SUMMARY

• Extensive 4+ years of experience as Cyber Security Analyst with proficient and thorough experience and a good understanding of information technology. Specialized in proactive network monitoring of SIEM.
• Experience in review security events that are populated in a Security Information and Event Management (SIEM) system - Log Rhythm, Azure Sentinel, Splunk and IBMQRadar.
• Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident.
• Periodically check for company policy violation / Support the investigation on policy violation, and proven ability to quickly understand a complex environment and detect anomalies.
• Assisted with applications/tools including but not limited to SIEM, Wireshark, Intrusion detection Systems (IDS), Data loss prevention controls (DLP), e-mail gateway protection, VPN operations.
• Assist with problem management, security incident response and forensic investigations.
• Assist in the development of security awareness and compliance training programs and providing communication training as needed.
• Manages Endpoint Security using End Point Detection and response tool.
• Conducts log analysis with SIEM tool.
• Checking existing accounts and data access permission requests against documented authorizations.
• Strong Splunk UI experience and able to debug expensive search queries.
• Experience in data management, compiling artificial intelligence engine use cases / rules.
• Expert in analyzing the alarm/event/ logs, remove false positive, suggest remedy and support remediation efforts.
• Assist with running vulnerability and risk analysis reports using commercial tools or custom scripts and documenting found gaps.
• Assist in security audits and inspecting security logs to uncover security violations.
• Assist with problem management, security incident response and forensic investigations.
• Collaborate with teams to resolve issues that are uncovered by various internal and 3rd party monitoring tools.
• Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow.
• Experience in installing, configuring, supporting and troubleshooting Linux Networking services and protocols, like NIS, LDAP, DNS, NFS, DHCP, TCP/IP, Telnet, FTP, SSH, rlogin.
• Threat Models - MITRE attack, Cyber Kill Chain.
• Assist in security audits and inspecting security logs to uncover security violations.
• Assist with problem management, security incident response and forensic investigations.
• Collaborate with teams to resolve issues that are uncovered by various internal and 3rd party monitoring tools.
• Assist with the development of processes and procedures to improve incident response times, analysis of incident, and overall SOC functions.
• Assist in the application security risk assessments for new or updated internal or third-party applications.
• Assist in the development of security awareness and compliance training programs and providing communication training as needed. Management.
• Configuring and maintaining Palo Alto firewalls, Cisco ASA firewalls & analysis of firewall logs using various tools.
• Experience in planning, monitoring, and updating security programs and advanced technical information security solutions.
• Experienced in Vulnerability management and remediation.
• Scanning the network and provide the scan reports to operational teams.
• Mitigate vulnerabilities identified in Security scans.

TECHNICAL SKILLS

SIEM Tools: LogRhythm, IBM Qradar, Splunk and Azure Sentinel

End Point Protection: Crowd Strike, MDATP, Carbon block

Cisco Firepower: Palo Alto Firewalls and IDS/IPS, Cisco ASA

Network: Palo Alto, Cisco ASA, IDS, IPS

Cloud Security: Azure Cloud

Vulnerable assessment Tools: Burp Suite, Nmap, Nessus, IBM Appscan, Dirbuster, Kali Linux, HP Web inspect, OWASP ZAP Proxy, Metasploit, Accunetix, HP Fortify, Akamai, Security Centre, Scout prime, Solar Winds, Alert Logic, Netskope Shodan, Azure AD, Fire eye ETP

PROFESSIONAL EXPERIENCE

Cyber Security Analyst

Confidential, Columbia, MD

Responsibilities:

• Configured IPX/SPX, HDLC, PPP, TCP/IP, BGP, EIGRP, RIP, & HSRP.
• Deployed the applications to EC2 and leveraged other AWS Services.
• Managing service like EC2, S3, IAM AWS, VPC, Cloud formation etc.
• Storage (EBS) using Python and AWS command line tools
• Daily use of MITRE Common Vulnerabilities and Exposures (CVE) list, MITRE ATT&CK and US-CERT websites for continuous knowledge of Advanced Persistent Threats and current cyber activity.
• Hands on Experience on CISCO Firewall, McAfee IPS, Palo Alto, Checkpoint, SEPM, Symantec Mail Gateway
• Conduct vulnerability scans to support to our risk/threat/vulnerability management program including resolving risks and the documentation of any residual risks.
• Hands-on McAfee ePO, McAfee Drive Encryption, and DLP Administration through remote sessions
• Analysis of various use cases in the Qradar console like Malware, AD related issues.
• Responsible for the creation of the logic to correlate attacks across multiple event sources and attempt to make a determination of the possible outcome.
• Performing network security packets scanning using capture tools tcpdump and Wireshark, Nmap to analyze to identify network problems.
• Risk assessment on the application by identifying the issues and prioritizing the issues based on risk level.
• McAfee ePO configuration and setup with Solidcore.
• Perform live packet data capture with Wire shark to examine security flaws.
• Experienced in Vulnerability Assessments and remediation.
• Deployed Splunk Enterprise on AWS to gain real-time visibility across AWS and entire IT environment.
• Utilize various Firefox add-ons like Flag fox, Live HTTP Header, Tamper data to perform the pen test.
• Creation, development, and/or restructuring of DLP programs from conception to fully perational state.
• Explanation of the security requirements to the design team in initial stages of SDLC to minimize the efforts to rework on issues identified during Penetration tests.
• Providing remediation to the developers based on the issues identified.
• Revalidate the issues to ensure the closure of the vulnerabilities.
• Identified new security threats by conducting penetration testing, log analysis and vulnerability assessments; evaluates and recommends on procedures used to mitigate risks.
• Developed Splunk infrastructure and related solutions as per automation toolsets.
• Implemented forwarder configuration, search heads and indexing.
• Created Dashboards, report, scheduled searches and alerts, SIEM searches and alerts Metrics
• Created Compliance Security Baseline dashboard for Tripwire and compliance with Storage, Database Server, Workstation and Server.
• Manage and tune Splunk SIEM and Cisco FirePower IPS

Environment: SIEM Tools: LogRhythm, Azure sentinel, Firewall, Cisco, Palo Alto, IDS, IPS, Netskope(DLP, PII, PCI-DSS, HIPAA)

Cyber Security Analyst

Confidential, Centerville, VA

Responsibilities:

• Respond to computer security incidents and conduct threat analysis working closely with your peers and mid and sr-level analysts.
• Identify and act on malicious or anomalous activity. Ensures all pertinent information is obtained to allow for the identification, containment,
• Eradication and recovery Actions to occur in a time sensitive environment.
• QRadar Implementation & its Integration with other N/W devices and Applications and the troubleshooting work.
• Investigate SIEM alerts.
• SIEM deployment, currently looking at Rapid7, LogRhythm, and others.
• Configuring alarms and dashboards in SIEM (LogRhythm) for detecting threats and abnormal behavior.
• Respond to cybersecurity events from firewalls, IDS/IPS, LogRhythm SEIM and McAfee anti-virus security tools.
• Involved in Security Operation, Vulnerability and Risk Assessment, alerting report generation and analysis with various security tools (Splunk, McAfee ePO, Symantec DLP, Imperva, Sourcefire (IDS/IPS), FireEye. Bluecoat Proxy, etc
• Monitor SIEM views and draft reports on network activities that may exploit vulnerabilities or cause harm to network hosts
• Manage Splunk(SIEM) configuration files like input, props, transforms etc.
• Well versed in both remote and on-site user Splunk (SIEM) Support
• Centralizing the storage and interpretation of logs using Splunk(SIEM) System
• Worked in Security Incident and Event Monitoring SIEM platform - IBM Qradar.
• Tested various threat vectors and present evidence of intent to create signatures/rules to mitigate specific threats.
• Participated in the product selection and installation of Qradar Security Information Event Manager SIEM consisting of multiple collectors and a high-performance MS SQL database.
• Analyze and respond to security events and incidents from SIEM, Firewall (FW), Intrusion Detection/Prevention Systems (IDS/IPS), Antivirus (AV), Network Access Control (NAC) and other client data sources.
• Expertise in Creating Shell Scripting and Python for Configuration Backup, Report backup, Qradar Device Reports and for Metric Generation.
• Experience in creating custom views, reporting and automated alerting for both operational and security use using Qradar.
• Experience in Security Incident handling SIEM using RSA Envision and IBM Qradar products.
• Security incidents to provide management oversight to the incident process.
• Perform tuning of the Security Incident and Event Manager (SIEM) filters and correlations to continuously improve monitoring.