SUMMARY

• A multifaceted professional, offering more than 6+ years of experience and skills in threat and vulnerability management, information security analysis, information security architecture, information security policy design, risk assessment, security incident response, and security solution implementation and administration.
• Information Security Officer (ISO) - experience in Governance, Risk, Compliance & Audit - ISO 27001, PCI, HIPAA, SOX etc. Information Security & Network security functions.
• Skilled at designing and implementing cyber security solutions for global petroleum, government and financial organizations that consistently reduce security costs while elevating the security status of the environment.
• Accomplished history with working with various private business and IT organizations to facilitate security architecture in order to further enhance the security stance of the company.
• Adept at security policies, developing solutions, assessing environments, and interpreting standards that constantly pass the security and regulatory audits.
• Successful in initiating six separate security programs which passed all third-party audits and all established laws and regulations.
• Comprehensive background in developing and implementing strategic technology and security road maps aligned with the needs of the business to deliver exceptional security and privacy solutions.
• Knowledgeable of penetration testing, vulnerability assessment, threat hunting, and security program development.
• Maintaining critical monitoring systems (Splunk - log management systems) measuring system errors logs performance and availability. Evaluation of log management solution Splunk plus open source Linux storage systems.
• Expert at implementing network security, SIEM tools, new concepts, identity management, new security technologies, securing cloud architecture, and new security controls as well as in developing innovative security controls and processes that meet business and executive requirements in order to protect information.

TECHNICAL SKILLS

Security Solutions: Nexpose | Metasploit | NitroSIEM/McAfee ESM | Fireeye | Nessus | Splunk | Websense | | Arcsight | Cyberark | Cisco Umbrella |Open DNS| Cisco Firepower | RSA Envision Encase |RSA Netwitness | Beyond Trust | Logrythm |Alert Logic |Cylance | Prism | Sourcefire or FirePower IPS | Cisco Ironport | Barracuda Spam Devices | Data Loss Prevention (DLP) | Snort | Various NAC. IDS/IPS, HIDS, and SIEM solutions

Others: ICS | SCADA | Cisco network devices | SASS | Microsoft Windows | UNIX and Linux | SQL | Oracle | IIS | Apache | Python | NMap | ZMap |Masscan| Qualys | PKI Infrastructure and digital certificates | AWS | Azure | Bit 9 | Backtrack/Kali | McAfee | Symantec | Kaspersky |

Protocols: TCP/IP | UDP | HTTP | HTTPS | SSL | FTP | TFTP | Telnet | SNMP | ICMP | SSH | DNS | DHCP LDAP | WINS | NAT | SMTP | POP | IPSec | IMAP | SSL/IPSEC VPN | DNSSEC | iSCSI | PAT | NetBIOS | BACnet

PROFESSIONAL EXPERIENCE

Confidential, Wilmington, DE

Cyber Security Engineer

Responsibilities:

• Performed real-time proactive Security monitoring and reporting on various Security enforcement systems, such as Splunk (SIEM), Anti-virus, Carbon Black, Malware Analysis, Firewalls, IDS& IPS, Web Security etc.
• Provide Level 2 Operations support for end user resolution investigating RSA SIEM events to determine any true intrusions.
• Identifying and remediating any threats and vulnerabilities as a Security Monitoring (SOC), Triage and Escalation to T2
• Network and host DLP monitoring and logging.
• PerformVulnerabilityscanningon our network and make sure that vulnerabilities are addressed.
• Solid understanding and working knowledge of US and EU privacy laws, data protection/security regulations, and frameworks, such as NIST, COBIT, PCI DSS and ISO27001/2
• Experience working in Security Operations Center (SOC)for Red team.
• Using Qualys Vulnerability Management tool to aid in manual pen-testing.
• Managing Security tools DLP, SIEM,Vulnerabilityscanner and Penetrations test.
• Perform automated and manual security assessments to identify configuration and patch related vulnerabilities using commercial and open source tools.
• Documenting incident results and reporting details through ticketing system
• Researching, analyzing and understanding log sources from security and networking devices such as firewalls, routers, anti-virus products, and operating systems
• Evaluate, maintain, and communicate the risk posture of each system to executive leadership and make risk-based recommendations to the Chief Information Security Officer (CISO)
• Identifying and remediating any threats and vulnerabilities.
• Monitoring DDoS portals and working with red hat team to use Carbon black to mitigate the attack.
• Experience with Risk assessment using Industry standards like NIST Rev 5, HIPPA, PCI/DSS and develop Security policy as per these standards.
• Provided leadership in architecting andimplementingsecuritysolutions towards Qualys and SIEM tools like Splunk
• Providing half an hour updates on traffic by monitoring portals from ISP's.
• Triaging emails sent by internal users depending on the categories and responding to the customers after investigating the emails.
• Working with Red team to do application testing, Web application testing etc.
• Experience with automated/Manual Test Script Development with Carbonblackcontent tester
• Subpoena requests, Credit Card Number Analysis to prevent fraud on external customers.
• Gathering all the required information from IDS, SA and Wireshark to investigate some of the attacks like SQLi, RAT, etc., and escalating to T2 and following up on these tickets.
• Investigate DDoS attacks, Fire-eye, Source-fire, malwares, web sense event that are prone. Connectors are set for the entire IDS/IPS appliance.
• Malware Analysis - full spectrum analysis of malicious code both dynamically and statically using tools such as Wireshark, RegShot, Process Monitoring tools, and debugging tools such as IDA pro and Olly debugger etc.
• Monitor, analyze and respond to network incidents and events. Participate in disaster recovery implementation and testing under NIST framework, HIPPA, & HITECH standards.
• Perform Digital forensics and Incident Response (IR) using tools Autopsy, Magnet, Stinger, etc. 28 DOL agencies
• Conducting Security assessment of various security events through Splunk, SecureWorks platform
• Conducting Security Control Assessments (SCA) for our client completing controls from the NIST RMF Framework.
• Execute on appropriate mitigation strategies for identified threats.
• Perform penetration testing for internal network and follow-up end to end with security vendor for the web application PT and make sure that vulnerabilities are addressed.
• Managing all client systems from endpoint perspective using McAfee ePO tool which includes managing Agent, VSE, pushing client tasks.
• Responsible for security risk analysis process which includes identification, assessment, evolution, control monitoring and testing.
• Administrating Carbon Black to do host-based monitoring.
• Monitored Security Management Console for Security Operation Centre (SOC) forensuring confidentiality, Integrity and AvailabilityofInformationsystems.
• Experience with Risk assessment using Industry standards like NIST Rev5, HIPPA, PCI/DSS and develop Security policy as per these standards.
• Prepared system plans and executed Arc Sight architecture modifications.
• Managed, upgraded and maintained operational data flows and Arc Sight platforms.
• Maintained and modified hardware and software components, content and documentation.
• Created and documented reports, rules, trends and Dashboard.
• Analyzed Arc Sight and related tools and resolved IT security failures.
• Provided guidance for equipment checks and supported processing of security requests.
• Experience in Network Intrusion detection/Intrusion Prevention System and Firewalls.
• Expertise in Installing VMWARE, ESX Servers, vSphere Client and VCenter Server
• Utilize Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), McAfee Endpoint Encryption Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tool
• Working in SOC to apply security awareness to Cyber Kill Chain management as well as using moving target defense approach.
• Working in SOC to keep an active defense against various cyber-attacks.
• Creating case for the suspicious issue and forwarding it to OnsiteSOCteam for further investigation
• DevelopedCyber SecurityStandardson NIST Frameworksand insured their proper implementation to reduce the risk of vulnerability to IT assets.
• Monitored Security Management Console for Security Operation Centre (SOC) for ensuring confidentiality, Integrity and Availability of Information systems.
• Security Incident handling, SIEM (ESEM) using RSA Envision/Arc Sight products.
• Vulnerability assessment, penetration testing, Risk assessment, Threat management, Security advisories, compliance audits, IT security assessment.
• Excellent exposure to Database, VPN technologies, and Firewall

Security Engineer

Responsibilities:

• Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, ArcSight, Solutionary, LogRhythm, SCCM, Altiris, LanDesk, BigFix, McAfee/Symantec.
• Push configurations and updates to multiple Splunk Enterprise instances via the Splunk Deployment Serve
• Static Code analysis using Valgrind, Flaw finder and manually checking the code flow
• Monitor CarbonblackManufacturing Equipments like Rotary dryer, Reactor, Mixer Pelletizers, Bucket Elevators,
• Completing onsite/remote interviews with the client to ensure compliance in accordance with the NIST guidelines.
• Performed vulnerability scanning on web applications and databases to identify security threats and vulnerabilities.
• Ensured security policies, procedures, and recommendations comply with NIST, FISMA, organizational guidelines, and technical best practices.
• Monitor the performance of Splunk via the Splunk Monitoring Console.
• Experience with Carbon Black endpoint security platform detecting malicious behavior and prevents malicious files, Anti-Malware defense.
• Implementation of Energy Management program and Origination ofCarbonoffsets for Moores Industrial Calgary
• Administrating Carbon Black to do host-based monitoring.
• Update Tanium sensors and packages using VB scripts (backup SME)
• Design and developed various Business Application using both Keylight andArchereGRC platform.
• Integrate vulnerability standard Principals like CVE, OWASP in to organization security policy.
• Analyze business requirement and requirement based on new trends and standards.
• Co-ordination pen testing and application security testing audits with Pen Test Tools like Metasploit, NMAP, Wireshark and Kali on Linux/Unix operating system.
• Administer Business Continuity Program including disaster recovery plans developments and coordinating disaster recovery testing activities
• Created SCCM server baselines to secure all enterprise servers to remedy finding in a security audit
• Complete testing steps listed inSOXaudit IT work papers to gather evidence to support documented IT processes.
• Conduct vulnerability scans to support to our Third-party Risk Assessment /threat/vulnerability management program including resolving risks and the documentation of any residual risks.
• Monitor daily backups and EPO logs
• Manage EPO for Servers and Desktops/laptops company wide. Apply updates as needed. Resolve client issues, and perform routine updates to client systems.
• Provide backup support for web filtering solution-white/black lists to ensure traffic is protected.
• Managed Cyber Security threats through prevention, detection, response, escalation and reporting
• Queries alerted by ArcSight Performing Vulnerability Assessments and taking the required counter actions and measurements to ensure the security of the IT infrastructure / systems.
• Monitoring and remediating daily security alerts generated by end users with the tools like Intel/McAfee SIEM, Force Points Websense, and Intel/McAfee EPO and also responsible for effectiveness of tools and scans, as well as assessing and tracking risk of exposure.
• Installing, patching and maintaining McAfee EPO 5.X and DLP, utilizing McAfee Orchestrator, and able to deploy DLP and reporting and working knowledge in ENS 10.
• Identifies, analyzes, monitors and minimizes complex areas of risk that pertain to information technology.
• Developed the originalSOXdocumentation for a first-year compliance.
• Work with Windows Operating systems for the building, configuring, and troubleshooting of Windows 2003, 2008, 2008 R2, 2012, and most currently 2012 R2 and support x86 hardware regarding storage requirements and use x86 tools such as Dell Open Manage and IBM Director.
• Deploy and support information security systems and solutions such as key management, IPS/IDS, SIEM, MDM, NAC, APT detection, and endpoint management for remote user.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Implemented multiple tools including Symantec DLP, and QRadar SIEM.
• Monitored Security Management Console for Security Operation Centre (SOC) for ensuring confidentiality, Integrity and Availability of Information systems.

