SUMMARY

• Around 6 years of Experience in designing, architecting, deploying and troubleshooting Network & Security infrastructure through network based intrusion detection system, advance cyber security techniques and firewalls of various vendor equipment
• Experienced in SIEM tool such as Arc Sight to manage security events and big data analytics
• Installed Connectors and integrated multi - platform devices with Arc Sight ESM, developed Flex Connectors using Regex for the Arc Sight Unsupported devices / Custom Apps
• Experience in SOC team delivery using security analysis, investigations, reporting, Mitigation, and tuning
• Managing aspects of the Vulnerability Risk Management including vulnerability identification, analysis, and remediation coordination and reporting
• Strong understanding of legal / regulatory requirements such as PCI-DSS, HIPAA, NIST, ISO27001, FISMA, etc.
• Use Splunk for real time system monitoring, analysis, evaluation, forensic investigation, and for enforcing enterprise’s security policies compliance.
• Assisted and worked with CSIRT (computer security incident response team) with enhance knowledge of Threat Hunting
• Manage Identity Access management of Azure Subscriptions, Azure AD, Azure AD Application Proxy, Azure AD Connect, Azure AD Pass through Authentication.
• Having Experience Configuring and managing Azure AD Connect, Azure AD Connect health, Microsoft Azure Active Directory.
• Resolved Azure AD issues relating to Office 365, Active Directory to Azure AD and CAIDM to Active Directory.
• Resolving the Sync issue Microsoft Managed Services Service Provisioning Provider (MMSSPP).
• Provided guidance in the planning, gathering requirements, recommendations, and implementation of data migration to Office 365, and configuration best practices
• Experience in various technical and compliance areas of Information Security
• Expertise in Network & Endpoint security, Cloud security, Application Security, Incident management, VAPT, ISO 27001, HIPAA, GDPR and SOC 2
• Performing anomaly or malware hunts based on MITRE ATT&CK framework
• Hands on experience on the Palo Alto firewall platforms PA-7050, PA-5050, PA-2000 series, PA-200, PA-500. In depth knowledge with installation, configuration of checkpoint firewall-1 v. 4 to NGX R65.
• Experience in various technical and compliance areas of Information Security
• Implementing CISCO NIDS security policies to avoid malicious attacks in the network
• Responsible for SOC operations in 24x7 environment
• Experience configuring and deploying McAfee modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM.
• Knowledge of distributed Splunk installation with Forwarders, Clusters, Search head cluster.
• Skilled with Penetration testing (white, grey, and black box) with passive and active modules using Burp suite, Metasploit, custom scripts, and other necessary tools.
• Create security policies in CISCO NIDS to avoid and detect network intrusions
• Monitoring the network to avoid intrusions and apply mitigation techniques using NIDS
• Responsible for applying latest Symantec standards on various platforms (Windows, Unix, Middleware, AIX, etc.) through Symantec control compliance suite tool
• Implemented Fire Eye security to avoid malwares and cyber-attacks on the system
• Experience with NIST SP A and NIST SP .
• Experience in Palo Alto Firewall, VPN's, and networking with protocols i.e. NetBIOS, SNMP, telnet, SSH, ARP, etc.
• Experience in configuring all Palo Alto Networks Firewall models (PA-2k, PA-3k, PA-5k etc.) as well as a centralized management system (Panorama) to manage large scale firewall deployments.
• Experience in implementing security in different phases of SDLC. Have hands-on experience in application security, vulnerability assessments and OWASP along with different security testing tools.
• Experience using a wide variety of security tools to include Burp Suite, Kali-Linux, IBM App scan, Qualys Guard, Nessus, Metasploit, HP Fortify, HP Web Inspect, Wireshark, L0phtcrack, Snort, Nmap, Dirbuster, Open Vas, W3AF, BeEF, SOAP UI, FOCA, Havij, Yersinia, Recon-ng.
• Strong knowledge in Manual and Automated Security testing for Web Applications.
• Good Experience in exploiting the recognized vulnerabilities, CSRF, XSS, SQL Injection, Session management, Input validations, Output encoding, Cookie attributes, Encryption, Privilege escalations.
• Analyze the results of penetrations tests, design reviews, source code reviews and other security tests. Decide on what to remediate and what to risk accept based on security requirements.
• Involved in implementing and validating the security principles of minimum attack surface area, least privilege, and secure defaults, avoiding security by obscurity, keep security simple, fixing security issues correctly.
• Experience in Threat Modeling during Requirement gathering and Design phases.
• Performed software Licensing audit.
• Quick Learner committed team player with interpersonal skills and enjoy challenging environment with scope to improve self and contribute to the cause of the organization.
• Excellent problem-solving and leadership abilities.
• Hands on experience on FireEye NX, EX, HX, PX, and IA
• Configured Data leakage and protection policies to prevent data leakage of end client
• Expert Understanding to develop the complex Use Cases, Universal Device Support Modules (DSM’s) on the QRadar SIEM.
• Involved in Integration IBM Resilient IRP with IBM QRadar SIEM.
• Knowledge of Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Database Activity Monitoring (DAM), Identity and Access Management (IAM) solutions
• Responsible for integration of QRadar with Carbon Black Endpoint Security
• Supported for Security Operations Center (SOC). Monitor security system and diagnoses malware events to ensure no interruption of service. Identify potential threat, anomalies, and infections and provide report to the customers.
• Configured Tenable security center with latest version of Nessus scanner
• Configuring rules and Maintaining McAfee ePO(Antivirus) policies for host based protection
• Troubleshooting on the high severity issues related to McAfee ePO and McAfee end-point products to avoid any business impacts
• Hands on experience in Splunk to create various application based dashboards

