SUMMARY

• Experienced Technical Consultant having 7 Year experience in handling Informationsecurityanalyst and System Administrator responsibilities. Expertise inCybersecurity& Information Assurance with deep Knowledge of Identity and Access Managementsecurity, Sail point Identity IQ, Access Control issues related tocybersystems and networks, AWS Cloud, Penetration testing methodology, malware detection techniques, recommended information assurance policies and standards.
• Expert in Vulnerability Assessment using Nexpose, Qualys, Nessus and Nexpose tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans andsecurityprocedures.
• Hands on experience on Forcepoint and Knowledge of distributed Splunk installation with Forwarders, Clusters, and Search head cluster.
• Assisted in ensuring dat teh corporate IT environment is secure and complies with all external audit requirements and federal standards.
• Extensively worked on coding using core java concepts like multithreading, collections, serialization, Synchronization, exception handling, generics, network APIs and database connections.
• Defined and oversawsecurityhardening standards for client's IT Infrastructure.
• Coordinated with systems and network engineers to ensure servers and network devices conform tosecuritystandards, and datsecuritydevices and controls are working as designed.
• Experience with industry recognized SIEM (SecurityInformation and Event Management) solutions such as IBM QRadar, Splunk, and LogRhythm.
• Expertise in Gathering and analyzing metrics, key risk indicators and maintain scorecards defined within teh area of informationsecurityto ensure our informationsecurityprogram is performing effectively and efficiently.
• Possess a well - balanced understanding of business relationships, business requirements, and technical solutions with ability to work collaboratively with business analysts, software testers, and developers.
• Hands on experience for development, implementation, and administration of informationsecuritypolicies, standards, and procedures, adhering to industry best practices for clients.
• Experience configuring and deploying modules and products like McAfee ePO, McAfee VSE, Cloud, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM.
• Experience in managing Network infrastructuresecurityusing HPE ArcSight ESM/ Splunk for monitoring and classifying and responding to incidents and threats.
• Familiar with threats and vulnerabilities, latest trends and risks and be able to understand teh technical remediation action steps or plans and communicate them effectively to teams within teh organization.
• Experience with SOC and 24/7 operations.
• Experience in vulnerability scanning g with relevant tools e.g., Nessus, HPE Fortify for SCA (Static Code Analysis) and WebInspect, and Rapid 7 Nexpose.
• Supported teh informationsecurityaudit and third-party assessment initiatives during planning, execution, and remediation phases, as well as coordinating and tracking remediation activities.
• Use IBM QRadarSecurityManager to identify threats and assigned category.
• Processed dailysecurityoperations and log analysis.
• Excellent understanding of computing environments Linux: RHEL-7/DEB-KALI, Windows 7/10, Server 2012/2016 and Unix Operating systems.
• Perform Risk Assessment, Gap analysis & create Risk Mitigation plan.
• Strong understanding of enterprise, network, system/endpoint, and application-levelsecurityissues and risks.
• Oversee Vulnerability assessment / penetration testing of scoped systems and applications to identify system vulnerabilities.
• Excellent noledge of FISMA, HIPAA and NIST, PIA Compliance usage, rules and regulations
• Experience using persistence framework like Hibernate/JPA for mapping Java classes with database and using Hibernate Query Language (HQL).

TECHNICAL SKILLS

• Splunk
• Fireeye HX
• TrendMicro
• Vulnerability scanners
• Web gateway
• Endpoint Security
• Email Gateway
• Spam Filters
• Firepower Management Centre
• IDS/IPS
• Incident Response and Forensic Analysis
• Security Information and Event Management (SIEM) - IBM Qradar
• Fireeye Helix
• Security monitoring and Incident response
• Vulnerability Assessment - Nessus
• Nexpose
• Insight VM
• Security Coordination and Incident Handling - ServiceNow
• Endpoint Security and Antivirus (AV) - Cisco AMP
• Fireeye HX
• Email security - CES
• Network Traffic Analysis - Wireshark
• Cloud Platforms - Azure
• Defense Centre - Cisco FMC
• Intrusion Detection Systems (IDS/IPS) - Cisco SFR IPS
• Microsoft Teams
• SharePoint
• MS- Excel
• MS-Word
• MS- PowerPoint

