SUMMARY

• Around 5+ years of Hands - on experience in planning, coordination, and maintenance of an organization’s information security; my tasks involved Data Protection, Cybersecurity Management, Emerging Cyber Threats, Information Assurance Management & Analytics, Strategic Cybersecurity Crisis Management, Cyber Policy, Compliance and Legal Issues, Financing, Cost Control and Project Management of Cybersecurity Organizations, Human and Organizational Aspects of Cybersecurity, Cyber Criminal and Civil Investigations and Digital Forensics.
• My exposure involved installation of security software and network monitoring essential in today’ corporate scenario as cyber-attacks have increased and became more sophisticated.
• Installed, configured, and provided oversight of SEPM and SQL servers, Symantec Endpoint Protection client configuration, troubleshooting, (SEPM) Server management, design, build, and infrastructure.
• Information-security expert wif a diverse technical background in enterprise networking, server infrastructure, database technologies, and system security. Experience in configuration management and policy implementation.
• Configured and deployed Symantec HIDS on Windows Server 2008 and 2012 and desktops.
• Experience in data de-identification implementation, management, operational, and troubleshooting.
• Experience in vulnerability scanning g wif relevant tools e.g., Nessus, HPE Fortify for SCA (Static Code Analysis) and WebInspect, and Rapid 7 Nexpose.
• Experience wif Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, Nessus, NMAP, SIEM, Splunk, LogRhythm, Qradar, ArcSight, Rapid7, Routers, Switches, LAN/WAN, TCP/IP protocols, VMware, Endpoint Security, Cloud Security.
• Possess a broad range of skills dat include intrusion detection, threat analysis, vulnerability and risk assessment, network component configuration and testing, as well as technical writing.
• Hands on experience in performing web application security testing using OWASP Top 10 and SANS top 25 methodologies
• Developed the complex Use Cases, Universal device support Modules on the QRadar SIEM.
• Worked on QRadar products including SIEM, Express, Loggers and Connectors.
• Performed configuration of QRadar, Loggers and Connector appliances.
• Deployed manager, logger and http web as a service on Qradar appliances.
• Configured QRadar appliance from scratch using CLI commands.
• Hands on experience wif HP Arcsight, IBM QRadar, Rapid7, Forcepoint, FireEye
• Experience in managing Network infrastructure security using HPE ArcSight ESM/ Splunk for monitoring and classifying and responding to incidents and threats.
• Experienced wif Symantec DLP Policies (DLP templates) compliance and regulation standards such as SOX, PCI, and HIPAA.
• Strong noledge of risk management and computer forensic tools, technologies, and methods. Experienced in IT security design and implementation wif a solid understanding of disaster recovery, intrusion detection systems (IDS), intrusion protection systems (IPS), and web application firewalls (WAF). Analytical problem solver adept at managing network changes and troubleshooting network issues to ensure maximum up time.
• Experienced in in OSINT and TECHINT reconnaissance.
• Experienced wif SOC and all time operations.
• Experienced configuring and deploying McAfee modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM.
• Performed System Administration Tasks for Symantec Data Centre Security (DCS).
• Knowledge of distributed Splunk installation wif Forwarders, Clusters, Search head cluster.
• Skilled wif Penetration testing (white, grey, and black box) wif passive and active modules using Burp suite, Metasploit, custom scripts, and other necessary tools.
• Recommend remediation for flaws discovered in the penetration test.
• Expert understanding on the Cyber-Kill-Chain and APT.
• Experience wif network monitoring wif SIEM LogRhythm, Splunk, IBM QRadar and Wireshark, Information Security & Network security configuration and functions.
• Experience in configuring deployment server, Splunk Apps and add-ons.
• Hands on experience wif several vulnerability forms i.e., SQL injection, XSS etc.
• Hands on Experience wif Security frameworks such as NIST, HIPAA
• Experience wif NIST SP A and NIST SP .
• Experience in Paulo Alto Firewall, VPN's, and networking wif protocols i.e. NetBIOS, SNMP, telnet, SSH, ARP, etc.
• Experience wif industry recognized SIEM (Security Information and Event Management) solutions such as IBM QRadar, Splunk, and LogRhythm.
• Perform vulnerability scan wif Nessus for improper configurations, missing patches, hosts, network, and insecure credentials and accounts.
• Experience wif HPE Fortify for code Vulnerability analysis reviews and WebInspect scan.
• Excellent understanding of SAST, DAST, IAST and RASP best practices.
• Having hands on experience for Documentation and log analysis

TECHNICAL SKILLS

Network monitoring: SIEM LogRhythm, Splunk, IBM QRadar McAfee, Symantec and Wireshark, Information Risk assessment, Threat & Compliance

Cyber Security Controls: NIST Rev4 series

Security Web Applications: TCP/IP OWASP, Firewall, IDS, IPS

Event Management: Splunk, LogRhythm, HP Arcsight, Cyber ark

Continuous Monitoring: Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance, Sourcefire, Nexpose, Forcepoint, Rapid7

Information security: Symantec DLP, MacAfee ePO

Security Software: Nessus, Etheiral

Map, Metasploit, Snort, RSA Autantication:

PROFESSIONAL EXPERIENCE

System Engineer

Confidential, Secaucus, NJ

Responsibilities:

• Working on NIST Project for Confidential Diagnostics.
• Provide subject matter expertise (SME) for LogRhythm.
• Creating Policy according to HIPPA rule and served as a resource for departments affected by Health Information Portability and Accountability Act ( HIPAA) and provides education on the requirements to perform actions such as initial inventory, gap analysis, and risk assessments to determine appropriate privacy and security-related organizational policies and procedures.
• Parsing Data Creating Custom Parsing according to the project requirement.
• Upgrading, Onboarding log sources, ensure parsing, correlation, automation & orchestration (SmartResponse), and reporting.
• Developed and documented solution processes, procedures, and information workflows around security event management and cyber security operations.
• Interface TEMPeffectively in key relationships, including IT peers (e.g. IT Operations, Enterprise Architecture, etc.) internal business partners (e.g. Compliance/Privacy, Legal, Corporate Communications, etc.), key external clients (e.g. service providers, external partners, etc.) and other leaders and partners wifin IT and the broader enterprise.
• Applied methodology to halp identify key security events.
• Developed and publish key metrics for the team to illustrate value and accountability.
• Correlated threat intelligence wif active attacks and vulnerabilities wifin the enterprise.
• Analyzed security events collected by the SIEM, and identify trends, attacks, and potential threats.
• Maintained a current noledge of information security vulnerabilities, threats, and exploits.
• In-depth internal and external network scan for vulnerability management
• Performed vulnerability testing using tools such as Nessus and Qualysguard.
• Responsible for maintaining, supporting, planning and developing ACAS architecture for Nessus Scanners, Passive Vulnerability Scanners, and SecurityCenter.
• Modified access control lists to prevent and mitigate intrusions or other harmful network events.
• Monitored and analyzed IPS and (IDS) Intrusion Detection Systems.
• Recognized potential, successful, and unsuccessful intrusion attempts and compromises.
• Monitored Intrusion Detection Systems (IDS) to identify security threats.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS/IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Implemented, managed and deployed the McAfee Agent on windows Server’s master image.
• Conducted Benchmarks and File Integrity Monitor checks through Policy Auditor.
• Investigated alerts created by IDS/IPS including malicious file uploads, compromised servers, SQL-injections, and port scanning.
• Monitored of events from Data Loss Prevention (DLP) and other information security tools and determined appropriate next steps using noledge of Corning businesses or processes.
• Utilized Security Information and Event Management (SIEM), Data Leakage Prevention (DLP), Intrusion Detection and Prevention (IDS / IPS), forensics, sniffers and malware analysis tools.
• Worked in Security Incident and Event Monitoring SIEM platform - IBM Qradar, and Splunk.
• Tested various threat vectors and present evidence of intent to create signatures/rules to mitigate specific threats.
• Provided reporting and customizable dashboard. Utilize alerts and notifications to speed up incident response and vulnerability remediation. Perform compliance checks against industry standard and regulatory mandates such as FISMA, DISA, HIPAA, SCAP.
• Responsible to propose rules to the client to implement into QRadar to trigger security events. Once the rules were approved, involved to test them and implement them into QRadar

Cyber Security Analyst

Confidential, Farmingdale, NY

Responsibilities:

• Assessed and built a data protection program through data classification skills.
• Installed and managed detection servers and cloud detectors.
• Monitored system performance and ensure dat security features and functional requirements meet the performance needs of the system by performing routine vulnerability analysis using ACAS/ Nessus, SCAP compliance checker, DISA STIGs, NIST SPs, and vendor guidance when required.
• Assisted and enforced control mechanisms and improved them regularly as business or regulatory needs evolve including meeting SOC2, PCI and HIPAA requirements, scheduling and managing audits, maintaining and updating company risk assessment and security policies.
• Utilized Security Information and Event Management (SIEM) QRadar, Intrusion Detection & Prevention (IDS / IPS) FireEye, malware analysis tools.
• Worked wif business unit key stakeholders on improvement initiatives by performing various gap analysis; recommend and implement risk remediation plans
• Administration of Qradar (SIEM), ARCOS (Privilege Identity Management), DLP (Symantec), Imperva WAF tools.
• Security Engineer for the deployed SIEM tool (IBM Qradar SIEM) including troubleshooting, updating/patching, configuration and availability of the SIEM.
• Operations Support meeting SLAs and SLOs.
• Designed, configured and installed IBM QRadar on all end-points in the environment. This provides a framework dat allows multiple endpoint defense technologies to communicate in real time to analyze and collaborate against new and advanced threats.
• Migration of user mailboxes from Exchange, Exchange 2010 to Office 365, Open Xchange/Linux based mail solution/Google Apps/Notes to Office 365.
• Primary Architect and Engineer of the IBM QRadar tools including IBM QRadar, Virus Scan Enterprise (VSE), Host Intrusion Protection (HIPS), End-Point Encryption (EEPC) and McAfee Agent on over 40,000 end-points.
• Developed procedures and conduct the monthly patch cycle to keep the Microsoft patch revisions current.
• Expertise in IBM QRadar SIEM Management of all components - Upgraded Tool to latest version, multiple device Integration, Creating Correlation Rules and Dashboards.
• Worked in an Agile and DevOps Environment, Performed Privacy GAP Assessments and risk mitigation for a HIPAA requirement wif an end client.
• Managed corporate Checkpoint Firewall management and operation and implementing security rules and mitigating network attacks.
• Performed configuration of QRadar, Loggers and Connector appliances.
• Identifying security attacks using IBM QRadar SIEM and proposing remediation or preventive actions after analysis.
• Established baseline assessments detailing vulnerabilities, attack pathways and hardening recommendations for a Compact RIO controller along wif installed modules utilizing Nessus and other testing tools.
• Measured the level of Severity of devices to fix the issues arising from them by providing solutions.
• Prepared risk-based test plans and perform the security testing (tool-based testing, manual penetration testing, source code review, etc.) on the different layers of those information systems in support of the Certification & Accreditation;
• Understood the trend of application security and work wif teams to remediate any vulnerabilities identified during the security testing.
• Reviewed the security architecture evaluation of new systems and create security test plans based on existing and planned controls and recommendations.
• Performed security analysis of the different layers of the systems (application, operating systems and database layers) by performing manual testing and automated system vulnerability assessment scans using various web, application, operating systems, source code and database vulnerability scanners.
• Used threat intelligence, analysis of anomalous log data and results of brainstorming sessions to detect threat.
• Developed dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.
• Monitored and analyzed emails such as Phishing, Spam, Threat Management and Information security.
• Monitor networks for security events and alerts clients to potential (or active) threats, intrusions, and compromises by Splunk.
• Working on SIEM, Threat and Vulnerability management.
• Demonstrate expertise in three-tier architecture and database administration while supporting other teams wif corrective actions.
• Perform open and closed source collections of Cyber Threat Intelligence to assist in providing early warning and detection of threats.
• Delivered the implementation, setup, and management of Symantec DLP.
• Provided a solutions-driven, customer-centric approach to clients' data-security challenges.
• Performed Single Tier 2 and 3 Installation of Symantec DLP for test purpose. Also performed two tier and three tier installation.
• Worked wif Symantec DLP version 14.6 and 15.0.

Information /Cyber Security Analyst

Confidential, Washington DC

Responsibilities:

• Actively monitored and responded to activity impacting various enterprise endpoints facilitating network communication and data handling (McAfee End Point Security, DLP, Splunk).
• Expertise in IBM QRadar SIEM Management of all components - Upgraded Tool to latest version, multiple device Integration, Creating Correlation Rules and Dashboards.
• Worked in an Agile and DevOps Environment, Performed Privacy GAP Assessments and risk mitigation for a HIPAA requirement wif an end client.
• Performed configuration of QRadar, Loggers and Connector appliances.
• Installed Endpoint software on the IBM QRadar server dat will be used for client, s workstations and servers.
• Installed and configure IBM QRadar Security Software for Windows and Mac and configure proper settings using policies for global control.
• Identifying security attacks using IBM QRadar SIEM and proposing remediation or preventive actions after analysis.
• Actively monitored and responded to activity impacting various enterprise endpoints facilitating network communication and data handling (McAfee End Point Security, DLP, Splunk)
• Data Loss Prevention suit, Symantec DLP Product - Implementation and deployment as the champion team.
• Gained experience wif Symantec DLP Software: DLP Cloud Prevent for Microsoft Office 365, DLP.
• Assisted engineers wif Splunk troubleshooting.
• Created Splunk dashboards for investigations
• Monitored and investigated SOC incidents and alerts wif McAfee EPO.
• Modified /added custom IDS policies and signatures for non or suspicious activities.
• Utilized End Point Detection systems like HBSS, SEP.
• Developed incident response plans, processes and procedures and performed and reviewed long-range Enterprise Infrastructure forecasts and architecture
• Qradar Implementation & its Integration wif other N/W devices and Applications and the troubleshooting work.
• Partnered wif HIPAA Privacy Management to develop overall joint Privacy and Security compliance and training program.
• Performed security assessments utilizing trusted industry tools (e.g., Qualys, Kali Linux, Metasploit, Nessus and many others.)
• Familiarity wif security and testing tools such as Burp Suite, Nmap, Zenmap, OpenVAS, Nessus
• Maintained network performance by performing network monitoring and analysis, and performance tuning, troubleshooting network problems. Skilled using Burp Suite, NMAP, Qualysguard, Nessus.
• Analyzed assessment results and threat feeds to properly react to security weaknesses or vulnerabilities.
• Facilitated and coordinated vulnerability assessment and scanning, reviews of assessment results, patching, and remediation activities related to workstations, servers, storage, databases, appliances, and network devices.
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies.
• Networked and hosted DLP monitoring and logging
• Performed Monthly and quarterly Scans using Symantec DLP and done the escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies.
• Actively used SIEM technology for searching and monitoring real time events for network security and compliance.
• Implemented essential changes to enhance reporting, communications, and work flow related to VM and patching teams.
• Assisted wif review of policy, security alerts, guidance, regulations and technical advances in IT Security Management.