TECHNICAL SKILLS

Fire Eye: CMS, NX, EX, HX, IA, PX

Network intrusion detection system: Cisco FMC1500, FMC2000, FMC3500

Symantec data leakage and protection: endpoint protection, web protection, network protection

SIEM: Arc Sight console 6.5

Security compliance tool: Symantec control compliance suite 11.1

Packet capture: Net flow integrator

Network security: Cisco NIDS, IPS

Antivirus: McAfee ePO 5.1

Vulnerability analysis: Tenable

Language: Linux Shell Scripting, PowerShell Scripting, and Python

Tools: Wire shark, TCP dump, Nmap, Nessus, Ncrack, Metasploit, Snort, Air crack, Splunk, ELK, Scalpel, Steganography, Cron, Iptables, Autopsy, SIEM, Bash, Cryptography, Risk Analysis, Penetration Testing, Vuln AssessmentGood knowledge of OSI & TCP/IP models.Vulnerability ManagementMicrosoft Windows serversActive directory, Group policy, DHCP, DNS

Security standards: OWASP, SANS, WASC, and NIST

Tools: Web Inspect, App Scan, Acunetix, HIAB, OUT SCAN, NStalker, Checkmarx, Nmap, Nessus, Burp Suite, Paros etc.

Operating System: Windows, Kali Linux, Mac

PROFESSIONAL EXPERIENCE

Confidential, AZ

Cyber Information Security Consultant

Responsibilities:

• Responsible of administrative role and duties of cyber security applications like FireEye, Network intrusion detection system, McAfee epolicy orchestrator, Symantec data leakage and protection, ArcSight, Symantec control compliance suite, Netflow integrator.
• Integrated IDS/IPS to ArcSight ESM and analyzed the logs to filter out False positives and add False negatives into IDS/IPS rule set
• Uncovered issues with Palo Alto Firewall DMZ setup allowing attacks to enter web servers
• Responsible for applying standards for each platform (Windows, Unix, Middleware etc.) with application like Symantec Control Compliance Suite
• Plan, organize and devise approaches necessary to respond to incidents to obtain useful forensic information, taking into consideration the requirements by agency regulations, federal and state laws - and company policies as they apply.
• Creating How-To, Knowledgebase, SoP, Flow-Chart, Progress-Chart, and RECI Matrix documentation.
• Research and Conduct PoC for new cyber security tools and capabilities.
• Knowledge of current enterprise detection and monitoring technologies and processes including IT Infrastructure experience preferably within Information Security, Cyber, IT Audit or System Forensics.
• Provided detection, analysis, research, and data gathering for security events. Provided technical response for Cyber Security Operations Team.
• Monitoring of security events using a Splunk and other feeds, looking for significant events, and processing reports of unexpected network activities.
• Creating Carbon Black new watch list rules based on MITRE ATT&CK Framework to alert the team on any malware, ransomware or malicious activities.
• Enhance Threat Detection and Hunting Efforts with MITRE ATT&CK framework.
• Forensic Data Collection and Real Time Threat Alerts to embedded SOAR capability using Caldera.
• Actively participated red vs. blue teaming exercises for custom built ransomware and malware attack infrastructure to perform Penetration Testing to discover vulnerabilities and breaches in security infrastructure and process.
• Investigating, Detecting and Protecting Cyber Incidents using Splunk and Carbon Black.
• Preparing Splunk Scripts for forensic investigation, diagnosis the cyber-attacks and incident alerts.
• Develops and submits detailed reports of findings, analysis and recommendations. Researches new vulnerabilities, attacks and exploits
• Creating manual and automated Gap Analysis based on various endpoint agents to ensure equal utmost optimize performing secured environment.
• Experience in SOC (Security Operation Center) to facilitate strong planning as per security protocol needed Analyse main Steps in IT Governance & Familiar with Cyber Security Process and ISO/NISI/ANSI Standard.
• Identification of Injection, Business logic, Authentication, Session Management related flaws in applications and encasing attack scenarios and associated risk to business.
• Providing preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy.
• Worked closely with application development teams to participate in design reviews to provide inputs from security point of view at the early phases of development.
• Key member in implementing security policies, procedures, standards, baselines, and guidelines.
• Key member in conducting the Security Audits for applications used by LAUSD.
• Conducted Security assessment for all user roles efficiently.
• Remediation of all Palo alto, Cisco, Juniper firewalls
• Conducted rigorous security assessments for the application using tools like Burp Suite, SQL Map, Fi Map, Directory Buster, OWASP ZAP, Nessus, NMap, and Kali Linux.
• Actively search for potential security issues and security gaps that are Confidential the ability of detection by any security scanner tool. Initiate and develop new mechanisms to addresses unidentified security holes & challenges.
• Configuring rules and Maintaining Palo Alto Firewalls& Analysis of firewall logs using various tools
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Exposure to wild fire feature of Palo Alto.
• Set up Palo Alto attack Dashboard Panels in Splunk
• Use standards like CVSS (Common Vulnerability Scoring System), CVE and DREAD approaches to provide the criticality (Critical, High, medium, Low) rating to the vulnerability identified.
• Good knowledge of network and security technologies such as Firewalls, TCP/IP, LAN/WAN, IDS/IPS, Routing and Switching.
• Monitor, Analyze and respond to security incidents in the infrastructure. Investigate and resolve any security issues found in the infrastructure according to the security standards and procedures.
• Created installation and configuration and test case scenarios documents for each specific device Connectors
• Conducted threat hunting analysis in ArcSight SIEM during each shift per shift report requirements.
• Utilized ArcSight to investigate incoming cases and create detail report of events during shift.
• Responsible for monitoring and detecting security incidents in ArcSight (SIEM).
• Develops rules, lists, and active channels in ArcSight ESM.
• Installing and Troubleshooting McAfee 8.8, ePO 4.5
• Experience in SOC team delivery using security analysis, investigations, reporting, Mitigation, and tuning efforts.
• Configured Nessus Scanner with latest security center version
• Integrated different devices data to Splunk Environment and also created dashboards and reports in Splunk
• Provided oversight of all changes to corporate firewalls, including pre-implementation analysis and approval, and post-implementation auditing. Identifying and remediating any threats and vulnerabilities as a Security Monitoring (SOC), Triage and Escalation to T2.
• Monitored and identified any suspicious events using the ArcSight ESM console and raise a ticket
• Responsible to implement and deploy Symantec DLP, McAfee ePO and NIDS policies to protect organization against latest threats
• Responsible to monitor traffic status, appliance and server health check to verify functionality
• Working closely with Appscan, Symantec and Rapid7 for any malware activity on environment.
• Ensuring Symantec DLP policies are in place and scanning the environments for incidents.
• Assisting in DLP policy development for the non-production environment.
• Monitoring the enforce console for incidents and troubleshooting.
• Provide real time intrusion detection host based monitoring services using Symantec Endpoint.
• Actively monitored and responded to activity impacting various enterprise endpoints facilitating network communication and data handling (McAfee End Point Security, DLP, Splunk)
• Data Loss Prevention suit, Symantec DLP Product - Implementation and deployment as the champion team.
• Assisted engineers with Splunk troubleshooting.
• Created Splunk dashboards for investigations
• Monitor and investigate SOC incidents and alerts with McAfee EPO.
• Document all activities during an incident with status updates during the life cycle of the incident.
• Analyze network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.).
• Provide information regarding intrusion events, security incidents, and other threat indications and warning information.
• Design DLP architecture and handle Third Party Risk Assessment and Managed SOX audits
• Configure and Install IBM QRadar Enterprise, Agent, and Apache Server for user and role authentication and SSO.
• Helped Customers configure and maintain their email security and anti-Spam solutions using Symantec Messaging Gateway and Symantec Mail Security for Microsoft Exchange
• Versed in PCI-DSS, HIPAA, ISO-27001/2, NYSDFS, GDPR, COBIT, CIS Controls, and ABA Cybersecurity compliance regimes.
• Work under the direction of the Team Leader to maintain security devices and show practical experience in managing SIEM environments, FireEye standalone devices such as NX, EX and HX, NIDS, UNIX servers, and packet capture devices
• Review and ongoing assessment of malware analysis techniques, intrusion detection/intrusion prevention, SIEM, application access control, Antivirus, and other network component policies
• Ensure network security best practices are implemented through auditing: database servers, traffic analyser sensors, firewall rules, change control, and monitoring.
• Configured Intrusion policies, health policies and system policies in for network traffic analysis
• Worked and configured Netflow Integrator tool which converts processed data to Syslog from edge routers, switches, firewalls then send to Splunk
• Installation of Connectors and Integration of multi-platform devices with IBM Qradar.
• Configuring log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases, and apps.
• Integration of IDS/IPS to IBM Qradar and analyze the logs to filter out False positives and add False negatives into IDS/IPS rule set.
• Ensures the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through the performance of formal Risk Assessments, Policy and Governance, and internal Threat Analysis in regards to a SOC environment, with the use of SIEM tools.
• Categorize the messages generated by security and networking devices into the multi-dimensional IBM Qradar normalization scheme.
• Develop content for IBM Qradar like correlation rules, dashboards, reports and filters, Active lists, and Session list.
• Review and updating SystemSecurityPlan (SSP) based on findings from Assessing controls using NIST SP rev1, NIST SP a rev4, and NIST SP .
• Scheduled enterprise vulnerability scans to ensure there is no impact on client facing or critical information assets. (Internal Nessus, Nexpose and Metasploit scans in coordination with the enterprise Red Team, and external scans (Qualys)). This role required the ability to configure scanning tools and identify the scope of the scans being performed (target range, expectations, support role delegation).
• Implementation, configuration, and support of Checkpoint and ASA firewalls for clients.

