SUMMARY

• Having 9+ years of Experience on multiple cloud environment. Identified security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives.
• Provided technical support in the development, testing and operation of firewalls, intrusion detection systems, and enterprise anti - virus and software deployment tools.
• Assessed, prioritized and updated existing IT security policies and standards to reflect the GRC framework.
• Develop, Strategy Planning by utilizing Splunk and other SIEM cybersecurity tools.
• Maintaining the MS SQL Server including User Logins, Groups Creations with appropriate roles and monitoring, dropping and locking the logins, granting the privileges to users and groups.
• Worked with Security Operations Center (SOC) web application security log analysis and Malware Analysis, Phishing / Spam email Investigation, EDR tool (Titanium / Crowd Strike/Carbon black and other relevant tools.
• Knowledge of various security platforms and tools, such as firewall, CASB, proxy, Splunk-SIEM, IDS, IPS, Key-secure, Crowed strike and SOAR.
• Working knowledge of the incident response lifecycle and Framework.
• Implementation of appropriate Accreditation and Authorization activities per JSIG, DoD and ICD 503 RMF, NISPOM, or DoD Overprint to the NISPOM on customer’s requirement.
• Raising Tickets using Service Now during Investigation of Symantec DLP and understanding of Imperva Management Console.
• Worked on continuous improvement and document IT Security technology standards, policies, and processes, including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
• Familiar with forensic approach to challenges and vulnerabilities in day to day IT infrastructure.
• Deep analysis of how cybercriminals work and ability to keep up with the fast pace of change in the cybercriminal world.
• Perform security risk assessments for internal systems and processes, new software technology request to include mobile apps, web applications, etc.
• Quickly responds to external risk assessments requests from customers or third-party software providers as needed.
• Timely Conducts vulnerability scans, penetration testing, and log review to identify risk areas.
• Administers and updates security measures and operate software to protect systems and information infrastructure, including firewalls, phishing protection, and data encryption programs.
• Actively Participates in security investigations and compliance reviews, as requested by internal or external auditors and creates metrics and reporting for network security alerts, vulnerabilities, changes and Performs periodic audits.
• Timely Updating on information technology trends and security standards and having Strong Knowledge of cyber security tools network protocols and operating systems.

TECHNICAL SKILLS

Networking: Packet Analysis (tcpdump, Wireshark), IDS (Bro, Snort), Splunk, Firewall, IDS/IPS, Access Control

Systems Administration: Active Directory, DNS, FTP, SSH, DHCP, SMB, HTTP, Virtualization

Vulnerability Assessment: Nmap, Nessus, Ettercap, Qualys, Meta sploit, Honeypots (honeyD, inetSim), BurpSuite, Nexpose, Acunetix, IBM App Scan, HP Web Inspect

End Point Security: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Symantec McAfee Email Security Gateways GUI & CLI, McAfee Network Data Loss Prevention, McAfee NITRO SIEM Security Information and Event Management, Cisco Security (Cisco AMP Umbrella, Cisco Email Security), FireEye HX

Platforms/Applications: Continuous Monitoring Vulnerability Management, Web Application Scanning, Threat Protect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance, Solar winds, Nexpose, Rapid7 Event Management RSA Archer, Blue Coat Proxy, IBM QRadar, NTT Security, Log Rhythm, Pen Test Tools Meta sploit, Kali Linux, Docker, Synk, Aqua Sec, Terraform, AWS cloud formation.

Standards & Framework: OWASP, OSSTMM, PCI DSS

Security Software: Nessus, Ethereal, NMap, Meta sploit, Snort, RSA Authentication, PIA

Programming Languages: C, C++, Java, Python, JavaScript, PowerShell, Linux

Protocols: TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS, NetBIOS, SNMP, TLS

Domain Knowledge: Risk Management, BCP/DRP, ISO 27001, COBIT, SWOT analysis, Cryptography, Incident Response, Penetration Test, Risk Assessment, SCADA Security, SCADA Audits, SIEM, ITIL, NIST, FIPS

PROFESSIONAL EXPERIENCE

Cyber Security Engineer

Confidential, San Jose, California

Responsibilities:

• Utilize Nessus/Tenable, Nmap, OWSAP and Web Inspect to scan all ports, access points, devices, software and Servers.
• Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives.
• Provides technical support in the development, testing and operation of firewalls, intrusion detection systems, and enterprise anti-virus and software deployment tools.
• Install, Troubleshoot, Monitor ASP.NET Web Applications.
• Utilize PowerShell, SCCM for scripting, patching, Application Testing and Imaging Windows OS, 7 & 10 machines.
• Monitored, Configured, Scan/Patch Network TCP/IP, DNS, Telnet and DHCP.
• Managed/Secured and Scanned devices, software, Web applications following NIST protocol & FIPS 140-2
• Auditing and documenting systems using DISA auditing tools, Assured Compliance Assessment Solution (ACAS), DISA STIG, and SCAP tools.
• Responsible for monitoring and, providing analysis in a 24x7x365SecurityOperation Center (SOC) using Splunk SIEM, IDS/IPS tools.
• Lead in implementing security solutions towards SIEM tool using Splunk, and work on setting up the dashboard. Operate closely with data security teams.
• Used Splunk Deployment Server to manage Splunk instances and analyzed security-based events, risks & reporting.
• Provide support of Splunk integration and deployment, configuration and maintenance
• Integration of data feeds (logs) into Splunk.
• Managing various industries standard IPS, PIA, CASB, Firewalls, Gateways, VBlock, Rapid7 Virus and Endpoint Managers
• Audit and validate configurations of network devices based on DISA STIGs
• Utilize RSA Archer platform 6.1
• Expertise in implementation, customizations and integrations of eGRCRSAArcher5.5 and 6.x version upgrades
• Develop and maintained a formalized GRC framework, utilizing standards based controls aligned to business.
• Administrated Archer Data Feeds, questionnaires, calculated fields, work flow, reports, dashboards, I- views, Packaging.
• Assess, prioritize and update existing IT security policies and standards to reflect the GRC framework.
• Participate supporting RSA Archer version upgrades
• Managed, configured, account creation and supported CDM Dashboard within eGRC Archer platform
• Managed, Configured of 3rd party applications data feeds
• Conducts complex security architecture analysis to evaluate and mitigate issues. Develops policies and procedures for securing the system infrastructure and applications.
• Develops complex technical and programmatic assessments, evaluates engineering and integration initiatives and provides complex technical support to assess security policies.
• Created vulnerability risk assessments for in house, COTS and 3rd party applications.
• Utilize Wireshark, Nessus to Pen-test and analyze the network and software’s.
• Utilize McAfee ePolicy/End Point Protection Suite administration including virus protection, HIDS/HIPS, firewall, encryption and other workstation security technologies.
• Address known exploits using the Host Intrusion Prevention System (HIPS) also, configured, monitored, installed and updated the application as well.
• Denied/Approved Software applications after testing the software for vulnerabilities and malware.

Cloud Security Engineer

Confidential, Murfreesboro, TN

Responsibilities:

• Experience implementing and administering Cloud Workload Protection Platform (CWPP) or Cloud Security Posture Management (CSPM) tools - e.g., Dome 9, Prisma Cloud, Orca etc.
• Experience securing or administering multi-account/subscription public cloud environments (AWS, Azure, GCP)
• Strong knowledge and experience with AWS cloud architecture (i.e. RDS, S3, ECS, Dynamo DB, API gateway, CDK, etc.)
• Expertise with GitHub, Gitlab, Terraform, Pulumi, Ansible or other CI/CD tools
• Mentor junior team members on cloud security best practices.

Senior Network Engineer

Confidential, California

Responsibilities:

• Interface with users, technicians, engineers, vendors and other Technical Maintenance personnel to install, update and debug automated systems.
• Ensure products and systems comply with cyber security standards and practices.
• Develop test routines and monitoring solutions. Penetration testing using Nmap and Wireshark.
• Provide day to day support of servers, workstations, network and other equipment.
• Document support procedures specific to systems to be utilized by the Technical Maintenance and Engineering departments.
• Monitored & queried Unix file systems to check Pix firewall logs on Sprint Perimeter firewall modules.
• Reviewed detailed engineering change scripts, executed change and validation procedures & provided feedback for improvements in engineering design meetings.
• Worked shifts in the command and control center (CCC) as needed to maintain network monitoring coverage.
• Designed Cisco router & switch configurations.
• Created & maintained Visio network diagrams outlining interconnections and merged existing Visio diagrams to reflect changes.
• Added, removed, and created streams & server farms on the Cisco content services module (CSM) load balancers.

Cyber Security Analyst

Confidential, Aloha, OR

Responsibilities:

• Review System and firewall logs based on individual preset client policies, rules, and standards; also review all host activity for specified timeframe.
• Work directly with ESM engineers and Account Information Security Officers to adjust alert criteria.
• Coordinated escalations to Forensic Analyst Team with recommendations for remediation
• Acted as liaison and interacted with leadership, account management teams, and engineers to further define the risk and remediation plan.
• Evaluated and fulfilled requests from the Account Information Security Risk & Compliance
• Officers for each client and aligned with the appropriate run book procedures to attain Client Service Level Objectives and Agreements.
• Adjusted network alerts temporarily to suppress excessive alerts prior to engineers making permanent threshold changes.
• Facilitated and operated direct telephone communication in order to perform the immediate required escalation requests or engagements of required teams to support clients.

IT Security Engineer

Confidential, Houston, TX

Responsibilities:

• Proactively monitored vendor websites for new or updated information regarding vulnerabilities and medium and high impact virus threats and updated the internal knowledge base accordingly; as warranted created and issued internal news bulletin warnings of possible vulnerabilities and malicious code threats and providing instructions to mitigate threat and clean up instructions for machines which may have been infected
• Maintained anti-virus software platforms with vendors, including signature and DAT file releases, AV software updates and patches.