SUMMARY

• Experienced Professional as an IT Security Professional in IT Infrastructure, DLP, Vulnerability, Risk security, GRC, SOC Analyst, SIEM, Information Security, and Cyber Security.
• Managing Security tools DLP, SIEM, Vulnerability scanner, and ServiceNow Security Operation and Penetrations test.
• Expert at implementing network security, McAfee SIEM tool, new concepts, identity management, new security technologies, securing cloud architecture, and new security controls as well as in developing innovative security controls and processes that meet business and executive requirements in order to protect information.
• Performed services using industry tools such as Encase Enterprise, Encase eDiscovery, Symantec Clearwell eDiscovery Platform, Discovery Attender, Splunk, Access Data’s Forensic Took Kit, MS SQL 2005/2008, MS Visual Studio, VM Ware, and SIFT Workstation.
• Experienced with Symantec DLP Policies (DLP templates) compliance and regulation standards such as SOX, PCI, and HIPAA.
• Assessed the System Owners; used Radiant logic VDS, OIM, RACF, MFA, SailPoints, Arcsight, Burp suite, Qualys, SiteMinder, Securonix (UEBA) and conducted MRA and Splunk.
• Integrated the data from SAP to ServiceNow by using Javascript API, Web services and captured that data in Service Now by creating a table.
• Engineered and deployed global Splunk SIEM solution and deployed global Carbon Black Response EDR solution Engineered and having good experience SAST and DAST applications using tools using Burp Suit and CheckMarx.
• Worked with system owners to achieve FISMA compliance and Authorization to Operate (ATO) for systems based on guidance from the Federal Financial Institutions Examination Council (FFIEC) and NIST SP, HITRUST, HIPPA, GDPR and CCPA, and NISPOM regulations and other Risk Management Framework.
• Used Splunk SIEM threat analyst in a managed service security operation center (SOC), triaging cyber threats utilizing Splunk and various Cloud security tools.
• System Security and administrator Professional, Facility Security Officer (FSO), Information Systems Security Officer (ISSO), Information Security Management, Firewalls, IDS, Penetration Testing, and industry security standards e.g. ISO 27001:2013, NIST 800 series, HITRUST, HIPPA, GDPR and CCPA, and NISPOM regulations.
• Resolved vulnerabilities in the WebEx and FedRAMP GRC environments, POA&M & NIST, using automated scripts created in Python, PowerShell, Bash.
• Worked on GRC policies like - ISO Standards - Planning, Implementation and Management of ISO 27001:2013 Information Security Management System (ISMS) and ISO 20000-1:2011 Service Management System (SMS).
• Experience in Splunk friendly regex expressions and optimising Splunk search queries with optimal performance.
• Getting different log sources to send data to Splunk along with creating and tuning Technical Add-Ons for proper field extractions using regex
• Efficiently performed web application, vulnerability assessment using Burp Suite, MetaSploit, HP Web Inspect, Nexpose and IBM AppScan.
• Operated with Splunk professional services to make the best practices that can be followed by everyone to maintain the performance of Splunk Enterprise Security 7.0.4.
• Experience with various Endpoint tools like McAfee EPO, Carbon Black, BigFix, Symantec EPO (IDS/IPS)
• Hands on experience for HIPAA and PCI-DSS related projects and ServiceNow ticketing.
• Hands-on experience with TCP/IP, security concepts, WAF and LAN concepts, Routing protocols, Firewall Security policies.
• Good experience for zero-day response efforts at Tanium User Conference
• Improved Tanium Client Deployment Tool (CDT) enterprise-wide by validating deployment scripts, reduced installation time by 10x; required client license-increase 3 months ahead of schedule
• Prepared bases for Defense Information Systems Agency cyber inspections by analyzing Nessus scan data, researching fix actions, and building Tanium packages
• Performed deep-dive analysis of Tanium patching methods for headquarters staff resulting from legacy technology methodologies
• Created connections with Tanium in to Splunk to track software removals, vulnerabilities, IOC and various hardware
• Collaborated with other security team working on Tanium to optimum settings for the environment.
• Delivered Tanium technologies and programs globally, establishing a world class global engineering team.
• Implementing network security protocols, installing and supporting backup strategies, and planning/executing disaster recovery solutions.
• Strong technical security background, be able to manage people internationally, communicate effectively and understand McAfee Endpoint Security methodology(ePO) and how to apply in a large diverse environment.
• Cyber Security Professional, Facility Security Officer (FSO), Information Systems Security Officer (ISSO), Information Security Management, Firewalls, IDS, Penetration Testing, and industry security standards e.g. ISO 27001:2013, NIST 800 series, NISPOM.

