SUMMARY

• Overall 9+ years of IT Experience with design, development, implementation and troubleshooting Network & Security infrastructure.
• Technically competent, diligent and result oriented IT Professional offering 9 years of total experience, currently spearheading functions as Cyber Security Engineer with Confidential, Maryland.
• Experience with Mainframe RACF ACF2, AS400, IBM Z Series, Unix, Windows, IMAC's and Technical Support.
• Worked extensively with Mainframe Security Administration using RACF ACF2 application access provisioning Role Based Access Control RBAC
• Experience in implementing RBAC, preparing scripts using JCL, Enhancement of Security by implementing authentication using RACF ACF2.
• Comprehensive experience in the areas of designing, developing, Continuous Integration, Continuous Delivery
• Continuous Deployment and Continuous Monitoring of Enterprise level distributed applications.
• Experienced in all phases of the software development life - cycle (SDLC) and have an in-depth understanding of the principles, best practices of software configuration management (SCM) in Agile, Scrum and Waterfall methodologies.
• Strong technical aptitude on IT Security, Enterprise Firewalls, Identity Management, End Point security technologies, Web and Email Security, Server application monitoring and analysis.
• Have expert knowledge of Data Loss Prevention principles and apply that knowledge in their daily cloud security work.
• Experience Azure Active Directory, Active Directory, Windows Admin and VM Ware Administration
• Manage Identity Access management of Azure Subscriptions, Azure AD, Azure AD Application Proxy, Azure AD Connect, Azure AD Pass through Authentication.
• Having Experience Configuring and managing AzureAD Connect, AzureAD Connect health, Microsoft Azure Active Directory.
• Resolved Azure AD issues relating to Office 365, Active Directory to AzureAD and CAIDM to Active Directory.
• Mitigate users from GlobalProtect VPN to zScaler ZPA to improve VPN performance.
• Design, document, and engineer multiple Hybrid data center’s (Equinix, AWS, GCP, Azure) network infrastructure for zero-trust multi-tenant requirement utilizing - Cisco Nexus 9k, Arista 7K leaf-spine EVPN/VXLAN fabrics; Cisco ASR 1k/CSRv, Viptela vEdge/cEdge and Silver Peak for WAN/SDWAN global backbone.
• Exchange O 2016 deployment and migrations
• Exchange O365 account administration\ troubleshooting
• Exchange calendar/shared folder permissions and delegation.
• Perform/create queries and user account
• Experience working with Palo Alto Next Generation Firewall with security, networking and management features such as URL filtering, Anti-Virus, IPsec VPN, SSL VPN, IPS, Log management.
• Experience in handling various modules of CyberArk, mainly Enterprise Password vault (EPV), Application Identity management (AIM), Central Policy Manager (CPM), Privileged Session management (PSM), Event Notification Engine (ENE). Upgrading CyberArk suite of products from 7.x to 9.x. (CPM, PSM, EPV and PVWA)
• Experience in development, design, and implementing security in IAM technologies that consist of PingFederate, Ping Access, Ping ID, SiteMinder and LDAP directories.
• Continuously improving and automating in IAM technologies that consist of PingFederate, Ping Access, Ping ID, SiteMinder and LDAP directories.
• Testing Lifecycle management in healthcare, retail ecommerce application using Agile methodology, including third party integrations such as Paypal, Borderfree, Truefit and Vendornet
• Having experience in Agile Sprint backlog grooming, sprint planning and Sprint review in Sprint Retrospective.
• Experience in working on Ping federate 8.x, 9.x, SAML 2.0, Oauth 2.0, OpenID/Connect (OIDC).
• Involved in Cloud Security Infrastructure and design for client’s in-house Azure Applications
• Configured Azure Key vault and key management policies
• Good experience in MS dynamics, .NET, MVC Frameworks, SQL Server.
