SUMMARY:

• Experienced Professional with over seven of experience as an IT Security Professional in IT Infrastructure, SOC, Information Security, and Cyber Security.
• Expertise in scripting for automation, and monitoring using SHELL, PYTHON scripts
• Experience developing and deploying effective countermeasures (Yara, Snort, and SIEM Correlation Rules.)
• Provided immediate onsite and remote support for digital forensics and worked closely with incident response team in collecting the evidence.
• Develops positive relationships with other business and IT functions involved in security and privacy matters. Digital Forensics research, Malware Analysis, Cyber Threat Intelligence.
• Prior experience working in a Security Operations Centre; working with Endpoint Detection & Response (EDR) products
• Daily CrowdStrike tasks include: Assess alerts that are displayed within the CrowdStrike console.
• Responsible for design, configure, testing, commissioning, securing and supporting distributed networks related to Supervisory Control and Data Acquisition (SCADA) Systems also responsible for review and design control system architecture from a cyber - security.
• Experience with Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, Nessus, NMAP, SIEM, Splunk, ArcSight, Rapid7, Routers, Switches, LAN/WAN, TCP/IP protocols, VMware, Endpoint Security, Cloud Security.
• Designed and implemented, management rapid7 InsightVM and Nexpose suits for vulnerability management of server and desktop
• Provided guidance in the planning, gathering requirements, recommendations, and implementation of data migration to Office 365, and configuration best practices
• Network Security Cloud Engineer experiences in LAN, WAN, Security, Cloud and Data Center with routers/switches/firewalls, Cisco, Checkpoint, Palo Alto, F5, Juniper, Aruba, Zscaler, Ixia, Netscout, VMware NSX, Azure, AWS
• Maintain our ProofPoint email gateway protection and filtering
• Email Security and brand protection Implementation using SPF, DKIM and DMARC standards working closely with the customers Information Security teams and participate in threat mitigation activities within the customers O365 tenant.
• Experience in different web application security testing tools like Accunetix, Metasploit, Burp Suite, Sqlmap, OWASP ZAP Proxy, Nmap and HP Fortify.
• Experience in Azure infrastructure management (Azure Storage, Azure AD and Office 365)
• Configure, implement and maintain all security platforms and their associated software, such as Linux based standalone devices, windows servers, UNIX servers,intrusion detection/intrusion prevention, SIEM
• Working with ITSEC Engineering, Application Teams, Governance/RISK, and Network Research Attack Teams, as well as CSIRT Teams in protecting the company and continuously monitoring the continuously changing cyber security threat landscape.
• Implemented data sync between Active Directory and LDAP using ForgeRock OpenIDM.
• Investigate security incidents and threats using CrowdStrike and Splunk as a SIEM tool.
• Enhanced Conventional incident response methods and Security Operations by employing and combining Intrusion Prevention, Cyber kill chain model analysis, and Cyber Threat Analysis.
• Configuring and monitoring Security Information and Event Management (SIEM) platform for security alerts. Integrate and work with the firm’s Managed Security Services Provider (MSSP) services
• Scan and monitor system vulnerabilities on servers and infrastructure devices using a Threat and Vulnerability security solution
• Maintained security infrastructure, including IPS, IDS, log management, and security assessment systems.
• Assessed threats, risks, and vulnerabilities from emerging Security issues.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS/ IPS), Data Loss Prevention (DLP), forensics, sniffers and malware analysis tools.
• Advanced Knowledge in IPSEC VPN design connection and protocols, IPSEC tunnel configuration, encryption and integrity protocols.
• Monitored and investigated suspicious network activities, endpoints and threats utilizing a variety of tools such as ArcSight, Splunk, CarbonBlack, FireEye, Cisco Talos, Wire Shark and Nessus
• Experience on Fire eye for Management Systems and for Threat Intelligence.
• Using network monitoring and IDS tools such as Wireshark and Snort.
• Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, ArcSight, Solutionary, LogRhythm create LogRhythm rules.
• Incident Response - critical thinking, problem solving, and excellent communication skills around IT incidents

TECHNICAL SKILLS:

Frameworks: NIST SP, ISO 27001/31000 , HIPPA, HITRUST CSF, PCI DSS.

Qualys Continuous Monitoring: Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management, and Compliance.

Event Management: RSA Archer, Blue Coat Proxy, SplunkPenTest Tools Metasploit, NMAP, Wireshark, and Khali

Security: Symantec Endpoint Protection, Symantec DCS, Symantec DLP WhiteHat Web Security, Tufin, Proofpoint, iDefence, NTT Security, Blue Coat Web Gateway, LogRhythm, McAfee Nitro (SIEM), McAfee ePO, McAfee Endpoint Protection Suite, McAfee DLP

Operating Systems: Windows, NT, Windows 98/XP/ 2000/2003/2007 , MS-DOS, Linux

PROFESSIONAL EXPERIENCE:

Confidential

Sr. SOC Analyst

Responsibilities:

