SUMMARY

• Security event analysis and incident response using SIEM tools like ArcSight & Splunk.
• IDS/IPS, Firewall, Router, OS, Network log analysis, investigation, and remediation.
• Experience in SIEM Use case development and create playbook or knowledge documents.
• Conduct Vulnerability assessments and provide remediation procedures.
• Experience with Security Audits, Risk & Compliance standards PCI - DSS, SOX, HIPAA, GDPR, CCPA, SOC 2, ISO 27001, OWASP Top 10, Cyber Kill Chain, MITRE ATT&CK and NIST RMF & Cybersecurity Framework.
• Strong knowledge on TCP/IP, UDP, DNS, HTTP, SMTP, VPN, networking, routing & switching, and penetration testing tools.
• Good team player with creative thinking, problem solving capabilities and having excellent written and verbal communication.

TECHNICAL SKILLS

SIEM Tools: ArcSight ESM, Splunk Enterprise Security

Operating Systems: Windows (7, 10, Server 2012 & 2016), Linux (Ubuntu, RedHat, Kali), Unix

Security Tools: Crowdstrike, Proofpoint, FireEye MPS, Carbon Black, Stealth Watch, Demisto (Cortex XSOAR), Symantec ATP, Symantec Messaging Gateway, Cisco IronPort, Active Directory, Microsoft ATA, Proofpoint Email Protection, Encase, Autopsy, Volatility, Sysmon

DLP Solution: Symantec DLP Enforcer

Security Assessment Tools: Nmap, Wireshark, Nessus, Rapid-7 Nexpose, Metasploit

Scripting Languages: Python, PowerShell, SQL, Bash

Cloud Technologies: AWS, Azure

Ticketing & GRC tools: Archer eGRC, Service Now, Risk Fabric, Jira, Remedy

Database Technologies: MySQL, Oracle

Office Suite: Microsoft Office, Google G-Suite, Microsoft Office 365

Firewall & IDS: Sourcefire, Checkpoint, pfSense

PROFESSIONAL EXPERIENCE

Confidential, Englewood, CO

Sr. Information Security Analyst

Responsibilities:

• Investigate and remediate the security incidents reported by lower tiers, respond based on the agreed severity level.
• Conduct thorough cyber security investigation and help coordinate mitigation & response between Security Operations and technology stakeholders to drive incidents to timely and complete resolution.
• Contribute to SIEM use-case development, dashboard creation for security monitoring, based on data derived from a variety of security tools.
• Develop and maintain runbooks, incident response SOAR automation playbooks for security orchestration and job aids for all activities under scope.
• Analyze data, perform application, log, OS, disk, network level analysis for troubleshooting and researching events and alerts, discover and identify its source, purpose, intent, and if malicious or abnormal, then operate within the incident response procedures.
• Conduct Static & Dynamic malware analysis, Malware reverse engineering, Forensic investigation, Threat hunting, Full packet capture analysis, log correlation, root cause analysis, vulnerability scanning, remediation, and security audits.
• Write scripts using Python, PowerShell, Bash and SQL to automate the tasks.
• Analyze Windows, Linux, Unix, Database, Firewall, Router and network flow logs and handle phishing, external data exposures, IOC, suspicious incidents reported and follow end to end process to make sure all risks are neutralized.
• Provide input to incident summaries, security compliance reports, post-mortem and executive reports.
• Handle and respond to all cloud security incidents reported via ticketing platforms (AWS, Azure, Google, Oracle).
• Assist higher tiers in investigation by performing scans and searches on tools at disposal (Splunk SIEM, Cisco Stealthwatch, Symantec DLP, NMAP, Wireshark, Nexpose Vulnerability Scanners, IDS, IPS, Firewalls, Proxies, Web Application Firewalls.

Confidential, Irving, TX

Security Compliance Analyst

Responsibilities:

• Supported the team to create & implement security policies, procedures, and controls to ensure company's compliance with regulatory and industry standards such as SOX, GDPR, HIPAA and CCPA.
• Assisted in the development of key security standards and guidelines by performing in depth security assessment using frameworks like PCI DSS, ISO 27001, NIST Cyber Security & Risk Management.
• Identified potential risks associated with system configurations and advise on mitigation strategies.
• Conducted regular meetings with stakeholders to make sure all are up to date on compliance requirements.
• Upheld the compliance risk-based framework by identifying and assessing the effectiveness of controls in place via engagement with management and, where necessary, develop action plans to address control deficiencies or gaps identified.
• Conducted periodic internal reviews or audits to ensure that compliance procedures are followed.
• Analyzed OS, systems, hardware configurations, physical security, and operating procedures across organization and create security baselines and suggest protective mechanisms.
• Defined, implemented, and maintained corporate security policies and procedures.
• Provided employee on compliance related topics, policies, or procedures.
• Performed and validated vulnerability assessment scans and works with internal teams to resolve potential risks and vulnerabilities.
• Assisted internal or external auditors in compliance reviews.
• Followed data architecture standards, policies and procedures, and classification of data elements.
• Coordinated with other Information System departments to ensure implementation of databases and monitoring of database performance.
• Ensured architectural integrity and consistency across the entire project.
• Advised internal management or business partners on the implementation or operation of compliance programs.
• Prepared management reports regarding compliance operations and progress.

