SUMMARY

• A techno - savvy professional with 7+ years of experience in Security Information and Event Management & Network and Information Security.
• CEH (Certified Ethical Hacker from EC-Council), CompTIA Security+
• Hands on experience leading all stages of system registration, including compliance requirements definition, and initial security check and support. Outstanding Team leader able to coordinate and direct all phases of server- security based while managing, motivating, and guiding teams.
• Experience in Risk Management Compliance, Internal Auditing, Policy making, Awareness and BCP/DR and others.
• Consistently top performed among peers, in terms of qualitative service delivery.
• Participated in various audits including SOX, ISO 27001
• Documented policies and procedures compliant with Information security standards, thus streamlining the execution
• Created Security awareness modules and conducted s for various team members.
• Managed status meetings across various Geos on sustaining the compliance controls.
• Knowledge in Networking, Denial of Service.
• Analyzing logs from SIEM tool ( Confidential Qradar, Arc Sight Logger, ESM Enterprise Security Manager & Connector, Splunk).
• Experience in Google Hacking & SQL Injection.
• Knowledge On Cisco ASA Firewall & Palo Alto, Exploiting Windows with Backtrack/Kali Linux.
• Performed Risk based monitoring covering a range of operational security activities.
• Experience of producing documents on System Security compliance report
• Experience in installation, configuration, administration and troubleshooting SIEM tools i.e., Confidential Qradar, ArcSight, Splunk.
• Experience in upgrading, migrating, troubleshooting SIEM (Security Information and Event Management) and integrating various targets such as DLP, Database, Firewall, Proxy, Antimalware & PIM.
• Identified potential risks, such as virus and malware attacks, and hacking.
• Assisted with implementation of counter measures, as well as mitigating controls.
• Provided and developed the forensic capability to enhance response to the investigation.
• Fixed detected vulnerabilities, to maintain high security standards.

TECHNICAL SKILLS

Functional: Information Gathering Attack Vectors Malware Analysis IT Infrastructure Management Client Support Data Backup IDS/IPS Computer Forensics SIEM/ SOAR Network Fundamentals Email Security Cyber Kill chain

Enumeration: Zenmap, Nmap, whois

Scanning: Qualys Guard, Wireshark, Virus total, Process Explorer, TcpLogView

Tracking: Email Tracker, IPvoid, MxToolbox

SIEM: Confidential QRadar, ArcSight, Splunk

Antimalware: McAfee, Symantec

Database: Oracle & MS SQL Server, Imperva Secure Sphere

Forensics: Process Monitor, FireEye RedLine

Proxy: Bluecoat ProxySG

IAM: Arcon

Domains: Banking, Multimedia, Financial

Operating System: Windows XP, 7, 8,10,11 Vista, Server, Ubuntu, Backtrack 5 R1, R2, R3, Kali Linux 1.0,2.0

Packages: MS Office 2019(Excel, Word, PowerPoint), Photoshop

Languages: Shell Script, Python

Hardware: Proficient Knowledge of hardware (Troubleshooting and Installation).

PROFESSIONAL EXPERIENCE

Confidential, Minnesota

Cyber Security Consultant

Responsibilities:

• Monitor, analyze, and respond to events, alerts and incidents reporting supporting systems and taking appropriate action to protecting IT assets potential incidents and threats.
• Document and report changes, trends and implications concerning the design and integration of evolving Cyber-security tools, systems, and solutions.
• Follow SOC processes and provide support to ISD Security Engineers and OCIO support staff during alerts, events, and incidents.
• Submit new and update events in SOC ticketing system.
• Provide off-hours and ad-hoc shift support as needed.
• Provide feedback to SOC management and security engineers on existing and new use event cases.
• Provide support for 1st tier Security Operation Center (SOC) Analyst in troubleshooting cyber-security events, alerts and incidents reporting to the SOC.
• Assist with metrics, reporting, and other SOC communications.
• Having good experience in Palo Alto, Cortex XSOAR/ SOAR
• Provide security monitoring and response for Security Operations Center (SOC).
• Performs security event and incident correlation using information gathered from a variety of sources within the enterprise
• Analyzes and assesses damage to the data / infrastructure as a result of cyber incidents
• Writes and publishes cyber incident reports detailing incident findings and mitigation/remediation recommendations.
• Develops and documents incident response guidance, processes, and procedures.
• Interact with internal and external auditors as needed to ensure regulatory and policy compliance.

