KEY SUMMARY

• Highly skilled Cyber Security Professional with deep experience deploying and managing key components of a complete security solution such as:
• Risk Management Framework, IT infrastructure controls, network segmentation, system vulnerability scan, Cloud solution and cloud security, application security management.
• Privileged access, security information and event management; threat monitoring, endpoint detection and response.
• Self - starting professional skilled at maintaining attention to detail, mitigating risks, proactively solving problems and taking initiatives to produce successful results.

TECHNICAL SKILLS

• Risk Assessment and Risk Management Framework Process
• Security Architecture
• Data Normalization and Field Extraction in Splunk
• Data Mapping
• Field Validation, custom logger solutions from sample logs to production
• Security control deployment automation
• Splunk data ingestion and deployment
• SPL Logic, Splunk alerts, monitoring and dashboards
• Security Data Governance; Data collection design, data integration, operational alerting, data normalization and validation
• Information Lifecyle Management
• UBA/Reporting Solutions
• Analytical Support
• ELK (Elasticsearch and Kibana)
• Salt Stack and MSCCM (Microsoft Systems Center Configuration Manager)
• Automation deployment of Tanium, Pkware, Nessus, Crowdstrike, Venafi, Palo Alto, Guardium, F5 Silverline, Splunk, Qradar Ping, and Saltminer
• Social Engineering Security (Phishing)
• Incident Response, Azure Message header Analyzer, Office365
• Event management tools; Splunk and IBM Qradar
• SIEM, DLP, IDS/IPS solutions, PaloAlto Firewalls.
• Request Tracker (RT)
• Network Security, Qualys, Symantec, VMware and Hybrid Analyst
• Identity access management (IAM), SSO, Okta and Citrix-NetScaler
• SOC Cyber Security Support
• ZScaler and Crowley ServiceNow
• Log management tools; Splunk, IBM QRadar and LogRhythm
• PCI DSS, HIPAA and NIST compliance knowledge
• Network Access Control (NAC), Routers, Switches
• OWASP development guide
• Audit related frameworks, NIST Framework and Common Control Framework
• Incident report and ServiceNow
• Cloud Application Security
• Asset Security
• Communications and Network Security
• Security Assessment and Testing
• VDI VMware and VPN (Cisco AnyConnect)

PROFESSIONAL EXPERIENCE

Confidential, Marietta, GA

Senior Security Architect

Responsibilities:

• Architecting, Designing, Implementing high level solutions for enterprise customer environment
• Conduct in-depth information technology risk assessments including creating detailed process flows, identifying potential gaps or inconsistencies and making sound recommendations for improvement and/or mitigation
• Created SPL Logic, Splunk alerts, monitoring and dashboards
• Perform Data Normalization and Field extractions using Knowledge Objects and Regex.
• Build automation using Terraform to support workload migration to AWS Cloud and ensure solutions meet security and compliance requirements
• Design and architect cloud migration and cloud-native solutions on AWS platforms
• Executed Big Data integration activities and data streams using Splunk and AWS cloud platform
• Robust experience in Business and Operational Intelligence
• Design and implement automation pipelines for deployment into AWS Cloud Platform
• Perform security initiatives that involves production of custom logger solutions that contains a universal log format framework which help application teams, security investigators, security forensic analysts and satisfy quarterly audit requirements
• Perform Field Extraction and ensure data are properly indexed
• Ensure Data are properly mapped from various security controls into Splunk
• Assessed and mitigated cloud security controls including tenant isolation, encryption at rest, encryption in transit, key management, vulnerability assessments, and application firewalls
• Managed the end-to-end lifecycles of a project including mission critical technology components with multi-geography, multi-tier service design and DR capabilities
• Executed data and network architecture/infrastructure
• Deployed security controls such as Tanium, Pkware, Nessus, Crowdstrike, Venafi, Palo Ato, Guardium, F5 Silverline, Splunk, and Qradar using deployment automation technologies
• Provide support to GCSF teams to implement new data sources/log feeds into cyber data providers (ELK/Splunk)
• Integrating data source from AWS cloud into Splunk/ELK
• In-depth knowledge of all major vendors products and customer requirements
• Enhance, update or create new structured information record(s) for downstream report data sources (Information Lifecycle Management)
• Deployed various security controls into Clients infrastructures and integrated the logs into SIEM (Splunk)
• Create strategy and solution to integrate data in cyber data providers (Splunk and ELK)
• Monitor security logs generated by SIEM tool; Splunk and LogRhythm to determine and prevent malicious threats (SOC)
• Mitigate risk of malicious attack using various network security tools IDS/IPS solutions, Qualys, SolarWind, and PaloAlto
• Handle potential phishing emails, malicious files, attachment and links (Social Engineering Security)
• Request Tracker (RT) to annotate and escalate Incidence response (IR)
• Implement Identity access management (IAM), Single sign-on solution (SSO), and Okta
• Create and monitor incident report to identify risk and remediate threats
• Ensure appropriate IT controls are established and functioning effectively
• Perform internal validation for existing or new UBA/Reporting solutions leveraging cyber providers (ELK/Splunk)
• Perform risk assessment of third-party vendors but not limited to cloud computing and identifying gaps in the vendor ITcontrol environment and recommending mitigating controls to address the gaps that are not in line
• Identify and mitigate risk using Risk Management Framework Process
• Analyze network traffic, systems and computing environment logs (Web applications, servers, Symantec endpoint protection, IDS/IPS systems, anti-virus and malware, data encryption, mobile device security) for activities including policy violations, intrusions, breaches, anomalous and abnormal behaviors
• Apply Qualys Vulnerability scan to mitigate risk, detect threats, and apply effective countermeasures.
• Oversee network security, systems security, software application security, systems architecture.
• Mitigate risks using SIEM (Splunk) and other security event monitoring tools
• Manage firewall rules through firewall software and Syslog.
• Implement PaloAlto network firewall, DLP, IDS/IPS solutions to identify and mitigate risk
• Troubleshoot system security using McAfee for malicious websites and suspicious viruses
• Analyze and respond to security incidents from IDS/IPS devices and also, working with vendors to troubleshoot network security intrusions
• Apply security policies and procedures to analyze, detect and prevent both internal and external breaches
• Comprehend and comply with clients security policies knowledge, skills and abilities required
• Working knowledge of security compliance and standards like NIST, PCI DSS, SOX, SOC2, ISO 27001
• Knowledge in OWASP development guide