Confidential, Englewood, CO

Senior Security Analyst

Responsibilities:

• Investigated suspicious network activities, cyber security incidents utilizing a variety of tools such as ArcSight, Splunk, Carbon Black, Symantec ATP, FireEye, Source Fire IDS, Symantec DLP & Stealth Watch and remediated it using standard operating procedures.
• Worked in 24/7 CSIRT team and handled security incidents triggered in SIEM tool.
• Conducted cyber security analysis on the events and incidents triggered in SIEM and took necessary steps to secure the network and assets.
• Performed incident response activities such as host triage and retrieval, malware analysis, full packet capture analysis, remote system analysis, forensic analysis, phishing email analysis, and took necessary actions to contain it.
• Defended the network intrusions, DDOS attacks and malicious attacks by promptly identifying the attack at initial stage and blocking the IPs in firewall or null routing the IPs in the network.
• Participated in Splunk Enterprise Security solution implementation, administration and fine tuning SIEM use cases.
• Analyzed the malware incidents and worked on finding root cause analysis and mitigation.
• Created rules, dashboards, and reports in SIEM for detecting and analyzing suspicious events across all the platforms.
• Handled cloud security incidents from Azure and AWS.
• Participated in planning, designing of CSIRT incident response process and procedures.
• Tested Security incident response plan periodically and improved the incident response plan and conducted security incident trend analysis.
• Assisted with selection and implementation of NIST Cyber Security Framework controls that apply security protections to systems, processes, and information resources.
• Tested and coordinated with vendors on deploying new security product Symantec ATP.
• Created knowledge base documents and playbooks for SIEM use cases in aligned with MITRE ATT&CK Framework and Cyber Kill Chain.
• Performed security & vulnerability assessments using Nessus, Nmap & Wireshark on networks, routers, servers, endpoint systems and coordinated with teams on remediation and patch management efforts.
• Analyzed the vulnerabilities & Indicator of Compromise (IOCs) incidents reported by Threat Intelligence and took preventive actions to secure the network.
• Write custom scripts using PowerShell, Python and Bash for automating the tasks in SOAR platforms and Active Directory.
• Participated in regular team meetings and created reports to the management.
• Ensured data integrity and confidentiality of sensitive information and protect company against data breaches, using DLP (Data Loss Prevention) solutions like Symantec Enforcer and Bay Dynamics Risk Fabric.

Confidential, Minneapolis, MN

Security Analyst

Responsibilities:

• Worked in 24/7 Security Operations Center and monitored logs from various devices such as Routers, Switches, Firewall, Intrusion Detection Systems (IDS), Intrusion Prevention System (IPS), OS, Applications, Databases, and Web servers.
• Investigated the alerts triggered in SIEM tool, analyzed, and took necessary action to remediate it.
• Performed log analysis, network traffic flow analysis, malware analysis to identify the root cause of the incident.
• Analyzed the spam and phishing email through email gateways, web tools and blocked suspicious emails, IPs, and domains.
• Written and modified scripts to parse out device messages and interface with the categorization database.
• Installation, upgradation, troubleshooting, of all SIEM solution components such as Manager, Database, Smart Connector, and logger.
• Worked on sensing the parsing related issues on all Smart Connectors and modify the parser to log the accurate data.
• Handled Incident, Problem and Change Management on SIEM solution.
• Implemented Network and Asset Models to build a custom business-oriented view within an ESM environment.
• Customized an ESM environment by creating Active Channels, Data Monitors flow, and Dashboards design to visually manage security event data sources in an enterprise environment.
• Utilized ArcSight Stock Content, such as standard Filters, Rules, Active Lists and Reports, which make ArcSight ready to use upon initial installation.
• Designed and implemented custom Filters, Rules, Session Lists and Active Lists, Dashboards along with Integrated Case Management and Workflow, to identify, categorize, and, if needed, escalate events of interest into ArcSight.
• Developed custom scripts using Linux Bash, C, SQL, JavaScript and Python for Active Directory and internal tools.
• Created and managed incident handling documents and SIEM workflow documents.
• Performed vulnerability scanning with Nexpose tool and coordinated with patch management team to remediate it.
• Worked on various tools such as ArcSight, Splunk, Symantec Endpoint Protection, FireEye, Symantec Messaging Gateway, Cisco Routers, Bluecoat Proxy, Checkpoint Firewall, Symantec Data Loss Prevention to investigate, correlate and to remediate the security incident.