SUMMARY

• 7+ Years of highly analytical computer security analyst with success in both defending and attacking large - scale enterprise networks.
• A multifaceted professional, offering strong experience and skills in threat and vulnerability management, information security analysis, information security architecture, information security policy design, risk assessment, security incident response, and security solution implementation and administration.
• Strong understanding of security systems such as SIEM, malware protection, firewalls (AWS WAF,) IDS/IPS, DLP, and load balancers
• Technical expertise in Cloud Computing technologies with a deep understanding of the security architecture of environments comprising AWS Security Services
• Excellent understanding of Security concepts - AAA, Malware, Vulnerabilities, cyber threats, Cryptography, PCI DSS, HIPPA, NIST, and ISO 27001
• Excellent understanding of networking concepts - TCP/IP model, Switching, Routing, NATs, firewalls, VPNs, IDS/IPS, DNS
• Deep understanding of Web Application Security concepts
• Experience in planning, developing, implementing, monitoring, and updating security programs, and advanced technical information security solutions, sound knowledge of SOX and PCI compliance requirements, and understanding of NIST and ISO standards
• Accomplished history of working with various private business and IT organizations to facilitate security to further enhance the security stance of the company.
• Knowledge of TCP/IP networking, switches, routers, firewalls, VPNs, and encryption.
• Knowledgeable of penetration testing, vulnerability assessment, threat hunting, and security program development.
• Expert at implementing network security, SIEM tools, new concepts, identity management, new security technologies, securing cloud architecture, and new security controls as well as in developing innovative security controls and processes that meet business and executive requirements to protect information.
• Developed specific content necessary to implement Security Use Cases and transform them into correlation queries, templates, reports, rules, alerts, dashboards, and workflow.
• Supports, Monitors, and manages the SIEM environment.
• Administration and analytics development on Information Security, Infrastructure and network, data security, Enterprise Security app, Triage events, Incident Analysis.
• Expertise in conducting investigations of Security violations and breaches and recommending solutions; preparing reports on intrusions as necessary and providing analysis summary to management.
• Proven ability in identifying various network security vulnerabilities and explaining in detail how to remediate the identified vulnerabilities.
• Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce the risk of vulnerability to IT assets.

TECHNICAL SKILLS

Networking: IDA Pro, OllyDbg, Windbg, Symantec Endpoint Protection, DL, Palo Alto Firewalls, Cisco IronPort, Check Point, Cisco ASA, IDS/IPS, Anti-virus, BMC BladeLogic, Remedy.

Systems Administration: Active Directory, DNS, FTP, SSH, DHCP, SMB, HTTP, Virtualization (ESX)

Vulnerability Assessment: Nmap, Nessus, Ettercap, Metasploit, Honeypots (honey, interim), BurpSuite, Nexpose, Acunetix, IBM App Scan, HP Web Inspect

End PointSecurity: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Symantec McAfee EmailSecurityGateways GUI & CLI, McAfee Network Data Loss Prevention, McAfee NITRO SIEMSecurityInformation, and Event Management, QualysGuard, Veracode, RSAArcher, FireEye Retina, Onapsis, IBM/HCLAppScan Enterprise (ASE), Standard & Source editions, BurpSuite Pro, Acunetix, Fortify SCA, BeEF, WAS, SQLMAP. CHEKMARX (Code Analysis), Carbon Black.

Platforms/Applications: Continuous Monitoring Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management, and Compliance, Solarwinds, Nexpose, Rapid7 Event Management RSA Archer, Blue Coat Proxy, IBM QRadar, NTTSecurity, LogRhythm, PenTest Tools Metasploit, Burpsuit, NMAP, Wireshark, AWS, MS Azure Google Cloud Platform.

Standards & Framework: OWASP, OSSTMM, PCI DSS

SecuritySoftware: Nessus, Ethereal, NMap, Metasploit, Snort, RSA Authentication, PIA

Programming Languages: C, C++, Java, Python, JavaScript, Linux, PowerShell

Networking: LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Firewalls/IPS/IDS

Protocols: TCP/IP, L2TP, PPTP, IPSec, IKE, SSL, SSH, UDP, DHCP, DNS, NetBIOS, SNMP, TLS, etc.

Domain Knowledge: Risk Management, BCP/DRP, ISO 27001, COBIT, Vulnerability SWOT analysis, Cryptography, Incident Response, Penetration Test, Risk Assessment, SCADASecurity, SCADA Audits, SIEM, NIST, FIPS

PROFESSIONAL EXPERIENCE

Confidential, Marshall, TX

Cyber Security Engineer

Responsibilities:

• Troubleshoot and resolve performance issues, which include log/packet consumption rates, CPU, memory, disk utilization, and other observed and reported issues.
• Health and wellness monitoring, including the Response, Remediation, and Communication of critical outages and loss of functionality.
• On boarded and Integrated Supported devices to RSA SIEM for Windows, File, ODBC, Firewalls, SNMP, Syslog, VMWare
• Integrated AWS Guard Duty and CloudTrail services.
• Developed new correlation rules & alerts using EPL language.
• Troubleshooting firewalls rules and working to integrate them logging to SIEM.
• Used Service Now for ticketing and reporting
• Identified vulnerabilities, recommend corrective measures, and ensure the adequacy of existing information security controls.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers, and malware analysis tools.
• Responsible for analyzing, responding, and providing recommendations for security incidents manually or automated forensic analysis tools.
• Senior Security Analyst in the world-class Security Operation Center (SOC) handling Cyber Security Alerts & Incidents originating from multiple sites across the client's (Banking and Finance) organization worldwide.
• Performing real-time proactive security monitoring, detection, and response to security events and incidents within the Organization Network
• Conducted thorough investigation of security events generated by our detection mechanisms such as SIEM, IDS/IPS, AV, DLP, proxy, DDOS, etc.
• Handled Incident Escalations from SOC L1. Educating SOC L1 to enable them to handle similar incidents in the future.
• Recognized successful potential intrusions and compromises through review and analysis of relevant event detail information.
• Differentiated false positives from true intrusion attempts and tuned the alerts wherever necessary.
• Identify, verify, and ingest indicators of compromise and attack (IOCs, IOA’s) (e.g., malicious IPs/URLs, etc.) into network security tools/applications for protection.
• Alerted concerned stakeholders of intrusions and potential intrusions and compromises to the IT environment.
• Categorized the events and raised necessary incidents after a thorough quality check of the event.
• Worked closely with L3 Support, Threat Intelligence Team, Tool engineers, and Forensics team to provide adequate information required for resolution.
• Participated in the Process improvement and alert fine-tuning with key stakeholders from the Cyber Security Incident Response Team and Engineering team.
• Maintain data entry requirements by following data program techniques and procedures.
• Verify entered customer and account data by reviewing, correcting, deleting, or re-entering data; combining data from both systems when account information is incomplete; purging files to eliminate duplication of data.
• Test customer and account system changes and upgrades by inputting new data; reviewing output.
• Formulate and coordinate technical best-practice SOPs and Runbooks for SOC Analysts.
• Working knowledge of cyber incident response procedures and malware analysis.
• Troubleshoot security monitoring devices to improve event correlation and performance.
• Developed and updated procedures and configure tools for Event Detection Analysts to use.
• Maintaining situational awareness of the latest cybersecurity threats, vulnerabilities, and mitigation strategies
• Knowledge of common attack vectors and attacker tactics, techniques, and procedures (TTP) MITRE ATT&CK Framework
• Familiarity with common malware types and their associated symptoms including ransom ware, spyware, Trojans, worms

Confidential, St. Louis, MO

Sr. Cyber Security Analyst

Responsibilities:

• IBM QRadar SIEM Installation of Console, Event Processor and Event Collector and Data nodes, Deployment of the managed host in the deployment editor, HA configuration, network port binding.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers, and malware analysis tools.
• Responsible for analyzing, responding, and providing recommendations for security incidents manually or automated forensic analysis tools.
• Installed and configured a SIEM tool from scratch & observed device Integration of multiple Log sources with the SIEM Connector appliance.
• Supervised initial network installation using CISCO networking devices and tuning, monitoring, and correlation of security events with IBM QRadar SIEM, FireEye, Imperva WAF, and Web-Sense
• Reviewed and designed security best practices for McAfee EPO, Anti-Virus, HIPS, and DLP.
• Planned, performed, monitoring, analyzed, and managed Grey Box, Black Box, and White Box Application Security assessments using tools and manual analysis for OWASP Top 10 vulnerabilities
• Installation and configuration of a new Microsoft Windows Server 2016 (DHCP, Active Directory, DNS, Group Policies).
• Performing white-box vulnerability assessment for applications developed in Microsoft Technologies for the OWASP Top 10 vulnerabilities.
• Verify entered customer and account data by reviewing, correcting, deleting, or re-entering data; combining data from both systems when account information is incomplete; purging files to eliminate duplication of data.
• Test customer and account system changes and upgrades by inputting new data; reviewing output.
• Secure information by completing database backups.
• Maintain operations by following policies and procedures, and reporting needed changes.
• Maintain customer confidence and protects operations by keeping information confidential.
• Vulnerability Assessment of various web applications used in the organization using Paros Proxy, Burp Suite, and HP Web Inspect.

Confidential, Houston, TX

Cyber/Network Security Engineer

Responsibilities:

• Responsibilities include supporting a 24/7 SOC environment to ensure real-time information security and prevent any cyber-attack from inside and outside the network.
• Designs and implementation in all aspects of Information Assurance and Information Security (InfoSec) Engineering.
• Guidance on ISCM (Information Security Continuous Monitoring), assess and mitigate system security threats/risks throughout the program life cycle by validating system security requirements definition and analysis.
• Scheduled a Penetration Testing Plan throughout the organization and completed all the tasks in the given time frame.
• Conducted penetration tests on systems and applications using automated and manual techniques with tools such as Metasploit, Burp Suite, Kali Linux, and other open-source tools as needed and report the findings.
• This included the design, development, and implementation of multiple independent Splunk instances that would be able to monitor SCADA environments and CDAs and also be able to forward alerts and logs to an independent off-site CSOC.
• Designed & implemented the department SIEM (Arcsight) to monitor the DOT enterprise (over 20,000 assets).
• Administration of the DOT security infrastructure consisting of IDS/IPS systems (Snort, ISS, IDSM2, IPS, NFR, Checkpoint IPS1), Vulnerability Assessment tools (Foundscan and Nessus).
• Monitor compliance and ensure enforcement with all SOX, PCI DSS, HIPAA/HITECH, COBIT, and NIST requirements as applicable to the organization.
• Worked with tools like Burp Suite, DirBuster, HP Fortify, Nmap, Acunetix, Web inspect, Nessus, IBM app scan as part of the penetration testing, on daily basis to complete the assessments.
• Skilled using Burp Suite, Checkmarx, HP Fortify, SecureAssist, WAS, NMAP, Havij, and DirBuster for web application penetration tests.
• Involved in Security Operation, Vulnerability, and Risk Assessment, alerting report generation, and analysis with various security tools (Splunk, McAfee ePO, Symantec DLP, Bluecoat Proxy).
• Conduct threat intelligence analysis on key areas of the Enterprise Defense-in-depth analytics, incident statistics, and other relevant information in the creation of periodic threat intelligence reports.
• Implemented quality assurance review processes to ensure audit work conforms to the Standards for the Professional Practice of Internal Auditing and the standards established by ISACA.
• Perform compliance checks against industry standards and regulatory mandates such as FISMA, DISA, HIPAA, and SCAP.
• Develop POA&M for mitigation as required by Risk Management Framework (RMF)
• Network Admin, logging and securing network data using RSA Archer (TCP/IP data analysis).
• Used McAfee ePolicy Orchestrator to monitor and identify potential intrusions and attacks for the Cyber Security Operations Center (CSOC).
• Conducted penetration testing on our web applications using some tools.
• Monitoring the Log rhythm dashboard for suspicious alerts and providing efficient write-ups for each alert.
• Using tools like LogRhythm in analyzing network, DLP email monitoring, Symantec SEP logs, firewall, and proxy logs to determine the risk level of the alarms.
• Hadoop, Cloud AWS, Enterprise Risk Management, sox2, 404, PCI, NIST, Cobit, and others.
• Delivering comprehensive prevention, detection, and response status using FireEye, Symantec, and Qualys software.
• Vulnerability Assessment of various web applications used in the organization using Burp Suite, Web Scarab, HP Web Inspect.
• Monitored IT audit activities with internal auditors, external auditors, and third-party examiners and prepared management responses and remediation planning;
• Utilized Tanium for Deployment, monitoring, and analyzing data throughout various networks.
• Administer Controls & Permissions to files using PowerShell commands through SCCM.
• Performing periodic vulnerability testing and assisting in remediation efforts.
• Identified, documented, and investigated suspicious events in intrusion detection systems (IDS) and SIEM tools.
• Monitoring and analyzing network traffic, Intrusion Detection Systems (IDS) and Instruction Prevention Systems (IPS), security events, and logs.
• Performed penetration testing over the enterprise systems to audit the standards to comply with PCI DSS regulations.
• Project managed Project, Gantt charts, risk registries, Creation of templates.
• Guided and trained 8 analysts in Risk and compliance in NIST 800, PCI-DSS, and other Frameworks. Workflow charts Change management. Risk management.
• Worked in Security Incident and Event Monitoring SIEM platforms - IBM QRadar, and Splunk.
• Provide proactive APT hunting, incident response support, and advanced analytic capabilities.
• Coordinates and assists the team on assigned daily SOC operations.
• Analyze and escalate events and incidents to SOC Analyst Level for response and resolution.

Confidential

Security Analyst

Responsibilities:

• Assisted as a technical security analyst as part of a team responsible for assessing and ensuring NIST Rev 4 management, operational, technical, and privacy security control implementation compliance for large apparel
• Manage the Security Incident and Event Management (SIEM) infrastructure.
• Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level.
• Designed Symantec DLP architecture, and implemented Symantec DLP. Worked with Symantec DLP upgrades and patches.
• Implemented Symantec DLP Policy and Content Blade creation and tuning. Provided input into customers’ operational processes and procedures.
• Compliance standards and frameworks such as PCI, NIST, HIPAA, HITRUST, and Privacy standards and frameworks such as Generally Accepted Privacy Principles (GAPP)
• Experience in conducting penetration testing for web applications and servers using Burp Suite and Metasploit Pro, and documenting the results to the senior management.
• Collaborate across the entire organization to bring Splunk access to product and technical teams to get the right solution delivered and drive future innovation gathered from customer input.
• Fine-tuning existing correlation rules to reduce noise and false positives.
• Monitor the performance of Splunk via the Splunk Monitoring Console.
• Managing security incidents in the organization, key member of the Incident Response Team

Environment: MS SQL, MySQL, Web scarab, HTML, Kali Linux, OWSP, DirBuster, NMAP, IBM AppScan, BirpSuite, HP Fortify, Windows XP, PHP