Confidential, Richardson, Texas

Cyber Security Engineer

Responsibilities:

• Conducted onsite penetration tests from an insider threat perspective.
• Performed host, network, and web application penetration tests.
• Analysis of threats detected by vulnerability management tools.
• Developed Black Box Security test environments & conducted tests as part of team for precautionary measures.
• DevelopedCyber SecurityStandardson NIST Frameworksand insured their proper implementation to reduce the risk of vulnerability to IT assets.
• Monitoring and remediating daily security alerts generated by end users with the tools like Intel/McAfee SIEM, Force Points Websense, and Intel/McAfee EPO and also responsible for effectiveness of tools and scans, as well as assessing and tracking risk of exposure.
• Deploy and support information security systems and solutions such as key management, IPS/IDS, SIEM, MDM, NAC, APT detection, and endpoint management for remote user.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Implemented multiple tools including Symantec DLP, and QRadar SIEM.
• Developed approaches for industry-specific threat analyses, application-specific penetration tests and the generation of vulnerability reports.
• Utilize McAfee EPO and Microsoft SCCM for endpoint management.
• Develop risk assessment reports that identify reports and vulnerabilities, and also evaluate the likelihood that the vulnerabilities can be exploited.
• Performed risk assessments to ensure corporate compliance.
• Developed detailed remediation reports and recommendations for compliance and security improvements across industries based on changing threats.
• Evaluated firewall change requests and assess organizational risk.
• Performed Vulnerability Assessments and Data Classification and their impacts
• Suggested the Patches for windows machines with vulnerabilities identified.
• Performed application security and penetration testing using IBM Appscan.
• Performed security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS)
• Manage enterprise security systems, identifying key security risks, reporting risks to management with recommendations for corrective action utilizing NIST frameworks.
• Participate in Security Assessments of networks, systems and applications.
• Reviewed and involved in the WebSphere Application server hardening process from Security Team.
• Utilized monitoring tools to identify cyber security alerts of active threats, intrusions, and compromises

Environment: Linux, White Hat Security Source, Nessus, WireShark, Sql Map, Nmap, Metasploit, AWS Cloud Watch and StackDriver, Rapid 7

Confidential

Jr. Security Engineer

Responsibilities:

• Configure and install various network devices and services (e.g., routers, switches, firewalls)
• Administering, configuring and troubleshooting of Windows Server 2008, 2012.
• Installation, Configuration and Administration of Web Servers (IIS and Apache)
• Design, implement and maintain VMware vSphere infrastructure.
• Infrastructure Development on AWS by employing services such as EC2, RDS, Cloud Front, Cloud Watch, VPC, etc.
• Evaluated firewall change requests and assess organizational risk.
• Configuration, installation and support of equipment in a MS Environment to terms of client proposals.
• Installation, configuration and administration of Asterisk based VOIP Telephony
• Troubleshoot and resolve computer/network issues by providing both on-site and remote support.
• Maintaining software applications, operating systems Win2K, Win XP, Win2007, and Linux.
• Responding to inquiries from staff, administrators, service providers, site personnel and outside vendors and etc. to provide technical assistance and support.
• Supervising administration of systems and servers to ensure availability of services to authorized users.
• User administration, setup, maintaining system and verifying peripherals are working properly.
• Quickly arrange repair in occasion of hardware failure and Monitor system performance
• Install software & create a backup and recovery policy & Updating Antivirus and its Patches.
• Administering multi Server windows LAN, WAN.