SUMMARY

• Over all 7 + years of experience as Cyber Security Engineer in various Domains such as Web Application/Thick Client Security Testing, Vulnerability Assessment, Penetration Testing and Generating reports using tools.
• Background/understanding of Software Development Lifecycle.
• Excellent knowledge in CWE, OWASP Top 10, and WASC Threat Classification 2.0 methodologies.
• Experience in penetration testing with Kali Linux: Nmap, Nessus, Nexpose, Wireshark, Proxy Chains, Enum4linux, Password Cracking, TCP Dump, PW Dump, FG Dump, and Metasploit.
• Responsible for the management and administration of processes and tools that enable the organization to identify, document, and access intellectual capital and information content.
• Experience with industry recognized SIEM (Security Information and Event Management) solutions such as IBM QRadar, Splunk, and Log Rhythm.
• Application Security Analysis for some of the major Clients using HP Fortify & IBM App Scan.
• Experience with using a framework to evaluate and analyze mobile devices, applications, mobile environments, and supporting infrastructures and to identify design weaknesses and vulnerabilities.
• Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, authentication flaws etc.
• In - depth experience with log search tools such as Splunk, usage of regular expressions and natural language queries
• Good experience with system vulnerability detection and mitigation. Good Understanding of Web Technologies HTTP, HTML & CSS.
• Good Understanding of compliance and regulatory requirements like PCI DSS, SOX & HIPPA.
• Good Understanding in pen testing Mobile application both Android and IOS.
• Served as primary security liaison on infrastructure, application and database projects and day-to-day app/data activities.
• Experience using a wide variety of security tools to include Kali-Linux, Wireshark, L0phtcrack, Snort, Cain and Abel, Nikto, DirBuster, IBM AppScan, Nessus, Open Vas, W3AF, BeEF, Ettercap, Maltego.
• Experience in different web application security testing tools like Acunetix, Metasploit, Burp Suite, SQL map, OWASP ZAP Proxy, Nessus, Nmap and HP Fortify.
• Knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for investigation purposes.
• Knowledge of network security zones, Firewall configurations, IDS policies.
• Proficient in Linux operating system configuration, utilities and programming.
• Broad knowledge of hardware, software, and networking technologies to provide a powerful combination of analysis, implementation, and support.
• Sound knowledge and industry experience in Vulnerability Assessment and Penetration Testing on WEB based Applications, Mobile based application and Infrastructure penetration testing.
• Extensive experience working with Qualys Guard to conduct Network Security assessments.
• Worked as a key member in streamlining security processes, design and implement efficient security solutions achieving security efficiency.
• Excellent team player, enthusiastic initiator, and ability to learn the fundamental concepts effectively and efficiently.
• Conducted presentations to clients projecting the security services offered by the firm.
• Expert ability with scripting languages such as Python and PowerShell.
• Having good experience in Secure SDLC and Source Code Analysis (Manual &Tools) on WEB based Applications.

TECHNICAL SKILLS

Vulnerability Testing: Tenable Nessus, NMAP, OpenVAS, Qualys Guard

Application Security: Websense, IBM Rational App Scan, Burp Suite, Paros, HPWeb Inspect, HP Fortify, SQL map, Nikto, Metasploit, Kali Linux.

SIEM Tools: TSIEM, Arc Sight

Penetration Testing: Wireshark, Metasploit Framework

Languages & Databases: HTML, Java Script, PHP, SQL, Python

Network Enumeration: Maltego, Google Hacking, DNS, SMB, LDAP.

Port/Vulnerability Scanning: Nmap/Nmap Scripting Engine (NSE), Netcat, Nessus, OpenVAS

Sniffing/Man-in-the-Middle: Wireshark, Ettercap, Cain& Abel

Web Application Vulnerability Scanning: Nessus, OpenVAS, Vega, HP Fortify, Acunetix, HP Web inspect, IBM App Scan, Burp Suite Pro.

Server/Client-Side Exploitation: Metasploit, Social Engineering Toolkit (SET).

Password Cracking: Hydra, Rainbow Crack, L0phcrack, John the Ripper, Pyrit.

Web Application: Manual SQL Injection, Manual Cross Site Scripting (XSS), Cross site request forgery (CSRF), SQL map.

Debuggers: OllyDbg, WinDBbg.

Wireless: Air crack-NG Suite and Kismet.