PROFESSIONAL EXPERIENCE:

Confidential - MA

Cyber Security Engineer

Responsibilities:

• Experience analyzing Symantec DLP events and reports, deployment of Symantec DLP- Endpoint Prevent, Network Prevent for Email, and Network Prevent for Web, Network Discover, and ITA.
• Experience tuning Symantec DLP to reduce false positives and improving detection rates
• Provided Symantec Endpoint Protection, developed by Broadcom, is an antivirus and personal firewall software for centrally managed corporate environments providing security for both servers and workstations.
• Performed Monthly and quarterly Scans using Symantec DLP and done teh escalation of critical data found on Share devices and Shared drives. Created and managed DLP policies.
• Identified, documented, and investigated suspicious events in intrusion detection systems (IDS) and SIEM tools.
• Experienced with Symantec DLP Policies (DLP templates) compliance and regulation standards such as SOX, PCI, and HIPAA and Review DLP policies and investigate violation via non-approved devices.
• Experienced with Splunk Monitoring and Reporting. Monitor Splunk SIEM for incoming alert, validate and write correlation searches in Splunk to alert teh CSOC to potential security events.
• Performed log validation, data mining and analysis, utilizing various queries and reporting methods in Splunk SIEM tool.
• Investigate malicious phishing emails, domains and IPs using Cofense and Open-Source tools and recommend proper blocking based on analysis.
• Manage existing Proofpoint Advanced Threat Protection/Email Protection platforms including Email Fraud Defense, Threat Response Auto-Pull, Targeted Attack Protection, Threat Response, Emerging Threats Intelligence, Data Loss Prevention (DLP) and Encryption
• Manage inbound and outbound security rules of Proofpoint for email filtering, Release from quarantine, whitelists, spam, etc.
• Developed custom SIEM deliverables in Splunk/McAfee/QRadar/ArcSight to meet customer needs in a variety of domains: IT security, financial, IT ops, human resources, physical security etc.
• Design, development, implementation, tuning and testing of standard and nonstandard content for Mcafee SIEM (Nitro).
• Provided Azure Security and Compliance reviews and solutions for government systems to facilitate teh secure and compliant use of Azure for government agencies and third-party providers building on behalf of government.
• Played a key role in deploying Symantec Endpoint Protection Manager and clients on a closed network
• Worked on projects moving to cloud services such as Azure, Office 365 and Amazon Web Services (AWS).
• Interacted with Cloud Service Provider (CSP) to conduct Incident Response (IR) and Contingency Plan (CP) exercises for Disaster Recovery Plan (DRP) and procedures.
• Work closely with teh Risk and finance teams to associate a monetary value to security risks within teh User Behavior Analytics (UBA) tool.
• Understand teh threat landscape as related to vendors and perform vendor risk assessments.
• Develop documentation for new/existing policies and procedures in accordance with Risk Management Framework (RMF), NIST SP requirements.
• Used GZIP with AWS Cloud front to forward compressed files to destination node /instances.
• Dynamic monitoring and analysis of Intrusion Detection Systems (IDS) to identify security issues for remediation. Analyze, recognize, correlate, and report any potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information from AccelOps SIEM, Snort logs and Checkpoint FW logs.
• Assisted CSO with completion of established goals, objectives, and streamlining of internal office procedures.
• Implemented security solutions towards Qualys and SIEM tools like Splunk, Solutionary, LogRhythm, SCCM, Altiris, LanDesk, BigFix, McAfee/Symantec.
• Consulted with business and technology partners to create and provide security recommendations and best practices.

