SUMMARY

• Technical expert with over 6+ years of IT experience, with a comprehensive knowledge & Experience of computer Information SystemsSecurity,CyberSecurity, IAM and Network Operations.
• InformationSecurityOfficer (ISO) - InformationSecurity, GRC Consultant with experience in Governance, Risk, Compliance & Audit - ISO 27001, PCI, HIPAA, SOX etc. InformationSecurity& Networksecurityfunctions.
• Extensive knowledge in the areas of systemsecurity, vulnerability scanning, penetration testing, risk assessment andcybersecurityanalysis. Experience in project coordination and system implementation of government systems, banking, brokerage, telecommunication, ISP and other large computer networks. Highly organized team player with the ability to effectively manage project milestones, and project delivery.
• Excellent understanding and knowledge of Identity and Access Management (IAM) and Role Based Access Control (RBAC)
• Experienced Cybersecurity Network Defense Analyst who is expert on protecting industry-specific attack surfaces of commercial networks and protecting digital assets, monitoring current vulnerabilities in networks and following industry-specific TTPs
• Establish a strong GRC (Governance, Risk and Compliance) practice to ensure adherence to best practice, regulatory requirements and ISO 27001.
• Excellent knowledge of FISMA, HIPAA and NIST Compliance usage, rules and regulations
• Facilitate implementations of informationsecuritypolicies, accountsecuritypolicies and standards for logical and physicalsecurity.
• InformationSecurityOfficer (ISO) - experience in Governance, Risk, Compliance & Audit - ISO 27001, PCI, HIPAA, McAfee, SOX etc. InformationSecurity& Networksecurityfunctions.
• Reviewing current systemsecuritymeasures and recommending and implementing enhancements.
• Coordination of regular application and system tests and ensuring continuous monitoring of networksecurity.
• Assistance in updating project timelines based on thesecurityauthorization requirements impacted by ongoing system upgrades and modernization.
• Experienced in Automating, Configuring and deploying instances onAWS, Azure environments and Data centers, also familiar withEC2,Cloud watch,Cloud Formationand managingsecuritygroups onAWS.
• Experienced in CyberArk Administration and troubleshooting.
• Develop best practice recommendations and versatile strategies to clients requiring EPM CyberArk, and develop requirements and architecture for successful deployment of CyberArk.
• Deployment, support and management SME for CyberArkEPM software on endpoints, including but not limited to, upgrades, single machine policies and software removal.
• Maintenance and Vulnerability Management of Hybrid infrastructure and strong experience in automating Vulnerability Management patching.
• Skilled at designing and implementingcybersecuritysolutions for government and financial organizations that consistently reducesecuritycosts while elevating thesecuritystatus of the environment.
• Hands-on experience inMicrosoftAzureCloudServices (PaaS & IaaS), Storage, Web Apps, Active Directory, Application Insights, Internet of Things (IoT),AzureSearch, Key Vault, Visual Studio Online (VSO) andSQLAzure.
• In depth Knowledge ofAWScloud service likeCompute, Network, StorageandIdentity & access management.
• Hands-on Experience in configuration of Network architecture on AWS withVPC,Subnets,Internet gateway,NAT.
• Configuring, troubleshooting, and administering TenableSecurityCenter, TenableNessus, AppDetective, and WebInspect.
• Implemented and configured Cisco titration and Cisco Emailsecurityfrom scratch.
• Configuring and maintaining Palo Alto firewalls, Cisco ASA firewalls& analysis of firewall logs using various tools.
• Experience in providing administration support forsecuritytools such as Tanium, Splunk, McAfeeePO, Forescout.
• Successful in initiating six separatesecurityprograms which passed all third-party audits and all established laws and regulations.
• Maintaining critical monitoring systems (Splunk - log management systems) measuring system errors logs performance and availability. Evaluation of log management solution Splunk plus open source Linux storage systems.
• Subject matter expert (SME) for DLP, Firewall, VPN, Archer, Vulnerability Management solutions, IDS/IPS/WIPS, SIEM and EndpointSecurity.
• Expert at implementing networksecurity, SIEM tools, new concepts, identity management, newsecuritytechnologies, securing cloud architecture, and newsecuritycontrols as well as in developing innovativesecuritycontrols and processes that meet business and executive requirements in order to protect information.
• Scanning the network and provide the scan reports to operational teams.
• Mitigate vulnerabilities identified inSecurityscans.
• Excellent knowledge of FISMA, HIPAA and NIST Compliance usage, rules and regulations.
• Having Strong understanding of DLP Architecture, OSINT and TECHINT reconnaissance.
• Experience with Windows and Linux based vulnerability assessment tools, firewalls, IDS/IPS, Nessus, NMAP, SIEM, Splunk, Static Code Analysis, ArcSight, Rapid7.
• Industry experience on Identity and access management (IAM) Tools and fundamentals Investigation of malicious codes using Basic and advanced static and dynamic Malware analysis technique.
• Experienced using SPLUNK, DynaTrace& APPINSIGHT for monitoring.
• Experienced with common penetration testing and vulnerability assessment tools such as nmap, wireshark, Nessus, NeXpose, BackTrack, Metasploit, AppScan, WebInspect, Burp Suite, etc
• In-depth understanding of various types of network & web based attacks and remediation. Familiarity with well-known vulnerabilities and exploits.

