SUMMARY

• 9 Years of Overall Experience as Software professional in information Technology, with 6 years of extensive experience in Security information and Event management (SIEM) tools like Arc Sight, Splunk, RSA Envision.
• Experience working in Banking and Financial, Energy, Retails, Transportation, HealthCare Product and Engineering domain.
• Experience in Developing and testing of Content (Correlation rules, Reports, Dashboards and Asset modeling) and integration and testing of multiple feeds like databases, Applications and network and Security devices logs to SIEM tools for threat detection.
• Develop and test flex connectors for unsupported devices by Arcsight.
• Develop and test UDS Parsers in XML for Un supported devices and Business applications by the RSA Envision tool.
• Proficient in Shell Scripting for Automation of daily activities.
• Excellent communication and presentation skills & ability to work independently or as a part of a team.

TECHNICAL SKILLS

Programming Language: C, C++, Java

Operating Systems: Windows, Linux, Mac OSX

Scripting Languages: Shell and Perl

Security Event management Tools: Arcsight, Splunk, RSA Envision.

Other: LDAP, Networking Knowledge, Cryptography knowledge, TCP/IP

DBMS: Teradata, Oracle, Microsoft SQL Server, MS Access, MySQL

Internet Technologies: HTML, DHTML and VBScript

Other tools and Technologies: Hadoop, Hana, MPP, MS OFFICE

PROFESSIONAL EXPERIENCE

Confidential, Wilmington, DE

Security Consultant

Environment: Arcsight SIEM, Windows, and Linux.

Responsibilities:

• Configuring log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases and apps.
• Categorize the messages generated by security and networking devices into the multi - dimensional Arcsight normalization schema.
• Installation of Connectors and Integration of multi-platform devices with Arcsight ESM, Develop Flex Connectors for the Arcsight Unsupported devices / Custom Apps
• Develop content for Arcsight like correlation rules, dashboards, reports and filters, Active lists and Session list.
• Enhancement and fine tuning of correlation rules based on daily monitoring of logs.
• Perform and support Audit requirments of the organization.
• Creating alerts and reports as per business requirements and Threat modelling with specific security control requirements.
• Arcsight asset modelling implementation, it is used to populate asset properties in Correlation rules and reports.
• Collection of Evergreen data for 60+ applications from the business and they used in correlation Rules for monitoring and alerting and reporting.
• We on-boarded 3000+ devices to Arcsight ESM for monitoring.
• Integration of IDS/IPS to Arcsight and analyse the logs to filter out False positives and add True Positives in to IDS/IPS rule set.
• Recommended security strategies based on real time threats.
• Troubleshooting the issues which are related to Arcsight ESM, logger, Teradata Integrated Customer Data ware house and Conapps performances.

Confidential, Sacramento CA

Security Consultant

Environment: Arcsight SIEM, Windows, Linux, Request Tracker.

Responsibilities:

• Installation of Connectors and Integration and testing of multi-platform devices with Arcsight ESM, Develop and test Flex Connectors for unsupported devices and Business applications
• Integration of IDS/IPS to Arcsight and analyse the logs to filter out False positives and add False negatives in to IDS/IPS rule set.
• Configuring and testing of log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases and applications.
• Categorize and test the messages generated by security and networking devices into the multi-dimensional Arcsight normalization schema.
• Develop and testing of content for Arcsight like correlation rules, dashboards, reports and filters, Active lists and Session list.
• Develop and test Arcsight asset modelling, it is used to populate asset properties in Correlation rules and reports.
• Debugging the issues which are related to Arcsight performance, reporting, collection of logs from various devices.
• We on-boarded 2000+ devices to Arcsight ESM for Threat detection.
• Created installation and configuration documents for each specific device Connectors.
• Monitoring and identify any suspicious security events using the Arcsight ESM console and raise a ticket in the Dbsoc portal
• Investigate and identify events, qualify potential security breaches, raise security incident alerts and perform technical & management escalation.
• Identification of the false positive/ True positive events and take action accordingly as per KOPs.
• We use to receive Spam email from users and we use to co-ordinate with messaging team to block mail ids.
• We use to receive the Virus alert for outbound and inbound and use to co-ordinate with Antivirus team.
• Recommended security strategies based on real time threats.

Confidential

Security Consultant

Environment: Arcsight SIEM, Windows, Linux.

Responsibilities:

• Installation of Connectors and Integration of multi-platform devices with Arcsight ESM.
• Configuring log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases and apps.
• Integration of IDS/IPS to Arcsight and analyse the logs to filter out False positives and add False negatives in to IDS/IPS rule set.
• Categorize the messages generated by security and networking devices into the multi-dimensional Arcsight normalization schema.
• Creating alerts and reports as per business requirements and Threat modelling with specific security control requirements.
• Develop content for Arcsight like correlation rules, dashboards, reports and filters, Active lists and Session list.
• Created Arcsight asset modelling, it is used to populate asset properties in Correlation rules and reports.
• Troubleshooting the issues which are related to Arc sight, logger, Oracle and Conapps performances.
• Develop Flex Connectors for the Arcsight un supported devices and Business apps.
• On-boarded 1000+ devices to Arcsight ESM for monitoring.
• Created installation and configuration documents for each specific device Connectors.
• Recommended security strategies based on real time threats.
• Reporting Security incidents status and current network status to CSO (Chief Security Officer).

Confidential

Security analyst

Environment: RSA Envision, Windows

Responsibilities:

• Integration and testing of multi-platform devices with RSA Envision.
• Configuring and testing of log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases and applications through the collectors (LC,RC).
• Categorize and test the messages generated by security and networking devices into the multi-dimensional RSA Envision schema.
• Integration of IDS/IPS to RSA Envision and analyse the logs to filter out False positives and add False negatives in to IDS/IPS rule set.
• Develop and testing of content for RSA Envision like correlation rules, dashboards, reports and filters, list.
• Debugging the issues which are related to RSA Envision performance, reporting, collection of logs from various devices.
• Develop and test UDS Connectors via XML for the RSA Envision un supported devices and Business applications.
• We on-boarded 2000+ devices to RSA Envision for Threat detection.
• Attending weekly client meetings in that need to discuss about on boarding and content testing results status.
• Created installation and configuration and test case scenarios documents for each specific device Connectors.
• Recommended security strategies based on real time threats.
• Reporting Security incidents status and current network status to CSO(Chief Security Officer).

Confidential

Teradata system DBA

Responsibilities:

• Architect Database Design, Create, Maintain Data Warehouse, Database Maintenance, Reorganizations and Upgrades.
• Developed Disaster Recovery Plan, Implementation and Business Continuity plan.
• To monitor query run times using Teradata Performance Monitor.
• Worked with developers to convert the functional specification to technical specification which is the DDL generation.
• Developed Shell Scripts for creating /dropping of table and indexes of performance for pre and post session management.
• Strong expertise in Physical Modeling with knowledge to use Primary, Seconday, PPI( Partetion Primary Indexes) and Join Index
• Worked with developers to identify performance issues of the ODS population and work together to resolve the issues.
• Done analysis which led to impact analysis and resolving them.
• Involved in deciding the Standards and Compliancy for the Database.
• Consolidation of the models to the repository, also consolidation to the main subject area model, identifying the impacts and correcting them.