Confidential, Frisco TX

Network Security Administrator

Responsibilities:

• Configured, implemented and troubleshooting issues on Checkpoint R77.10 Gaia, R75, Cisco ASA 5540 and Palo Alto firewalls for the client environment
• Involved in implementing malware protection, policy control, analyzing logs and different reports using Palo Alto PA-5020
• Configured Cisco ASA and Checkpoint firewall layers securing existing Data Centre infrastructure
• Managed corporate Checkpoint Firewall management and operation and implementing security rules and mitigating network attacks
• Configuring rules and Maintaining Checkpoint Firewalls & Analysis of firewall logs using various tools
• Deployed and configured network based Cisco IDS/IPS v5
• Exposure to wild fire advance malware detection using IPS feature of Palo Alto
• Configuring rules and Maintaining Palo Alto Firewalls with IPS module & Analysis of firewall logs
• Implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms
• Worked extensively in Configuring, Monitoring and Troubleshooting Cisco's ASA 5500/PIX security appliance
• Managed fast Layer 3 switched/routed LAN/WAN infrastructure as a part of Network team. The LAN consisted of Cisco campus model of Cisco 3550 at access layer, Cisco 6513 at distribution/core layer.
• Worked with telecom vendors in regards to network fault isolation.
• Hands-on experience with WAN (ATM/Frame Relay), Routers, Switches, TCP/IP, Routing Protocols (BGP/OSPF), and IP addressing.
• Ability to use NAT and Firewall security policies in Checkpoint.
• Experience in working on Configuring Multicast.
• Identify, design and implement flexible, responsive, and secure technology services
• Experience with Firewall Administration, Rule Analysis, Rule Modification
• Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms.
• Deployed 7613 as PE and CE router and Configured and troubleshoot the Edge Routers.
• Configured egress and ingress queues for ISP facing routers using CBWFQ.
• Identify, troubleshoot, and resolve LAN/WAN network problems (DNS, DHCP, TCP/IP and a variety of hardware and other networking issues)

Confidential

Network Support

Responsibilities:

• Worked as Networking and Hardware Engineer where areas of responsibilities included
• Complete Windows-NT and Windows-2000 Administration i.e.(Configuring and Implementing Win-NT and Win-2000) based Network
• Installing Operating system windows 98/NT, Windows 2000, XP Professional/Server.
• Management Active Directory services, Group policy, Backup & Recovering.
• Assembling PC’s, troubleshooting hardware problems, worked with branded PCs like Compaq; HP & IBM Installation of Different software’s including Operating Systems, Servicing Printers and UPS systems. Routine Maintenance of Hardware & Peripherals
• Creating design/layout of Web pages, designing graphical user interfaces of Web pages and products, and hosting Web pages on the Internet Modifying, redesigning, and promoting Web sites for improving and promoting business Transactions.