TECHNICAL SKILLS

Antivirus: McAfee Virus Scan Enterprise, Symantec, Endpoint Protection Suite

DLP: Websense, Symantec & McAfee

SIEM: Splunk ES, McAfee, Arcsight, Qradar, LogRhythm

End Point Security: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Safeboot

IPS/IDS: McAfee IPS, HP Tipping Point, Cisco IDS, SecureWorks IDS/IPS

SIEM: RSA Envision, Arcsight, Splunk security manager, IBM Qradar

Cloud Security: AWS, Azure, OpenStack, Docker, Ansible, Chef, Ansible, CI/CD, Terraform

MSS: Vulnerability Assessment, Content Filter, Antispam, IDS/IPS Management

Vulnerability Management Tools: Foundstone, QualysGuard, Nessus, Nmap, Nexpose, Wireshark

Security Tools: Splunk ES, McAfee Vulnerability management solutions, Burpsuite, OpenVAS, Nessus, Qualys, SolarWinds, Forescout

Host Based Cyber Security System technologies: Enterprise Endpoint Encryption (EEPC), Drive Encryption (DE). McAfee Application Control (MAC), McAfee Change Control (MCC), McAfee Integrity Control, SolidCore, Network Access Control (NAC), Host Intrusion Prevention System (HIPS), Rouge System Detection (RSD), McAfee VirusScan Enterprise (VSE), McAfee Vulnerability Manager (MVM), Site Advisor Enterprise (SAE), Data Loss Prevention (DLP), McAfee Management of Native Encryption (MNE), File and Removable Media Protection (FRP), Endpoint Protection For Mac (EPM), Endpoint Security for Mac (ENSM), Endpoint Security (ENS), McAfee Security for Microsoft Exchange (MSME), Network Security Platform (NSP), Policy Auditor (PA) and Epolicy Orchestrator (EPO). Carbon Black Defense, Carbon Black Protection, Forescout CounterAct

PROFESSIONAL EXPERIENCE

Confidential, Richmond, VA

Cyber Security Engineer

Responsibilities:

• Guided all the SME's in using Splunk to create dashboards, reports, Alerts etc.
• Extracted the fields using Rex, Regex, IFX, which are not extracted by Splunk SOAR and extracted the fields using Rex, Regex, IFX, which are not extracted by Symantec SEP.
• Development of assorted testing/build scripts as needed using Selenium WebDriver/IDE written in Python and BASH.
• Involved in standardizing Splunk Phantom SOAR POV deployment, configuration and maintenance across UNIX and Windows platforms.
• Performed malware reverse engineering and behavioral analysis and Incidence Response handling.
• Experienced with RSA DLP, Symantec DLP versions 12.5, 14.0, 14.5, and 14.6, Forcepoint DLP or native GPO controls and other tools.
• Worked on Splunk (ES) in building the real time monitoring to get a clear visual picture of organization's security posture, easily customize views and drill down to the raw events for Incident Response Team(CIRT) and Cyber Security Operations Center (CSOC).
• Automated the centralized detection of security vulnerabilities with scripts for Vulnerability assessment tools like Qualys guard and Splunk.
• Deployment of Data loss prevention across the network - Data in motion, Data in Use & data at Rest servers.
• Gained experience with Symantec DLP Software: DLP Cloud Prevent for ForcePoint, DLP.
• Deployed in the cloud and on-premises using Amazon Web Services (AWS) and Single- Server Support.
• Performed tuning of Symantec DLP to reduce false positives and improving detection rates.
• Reviewed and designed security best practices for Symantec EPP and DLP, Anti-Virus, HIPS and DLP. Reporting for the development and execution of remediation plans.
• Worked on Splunk ES to build the correlation searches, alerts, reports and dashboards to get specific monitoring.
• Integrated the data from SAP to ServiceNow by using API, Web services and captured that data in Service Now by creating a table.
• Configuration of SPLUNK data inputs by understanding various parsing parameters like Index, source, source typing, queue sizes, index sizes, index locations, read/write timeout values, line breaks, event breaks and time formats during index-time.
• Worked on SAST and DAST applications using tools CheckMarx, Fortify and IBM AppScan.
• Migration of Splunk clusters in various AWS accounts to single AWS account rehydration of Splunk cluster on AWS environment.
• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
• Worked on Splunk ES to build the correlation searches, alerts, reports and dashboards to get specific monitoring.
• Integrated the data from SAP to ServiceNow by using API, Web services and captured that data in Service Now by creating a table.
• Developed and publish key metrics for the team to illustrate value and accountability.
• Configuring policies, communication settings and other important features in Symantec endpoint manager 12.x series.

