SUMMARY

• Experienced Technical Consultant having 8+ years of experience in handling Information security analyst and System Administrator responsibilities.
• Expertise in Cyber security & Information Assurance with deep Knowledge of Identity and Access Management security, Sail point Identity IQ, Access Control issues related tocybersystems and networks, AWS Cloud, Proof Point configuration and administration, Penetration testing methodology, malware detection techniques, recommended information assurance policies and standards.
• Cyber Security Engineer with good experience in Implementation, Administration, Operation and Troubleshooting of enterprise data networks
• Experience in planning, developing, implementing, monitoring and updating security programs, and advanced technical information security solutions, and sound knowledge in SOX and PCI compliance requirements and understanding of NIST and ISO standards
• Experience as a Splunk Engineer configuring, implementing and supporting Splunk Server Infrastructure across Windows, UNIX and Linux environments
• Configure, maintain and design network security solutions including firewalls (CheckPoint, Cisco ASA and Fortinet), IDS/IPS (Cisco, CheckPoint and SourceFire), VPN, ACLs, Web Proxy, etc.
• Monitor and analyze output and performance of network and host - based security platforms including:
• Hands on experience on Operations and management of Aruba based wireless network providing multiple SSID platform for DoD users
• Hands on experience on Web Application Firewalls and attack mitigation techniques
• Work closely with clients Information Assurance analysts to oversee the preparation of a comprehensive and executive and Accreditation (C&A) packages for approval of an Authorization to Operate (ATO); generate, review and update System Security Plan (SSP) against NIST and NIST requirements
• Establish a strong GRC (Governance, Risk and Compliance) practice to ensure adherence to best practice, regulatory requirements and ISO 27001
• Facilitate implementations of information security policies, account security policies and standards for logical and physical security
• Perform Risk Assessment, Gap analysis & create Risk Mitigation plan
• Good experience to provide remediation consultation to organizations and system owners, ensuring vulnerabilities are remediated IAW DISA/NIST and Cyber Threat Intelligence research
• Modernize assessment tools by researching emerging technologies and outlining their procurement to increase productivity and effectiveness
• Having good understanding and Knowledge for implementation for ISO 27001, NIST 800 - series, DIACAP, and FISMA guidance/governance
• Strong knowledge under Imperva web application firewall for monitoring for in-depth analysis of attacks and SIEM tools such as Splunk, HP ArcSight for analysis and log monitoring.
• Led an effort to create a new process in filtering and manage IPS events by automating the process and streamline Security Operation Center (SOC) triage efforts.
• Managed HBSS Mcafee ePO, configured HIPS 8.0 policies, verified and created server tasks, monitored events, created and enforced DLP policy, managed Rogue System Detection.
• Support deployment of all HBSS point products and updates to include Mcafee agent, HIPS, VSE, DLP. Perform HBSS policy tuning, HIPS, IPS tuning, and all related tasks.
• Experienced with Proxy and Malware-mitigation (BlueCoat, Radware/ApplXcel/Alteon, FireEye), threat detection and data leakage protection (Network DLP/Vontu/Symantec, BlueCoat Security Analytics.
• Dedicated, multifaceted, and detail-oriented professional with progressive experience in Cybersecurity operations; complemented with wide-ranging knowledge of McAfee ePolicy Orchestrator (ePO) and networking technologies such as firewalls, switches, and routers.
• Analyzed the Policy rules, monitor logs and documented the Network/Traffic flow diagram of the Palo Alto Firewalls placed in the Data Center with MS Visio.
• Worked on various projects involving security systems to bring in security data to the SIEM. Systems such as Splunk, Tanium, various IPS event data sets, Blue Coat, NetWitness to just name a few.
• Expert level configuration of Layer 2 technology including VLANS, Trunking, STP, RSTP, PVST, MST, VTP in addition to port-security, Uplink fast, Backbone fast, Port fast, BPDU guard & filter and Ether channel including LACP & PAGP negotiations
• Management and administration of Juniper and ASA Firewalls at various zones including DMZ, Extranet (Various Business Partners) and internal.
• Aggregate, correlate, and analyze log data from network devices, security devices and other key assets using QRadar. Analysis of various use cases in the Qradar console like Malware, AD related issues.