TECHNICAL SKILLS

DLP: Symantec, McAfee, Websense, Cisco Emailsecurity

EndpointSecurity: Symantec SEP, O365security, Defender ATP, McAfee

IPS/IDS: McAfee IPS, Secure Works IDS/IPS, SNORT

SIEM: Splunk, Tanium, IBM QRadar, Symantec MSS, Azure Sentinel.

SecurityKnowledge: SecurityStandards, OWASP, Cryptography, Hashing, Encryption, Virtualization, Identity Management, Incident Response, PulseSecure VPN, Firewalls, Log Analysis, Vulnerability Assessment and Penetration Testing (VAPT), Malware Analysis, LDAP, AWS MFA, SSL, AV, IDS, IPS, HTTPS, TCP, DNS, DHCP, CIP, CJIS, HIPAA, PCI, SOX, ISO.

Vulnerability Management: Rapid7 Nexpose, Qualys Guard, Nessus, Tanium, Twistlock, Carbon Black

Application and WebsecurityTools: OWASP, SNORT, Acunetix, Burp Suite, Nessus, Nmap, Wireshark, Grabber, Zed Attack, Skipfish Hydra, Firewall, IDS, IPS.

Platforms/Applications: Vulnerability Management, Web Application Scanning, Threat Management, Policy Compliance, Asset Management, Governance, Risk and Compliance, Software based encryption for endpoints, RSA Archer, Blue Coat Proxy, Cisco titration, Cisco EmailSecurity.

Administration: InformationSecuritytools, Active Directory, Windows Server 2008.

CLOUD: AMAZON WEB SERVICES, MICROSOFT AZURE, GOOGLE CLOUD

DEVOPS TOOLS: CHEF, PUPPET, ANSIBLE, JENKINS, MAVEN, GRADLE, GIT, BITBUCKET, SUBVERSION

Firewalls: Palo Alto, Cisco ASA, SolarWinds, Check Point.

Operating System: Windows, Linux, Ubuntu, Kali, Unix.

Security Intelligence: WhiteHat WebSecurity, iDefence, NTTSecurity, LogRhythm

PROFESSIONAL EXPERIENCE

Confidential, NYC

Cyber Information Security Consultant

Responsibilities:

• Excellent ability to influence internal and external stakeholders and build consensus - build and drive “virtual” cross-functional teams
• Experience breaking down technical problems and effective solutions to management
• Outlinesecurityproblem areas for compliance, accuracy and productivity
• Responding to network incidents produced by network scans (SolarWinds, OP5) or reported by users. Reducing the risk of recurrence by performing root cause analysis and providing appropriate remedy.
• Monitoring networksecurity, isolate potentialsecurityvulnerabilities, and remedysecurityissues that could compromise the network by running diagnostics programs on networks to pinpoint problems and monitor overall network health.
• Worked with the SME’s to develop Identity and Access Management (IAM) Program Framework
• Responsible to elicit high level IAM Business Requirements from key business and technology stakeholders
• Responsible to create Business Requirements Document (BRD)
• Created Requirements Traceability Matrix (RTM) in MS Excel
• Responsible for mapping requirements to IAM capabilities, SOX controls and PCI controls
• Held interviews and workshops with key business and technology stakeholders to assess current state IAM tools
• Responsible for current IAM tools to Framework mapping
• Identify and document detailed current major IAM Service Gaps (Gap Analysis) or deficiencies for processes, products and tools
• Worked with SME’s to develop Maturity Model for improving IAM maturity over time
• Worked with the SME’s and key stakeholders to assess current and target state maturity for each IAM capability in the Framework
• Worked with SME’s to prepare knowledge transfer document for Trusted Third Party Assessment
• Identified IAM functional areas in scope and involve in Trusted Third Party market analysis for IAM
• Worked with the SME’s to define the future state of an IAM solution to adequately prepare for the build, test and implementation stages
• Worked with the IAM team to develop IAM Roadmap and Release Plan by identifying gaps between the current and future state and identifying initiatives for proposed future state solutions not available in current systems
• Monitoring asset discovery scans.
• Monitor and investigate SOC incidents and alerts with McAfee EPO.
• Review and ongoing assessment of malware analysis techniques, intrusion detection/intrusion prevention, SIEM, application access control, Antivirus, and other network component policies
• Ensure network security best practices are implemented through auditing: database servers, traffic analyser sensors, firewall rules, change control, and monitoring.
• Configured Intrusion policies, health policies and system policies in for network traffic analysis
• Worked and configured Netflow Integrator tool which converts processed data to Syslog from edge routers, switches, firewalls then send to Splunk
• Integration of IDS/IPS to IBM Qradar and analyze the logs to filter out False positives and add False negatives into IDS/IPS rule set.
• Ensures the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through the performance of formal Risk Assessments, Policy and Governance, and internal Threat Analysis in regards to a SOC environment, with the use of SIEM tools.
• Categorize the messages generated by security and networking devices into the multi-dimensional IBM Qradar normalization scheme.
• Develop content for IBM Qradar like correlation rules, dashboards, reports and filters, Active lists, and Session list.
• Review and updating SystemSecurityPlan (SSP) based on findings from Assessing controls using NIST SP rev1, NIST SP a rev4, and NIST SP .
• Implementation, configuration, and support of Checkpoint and ASA firewalls for clients.

Confidential

Cyber Security Engineer

Responsibilities:

• Work on a day to day basis to document vulnerabilities, launch on-site scans, schedule scans, and mitigate vulnerabilities.
• Performed real-time proactiveSecuritymonitoring and reporting on variousSecurityenforcement systems, such as Splunk (SIEM), Endpoint Protection, ATP defender, Malware Analysis, Firewalls, IDS& IPS, WebSecurityetc.
• Managing all ACC systems from endpoint perspective using McAfee ePO tool which includes managing Agent, VSE, pushing client tasks.
• Experienced with Azure E5securitytools products (Defender ATP, Azure Sentinel, Azure ATP, Office 365security,securitycenter, Defender for Identity, Defender for endpoint.
• Experience with enterprise - classsecurityproducts such as web proxy, reverse proxy, load balancing, IDS/IPS, DLP, Firewall, IPsec/SSL VPN, WAN/LAN, wireless and remote connectivity.
• Daily monitoring of WAF using Akamai and provided traffic metrics.
• Develop ISO-based controls that address regulatory requirements associated with PCI, HIPAA and SOX.
• Developedsecurityuse-cases and provide tuning of Azure Sentinel to ensure proper alerting ofsecuritythreats.
• Provided SIEM expertise for solutions such as Azure Sentinel, and other similar tools.
• Assisted is the initial SIEM deployment and oversee SIEM operations, fine-tuning SIEM and associated use cases, data queries, and dashboards.
• Provide Tier 3 support on daily incidents with Azure AD, Azure Sentinel, and MCAS.
• Assess, design, implement, and integrate enterprisesecuritysolutions including, but not limited to, next - generation firewalls, web application firewalls (WAF), intrusion prevention/detection systems (IDS/IPS), content filtering, secure log management,securityinformation, event management (SIEM) systems, anti-malware solutions, mobile device management (MDM), User Behavioral analysis (UBA), and endpointsecuritysolutions.
• Responsible forsecuritypatch deployment to windows and linux servers.
• Performed installation and configuration management ofsecuritysystems and applications including CiscoEmailSecurity, Cisco tetration, Burp Suite, Microsoft defender ATP, including policy assessment and compliance tools, networksecurityappliances and host-basedsecuritysystems.
• Setting the organizationalsecuritystandards for Cisco routers, switches, and firewalls and working with our network and networksecurityteams to ensure compliance and address any possible issues.
• Experience in Service Validation, Gateway support and Troubleshooting Network &Securityinfrastructure on routers, switches & firewalls.
• Configuring log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases, and apps.
• Configuring rules and Maintaining Palo Alto Firewalls& Analysis of firewall logs using various tools
• Implemented Positive Enforcement Model with the help of Palo Alto Networks.
• Exposure to wild fire feature of Palo Alto.
• Set up Palo Alto attack Dashboard Panels in Splunk

Confidential

Information Security Analyst

Responsibilities:

• Establish a strong GRC (Governance, Risk and Compliance) practice to ensure adherence to best practice, regulatory requirements and ISO 27001.
• Adept with QRadar, Symantec PCAP, Symantec CloudSOC, PAN Firewall, PAN WildFire, PAN TRAPS, PAN Redlock, FireEye, ThreatQ, Microsoft SCEP, Microsoft O365Securityand Compliance Portal, ProofPoint,
• Working with McAfee ePO for managing client's workstations for providing end pointsecurity.
• Facilitate implementations of informationsecuritypolicies, accountsecuritypolicies and standards for logical and physicalsecurity.
• Worked on SIEM, as well as solar winds, Symantec end to end pointsecurityfor malware detection and threat analysis.
• Experience with national, international, and/or sectoral cloudsecurityassurance/compliance regimes and frameworks such as Federal Risk and Authorization Management Program (FedRAMP), Federal
• Responsible for performing application penetration testing on web, thick client, and other types of applications to identify significant vulnerabilities that threaten the confidentiality, integrity, and availability of customer systems.
• Implementation and configuration of the network infrastructure in Business environment.
• Installation and maintenance of McAfee Drive Encryption used to encrypt all workstation hard drives in the environment to secure the data stored on them.
• Installation, maintenance and monitoring of McAfee Data Loss Prevention Endpoint, one piece of the Removable Media Encryption suite.
• Installation,maintenance and monitoring of McAfee File and Removable Media Protection, the second piece of the Removable Media Encryption suite.
• Setup and configuration of test benches includes configuring Cisco UCM, 29xx/3800 series routers, Cisco 7975/9971 IP Phones, RSVP gateways, POE switches and Media servers, implemented all VMware configurations for CUCM installs using vSphere.
• Implemented and configured CASB solution including Netskope to secure the enterprise with a cloud.
• Tested and certified new software such as Tanium Protect (an access control software) and PEGA trouble ticketing software.