PROFESSIONAL EXPERIENCE

Confidential - Chicago, IL

Senior Cyber Security Engineer

Responsibilities:

• Proactively implemented updates, maintained, managed, monitored, and supported enterprise network and systems security operations infrastructure throughout the shared services environment.
• Perform daily DLP Incident monitoring, analysis and reporting, solution checks, client interaction, and day-to-day DLP operations.
• Managing SIEM - Net forensics
• Create and run routine reports and data analytics in Excel and Tableau. Audit and validate data/reports
• Managed the large security, risk and compliance initiatives of SOX-404 IT, PCI DSS and HIPAA/HITECH, Privacy Act, and FTC including security policies, procedures and controls.
• Performed Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, HIPS/HIDS, Nessus, NMAP, SIEM, Splunk, Rapid7 Nexpose and InsightVM, WAF, routers, switches, VMware, Endpoint Security, Cloud Security, Symantec Endpoint Protection.
• Assesses a residual risk rating for the vendor based upon their control environment
• Monitor, analyze and respond to network incidents and events. Participate in disaster recovery implementation and testing under NIST framework, HIPPA, & HITECH standards.
• Developed approaches for industry-specific threat analyses, application-specific penetration tests and the generation of vulnerability reports.
• Providing proper remedy to fix vulnerability in the client network after analyzing security incident queries alerted by ArcSight Performing Vulnerability Assessments and taking the required counter actions and measurements to ensure the security of the IT infrastructure / systems.
• Analysis and documentation of network & information security requirements and define security policy for enterprise client and business critical servers.
• Perform daily duties supporting and trouble-shooting digital rights management on a Windows and Linux Platform, while defining and implementing patching
• Performing system auditing using audit reduction tools; following up on audit findings; maintaining authorization documents; and supporting the local Information Systems Security Manager (ISSM) as needed to maintain system authorization.
• Implementation of Symantec Mail Security for SMTP and Symantec Endpoint Protection.
• Experienced with tools like Metasploit/Qualys/Network forensics technologies
• Respond to inbound security monitoring alerts, emails, and inquiries that arose from various monitoring tools that included Symantec DLP.
• Performed application security and penetration testing using IBM Appscan.
• Perform vendor risk assessments as assigned. Work with vendors and business owners to gather documentation and develop vendor remediation plans.
• Addressed critical areas of potential information security risks and opportunities with gap analysis for Data protection, Cloud Security and Data Classification and handling of tools (Trend Micro and IBM Qradar).
• Used Microsoft Azure Security center to monitor the cloud environment.
• Worked on AWS designing and followed Info security compliance related guidelines.
• Collaborate across the entire organization to bring Splunk access to product and technical teams to get the right solution delivered and drive future innovation gathered from customer input.
• Design, Deploy, support and maintain Splunk cluster infrastructure in a highly available, geo-redundant configuration Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the firm’s enterprise security platforms
• Use Carbon Black (CB Defense), McAfee Nitro and Splunk Enterprise SIEM security tools to monitor environment
• Judged DIAR on the 12 PCI-DSS audit requirements as well as the 80 Sub-Requirements to determine strengths and weaknesses for audit preparedness.

Confidential, Dublin, OH

Cyber Security Engineer

Responsibilities:

• Experience with many of the following technologies/roles: Privileged Account Management, Two-Factor Authentication, Web filtering, Web Application Firewalls, Virtualized computing environments, Encryption-at-rest and encryption-in-transit, Vulnerability Management.
• Installation and configuration of networks and network devices such as web application firewalls, network firewalls, switches, checkpoint firewall, squid firewall, blue coat proxy and routers.
• Network Security configuration, audit, and management of Windows servers. Installation, configuration, audit, and management of security tools.
• Security configuration, audit, and management of applications and databases. Leading security incident investigations, including basic forensic analysis and reporting. Deploying, automating, maintaining and managing AWS cloud based production system, to ensure the availability, performance, scalability and security of productions systems.
• Maintenance and monitoring of network and host intrusion detection and prevention technologies. Implementing security controls. Experience with using a broad range of AWS technologies (e.g. EC2, RDS, ELB, EBD, S3, VPC, Glacier, IAM, Cloud Watch, KMS) to develop and maintain an Amazon AWS based cloud solution, with an emphasis on best practice cloud security.
• Implemented physical and procedural safeguards for information resources within the facility. Communicate effectively with senior management, peers, staff, and customers both inside and outside the corporation.
• Administered access to information resources and makes provisions for timely detection, reporting, and analysis of actual and attempted unauthorized access to information resources.
• Proposed and assisted with the acquisition of security hardware/software. Develops and maintains access control rules. Experience with VOIP systems.
• Maintains user lists, passwords, encryption keys, and other authentication and security-related information and databases.
• Experience using DAST tools to detect potential vulnerabilities such as HP Web inspect, Solar Winds, Zap, Burp, Tenable, Splunk, Alertlogic, Symantec Endpoint Protection, Zscaler, McAfee security, Portswigger, Fiddler, Wireshark, Nmap, JIRA, Sonatype, Coverity. Experience in Palo Alto Networks and Firewall. Experience in maintaining local and remote networks.
• Lead the design, implementation, and migration of enterprise infrastructure and application services to software defined networks. Experience in Palo Alto networks and firewall. Configure and manage AWS/Azure cloud infrastructure.
• Develops and leads procedure for testing disaster recovery plan. Provides help-desk-style assistance.
• Administered MS Windows Server, Red Hat Linux Server, and Network/Security Administration.
• Advanced knowledge of Cisco wireless LAN controllers, Cisco access points, Cisco ISE, Cisco routers, Cisco L2/L3 switches, Cisco Prime, Generic Routing Encapsulation, load balancing (F5 BIG-IP Local Traffic Manager, Cisco Load Balancer, Citrix, Azure load balancer), QOS, PBR, WCCP, VPN, NAT, VoIP, IPSec, Multicast, DNS services, MPLS networks, LAN, WAN, Juniper Networks Firewall, Cisco ASA firewalls and network and routing protocols (Ethernet, TCP/IP, SNMP, VLAN Trunking, BGP, OSPF, ISIS, EBGP,IBGP,RIP).
• Excellent written and verbal communication skills. Ability to create, update and maintain technical documentation. Ability to work independently. Experience with Service Now.
• Provided guidance and policy regarding the administration of all computer security systems and their corresponding or associated software, including endpoint security, intrusion detection systems, and application whitelisting.
• Participated in strategic security relationships between internal resources and external entities, including government, customers, vendors, and partner organizations.
• Experience with using a broad range of AWS technologies (e.g. EC2, RDS, ELB, EBD, S3, VPC, Glacier, IAM, Cloud Watch, KMS) to develop and maintain an Amazon AWS based cloud solution, with an emphasis on best practice cloud security. Extensive experience hands-on Azure IaaS / PaaS. Experience designing and building Azure solutions. PowerShell experience as it relates to Azure, AD, and Office 365.

Confidential, SFO, CA

Cyber Security Engineer

Responsibilities:

• Conducting Vulnerability Assessments using IBM App Scan to evaluate attack vectors, Identify System Vulnerabilities and Develop remediation plans and Security Procedures.
• Conducting Web Application Vulnerability Assessment & Threat Modelling, Gap Analysis, secure code review on the applications.
• Drive cloud security standards through developing architecture and work with application teams to ensure the best solutions are implemented to support cloud initiatives.
• Identify the critical, High, Medium, Low vulnerabilities in the applications based on OWASP Top 10 and SANS 25 and prioritizing them based on the criticality.
• Work with the internal development team to relay customer feedback and in corporate it into our agile development process.
• Manage IBM QRadar configuration files like inputs, props, transforms, and lookups. Upgrading the IBM QRadar Enterprise andsecuritypatching.
• Experienced with DLP, Bluecoat websense, Proof point, Trend Micro, and IBM QRadar Enterprise SIEMsecuritytools to monitor network environment
• Custom configuration of rules in IBM QRadar, and McAfee IPS to add greater value and enhanced correlation of logs.
• DeployCisco Firepowersolutions forIPS/URL/Malwaredetection and prevention. ConfiguredCisco AMP(Advanced Malware Protection) for endpoint security systems. OptimizedIPSsignatures on theCisco Firepowermanagement center to reduce false positives by disabling unnecessary rules and using the threshold, suppression, and pass rules features.
• Perform vulnerability scan with Nessus for improper configurations, missing patches, hosts, network, and insecure credentials and accounts.
• Experience using DAST tools to detect potential vulnerabilities such as HP Webinspect, SolarWinds, Zap, Burp, Tenable, Splunk, Alertlogic, Symantec Endpoint Protection, Zscaler, McAfee security, Portswigger, Fiddler, Wireshark, Nmap, JIRA, Sonatype, Coverity
• Assist with vulnerability scans and reporting to clients and IT departments, use of Nessus scan and Report, Review the vulnerability scan that affects the assets and find critical devices that have critical vulnerability
• Support the development and maintenance of program level Information Assurance A&A process activities and related documentation such as systems concept of operations, system security design, implementation plans, and operational procedures.
• Working on Tenable.sc helps you improve and maintain your cybersecurity program and visibility across your entire environment, including cloud, virtualized and mobile environments.
• Work with different application teams to help them understand the vulnerabilities listed and provide recommendations to fix the same.
• Provide timely incident response to all system and/or network security breaches.
• Perform Man-in-the-Middle attack by intercepting the Wireless parameter of (iPhone) mobile on wireless network.
• Design, implementation and support for network security technologies and products (WAF, Cisco ISE, AMP, Firepower, etc.)
• Implement solutions as a part of the project support which include Event Sentry SIEM, Nessus Vulnerability scanner and Palo Alto Firewall.
• Manage and Maintain Nessus Vulnerability scanner 6.11.0, add additional scan engine to a production environment and identify gaps in patching.
• Organize Kick off meetings with the application teams to understand the application security requirements, application flow, functionality, architecture and the technology.
• Maintain strong working relationships with individuals and groups involved in managing information risks across the organization.
• Generate and presented reports on Security Vulnerabilities to both internal and external customers.
• Experience in using Kali Linux to do vulnerability assessment with tools like DirBuster, Nessus, and NMap.
• Responsible for exploiting the critical threats that were reported during the scanning phase.
• Expertise in using the DAST tools (Like IBM App Scan and Burp Suite Pro) while the application is running to penetrate the application in various ways to identify potential vulnerabilities outside the code and in third party interfaces.
• Maintain knowledge of current security trends and advisories, develop regular communication to develop a wide security awareness across the firm’s stakeholders.
• Ensure Cyber security processes are incorporated in system design, development, testing, and implementation.
• Other Adhoc Activities like monthly and weekly report creations. Scheduling meeting with different application teams for understanding future pipelines for applications.
• Perform source code analysis (Python, .Net) to find the vulnerabilities at the code level and providing mitigation techniques to the developers.
• Perform Manual assessment on Java/.Net applications for the results from the AppScan to eliminate false positives and report the High, Medium and Low issues.
• Participate in the development, architecture, documentation and improvement of security monitoring and operational systems to include Threat Vulnerability Scanning / Analytics, including configuring dashboards / metrics views into the current operational state, alert response.
• Analyze the enterprise's information security environment and recommending security measures to safeguard applications and information assets using threat modeling, OWASP, CWE.
• Use SAST tools (Like HP Fortify and SonarQube) to test source code, byte code to expose weaknesses in the software before it is deployed.