Confidential - Farmington, MI

Cyber Security Engineer

Responsibilities:

• Developed repeatable build and configuration process for monitoring platform dat can be done from a remote configuration site.
• Conducts market research on emerging cybersecurity technology for integration in customers environment.
• Utilizes Confidential, cybersecurity industry best practices, and customers documentation to configure and secure products and solutions.
• Coordinates with shipping & recieving, network teams, deplyoment site, cyber security engineers, and analysts to ensure platform is built, delivered, configured, providing security alerts and logs.
• Management and maintenance of RSA Security Analytics suites
• Conduct proactive monitoring and integration of systems and tools into Solarwinds to ensure continuous system and tool functionality.
• Maintain critical systems in support of client cybersecurity mission
• Deployment and management of IBM Network Intrusion Prevention Systems
• Designed and built new domain and supporting infrastructure to accommodate expansion of multi - phase security tool expansion.
• Develop installation, troubleshooting, and how-to guides for various systems, tools and tasks.
• Conduct proactive monitoring of systems with SolarWinds.
• Project lead on network reconfiguration
• Maintain critical systems in support of client cyber security mission.
• Deployment and management of IBM Network Intrusion Prevention Systems
• Management and maintenance of RSA Security Analytics suites
• Installation and configuration of Windows 2008 and 2012 server, Windows 7 and 10 workstation, Confidential License (RHEL) and Satellite, VMware 5.5 and 6 vSphere and vCenter
• Primary research and network design engineer for datacenter being built for tool expansion.
• Research Confidential products for recommendation and evaluation
• Configuration of network taps and SPAN ports for network traffic monitoring
• Provide phone technical support for off-site clients.
• Research products for procurement evaluations
• Utilization of Wireshark and Cisco ASA firewalls to verify network traffic.
• Provide on-site technical support for clients.

Confidential - Houston, TX

Sr.CyberSecurityConsultant

Responsibilities:

• Experience with many of teh following technologies/roles: Privileged Account Management, Two-Factor Authentication, Web filtering, Web Application Firewalls, Virtualized computing environments, Encryption-at-rest and encryption-in-transit, Vulnerability Management.
• Maintenance and monitoring of network and host intrusion detection and prevention technologies. Implementing security controls. Experience with using a broad range of AWS technologies (e.g. EC2, RDS, ELB, EBD, S3, VPC, Glacier, IAM, CloudWatch, KMS) to develop and maintain an Amazon AWS based cloud solution, with an emphasis on best practice cloud security.
• Installation and configuration of networks and network devices such as web application firewalls, network firewalls, switches, checkpoint firewall, squid firewall, blue coat proxy and routers.
• Network Security configuration, audit, and management of Windows servers. Installation, configuration, audit, and management of security tools.
• Develops and leads procedure for testing disaster recovery plan. Provides halp-desk-style assistance.
• Administered MS Windows Server, Red Hat Linux Server, and Network/Security Administration.
• Implemented physical and procedural safeguards for information resources within teh facility. Communicate effectively with senior management, peers, staff, and customers both inside and outside teh corporation.
• Administered access to information resources and makes provisions for timely detection, reporting, and analysis of actual and attempted unauthorized access to information resources.
• Advanced noledge of Cisco wireless LAN controllers, Cisco access points, Cisco ISE, Cisco routers, Cisco L2/L3 switches, Cisco Prime, Generic Routing Encapsulation, load balancing (F5 BIG-IP Local Traffic Manager, Cisco Load Balancer, Citrix, Azure load balancer), QOS, PBR, WCCP, VPN, NAT, VoIP, IPSec, Multicast, DNS services, MPLS networks, LAN, WAN, Juniper Networks Firewall, Cisco ASA firewalls and network and routing protocols (Ethernet, TCP/IP, SNMP, VLAN Trunking, BGP, OSPF, ISIS, EBGP,IBGP,RIP).
• Proposed and assisted with teh acquisition of security hardware/software. Develops and maintains access control rules. Experience with VOIP systems.
• Excellent written and verbal communication skills. Ability to create, update and maintain technical documentation. Ability to work independently. Experience with ServiceNow.
• Provided guidance and policy regarding teh administration of all computer security systems and their corresponding or associated software, including endpoint security, intrusion detection systems, and application whitelisting.
• Maintains user lists, passwords, encryption keys, and other authentication and security-related information and databases.
• Security configuration, audit, and management of applications and databases. Leading security incident investigations, including basic forensic analysis and reporting. Deploying, automating, maintaining and managing AWS cloud based production system, to ensure teh availability, performance, scalability and security of productions systems.
• Experience using DAST tools to detect potential vulnerabilities such as HP Webinspect, SolarWinds, Zap, Burp, Tenable, Splunk, Alertlogic, Symantec Endpoint Protection, Zscaler, McAfee security, Portswigger, Fiddler, Wireshark, Nmap, JIRA, Sonatype, Coverity. Experience in Palo Alto Networks and Firewall. Experience in maintaining local and remote networks.
• Participated in strategic security relationships between internal resources and external entities, including government, customers, vendors, and partner organizations.
• Lead teh design, implementation, and migration of enterprise infrastructure and application services to software defined networks. Experience in Palo alto networks and firewall. Configure and manage AWS/Azure cloud infrastructure.
• Experience with using a broad range of AWS technologies (e.g. EC2, RDS, ELB, EBD, S3, VPC, Glacier, IAM, CloudWatch, KMS) to develop and maintain an Amazon AWS based cloud solution, with an emphasis on best practice cloud security. Extensive experience hands-on Azure IaaS / PaaS. Experience designing and building Azure solutions. PowerShell experience as it relates to Azure, AD, and Office 365.