Confidential, Atlanta, GA

Senior Information Security Engineer

Responsibilities:

• Plan, implement, upgrade, or monitor security measures for the protection of computer networks and underlying IT Infrastructures
• Monitor and analyze security logs generated by SIEM tool; Splunk and LogRhythm to mitigate malicious threats (SOC)
• Proficient in mitigating threats from phishing emails, malicious files, attachment and links (Social Engineering Security)
• Experience in using Request Tracker (RT) to annotate and escalate Incidence response (IR)
• Oversee and monitor a comprehensive patch and vulnerability management for servers and end user machines
• Risk mitigation using Anti-Virus, IDS/IPS, Tripwire, Qualys, SolarWind, PaloAlto network firewall and patching tools
• Proficient and knowledgeable of information security standards such as ISO 27001, NIST and ITIL
• Analyze and utilize vulnerability management tools to protect and mitigate from potential threats
• Create and monitor incident report to identify risk and remediate threats
• Ensure appropriate security controls are established appropriately and functioning effectively
• Demonstrate solid understanding of technical aspects including security architecture and engineering, identity and access management, operations and communication and network security
• Experience in Risk Management Framework Process
• Proficient in implementation of Identity access management (IAM), Single sign-on solution, Okta and Citrix
• Used PaloAlto while checking different threats, signature for malware analyst and reseach
• Monitor and analyze logs from devices on the network sent to SIEM, Splunk and IBM QRadar (SOC)
• Proficient with OSI model: Maintain and monitor all installed system and infrastructure with the OSI model
• Develop and schedule regular cybersecurity reports (event logs, firewalls, cyber incidents) to assist with monitoring and oversight
• Excellent, effective communication skills and ability to communicate technical issues to a less technical audience
• Maintain security, backup and redundancy strategies
• Analyze, troubleshoot, and monitor incoming security events using IDS/IPS, SIEM, Splunk and IBM QRadar
• Proficient with security solution such as DLP, network access management, network segmentation, privileged access management, vulnerability management, application security management, threat monitoring and endpoint detection.
• Knowledge in standards and framework such as NIST, ISO 27001, PCI DSS, and SOX

Confidential, Atlanta, GA

System Engineer

Responsibilities:

• Implement, analyze and monitor firewalls, VPNs, SIEM, DLP, IDS/IPS solutions, Tripwire, IAM, and PaloAlto Firewalls
• Monitored all IT security systems including Symantec Endpoint Protection, SIEM (Splunk) and Two Factor Authentication Patch (SOC)
• Managed IT Security risks by performing IT Security Risk Assessments and recommending the appropriate security controls that will safeguard the IT landscape
• Ensure effective implementation of Risk Management Framework Process
• Designed training manuals to increase security awareness throughout the organization
• Maintained and updated Symantec Antivirus Server and PaloAlto
• Implementation of Identity access management (IAM), Single sign-on solution (SSO), Okta and Citrix
• Proficient at responding to technical security questions and concerns from client, help desk, desktop support and other network administration staff
• Monitor security SIEM log tools; Splunk, LogRhythm, IBM QRadar, ArcSight and AlienVault.
• Worked with Service Now and Active Directory for assigning users to its proper groups