TECHNICAL SKILLS

Networking: Packet Analysis (tcpdump, Wireshark), IDS (Bro, Snort), Splunk, Firewall, IDS/IPS, Access Control

Systems Administration: Active Directory, DNS, FTP, SSH, DHCP, SMB, HTTP, Virtualization (ESX)

Vulnerability Assessment: Nmap, Nessus, Ettercap, Metasploit, Honeypots (honeyD, INetSim), BurpSuite

End PointSecurity: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Symantec McAfee EmailSecurityGateways GUI & CLI, McAfee Network Data Loss Prevention, McAfee NITRO SIEMSecurityInformation and Event Management.

Platforms/Applications: Continuous Monitoring Vulnerability Management, Web Application Scanning, Threat Protect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance, SolarWinds, Nexpose, Rapid7 Event Management RSA Archer, Blue Coat Proxy, IBM QRadar, NTTSecurity, LogRhythm, PenTest Tools Metasploit, Burpsuit, NMAP, Wireshark and Kali

SecuritySoftware: Nessus, Ethereal, NMap, Metasploit, Snort, RSA Authentication, PIA

Programming Languages: C, C++, Java, Python, JavaScript, Linux, PowerShell

Networking: LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Firewalls/IPS/IDS

PROFESSIONAL EXPERIENCE

Confidential, Houston, TX

Sr Cyber Security Engineer/Analyst

Responsibilities:

• Developed custom SIEM deliverables in Splunk/McAfee/QRadar/ArcSight to meet customer needs in a variety of domains: IT security, financial, IT ops, human resources, physical security, etc.
• Design, development, implementation, tuning and testing of standard and nonstandard content for Mcafee SIEM (Nitro).
• Perform Digital forensics and Incident Response (IR) using tools Autopsy, Magnet, Stinger, etc. 28 DOL agencies
• Served as the primary SME for RSA SecurID and all multi-factor authentication products including Azure MFA.
• Maintained GIT repositories, branches and tags and Experience in Administering GITHUB repository.
• Played a key role in deploying Symantec Endpoint Protection Manager and clients on a closed network
• Worked as a PCI-DSS consultant to perform a 3rd party audit.
• Establish and maintain an IT Compliance program for Financial Security Infrastructure team that minimize risks to IT objectives through effective, efficient, scalable, and cost-effective design and operation of controls, including Sarbanes Oxley (SOX), ITGC (IT General Control) using COBIT framework, and other domestic and international compliance requirements.
• Involved in DLP data encryption, monitoring/reporting and remediation of internal and external threats/vulnerabilities.
• Provided Azure Security and Compliance reviews and solutions for government systems to facilitate the secure and compliant use of Azure for government agencies and third-party providers building on behalf of government.
• Ensured Azure Government system was compliant to meet a FedRAMP Provisional Authority to Operate (P-ATO) and DoD Provisional Authorization (PA).
• Understand the threat landscape as related to vendors and perform vendor risk assessments
• Works with Encase, FTK, Cellebrite, Gargoyle, IEF, tools, plus dozens of utilities for ripping, extracting, repairing, copying, de-duplicating, automating and more
• Played an Integral role in migrating company's security firewall environment from FortiOS 4.0 firewall platform to Fortigate FG 100D.
• Assist penetration testing and investigation.
• Collaborate with Internal audit, External Audit, SOX PMO in a regular cadence, discuss changes to the control environment and prepare effective, efficient compliance and substantive test plans and SOX Calendar.
• Work closely with the Risk and finance teams to associate a monetary value to security risks within the User Behavior Analytics (UBA) tool.
• Worked on projects moving to cloud services such as Azure, Office 365 and Amazon Web Services (AWS).
• Interacted with Cloud Service Provider (CSP) to conduct Incident Response (IR) and Contingency Plan (CP) exercises for Disaster Recovery Plan (DRP) and procedures.
• Expertise in development of Information Security Programs based on frameworks such as NIST, NIST, NIST, ISO 27002, COBIT 5.0, FFIEC, GLBA, SOX, PCI & PII with IT Risk drivers KPI's and KRI's to ensure Financial regulatory compliance and data security.
• Conduct internal and external security audits based on standard cybersecurity frameworks from ISO 27002, COBIT, NIST, OWASP and Cloud Security Alliance
• Worked extensively in Configuring, Monitoring Elk,Extrahop.
• Built proof of concept (POC) for Localization to use AWS for some transcoding workloads. AWS services used were EC2, S3, Lambda, Elastic Transcoder. Second phase would be to add Captions and Digital Rights Management (DRM).
• Assessment guidance/standards used; NIST SP, NIST, NIST, ISO27002, ISO27005, to ensure regulatory compliance and proper assessment of risk.
• Develop documentation for new/existing policies and procedures in accordance with Risk Management Framework (RMF), NIST SP requirements.
• Used GZIP with AWS Cloud front to forward compressed files to destination node /instances.
• Dynamic monitoring and analysis of Intrusion Detection Systems (IDS) to identify security issues for remediation. Analyze, recognize, correlate, and report any potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information from AccelOps SIEM, Snort logs and Checkpoint FW logs.
• Consulted with business and technology partners to create and provide security recommendations and best practices.
• Assisted CSO with completion of established goals, objectives, and streamlining of internal office procedures.
• Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, Solutionary, LogRhythm, SCCM, Altiris, LanDesk, BigFix, McAfee/Symantec.
• Push configurations and updates to multiple Splunk Enterprise instances via the Splunk Deployment Server
• Support the reporting and outputs from cross-functional teams related to the vendor risk assessment process
• Provide IT Governance, Risk, and Compliance (GRC) service to fulfil client requirements.
• Experience with SIEM platforms (Splunk, Qradar, McAfee/Nitro, Arcsight, LogRhythm, Carbon Black)
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools, SSL/TLS, SOAP/XML, TCP/IP, HTTP and dexpertise in open ssl. Moreover Experience in deploying and administering Dynatrace, APM Tools like Synthetic, DCRUM, UEM, & AppMon.
• Managed Cyber Security threats through prevention, detection, response, escalation and reporting in effort to protect Enterprise IT Assets through Computer Security Incident Response Team (CSIRT).
• Responsibilities for CSIRT included SIEM, Context Filtering, Web Security, Incident Tracking, IPS/IDS and Malware Analysis.
• Responsible for troubleshooting and resolving firewall software and hardware issues, including VPNs, connectivity issues, logging, cluster configurations, and hardware installations for Checkpoint and Palo Alto firewalls.
• Performed risk analysis using State approved risk analysis methodology based on NIST SP and ISO IEC 17799 methodologies.
• Increased productivity by fine-tuning their IPS security policies allowing analysts to quickly identify threats on the network. Tune HIPS and VirusScan policies to support mission requirements as needed.
• AWS CLI Auto Scaling and Cloud Watch Monitoring creation and update
• Participate in design efforts for network security related portions of new applications along with application development areas and the network design for disaster recovery efforts.
• Experience spans over SIEM, Threat Intelligence, Penetration Testing and Vulnerability Assessment, Security Architecture, PCI-DSS and Security Research.
• Provide expertise with incident response, security event monitoring, vulnerability management, asset security compliance and data loss prevention utilizing McAfee Nitro (SIEM), McAfee ePO, McAfee DLP.
• Expertise in development of Information Security Programs based on frameworks such as NIST, ISO 27002, COBIT 5.0, FFIEC, GLBA, SOX, PCI & PII with IT Risk drivers KPI's and KRI's to ensure Financial regulatory compliance and data security.
• Coach and mentor new analysts in our Third Party Vendor Risk Assessment Program.
• POC and assisted in deployment for Bluecoat Security Analytics across BOA Data centers and remote offices, scripting and data extraction for SSL/TLS CPS utilization, Malware, Firewall and F5 capacity management and high availability planning.
• Design and implement a vendor risk assessment scorecard - to establish a risk benchmark, identify areas needing improvement, and as a periodic tool to assess overall risk status.
• Configuring and implementing F5 BIG-IP, LTM, GTM load balancers to maintain global and local traffic.

Confidential, St. Louis, MO

Information Security Analyst

Responsibilities:

• Developed and maintained enterprise security policy and procedures along with assisting in the development of project charter for organization.
• Initiated an information gathering meeting to identify stakeholders and their understanding of client requirement, compliance obligations and future goals
• Assisted stakeholders in prioritising regulations most to least critical to business success
• Defined scope of compliance and boundaries, familiarised stakeholders of their roles and responsibilities and staffing requirements to meet compliance.
• Created business case highlighted pros and cons of non- compliance in quantifiable value
• Assisted in identification of compliance gaps and developed compliance roadmap by prioritising implementation of initiatives, dependencies of initiatives.
• Categorised compliance ticket items into domains such as asset management, risk management, vulnerability management, vendor management, access control.
• Provided training and awareness on compliance obligations to champions nominated from multiple departments
• Assisted in design of business continuity critical processes, establishing backup and testing standards and utilizing benchmarks such as RPO, RTO, MTD.
• Reviewed and redesigned HR processes to meet compliance requirements.
• Identified and provided remediation for vulnerabilities found in network system
• Supervised anomalous activities and created an incident reporting process to help identify root cause.
• Asset Management:
• Implemented information asset management policy
• Identified, classified, and inventoried organization information security assets based on criticality in information asset register.
• Revised roles and responsibilities of asset custodian and included those responsibilities as part of their job description such as purchase, budget, monitor and maintain, track and audit.
• Participated in establishment of risk and compliance framework.
• Created and categorised risks scenarios as per risk events
• Developed communication channels for the stakeholders based on criticality of the issue.
• Assessed top risks in quantifiable terms for annual expected costs/loss to business such as reputation, downtime, termination of contracts.
• Performed routine vulnerability assessments and coordinate resolution of identified risks or issues with the relevant parties.
• Developed a risk assessment heat map tool for identification of organizations most critical risks helping stakeholders easily identify priorities.
• Create a statement of work for an enterprise solution identifying scope of work
• Carried out product testing between multiple vendors as per use cases/ success criteria
• Performed product evaluation; documented project requirement, milestone, deliverables, documents and reports.
• Documented vendor management process and owners
• Created vendor score card and vendor information sheet; product service details and escalation path with contact details for internal and external point of contact.

Confidential, Mobile, AL

Cyber Security Analyst

Responsibilities:

• Responsible for installation and maintenance of new network connection for the customers.
• Configured all the required devices and equipment for remote vendors at various sites and plants.
• In-depth expertise in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems.
• Manage enterprise security systems, identifying key security risks, reporting risks to management with recommendations for corrective action utilizing NIST frameworks.
• Design and Implementation of Bluecoat Proxy Infrastructure. Upgrading Radware Appwall WAF (Web application firewall) and fixing hot fixes and patches.
• Supported nationwide LAN infrastructure consisting of Cisco 4510 and catalyst 6513.
• Worked with cisco routers 2600, 2900, 3600, 3800, 7200 and 7600 and switches 2900, 3560, 3750, 4500, 4900, 6500
• Perform ISO 27001, PCI and SOX Audits and drive them to the closure of findings.
• Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce the risk of vulnerability to IT assets.
• Implementing various policies as per client compliance to restrict web access, troubleshooting proxy related access issues and generate Internet access reports using Websense web proxy
• Creating compliance rules, extracting Security risks and auditing the policies in firewall using Tufin firewall monitoring tool
• Reviewed encryption logs and DLP logs to regulate use base technological risk violations
• Upgrade, managing and troubleshooting various issues with Cisco IPS
• Rules implementation, log analysis, logical troubleshooting and managing various Checkpoint products-Power-1, UTM-1, Smart-1 appliances and Cisco ASA appliances
• Part of Disaster Recovery Datacentre’s Security Configuration and Management team.

Confidential, FREDERICK, MD

Security Analyst

Responsibilities:

• Configure and install various network devices and services (e.g., routers, switches, firewalls)
• Administering, configuring and troubleshooting of Windows Server 2008, 2012.
• Installation, Configuration and Administration of Web Servers (IIS and Apache)
• Design, implement and maintain VMware vSphere infrastructure.
• Infrastructure Development on AWS by employing services such as EC2, RDS, Cloud Front, Cloud Watch, VPC, etc.
• Evaluated firewall change requests and assess organizational risk.
• Configuration, installation and support of equipment in a MS Environment to terms of client proposals.
• Installation, configuration and administration of Asterisk based VOIP Telephony
• Troubleshoot and resolve computer/network issues by providing both on-site and remote support.
• Maintaining software applications, operating systems Win2K, Win XP, Win2007, and Linux.
• Responding to inquiries from staff, administrators, service providers, site personnel and outside vendors and etc. to provide technical assistance and support.
• Supervising administration of systems and servers to ensure availability of services to authorized users.
• User administration, setup, maintaining system and verifying peripherals are working properly.
• Quickly arrange repair in occasion of hardware failure and Monitor system performance
• Install software & create a backup and recovery policy & Updating Antivirus and its Patches.
• Administering multi Server windows LAN, WAN.