• Ensure the SOC analyst team is providing excellent customer service and support
• Evaluate next-gen (EDR) endpoint detection and response software.
• Implementation of enterprise-wide Cyber Security Risk Management Program based on FISMA and NIST 800 Standards for Information Technology and Industrial Control Systems
• Regularly evaluate internal/external technical security controls reviews, perform IT audit/risk advisory services for existing or prospective IT systems, technology, applications, medical and IT devices
• Perform Risk Assessments for current and/or previously engaged 3rd Party vendors, providing risk recommendations and mitigation based on regulatory compliance guidelines.
• Support and maintain Thycotic Secret server.
• Analyzed, Administered, and Configured Arc Sight SIEM, McAfee ePO, Carbon Black.Implement, configure, and maintain security solutions, DLP, antivirus, vulnerability scanners, IPS/IDS, web filters, VPN, SIEM, SOAR, etc. Perform daily security systems monitoring, verifying the integrity and availability of all systems and key processes.
• Worked with our infrastructure team to deploy the CrowdStrike agent to all assets. Created IR plan and documentation.
• Conduct Digital Forensics research, Malware Analysis, Cyber Threat Intelligence.
• Deployed Proofpoint Email Security, Fraud Protection, and Prevention
• Experience with email security standard implementation policies such as SPF, DMIK and DMARC.
• Address/MonitorIAMmailbox and troubleshoot day-to-day issues sent via email from customers and tickets in ServiceNow.
• Collaborates with Infrastructure technical teams to resolve complexIAMsecurity related issues.
• Participate in SCADA RFP process for new application as Network and security evaluator.
• Research, Test and provide Office 365 user licensing assignment solution using AD and Azure security groups. Workloads include Exchange Online, SharePoint, Skype and Intune.
• Migration of Exchange in hybrid configuration to Office 365 Exchange Online.
• Review, configure, and optimize Office 365 Azure Identity Protection functionality.
• Perform incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts
• Monitor critical infrastructure including firewalls, IDS/IPS devices, virtual networks, vulnerability scanners, VPNs, WANs, and disaster recovery sites.
• Investigated alerts created by IDS/IPS including malicious file uploads compromised servers, SQL-injections, and port scanning.
• Managed vulnerabilities with the aid of NESSUS, Web Inspect as vulnerability scanning tools to detect potential risk on single or multiple assets across the enterprise.
• Conducted Security Scans using Security Center (NESSUS) to identify System Vulnerability, risk assessment and technical report submission detailing the vulnerabilities, risk, and remediation action and review assessment results.
• Conducts Threat Hunting using Crowdstrike
• Evaluate next-gen (EDR) endpoint detection and response software.
• Utilize Crowdstrike to investigate and analyze malware on endpoint computers and perform network containment of the asset in addition to remotely uninstalling malicious files
• Analyzed threats to corporate networks by utilizing SIEM products (Arcsight and LogRhythm) to assess the impact on client environments.
• Performs network/ host-based intrusion detection using a variety of threat detection tools such as Splunk, Proofpoint Sourcefire, FireEye (HX, NX)
• Configuring log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases, and apps.
• IDS/IPS monitoring/analysis with tools such as Sourcefire, Snort, Bluecoat, Palo Alto, McAfee and FireEye
• Handle and investigate WAF alerts for Source fire and Fire eye
• Perform analysis on security incidents using Splunk, Tanium, Windows Event and Symantec logs.
• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation
• Perform cyber threat intelligence analysis, correlate actionable security events, perform network traffic analysis using raw packet data, net flow, IDS, IPS and custom sensor output as it pertains to the cyber security of communications networks, and participate in the coordination of resources during incident
• Implemented and Maintained SIEM infrastructure using QRadar and Splunk in AWS environment.
• Installed and configured Confidential QRadar Network Insights appliance to enables attack prediction through real-time network traffic analysis.
• Participated in the product selection and installation of QRadar Security Information Event Manager SIEM consisting of multiple collectors.
• Services monitored include, but are not limited to SIEM, IDS/IPS, Firewall, Cloud Environments, and Data Loss Prevention (DLP) SMTP and Web.
• Provided leadership in architecture and implementing security solutions towards Qualys and SIEM tools like QRadar, Splunk.
• Implemented ArcSight Logger within organization's syslog enclave for long-term data retention and analysis (SIEM).
• Developed Vulnerability Scanning process for all environment builds, and on-going monthly scanning reporting using Nessus.