Confidential, Boston, MA

Jr.Security Analyst

Responsibilities:

• Resolved all LAN/WAN connectivity other issues.
• Analyze Vulnerabilities reports from various scans and assessments by acting on high risk / critical Vulnerabilities to other Vulnerabilities.
• Management of systemsecurityand file systemsecuritypolicies and analyzing systems to determine ways of improving performance
• Conducting routine checks, warranty claims, hardware failure, replacement, software up-gradation, download patches and hotfixes.
• Infrastructure deployment from the very basis to complete function and InformationSecurityPolicy as per PCI-DSS Audit Compliance.
• Review controls related to various business process of entity for compliance with COSO framework.
• Responsible for conducting structuredsecuritycertification and accreditation (C&A) activities utilizing the Risk Management Framework and in compliance with the Federal InformationSecurityModernization Act (FISMA) requirements
• Performing OS updates and upgrading application.
• Used Splunk to monitoring/metric collection for applications in a cloud-based environment.
• Maintaining all shared resource and monitor free and utilized disk space.
• Responsible of setting up projector, audio/video devices for meetings and lectures.
• Keeping and tracking inventory of all loaner laptops issued to students and staffs.
• Responsible of writing and updating training manuals.

Confidential, Evansville, IN

Cyber Security Analyst

Responsibilities:

• Responsible for detection and response to security events and incidents within global fortune 500 client networks; utilizing Arc Sight, Splunk, Tipping Point, Virus Total, IPVOID, Fire Eye, Wireshark, etc. to gather, analyze, and present forensic evidence of cyber malware and intrusions
• Review System and firewall logs based on individual preset client policies, rules, and standards; also review all host activity for specified timeframe
• Work directly with ESM engineers and Account Information Security Officers to adjust alert criteria
• Coordinated escalations to Forensic Analyst Team with recommendations for remediation
• Acted as liaison and interacted with leadership, account management teams, and engineers to further define the risk and remediation plan
• Evaluated and fulfilled requests from the Account Information Security Risk & Compliance Officers for each client and aligned with the appropriate run book procedures to attain Client Service Level Objectives and Agreements
• Adjusted network alerts temporarily to suppress excessive alerts prior to engineers making permanent threshold changes
• Facilitated and operated direct telephone communication in order to perform the immediate required escalation requests or engagements of required teams to support clients