Confidential

Cyber Security Consultant

Responsibilities:

• Maintain and update security and compliance policies and procedures and ensure current processes follow the written standard across all teams
• Configuration of SIEM data sources ( Confidential Qradar) & tuning of rulesets
• Mine existing log sources data for malicious pattern identification
• Enrich data set through visualization, queries, or reports for an actionable task.
• Daily monitoring and analysis of SIEM systems and logs and resultant security related remediation tasks
• Supporting Confidential Qradar centralized logging and monitoring efforts
• Support Confidential Qradar SIEM operation - onboarding of log sources to ensure proper coverage by ensuring data is properly ingested
• Document, maintain and improve SIEM log source onboarding process for relevant sources including cloud, on-prem and SaaS applications
• Collaborate with other Stake holders’ teams to document and implement logging and monitoring capabilities to meet established requirements MITRE Att&ck Framework or Lockheed Martin Killchain
• Perform initial triage, analysis, document and assess cybersecurity incidents and escalate to appropriate internal teams for additional assistance when needed
• Strong background in SOAR technology
• Skilled in automating and streamlining security operations and incident response processes
• Hands-on experience with SOAR platforms, such as Demisto
• Expertise in integrating SOAR into existing SOC workflows
• Improves threat detection and incident response times
• Deep understanding of security workflows and playbooks
• Committed to continuously improving security operations through the use of SOAR and other cutting-edge technologies.
• Monitor and respond to threats and incidents in Confidential Qradar services and infrastructure.
• Partner with other functions as a trusted advisor on information security governance, risk, and compliance matters, as required
• Developed log ingestion, aggregation, and retention strategies to meet policy and operational requirements
• Handling & Managing the Cyber Security Team
• Troubleshooting on Log stoppage & SIEM.
• Creating and developing the rule as per organization requirement.
• Configuring On boarding/Off boarding of Log source.
• Quality check of SOC Operational tickets.
• Checking & maintaining Health of SIEM on day to day.
• Solving the L1 query with respective of analysis and operations.
• Following up on SIEM issues from Confidential support.
• Fine-tuning the Use cases.

Confidential

Sr. Cyber Security Analyst

Responsibilities:

• Monitoring computer networks and systems.
• Conducting ethical hacking to find potential entry points in your systems and fix them before any attacks occur.
• Evaluating vulnerabilities in the infrastructure of networks and systems.
• Responding to incidents to understand the consequences of cyber-attacks and coming up with recovery plans.
• Researching information technology (IT) security trends.
• Suggesting necessary security changes to management or IT staff.
• Installing and observing if antivirus programs are working efficiently.
• Collaborate with different business stakeholders to define the use cases for monitoring
• Assist the security analysts in the BAU activities for ad-hoc queries & threat hunting scenarios
• Support continuous monitoring through management of vulnerability management for our platform
• Coordinate the remediation of vulnerabilities through stakeholder reporting and engagement of technology owners
• Perform intrusion analysis using SIEM technology, packet captures, reports, data visualization, log analysis and pattern analysis
• First responder to security events and escalations via email, phone, and tickets across corporate user networks, data centers, and cloud environments.
• Document and communicate findings, escalate critical incidents, and interact with customers.
• Monitor multiple Security alert from different log source, understand the impact and nature of the incident.
• Preparation of Daily reports and fetching the weekly/monthly report data.
• Preparation and publishing of daily security News Bulletin.
• Closing/Reassigning of SOC operational tickets.
• Segregation of SOC bin tickets on daily basis.
• Assign tickets to L3 for further analysis.
• Security events/incidents follow-up with to the appropriate Users, stakeholders as required. Suggest fine-tuning and modification in rules.
• Ad-hoc activities.