Confidential, NJ

L2 SOC Engineer

Responsibilities:

• Responsibilities includes supporting 24/7 SOC environment to ensure real time information security and prevent any cyber-attack from inside and outside network.
• Perform manual security testing for OWASP Top 10 vulnerabilities like SQL Injection attacks, cross site scripting (XSS), CSRF, Session Management etc.
• Automate deployment of server level security tools - Tennable, Nessus, Crowdstrike
• Develop and deploy effective countermeasures (Yara, Snort, SIEM Correlation Rules)
• Working with red team in SOC to apply security awareness to Cyber Kill Chain management as well as using moving target defense approach.
• Use Various networking troubleshooting tools such as MTR, traceroute, tcpdump, Wireshark and iperf to troubleshoot performance and connectivity issues
• Support Panorama Centralized Management for Palo alto firewall PA-500, PA-200 and PA3060, to central manage the console, configure, maintain, monitor, and update firewall core, as well as back up configuration
• Performing firewall optimization using Tufin by removing unused rule, duplicate objects, fully shadowed rules, and disabled rules
• Configuring rules and maintaining Palo Alto firewalls and analysis of firewall logs using various tools
• Created S3 buckets in the AWS environment to store files, sometimes which are required to serve static content.
• Configuring rules and Maintaining Palo Alto Firewalls & Analysis of firewall logs using various tools.
• Implementing firewall rules and configuring Palo Alto Network Firewall
• Dashboard / Enterprise dashboard customization for various teams based on the log source type requirements.
• Experienced in Operations Center environment team such as: Computer Emergency Response Team (CERT), Computer Incident Response Team (CIRT)
• Assist in preparing documentation for the Implement the Risk Management Framework (RMF) in accordance to NIST SP .
• Implementation and management of email public security methods, DKIM, SPF, DMARC records.
• Involved in Security Operation, Vulnerability and Risk Assessment, alerting report generation and analysis with various security tools (Splunk, McAfee ePO, Symantec DLP, Bluecoat Proxy).
• Performed threat hunting, Incident Response (IR) using Carbon Black Endpoint Detection and Response (EDR). Developed correlation rules and conducted incident analysis using Splunk ES and Exabeam UBA, UEBA.
• Managed Crowdstrike and EDR
• Implementing High Availability both Active/Passive and Active/Active using NSRP in Juniper firewalls.
• Implementation of High Availability by creating the HA zones for Netscreen firewalls using NSRP and also supporting the cluster pairs.
• Conduct threat intelligence analysis on key areas of the Enterprise Defense in depth analytics, incident statistics and other relevant information in the creation of periodic threat intelligence reports.
• Experienced with DLP, Proofpoint, Trend Micro and Splunk Enterprise SIEM security tools to monitor network environment.
• Monitoring logRhythm dashboard for the suspicious alerts and provide efficient write-up for each alert.
• Using tools like LogRhythm in analyzing network, DLP email monitoring, Symantec SEP logs, firewall and proxy logs to determine the risk level of the alarms.
• Delivering comprehensive prevention, detection and response status using FireEye, Symantec, and Qualys software.
• Utilized Tanium for Deployments, monitor, and analyze data throughout various networks.
• Administer Controls & Permissions to files using PowerShell commands through SCCM.
• Performing periodic vulnerability testing and assisting in remediation efforts.
• Identified, documented and investigated suspicious events in intrusion detection systems (IDS) and SIEM tools.
• Monitoring and analyzing network traffic, Intrusion Detection Systems (IDS) and Instruction Prevention Systems (IPS), security events and logs.
• Involved in firewall deployment and management inAzuresuch as Palo Alto,AzureFirewall
• Worked in Security Incident and Event Monitoring SIEM platform - Confidential QRadar, and Splunk.
• Provide proactive APT hunting, incident response support, and advanced analytic capabilities.
• Run vulnerability scans and reviews vulnerability assessment reports.

Confidential

Information security Analyst

Responsibilities:

• Responsible to establish the tool capability for security assessments and conduct the compliance and vulnerability assessments for infrastructure servers and devices using Qualys Guard on a periodic basis.
• Experience in preparations for ISO27001 surveillance audit and internal audits and working with the divisions in gathering the evidences required for the external audit.
• Prepare NERC CIP V5 documentation insuring auditable guidelines for PGD Plants.
• Interpret FERC and NERC regulations for integration into plant DCS/IDS control systems, focusing on best practices and operational cost effectiveness.
• Responsible to coordinate with various stakeholder to discuss vulnerabilities through recommending and monitoring of remediation activities
• Provides direct support of Symantec Network and Endpoint DLP systems including Linux based Symantec Enforce, Defender, Discover and Monitor servers as well as their Oracle support database server.
• Provide operational engineering support for Symantec Endpoint DLP clients deployed throughout the client enterprise and network monitoring/DLP monitoring systems including assisting in issue resolution, implementing DLP system/client upgrades and working with support groups to resolve conflicts between DLP and other protection mechanisms.
• Interpret and respond to issues related to DLP activity including integrating with alerting systems, adjusting policies to support customer DLP requirements, support the customers regular and ad-hoc reporting requirements.
• Build and maintain security dashboards, metrics and KPI’s based on business needs and requirements
• Research threats and vulnerabilities and, where appropriate, take action to mitigate threats and remediate vulnerabilities
• Review, assess, and mitigate penetration tests and vulnerability assessments on information systems and infrastructure
• Monitor security vulnerability information from vendors and third parties
• Coordinate with other organizations, both internal (CSIRT/SOC), and manufacturer support (Symantec); assist with advanced issue resolution across the enterprise.