• Performed security assessment on Azure Hub-Spoke environment
• Enable/Disable Security Policies in Azure Security Center for all Subscriptions
• Bluecoat proxy server’s setup, configuration, upgrade and troubleshooting with optimization of WAN Application, SSL traffic, Web traffic, URL filtering & Content filtering.
• Write, edit and maintain PKI Documents to include, CP, CPS, HSM, SSP and other Security documents.
• Knowledge of cryptography concepts, PKI, SSL, Host Security Modules (HSM), Smart cards, Symmetric, Asymmetric (Public/Private-PKI)
• Experience with Ping Identify Products and services - Ping Fed, Ping Access, Ping Risk.
• I calibrated and validated firm’s newly implemented VaR Market Risk Model and produced Model Validation Report. I helped to shape the back testing for VaR models, Product Level Model Performance and governance framework around VaR Model production (i.e., FX, IR, Credit, Equity and Equity Volatility VaR);
• Evaluate Model Risk Management, Global Model Validation and Governance framework ensuring continuous improvements for model risk management (Input and output data statistical properties analysis, model & vendor selection process, constructive challenge to the model methodology and model verification & version control) in light of industry best practice, materiality of the firm’s model risk and regulatory requirements (Model Validation for Trading, Credit Risk, Market Risk, Operational Risk, Treasury/Finance models and Anti Money Laundering models).
• Knowledge of CyberArk, splunk and Databricks.
• Deployed, implemented, configured and managed Cisco FWSM and ASA Firewalls, Cisco IDS/IPS, Cisco ISE, Wireless Controllers/APs and Cisco Meraki Cloud Wireless Security on high volume critical production environment.
• Conducted and performed security review and testing of Cisco ASA, Cisco FWSM Firewalls, Cisco Routers, Cisco WLANs Controllers/APs, and Cisco Meraki Cloud WLANs based on NIST, SOX, ISO 27001 and PCI DSS compliance standard.
• Configured and performed automation, manual, dynamic and static testing of Cisco Devices and Web Security Appliances with Perl and Java Scipt for security vulnerabilities and attacks mitigation.
• Configured and managed OSPF, BGP, HSRP, VRRP and ARP security vulnerabilities defense and mitigation.
• Deployed, configured, and implemented Imperva SecureSphere WAF and DAM, WebInspect, Appscan, OWASP for Web-based application vulnerability analysis and code review process.
• Increase maturity of PKI product/service by defining Governance and Standards, building Product Roadmaps, and publishing the PKI Engagement model with SLAs.
• Closely collaborate with security architects in developing cloud security frameworks for the enterprise.
• Provide thought leadership on cloud usage strategy, monitoring, alerting, reporting, and blocking.
• Examine current cloud security practices and identify key risks, then execute programs to address them
• Lead large scale programs that span the enterprise to deploy and manage various cloud security appliances and agents.
• Develop, maintain, and report on key cloud security metrics - both as a program and on an individual basis; creating metric templates and scoring models.
• Implemented and monitored GCP Cloud monitoring and Logging (Stackdriver)
• Configured Pub/Sub to send logs from Google Cloud (GCP) to IMB QRADAR and Splunk using Terraform
• Subject matter expertise for all areas of X.509 certificates and implementation & operation of PKI.
• Subject matter expertise for Key Management and Certificate enrollment/revocation processes.
• Automation development, scripting & execution on WEB, mobile applications.
• Responsible for leading development of automated test scenarios for unit, process, function, integration and acceptance testing.
• Diversified Experience in both SOAP and RESTFUL API.
• Experience of using testing tools like Quality Center, Microsoft Test Manager (MTM), Visual Studio 2013, and Team Foundation Server.