Confidential - Provo, UT

Cyber Security Consultant

Responsibilities:

• Currently hold active Security clearance with teh Transportation Security Administration TSA .
• Conduct IV V Security Assessments on Cisco Routers, Firewalls, and Switches, Juniper Firewalls, F5 BIG-IP, Palo Alto and IBM ISS NIDS for teh TSA SOC.
• Review Nessus scans results, ArcSight, Solarwinds, Site Protector for potential threats.
• Review IDS alerts and new signature validations.
• Perform security assessments on Windows 7, 2003/2008/2012, Linux and Unix operating systems and VMware.
• Investigate new and emerging security threats against teh Network infrastructure and interconnected systems.
• Troubleshoot connectivity issues, analyze, debug and diagnose packets and logs.
• Participate as an individual contributor or as part of a larger team in various projects.
• Review network designs and evaluate compliance to applicable security standards.
• Conduct security audits and provide recommendations to mitigate risks.
• Ensure compliance to government security standards and policies.
• Review AppScan results, web logs for potential attacks.
• Understand technical/business requirements gatheird from teh business units.
• Analyze, design, and document platforms/systems to meet enterprise requirements.
• Perform web application and infrastructure penetration tests
• Write Security Assessments Reports for Findings uncovered during testing and evaluation.

Confidential

Jr.SecurityAnalyst

Responsibilities:

• Infrastructure deployment from teh very basis to complete function and InformationSecurityPolicy as per PCI-DSS Audit Compliance.
• Analyze Vulnerabilities reports from various scans and assessments by acting on high risk / critical Vulnerabilities to other Vulnerabilities.
• Resolved all LAN/WAN connectivity other issues
• SecurityAudit, Budget Violation, Operational Violation, Best practice check in client AWS environment.
• Coordinated with Network Administrator regarding BGP/OSPF/EIGRP routing policies and designs, worked on implementation strategies for teh expansion of MPLS VPN networks.
• Troubleshooting teh Network Routing protocols (BGP, MPLS EIGRP and RIP) during teh Migrations and new client connections.
• Review controls related to various business process of entity for compliance with COSO framework.
• Responsible for conducting structuredsecuritycertification and accreditation (C&A) activities utilizing teh Risk Management Framework and in compliance with teh Federal InformationSecurityModernization Act (FISMA) requirements
• Performing OS updates and upgrading application.
• Management of systemsecurityand file systemsecuritypolicies and analyzing systems to determine ways of improving performance
• Used Splunk to monitoring/metric collection for applications in a cloud-based environment.
• Maintaining all shared resource and monitor free and utilized disk space.
• Conducting routine checks, warranty claims, hardware failure, replacement, software up-gradation, download patches and hotfixes.
• Responsible of writing and updating training manuals.
• Responsible of setting up projector, audio/video devices for meetings and lectures.
• Keeping and tracking inventory of all loaner laptops issued to students and staffs.
• Install and configure teh Qradar SIEM including all its components, local & or remote log collectors.
• Worked on SIEM tool Qradar for reporting and data aggregation
• Used SIEM tool Qradar on adding teh newly build windows and Linux log servers and creating policies for different alerts