Confidential, Kennesaw GA

Cyber Security Engineer

Responsibilities:

• Used McAfee source code analyzer and implemented SIEM (McAfee ePO) and DLP (Data Loss Prevention) for analyzing the Static Code, Used McAfee for Dynamic Code and for eliminating the False Positives.
• DLP Profile deployment report for detecting servers and update McAfee DLP policies - Incident Analysis and
• Identify of all critical log sources are integrated or not and if not then will drive the efforts to integrate those to on boarded.
• Experienced with McAfee DLP Policies (DLP templates) compliance and regulation standards and modifying the structures, fine tuning, data loss analysis filtering of policies and redefining it.
• Verified that the Windows Virus Definitions on the SEPM are within 24hours from those reported by McAfee.
• Worked on McAfee DLP Product Versions Report, Client Online Status by Group Report.
• Analyzed potential usage of cloud vendor services (Microsoft AZURE) to support mission operations.
• Worked on static source code analysis tools (e.g. Fortify) or open source tools.
• Troubleshot issues on all Platforms, threat remediation on Splunk Agent, VirusScan Enterprise (VSE), ENS and MNE.
• Worked using Splunk best practice GRC and eGRC standards for OWASP top 10 CIS CSC, DLP, Data classification, and Encryption standards for Contractors and employee.
• Also fine tune existing and create new use cases to have all potential Risk indicators identified holistically.
• Performed Single Tier 2 and 3 Installation of McAfee DLP for test purpose. Also performed two tier and three tier installation.
• Performed Scans using McAfee DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies.
• Worked using Perl CGI, python, Java Script, jQuery, Ajax and automating the test cases using python framework
• Created GRC Policy according to HIPPA rule and served as a resource for departments affected by Health Information Portability and Accountability Act (HIPAA) and provides education on the requirements to perform actions such as initial inventory, gap analysis, and risk assessments to determine appropriate privacy and security-related organizational policies and Splunk/Phantom 4.1.94.
• Used Windows and nix* platforms and integrating API-based and REST API for its IOC Detect service and a SOAP API for integrating the Server platform with a CMDB, SIEM, or in-house tool
• Worked on Splunk Phantom SOAR Proof of Value (POV) project and created regex-based parser to parser logs and configuring different connectors
• Perform analysis of events/incidents and provide remediation suggestions to relevant owners
• Implement tasks/projects critical to the organizations Endpoint technologies (workstations, laptops, ATMs, mainframes, servers, etc.)
• Worked on Splunk products such as Splunk ES and SOAR and developed and operationalized target network architecture to have successful interaction with event sources to design, develop, and implement the solution
• Worked using Splunk best practice standards for OWASP top 10 CIS CSC, DLP, Data classification, and Encryption standards for Contractors and employee.
• Migration of Splunk clusters in various AWS accounts to single AWS account rehydration of Splunk SOAR on AWS environment.

Confidential, Fort Worth TX

Cyber Security Engineer

Responsibilities:

• Answered pre-sales technical and security questionnaires regarding SDLC, ISO 27001, SOC 2/3 audit, FedRamp, PCI, and HIPAA, NIST, PCI and other GRC.
• Experience with implementation of McAfee ePO on Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, Nessus, NMAP, SIEM, DLP, Active directory user's attribute bulk modification in PowerShell, query user's details in PowerShell and export reports.
• Performed incident response activities using McAfee ESM on security incidents such as account compromise, unauthorized access, malware infections, PUP/PUA downloads, and phishing.
• Experience in Splunk friendly regex expressions and optimising Splunk search queries with optimal performance.
• Getting different log sources to send data to Splunk along with creating and tuning Technical Add-Ons for proper field extractions using regex
• Efficiently performed web application, vulnerability assessment using HP Web Inspect, Nexpose and Burp suite.
• Operated with Splunk professional services to make the best practices that can be followed by everyone to maintain the performance of Splunk Enterprise Security 7.0.4.
• Also worked on Palo Alto administration with access rules and security management
• Successfully configured ESX servers for HA and DRS capabilities and managed DNS, DHCP, Remote Desktop Session Host, DFS, and Microsoft Failover Clusters.
• Engineered and deployed global McAfee SIEM solution and deployed global Carbon Black Response EDR solution Engineered and having good experience SAST and DAST applications using tools using CheckMarx
• Extracting the fields using Rex, Regex, IFX, which are not extracted by Splunk and experienced in developing Web Services with Python programming language.
• Monitoring of Multiple Security Incidents using McAfee SIEM, Symantec MSS and Absolute.
• Worked on multiple RSA Archer solutions i.e., Business Continuity, Compliance, Audit, Policy, Risk and Vendor Management including Findings and Issues Management, Risk Register, Risk Control Self-Assessment and Security Operations.
• Troubleshot issues on all Platforms, threat remediation on Splunk Agent, VirusScan Enterprise (VSE), ENS and MNE.
• Worked using Splunk best practice GRC standards for OWASP top 10 CIS CSC, DLP, Data classification, and Encryption standards for Contractors and employee.
• Created GRC Policy according to HIPPA rule and served as a resource for departments affected by Health Information Portability and Accountability Act (HIPAA) and provides education on the requirements to perform actions such as initial inventory, gap analysis, and risk assessments to determine appropriate privacy and security-related organizational policies and Splunk/Phantom 4.1.94.
• Analysis of Static and Dynamic Application Security Testing (SAST/DAST) tools for use by GSS infrastructure contractor and Application Developer Organizations (ADOs).
• Supported the GRC implementation of RSA Archer 6.2 Regulatory and Corporate Compliance, Incident, Task and Risk Management Solutions/Use Cases and maintenance of technology for the Compliance Management.
• Worked on Splunk Phantom SOAR Proof of Value (POV) project and created regex-based parser to parser logs and configuring different connectors
• Strong understanding of enterprise, network, system/endpoint, and application-level security issues and risks
• Experience with Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, Nessus, NMAP, SIEM, Splunk, Active directory user's attribute bulk modification in PowerShell, query user's details in PowerShell and export reports.

Confidential, Wichita, KS

Endpoint Engineer

Responsibilities:

• Deployed and Implemented McAfee Endpoint Orchestrator for server version 10.6.1 and DLP.
• Implemented McAfee Endpoint Orchestrator and Network based solutions across the enterprise Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, Solutionary, LogRhythm, SCCM, Altiris, LanDesk, BigFix, McAfee/Symantec.
• Setup of McAfee ESM SIEM for log correlation and security visibility by combining logs from various devices to create use cases for alerting to a central dashboard or trigger SOAR automation. Deployment of McAfee ENS for endpoint protection.
• Standardized Splunk forwarder deployment, configuration and maintenance across a variety of platforms
• Applying OS patch and upgrade in a multi-platform (RedHat/Ubuntu/Windows) on a regular scheduled basis
• Malware detection and Analysis (Cisco AMP, McAfee Endpoint Orchestration).
• Configuration and administration of LDAP, NFS in Linux and implemented Samba for sharing of resources between Linux and Windows environments.
• Utilized McAfee and Splunk ELK and SOAR for the purpose of security response and log investigations.
• Migration of user mailboxes from Exchange, Exchange 2010 to Office 365, Open Xchange/Linux based mail solution/Google Apps/Notes to Office 365.
• Worked on Splunk Phantom SOAR Proof of Value (POV) for testing the out of the box use cases.
• Setup CI/CD with Code Pipeline to automate with AWS CloudFormation and focused on cloud strategy (AWS), product marketing, competitive research, customer journey analysis, and strategic partnerships.
• Responsible to onboard applications onto Splunk Enterprise 7.x
• Strong knowledge and experience in Symantec DLP workflow & architecture. Good Experience into Handling DLP False positive tickets.
• Developed Cyber Security GRC Standards on NIST Framework, HITRUST, HIPPA, GDPR and CCPA, and NISPOM regulations and insured their proper implementation to reduce the risk of vulnerability to IT assets
• Updated the GRC controls changes from NIST rev 3 to NIST rev 4 and control assessment changes from NIST A to NIST 53A rev4