Core Competencies

• Strategic Planning
• Need/ Gap Analysis Project Implementation
• Application Support
• Troubleshooting
• Cross-functional Coordination
• Team Management
• Client Relations Management
• Strong Interpersonal Skills

TECHNICAL SKILLS

Languages: .Net, Java, C#, SQL, Python

Testing Tools: BurpSuite, DirBuster, SQL Map, Kali Linux, OpenVAS, HP WebInspect, HP FortifyIBM AppScan

Security Tools: CyberArk 7.x,8.x,9.x,10.x CA Identity Manager 12.5.x/12.6.x, Fortinet Firewall/VPN, Juniper Firewall SSG, ISG, SRX and NSM, Juniper SSL VPN, Cisco Intrusion Detection System IDS/IPS, Cisco Wireless Controller/Access Points, Qualys Guard, Metasploit, Nessus, Threat connects, Tenable, Nikto, Burp Suite, Alien Vault, Splunk, Qradar, Rapid 7, Proof point

Protocols: TCP/IP, DHCP, DNS, POP3, TELNET, IPSec, ESP, SMTP, RIP, OSPF, BGP, MPLS, IPSEC, FTP, HTTP, XMPP and HTTPS

Network Monitoring: Solar winds, Wireshark, HRping, TCP Dump, Infoblox, SPLUNK

Web Technologies: HTML, CSS, JavaScript, XML

Operating Systems: MS Windows, Linux- Ubuntu, CENTOS, REDHAT

Databases: MS SQL Server, Oracle, ODBMS, MY SQL

SDLC Methodologies: Waterfall, Agile, kanban

Encryption and Key Management: Gemalto Luna SA HSM, Virtual Key Secure K150, HPE Enterprise Secure Key Management, Voltage SecureData Appliance, RSA Data Protection Manager, Vormetric Data Security Manager & Tokenization Server, Thales nSheild Connect XC & 1500 HSM, Venafi PKI and cloud HSM and KMS

Tracking issues/bugs: TFS, JIRA, Rally.

Testing tools and frameworks: Selenium WebDriver, TestNG, NUnit, JUnit, Cucumber, QTP, Appium, SOAPUI, POSTMAN, SOAP UI, Specflow

IDE: Visual Studio, Eclipse, IntelliJ.

Forensic Technologies: Encase, FTK Imager, Autopsy, Kali

Cloud Technologies: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP)

PROFESSIONAL EXPERIENCE

Confidential - Maryland

Cyber Security Engineer

Responsibilities:

• Ensure programs are envisioned, designed, developed, and implemented across the enterprise to meet business needs
• Design and engineer an AWS multi-regional routing solution for multiple AWS landing zones (Equinix) and zero-trust multi-tenant accounts, leveraging AWS’s Direct Connect Circuits with Public & Private VIFs for Inter-cloud and on-prem workloads.
• Subject Matter Expert (SME) for designing and architecting solutions to handle future growth and implement new functionalities as they become available.
• Manage and maintain existing key management infrastructure.
• Migrated PingFederate platform to new cloud servers for Future mode of operation.
• Configure Ping ID MFA in ping Federate for providing two factor authentications for some applications Troubleshooting application integration/migration issue with respect to Ping SSO.
• Identify security gaps through Ping; if there is any, then will develop roadmap/solutions that fit with company/customer systems architecture standards
• Plan for and execute upgrades to the key management environment.
• Investigate current key management technologies in use at Comcast.
• Monitor current and future trends, technology and information that will positively affect organizational projects.
• Exploit Tool development: Developing the security toolset to exploit newly found vulnerabilities in order to perform real-world attacks.
• Work on improvements including the development of new tools, automation, and integration.
• Make recommendations to help improve our security posture as an organization.
• Work with application and infrastructure teams to design and architect infrastructure (network, OS, databases) and applications to protect against attackers.
• As a hands-on technical specialist, handle complex and detailed technical work necessary to establish and maintain secure cloud & data center security. applies and integrates emerging technological trends to new and existing systems architecture
• Responsible for interacting with Comcast business units and socializing EKM program with business stakeholders.
• Partner closely with business units to ensure security program goals and objectives are well understood
• Understanding of encryption key management and the ability to educate the application owners and developers on the appropriate path to a secure application.
• Understand the application architecture and the pros/cons of different methods of integration with the EKM platform (Web Services vs API).
• Understand encryption within databases and help integrate with EKM.
• Build New Architecture in various environments.
• Have expert knowledge of Data Loss Prevention principles and apply that knowledge in their daily cloud security work
• Guide the cloud security group, identifying opportunities for improvement and then driving those improvements through the enterprise
• Closely collaborate with security architects in developing cloud security frameworks for the enterprise
• Provide thought leadership on cloud usage strategy, monitoring, alerting, reporting, and blocking
• Examine current cloud security practices and identify key risks, then execute programs to address them
• Lead large scale programs that span the enterprise to deploy and manage various cloud security appliances and agents
• Develop, maintain, and report on key cloud security metrics - both as a program and on an individual basis, creating metric templates and scoring models
• Evaluate existing applications to reprogram, update and add new features.
• Develop technical documents and handbooks to accurately represent application design and code.
• Lead technical bridges and provides troubleshooting direction. Provides guidance and recommended solutions to complex technical issues.
• Play a key role in working with product vendors for proper tool functioning and ensure product related issues are addressed.
• In depth knowledge of programming for diverse operating systems and platforms using development tools.
• Excellent understanding of software design and programming principles.
• Experience with configuration and maintenance of Key Management Platforms (such as Gemalto/Thales/Microsoft Azure Key vault)
• Define and manage AWS Security Groups and Network ACLs.
• Implemented CI/CD pipeline as code using Jenkins 2.60 & Kubernetes
• Developed build and deployment scripts using MAVEN as build tool, and integrated SonarQube in Jenkins 2.6, to perform the automated integration test.
• Configured AWS IAM and Security Group in Public and Private Subnets in VPC.
• Implement and maintain Amazon Cloud Service (AWS) security instances and deploy security infrastructure.
• Developed an AWS security roadmap which included the AWS services and 3rd party tools to be utilized in the AWS cloud for security monitoring
• Developed an AWS security group strategy, determined naming conventions, owners and approval process for security group changes requests in a promote-to production environment
• Hands on experience building solutions from AWS components using Cloud Formation.
• Involved in AWS EC2/VPC/S3/SQS/SNS based on automation Terraform, Ansible, Python, Bash Scripts.
• Written bash and python scripts integrating Boto3 to supplement automation provided by Ansible and Terraform for tasks such as encrypting EBS volumes backing AMI's and scheduling lambda functions for routine AWS tasks.
• Data analytics aggregation (applications and systems logging via streams), monitoring, alerting, and reporting using ELK (Elasticsearch, AWS CloudWatch and Kinesis, Logstash and Kibana).
• Worked on google cloud platform (GCP) services like compute engine, cloud load balancing, cloud storage, cloud SQL, stack driver monitoring and cloud deployment manager.

Confidential - Rhode Island

Information Security Administrator

Responsibilities:

• Responsible for Reviewing/Verifying current scanning policies, current scan reports.
• Responsible for Tuning of scan performance.
• Worked on Verifying full agent deployment.
• Experience in Verifying/cleaning up existing sites and existing asset groups.
• Responsible for Ensuring reports only list current scan findings
• Experience in holding the sole responsibility to Enable Active Directory and MFA Login for InsightVM.
• Experience in Creating CIS Level 1 Benchmark scans on all servers, on a workstations sample CIS reporting for servers.
• Creating report for only findings related to missing patches and misconfigurations.
• Worked on Keeping the vulnerability dashboard and EOL dashboards updated.
• Responsible for Developing Goals/SLA targets and reporting and recommend automated workflows.
• Experience in Implementing GCP integration (Internal/external/Container scans)
• Experience in Implementing Cloud Configuration Assessment (GCP)
• Worked on Integration with DivvyCloud.
• Worked on Verifying credential scanning for Windows and Linux systems.
• Experience in Developing a False Positive investigation workflow.
• Hands-on experience in Integrating Metasploit to identify false positives.
• Worked on Investigating Azure Security Center integration.
• Was Involved in Cloud Security Infrastructure and design for Azure applications.
• Worked on Identifying recommendations in Azure Security Center and GCP Security Command Center and Implement as required.
• Experience in Monitoring of Azure Security Center to address threats and resolve security vulnerabilities.
• Worked on Identifying risks and vulnerability reported in Azure Security center and GCP Security Command Center and remediate them.
• Implementing and managing Cloud security, automation, AWS, Amazon Web Services, deployments, EC2, Lambda, S3, RDS, DynamoDB, Cloudwatch, CloudFormation MFA, multi-factor authentication, IAM, VPC, CloudFront, Route 53, security frameworks and implementing defined monitoring, metrics, and logging solutions.
• Launched multi-node kubernetes cluster in Google Kubernetes Engine (GKE) and migrated the dockerized application from AWS to GCP.
• Installation on Puppet/Chef/Dockers for the Openstack environment along with scripting in PERL/RUBY and PYTHON.

