and classifying and responding to incidents and threats.
• Supported the information security audit and third-party assessment initiatives during planning, execution, and remediation phases, as well as coordinating and tracking remediation activities.
• Liaison between the audit/assessment teams and Information Security management.
• Familiar with threats and vulnerabilities, latest trends and risks and be able to understand the technical remediation action steps or plans and communicate them effectively to teams within the organization
• Experience with SOC and 24/7 operations.
• Defined and oversaw security hardening standards for client's IT Infrastructure
• Coordinated with systems and network engineers to ensure servers and network devices conform to security standards, and that security devices and controls are working as designed
• Implementing the technical security for Mobile Device Management
• Experience with industry recognized SIEM (Security Information and Event Management) solutions such as IBM QRadar, Splunk, and LogRhythm.
• Excellent understanding of computing environments Linux: RHEL-7/DEB-KALI, Windows 7/10, Server 2012/2016 and Unix Operating systems.
• Controlling access to the Air Watch Administration platform to ensure that adequate controls are always in place
• Perform Risk Assessment, Gap analysis & create Risk Mitigation plan.
• Strong understanding of enterprise, network, system/endpoint, and application-level security issues and risks.
• Oversee Vulnerability assessment / penetration testing of scoped systems and applications to identify system vulnerabilities.
• Excellent knowledge of FISMA, HIPAA and NIST, PIA Compliance usage, rules and regulations
• Use IBM QRadar Security Manager to identify threats and assigned category.
• Processed daily security operations and log analysis

TECHNICAL SKILLS

Security: Threat Vulnerability Management, End Point Protection, Sec Ops, URL Filtering, SIEM, Web Application Vulnerabilities, Firewall Risk Assessment, Nessus, Ethereal, NMap, HX, NX, Metasploit, Snort, RSA Authentication, PIA, FireEye

Networking: Packet Analysis (TCP/IP,Dump, Wireshark), IDS (Bro, Snort), Splunk, Firewall, IDS/IPS, Access Control

Systems Administration: Active Directory, DNS, FTP, SSH, DHCP, SMB, HTTP, Virtualization (ESX)

Vulnerability Assessment: Nmap, Nessus, Ettercap, Metasploit, Honeypots (honeyD, inetSim), BurpSuite

Platforms/Applications: Continuous Monitoring Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance, Solarwinds, Nexpose, Rapid7 Event Management RSA Archer, Blue Coat Proxy, IBM QRadar, NTTSecurity, LogRhythm, PenTest Tools Metasploit, Burpsuit, NMAP, Wireshark and Kali

Systems: Experience working in mixed Windows/Linux, Tanium, database and virtualized/physical server environments, Active Directory, DNS, FTP, SSH, DHCP, SMB, HTTP, Virtualization (ESX)

Programming: Knowledge of C, JavaScript, jQuery, PHP, Perl, HTML5, CSS, MySQL.

PROFESSIONAL EXPERIENCE

Cyber Security Analyst/Engineer

Confidential, Madison, NJ

Responsibilities:

• Experienced with DLP, Bluecoat websense, Proofpoint, Trend Micro, and IBM QRadar Enterprise SIEMsecuritytools to monitor network environment
• Worked on tools like Informationsecurityand Group Policy, Symantec Data Loss Prevention, Symantec End- Point Protection Manager, Symantec Endpoint Encryption, Windows Server Update service, Bluecoat Proxy, Syslogs, GFI
• Experienced primary Voltage secure data encryption engineer heading up the International Project encryption servers worldwide.
• Administration, Configuration, Rule set creations, policy finetuning, in-line mode implementations and reporting of Endpoint Security Technologies like: Symantec Endpoint (SEP), Symantec DataCenter Security (DCS), Symantec Host DLP, Malware Bytes and FireEye APT
• Run internal and external Network Vulnerability scans at least quarterly after any significant change in network such as a new system component, installations, changes in network topology, firewall rule modifications and product upgrades.
• Analyzing vulnerability using scanning tools (Nessus, Qualys Guard) provided to us by our client to remove false positives before creating and delivering a final report.
• Work under the direction of the Team Leader to maintain security devices and show practical experience in managing SIEM environments, FireEye standalone devices such as NX, EX and HX, NIDS, UNIX servers, and packet capture devices
• UtilizeSecurityInformation and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), McAfee Endpoint Encryption Data Leakage Prevention (DLP), PIA, Forcepoint, forensics, sniffers and malware analysis tools
• Responsible for monitoring and, providing analysis in a 24x7x365SecurityOperation Center (SOC) using Splunk SIEM, IDS/IPS tools.
• I have been part of several engagements deploying encryption and protecting data as well as training helpdesks around the globe. I am currently running a 32,000-computer encryption with McAffee's whole disk encryption and ePO along with device control/DLP.
• Oversee Vulnerability assessment /penetration testing of scoped systems and applications to identify system vulnerabilities.
• Lead a team of cloudsecurityengineers in various areas of expertise to execute complex solutions to meet delivery timelines.
• Frame works used ISO 27001 ISMS, PCI DSS, SSAE16, OWASP, SANS, Forcepoint.
• Monitored and researchedCyberThreats with a direct & indirect impact to the organization internally.
• Cyber Ark Upgrade, PAM Cyber Ark Implementation, SOC/SIEM Replacement Project (Fire Eye), IAM Implementation
• Experience on Nessus VA and BurbSuite PT with Implement RSA SecurID
• Multi model Consulting on different frameworks & standards like ITIL, COBIT, SDI, CMMI & ISO 2000, ISO 9001.
• SecurityConsultant specializing in Data Loss Prevention and large infrastructure encryption.
• SecurityEngineer for Proof Point Email GatewaySecurity.
• Manage all repeated threats to all systems and perform vulnerability tests.
• Support IT teams based on latest risks and possible remediation Vulnerability remediation of VBlock Infrastructure. Involved in integration of Splunk with Service Now, Active directory and LDAP authentication
• Simplified knowledge sharing by creating and maintaining detailed and comprehensive documentation and necessary diagrams.
• Managing the enterprise infrastructure of the SystemSecurityteam, such as configuration of File Integrity Monitoring systems, Data Loss Prevention (DLP) toolsets, enterprise Antivirus solutions, and endpoint encryption.
• Use IBM QRadar Security Manager to identify threats and assigned category. SOC/SIEM Replacement Project (Fire Eye), IAM Implementation
• Assisted internal users of Splunk in designing & maintaining production-quality dashboard, assisted team to understand the use case of business and provided technical services to projects, user requests & data queries
• DevelopedCyberSecurityStandards on NIST Frameworks and insured their proper implementation to reduce the risk of vulnerability to IT assets.
• Responsible for conducting structuredsecuritycertification and accreditation (C&A) activities utilizing the Risk Management Framework and in compliance with the Federal InformationSecurityModernization Act (FISMA) requirements
• Assisted in day-to-day EPOSecurityAlert threats by response using SIEM, Securitytools Nessus and ArcSight to track downsecuritythreaten workstations, virtual servers and devices on the Confidential Network.
• Tracking the receipt, implementation, and compliance of information assurance vulnerability assessment and documenting information assurance initiatives ensure that systems, networks, and data adhere tosecuritypolicies and procedures. Risk Management, Vulnerability Management, Intrusion Prevention, Incident Response.
• Adding new vulnerabilities to the Vulnerability Database for various platforms with proper exploits.
• Experience in supporting Symantec Endpoint Protection 12.1 workstation clients in an enterprise environment. Installation, configuration, and day-to-day management of Symantec Endpoint Protection.
• Deploying TrueCrypt Drive Encryption to all State Trooper laptops and desktops

Cyber Security Engineer

Confidential, New York

Responsibilities:

• Establish a strong GRC (Governance, Risk and Compliance) practice to ensure adherence to best practice, regulatory requirements and ISO 27001.
• Adept with QRadar, Symantec PCAP, Symantec CloudSOC, PAN Firewall, PAN WildFire, PAN TRAPS, PAN Redlock, FireEye, ThreatQ, Microsoft SCEP, Microsoft O365 Security and Compliance Portal, ProofPoint,
• Working with McAfee ePO for managing client's workstations for providing end point security.
• Facilitate implementations of information security policies, account security policies and standards for logical and physical security.
• Worked on SIEM, as well as solar winds, Symantec end to end point security for malware detection and threat analysis
• Experience with national, international, and/or sectoral cloud security assurance/compliance regimes and frameworks such as Federal Risk and Authorization Management Program (FedRAMP)
• Responsible for performing application penetration testing on web, thick client, and other types of applications to identify significant vulnerabilities that threaten the confidentiality, integrity, and availability of customer systems.
• Implementation and configuration of the network infrastructure in Business environment.
• Installation and maintenance of McAfee Drive Encryption used to encrypt all workstation hard drives in the environment to secure the data stored on them
• Installation, maintenance and monitoring of McAfee Data Loss Prevention Endpoint, one piece of the Removable Media Encryption suite
• Installation "maintenance and monitoring of McAfee File and Removable Media Protection, the second piece of the Removable Media Encryption suite
• Tested and certified new software such as Tanium Protect (an access control software) and PEGA trouble ticketing software.
• Audit Support: Facilitated the PCI DSS external audit for the client, took charge of end to end co- ordination and support during the onsite assessment
• Oversee the design and development of security solutions and manage cross-platform integration of a range of on-premised and public cloud security designs and configurations, Amazon CloudFront and Amazon Route 53,
• Troubleshooting day to day issues in IT infrastructure in Business Environment tools like Splunk, ArcSight, Solutionary, PIA, LogRhythm, SCCM, Altiris, LanDesk, BigFix, McAfee/Symantec.
• Automated DLP Incident metrics using splunk. Developed monthly, weekly metrics and dashboards using splunk.
• Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, ArcSight, Solutionary, LogRhythm, SCCM, Altiris, LanDesk, BigFix, McAfee/Symantec.
• Configured Advance CyberArk integration with AD through LDAP, 2factor authentication & email integrations.
• Utilized Tanium Endpoint Security to create reports to resolve various information security issues.
• Experienced with Risk assessment, Cobit and Malware Analysis.
• Coordinates closely with disaster recovery and data security teams.
• Enhancing Risk culture across the organization based on COSO framework. Applying and implementing COSO framework across organization
• Working as a dedicated resource for a Scrum Project to provide timely firewall support and configuration for ongoing high priority Scrum Projects.
• Installed, deployed and/or maintained multiple security solutions for security tools such as Nexpose Rapid 7, Comodo, Qualys, threat stop.
• Installation and configuration of CyberArk Vault, Password Vault Web Access (PVWA), Central Password Manager (CPM) and Privileged Session Manager (PSM) in Prod and PIA.
• Vulnerability Assessment and Management (Nessus & Qualys), Security risk analysis; reporting using SPLUNK.
• Conduct daily IDS analysis/monitoring for potential compromise, intrusion, deficiency, significant event or threat to the security posture and security baseline and numerous activity against spam.
• Utilize Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools
• Deploying and configuring McAfee products for client. Providing SME for McAfee suite of products like McAfee ePO, McAfee Endpoint Encryption, McAfee DLP Endpoint
• Leading a SOC team for cyber incidence and compliance towards PCI DSS, NIST framework.
• Tracks all the incidents happened in all the stores and used for recovery and settlements using RSA Archer.
• Experience with SIEM platforms (Splunk, Qradar, McAfee/Nitro, Arcsight, LogRhythm, Carbon Black)
• Administration experience of CyberArk vault with Safe creation, integration with LDAP and other authentication methods & Creation of policies and reports in PVWA.
• Had to deal with SIEM solutions such as Rapid7 Nexpose, Forcepoint, Splunk
• Experienced in analyzing the logs and Trouble Shooting issues in Integration of other applications using CA SiteMinder (Access Management) and Identity Management tools along with LDAP and Web-server agents and Siteminder federation services.

Cyber Security Jr Analyst

Confidential - Downers grove, IL

Responsibilities:

• Responsible to scan Internal and External IPs to find vulnerabilities.
• Built a Process involved Mapping, Scanning, Reporting and exception form/remediation control.
• Mapping consists of to find out the internal IP’s from the provided set of IPs.
• Used the Web application Scanner to scan the URL’s and identified the potential threats and exploited vulnerabilities like Cross site scripting and SQL injections.
• Obtained a detailed report of Scanning and provided to server team and got it fixed.
• Security operations investigate on the reported email.
• Perform detailed email investigation and implement appropriate remediation steps to avoid future attacks
• Close the case or forward to incident response team for further analysis.
• Incident response team will do the risk assessment.
• Established Security Awareness program to train all end users in forms of videos and posters.
• Carry out a companywide post phishing campaign to get an analysis of how many users are prone to email risk after training
• Used host management strategy for creating policy, create group, add machines to group.
• Designed the Prevention policy for the organization
• Implemented OpenDNS on network and end points.
• Create a strict policy and set a default policy for blocking all the malicious links and URL’s.
• Block Malicious URL’s provided by Sec Ops team investigation.
• Perform Firewall Risk Assessment using AlgoSec.
• Offline import and Live connect to capture the current state risk of Firewall

IT Security Analyst

Confidential

Responsibilities:

• Validating incidents created by SOC team & add more information to incident tickets.
• Investigating security incident raised by SOC team & user reported cases of potential security incidents.
• Analyzing events on SIEM, security devices and systems logs, perform basic forensic analysis, analyze & reverse malware behavior
• Identify security threats, recent attack trends using Threat Intelligence and hunting for malicious behavior in the organization
• Work in collaboration with VMWare, Storage, Application, Database, Security and Network teams.
• Identify vulnerabilities, research best practices, recommend steps for strengthening the IT security posture of the organization and participate in the hands-on management/monitoring of core IT infrastructure and systems
• Taking system control for potentially compromised endpoints/servers
• Analyzing, containing, and remediating infected systems, analyzing phishing mails & malwares as per IR runbooks to ensure a consistent approach in responding to threats
• Investigating low, medium, and high severity incidents across multiple cross-functional teams leveraging various tools/applications.
• Following up/escalating with teams to ensure incident closure
• Acquiring IOCs & threat intelligence feeds from an incident / TI Engine & blocking them on multiple security devices
• Remediate and apply lessons learned to security incidents through root cause analysis triage actions in a time sensitive environment.
• Enhancing security posture by providing recommendations/learning to SOC, security appliance & updating the IR runbooks.
• Creation of policies, runbooks, SoPs pertaining to incident response
• Daily/Weekly/Monthly reports -Creating rules/reports on SIEM as per new requirements
• Suggesting new rules for security devices -SIEM rule review (Quarterly)