Confidential

Peoplesoft and IAM Security Administrator

Responsibilities:

• Responsible for manually creating, maintaining, and troubleshooting Peoplesoft Roles in IAM to keep the databases in sync.
• Experience in addressing the access and security issues for KRONOS for HCM and Workforce Management
• Responsible for migration of security roles and permissions in Peoplesoft using STAT
• Creating, maintaining, and troubleshooting Peoplesoft HCM, ELM, and FSCM user accounts, groups, roles, and security privileges
• Worked extensively on user badge expiration and renewal in Identity and Access Management (IAM)
• Worked on Annual user re-certification of Peoplesoft roles and security privileges
• Responsible for creating, maintaining, and troubleshooting the Identity and Access Management (IAM) user accounts, groups, roles, and security privileges
• Responsible for Contractor-Employee conversions of users in Identity and Access Management (IAM).
• Providing Administrator support for IAM server, rebooting, and troubleshooting (Web, App, and DB servers)
• Experience in reporting and monitoring metrics in COGNOS
• Responsible for manually re-assigning approval requests and tasks in workflow on the IAM portal
• Responsible for creating, maintaining, and troubleshooting the user accounts, groups, roles, and security privileges in Maximo
• Responsible for addressing the IAM Production Queries and resolving them
• Responsible for creating, maintaining, and troubleshooting the Entrust Identity Guard VPN tokens, user accounts, groups, roles, and security privileges
• Responsible for coordinating with data owners on Peoplesoft FSCM role descriptions and approvals
• Responsible for reviewing RFP (Request for Proposal), POC (Proof of Concept) and SOW (Statement of Work) for project road map
• Providing tier 2 security support for Escalated User Privileges (EUP) requests across the Confidential infrastructure
• Responsible for creating project plans and providing project forecasts through graphs using MS Project
• Worked on acquiring all the required approvals and tracking the agile project progress using JIRA

Confidential

System Administrator

Responsibilities:

• Experience in Establishing System specifications by conferring with users; analyzing workflow, access, information, and security requirements; designing system infrastructure.
• Worked on Establishing systems by planning and executing the selection, installation, configuration, and testing of PC and server hardware, software, LAN and WAN networks, and operating and system management systems, defining system and operational policies and procedures.
• Experience in Maintaining System performance by performing system monitoring and analysis, and performance tuning; troubleshooting system hardware, software, networks and operating and system management systems; designing and running system load/stress testing; escalating application problems.
• Experience in Securing the System by developing system access, monitoring, control, and evaluation; establishing and testing disaster recovery policies and procedures; completing back-ups; maintaining documentation.
• Worked on Preparing the users by designing and conducting training programs, providing references and support.
• Worked on System Upgrades by conferring with vendors and services, developing, testing, evaluating, and installing enhancements and new software.
• Experience in Meeting financial requirements by submitting information for budgets; monitoring expenses.
• Experience in Updating job knowledge by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
• Experience in Protecting an organization's value by keeping information confidential.
• Experience in Accomplishing organizational goals by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments.