SUMMARY

• Experienced Technical Consultant having around 8 years’ experience in handling Informationsecurityanalyst and System Administrator responsibilities. Expertise inCybersecurity& Information Assurance with deep Knowledge of Identity and Access Managementsecurity, Sail point Identity IQ, Access Control issues related tocybersystems and networks, AWS Cloud, Penetration testing methodology, malware detection techniques, recommended information assurance policies and standards.
• Experience in maintaining network performance by performing network monitoring and analysis, and performance tuning, troubleshooting network problems.
• Aid in development of system security plan (SSP), aa packages, national institute of standard and technology (NIST) documents, federal information processing standards (FIPS), security assessment report (SAR), risk management framework (RMF), along with other security documents on quarterly compliance basic.
• Through proactive threat analysis, prevention of cyber security incidents; patch and vulnerability management, countermeasure deployment, and security - related application administration.
• Leading high priority vulnerability assessments from start to finish, responsibilities included configuring Nessus, app detective and burp on production and non-production jump boxes, scanning the client’s environment (Windows/Linux servers, databases, and websites), troubleshooting with the client to resolve network and scan related issues, manually analyzing the results to remove false positives before creating and delivering a final report.
• Experience with NIST standard on cybersecurity and incident handling ( ).
• Performing risk assessment using the NIST task to determine the level of criticality and sensitivity of the information system.
• Providing leadership in architecting and implementing security solutions towards siem tools like Splunk.
• Assisted in ensuring that the corporate IT environment is secure and complies with all external audit requirements and federal standards
• Initiate security assessment and authorization environments such as system security categorization, development of security and contingency plans, security testing and evaluation, system accreditation and continuous monitoring
• Ensures that OS, software, devices, and applications are thoroughly tested and configured according to technical security.
• Implements system backup/recovery procedures and incidence response to minimize losses in case of outages/breaches.
• Monitoring and investigate suspicious network activities utilizing a variety of tools such as ArcSight, Splunk, Carbon black/bit9, FireEye.
• Performing incident handling and documentation within the incident response lifecycle (detection, triage, analysis, mitigation, reporting, and documentation).
• Familiar with threats and vulnerabilities, latest trends and risks and be able to understand the technical remediation action steps or plans and communicate them effectively to teams within the organization.
• Assist in the deployment and configuration of new tools and capabilities such as Nessus, Splunk, Symantec and McAfee DLP.
• Excellent understanding of computing environments Linux: RHEL-7/DEB-KALI, Windows 7/10, Server 2012/2016 and Unix Operating systems.
• Processed daily security operations and log analysis.
• Expertise in performing Application Security risk assessments throughout the SDLC cycle
• Highly capable of working in Endpoint Security, E-mail Security and Web Gateway.
• Experience in vulnerability assessment and penetration testing using various tools like Burp Suite, OWASP ZAP proxy, NMap, Nessus, Nexpose, IBM AppScan enterprise, Kali Linux, Metasploit
• Experience with industry recognized SIEM (Security Information and Event Management) solutions such as IBM QRadar, Splunk, and LogRhythm.
• Experience configuring and deploying modules and products like McAfee ePO, McAfee VSE, Cloud, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM.

TECHNICAL SKILLS

Networking: Packet Analysis (tcpdump, Wireshark), IDS (Bro, Snort), Splunk, Firewall, IDS/IPS, Access Control

Systems Administration: Active Directory, DNS, FTP, SSH, DHCP, SMB, HTTP, Virtualization (ESX)

Vulnerability Assessment: Nmap, Nessus, Ettercap, Metasploit, Honeypots (honeyD, inetSim), BurpSuite, Nexpose, Acunetix, IBM App Scan, HP Web Inspect

End PointSecurity: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Symantec McAfee EmailSecurityGateways GUI & CLI, McAfee Network Data Loss Prevention, McAfee NITRO SIEMSecurityInformation and Event Management.

Platforms/Applications: Continuous Monitoring Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance, Solarwinds, Nexpose, Rapid7 Event Management RSA Archer, Blue Coat Proxy, IBM QRadar, NTTSecurity, LogRhythm, PenTest Tools Metasploit, Burp suite, NMAP, Wireshark and Kali

Standards & Framework: OWASP, OSSTMM, PCI DSS

SecuritySoftware: Nessus, Ethereal, NMap, Metasploit, Snort, RSA Authentication, PIA

Programming Languages: C, C++, Java, Python, JavaScript, Linux, PowerShell

Networking: LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Firewalls/IPS/IDS

Protocols: TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS, NetBIOS, SNMP, TLS etc.

Domain Knowledge: Risk Management, BCP/DRP, ISO 27001, COBIT, Vulnerability SWOT analysis, Cryptography, Incident Response, Penetration Test, Risk Assessment, SCADASecurity, SCADA Audits, SIEM, NIST, FIPS

PROFESSIONAL EXPERIENCE

Confidential, Fort Mill, SC

Cyber Security Engineer

Responsibilities:

• Interface with users, technicians, engineers, vendors and other Technical Maintenance personnel to install, update and debug automated systems.
• Ensure products and systems comply with cyber security standards and practices. Develop test routines and monitoring solutions. Penetration testing using Nmap and Wireshark.
• Provide day to day support of servers, workstations, network and other equipment. Document support procedures specific to systems to be utilized by the Technical Maintenance and Engineering departments.
• Plan, execute and oversee remediation activities for valid vulnerabilities which are identified using Application Scanning tools. Experience with application scanning to identify security vulnerabilities in the web application and architectural weaknesses.
• Effectively communicate with Business Operations and other functional areas on web application vulnerabilities. Experience in planning, installing, configuration, and administering IBM Security Identity Manager 7.0.1. Support, performance tuning and troubleshooting ISIM 7. Configure and manage ISIM 7 security e.g., configuration of single sign-on, secure communication with supported middleware etc.
• Hands-on technical experience with testing of web applications in Java or .NET, Experience with audits, e.g. A-123, SOC 1/2, FISCAM. Radius and Kerberos Server experience. API testing using Postman.
• Experience using DAST tools to detect potential vulnerabilities such as HP Webinspect, SolarWinds, Zap, Burp, Tenable, Splunk, Alertlogic, Symantec Endpoint Protection, Zscaler, McAfee security, Portswigger, Fiddler, Wireshark, Nmap, JIRA, Sonatype, Coverity. Experience in Palo Alto Networks and Firewall (PA-5000, PA-3000, PA-500) series, PA IPSec VPN Tunnel.
• Experience with Red hat Linux Server, macOS Server, Microsoft Windows Server, MS Active Directory, Azure AD, Configure and manage AWS/Azure Cloud Infrastructure, Virtualization (VMware NSX, Hyper-V). Extensive experience hands-on Azure IaaS / PaaS. Experience designing and building Azure solutions. PowerShell experience as it relates to Azure, AD, and Office 365.
• Deploy, manage and effectively maintain security systems and their corresponding or associated software, including firewalls, checkpoint firewall, squid firewall, blue coat proxy and routers, IDS, IPS, cryptography systems, Encryption (RSA, AES), Tokenization (OpenNMT), and anti-virus software. Experience in Python, PowerShell and JavaScript programming language.
• Audit and adjust permissions, access-lists, file shares, and any other access control mechanism in place. Troubleshoot and document network security incidents. Produce and present security reports for management. Monitor and analyze network security data.
• Experience setting up Firewalls, using NAV tools, Vulnerability Management platforms, Security Analytics platforms, Penetration Testing frameworks (Metasploit or Resolve).
• Advanced knowledge of Cisco wireless LAN controllers, Cisco access points, Cisco ISE, Cisco routers (Cisco 1921, Rv320, Rv215w, Rv042, Rv042G), Cisco L2/L3 switches, Cisco Prime, Generic Routing Encapsulation, load balancing (F5 BIG-IP Local Traffic Manager, Cisco Load Balancer, Citrix, Azure load balancer), QOS, PBR, WCCP, VPN, NAT, VoIP, IPSec, Multicast, DNS services, MPLS networks, LAN, WAN, Juniper Networks Firewall (Juniper EX series EX2300, EX4300, EX3400, QFX T, QFX, SRX series, Cisco ASA firewalls/Router (5508-x with firepower, 5516, 5585, 5545, 5555), Cisco Meraki MX100 Firewall, and network and routing protocols (Ethernet, TCP/IP, SNMP, VLAN Trunking, BGP, OSPF, ISIS, EBGP,IBGP,RIP).
• Experience utilizing Wi-Fi analyzers, Wi-Fi survey software tools (i.e., AirMagnet, Ekahau, etc.) and test equipment. Experience working across the full stack of enterprise security tools to include everything from the physical layer to the application layer. Cisco Nexus series 5k, 7k, 9k switches, Cisco Catalyst Switches (2960, 3560, 6500), Cisco 300/200 series.
• Ability to lead the design of network security infrastructure and the integration of new requirements into existing architectures. Experience leading compliance assessments of relevant cybersecurity frameworks.
• Remain informed on trends and issues in the security industry, including current and emerging technologies and policies.

Confidential, Boston, MA

Cyber Security Engineer/Application Security

Responsibilities:

• Experienced with DLP, Bluecoat websense, Proofpoint, Trend Micro, and IBM QRadar Enterprise SIEMsecuritytools to monitor network environment
• Worked on tools like Informationsecurityand Group Policy, Symantec Data Loss Prevention, Symantec End- Point Protection Manager, Symantec Endpoint Encryption, Windows Server Update service, Bluecoat Proxy, Syslogs, GFI.
• Experienced primary Voltage secure data encryption engineer heading up the International Project encryption servers worldwide.
• Oversee Vulnerability assessment/penetration testing of scoped systems and applications to identify system vulnerabilities.
• Application support for tripwire, research and understand all aspects up tripwire and troubleshooting as well as find other ways to automate practices. Would help other teams with in cyber security as well for any projects dealing with Nessus tools vulnerability management, risk and compliance in NERC standards.
• Lead a team of cloudsecurityengineers in various areas of expertise to execute complex solutions to meet delivery timelines.
• Recognize, adopt, utilize and teach best practices in cloudsecurityengineering
• Internal Network Vulnerability Assessments to enhance the InformationSecurityculture of an organization through identifying, analyzing and reporting the gaps which may be used to threaten the CIA of information.
• Converting existing AWS infrastructure to server less deployed via Terraform or AWS Cloud formation.
• Frame works used ISO 27001 ISMS, PCI DSS, SSAE16, OWASP, SANS, Forcepoint.
• Monitored and researchedCyberThreats with a direct & indirect impact to the organization internally.
• Experience on Nessus VA and BurpSuite PT with Implement RSA SecurID
• Multi model Consulting on different frameworks & standards like ITIL, COBIT, SDI, CMMI & ISO 2000, ISO 9001.
• SecurityConsultant specializing in Data Loss Prevention and large infrastructure encryption.
• SecurityEngineer for Proof Point Email GatewaySecurity.
• Develop reference architectures and proof of concept implementations of cloudsecurityenvironments
• Responsible for architecting, implementing and supporting of cloud-based infrastructure and its solutions.
• Manage all repeated threats to all systems and perform vulnerability tests.
• Responsible for the design, development, and implementation of new and innovative solutions to protect lucid sensitive data and strengthen data protection capabilities.
• Support IT teams based on latest risks and possible remediation Vulnerability remediation of VBlock Infrastructure. Involved in integration of Splunk with Service Now, Active directory and LDAP authentication
• Used Splunk Deployment Server to manage Splunk instances and analyzedsecurity-based events, risks & reporting.
• Experienced with Handling Cloud environments (AWS and Cloud)
• Simplified knowledge sharing by creating and maintaining detailed and comprehensive documentation and necessary diagrams.
• Managing the enterprise infrastructure of the SystemSecurityteam, such as configuration of File Integrity Monitoring systems, Data Loss Prevention (DLP) toolsets, enterprise Antivirus solutions, and endpoint encryption.
• Assisted internal users of Splunk in designing & maintaining production-quality dashboard, assisted team to understand the use case of business and provided technical services to projects, user requests & data queries.
• Combat operations IN Signals and info sec operations. Worked with NERC CIP, Tripwire, Tenable and IP360 Enterprise 8.6.
• Responsible for network monitoring using Splunk, Archsight, andSecurityCenter.
• Responsible for Web UI development in JavaScript using jQuery, Angular2, and AJAX.
• DevelopedCyberSecurityStandards on NIST Frameworks and insured their proper implementation to reduce the risk of vulnerability to IT assets.
• Using Tenable and IP360, Tripwire to control vulnerabilities and mitigate them by severity.
• Developed an intelligence-drivensecurityapproach for threat detection, which helped
• Responsible for conducting structuredsecuritycertification and accreditation (C&A) activities utilizing the Risk Management Framework and in compliance with the Federal InformationSecurityModernization Act (FISMA) requirements.
• Performed enterprisesecurityand Cloudsecurityspecific solutions such as: IAM, Identity Governance, SIEM, Key Management & Encryption access keys, Public, Private and Hybrid cloud solutions
• Assisted in day-to-day EPOSecurityAlert threats by response using SIEM (SecurityInformation & Event Manager )Securitytools Nessus and ArcSight to track downsecuritythreaten workstations, virtual servers and devices on the Confidential Network.
• Tracking the receipt, implementation, and compliance of information assurance vulnerability assessment and documenting information assurance initiatives ensure that systems, networks, and data adhere tosecuritypolicies and procedures. Risk Management, Vulnerability Management, Intrusion Prevention, Incident Response.
• Adding new vulnerabilities to the Vulnerability Database for various platforms with proper exploits.
• Experience in Amazon AWS Cloud Administration which includes services like: EC2, S3.
• Managing various industries standard SIEM, IPS, PIA, CASB, Firewalls, Gateways, VBlock, Rapid7 Virus and Endpoint Managers
• Taken care of multi-threading in back-end java beans.
• Experience in supporting Symantec Endpoint Protection 12.1 workstation clients in an enterprise environment. Installation, configuration, and day-to-day management of Symantec Endpoint Protection.
• Automated the centralized detection ofsecurityvulnerabilities with scripts for Vulnerability assessment tools like ArcSight and Splunk.
• Provide information regarding intrusion events,securityincidents, and other threat indications and warning information
• Responsible for Continuous Integration (CI) and Continuous Delivery (CD) process implementation using Jenkins along with LINUX Shell scripts to automate routine jobs.
• Performs advanced problem identification and resolution, performance monitoring and capacity planning functions for all Cloud infrastructure
• Deploying TrueCrypt Drive Encryption to all State Trooper laptops and desktops
• Have experience in cloud platform like AWS.
• Run internal and external Network Vulnerability scans at least quarterly after any significant change in network such as a new system component, installations, changes in network topology, firewall rule modifications and product upgrades.
• Analyzing vulnerability using scanning tools (Nessus, Qualys Guard) provided to us by our client to remove false positives before creating and delivering a final report.
• UtilizeSecurityInformation and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), McAfee Endpoint Encryption Data Leakage Prevention (DLP), PIA, Forcepoint, forensics, sniffers and malware analysis tools.
• Responsible for monitoring and, providing analysis in a 24x7x365SecurityOperation Center (SOC) using Splunk SIEM, IDS/IPS tools.
• I have been part of several engagements deploying encryption and protecting data as well as training helpdesks around the globe. I am currently running a 32,000-computer encryption with McAffee's whole disk encryption and ePO along with device control/DLP.

Confidential, Seattle, WA

Cyber/Network Security Engineer

Responsibilities:

• Expertise in using the DAST tools (Like IBM Appscan and Burp suite Pro) while the application is running to penetrate the application in various ways to identify potential vulnerabilities outside the code and in third partyinterfaces.
• Ensure products and systems comply with cyber security standards and practices. Develop test routines and monitoring solutions. Penetration testing using Nmap and Wireshark.
• Provide day to day support of servers, workstations, network and other equipment. Document support procedures specific to systems to be utilized by the Technical Maintenance and Engineering departments.
• Plan, execute and oversee remediation activities for valid vulnerabilities which are identified using Application Scanning tools. Experience with application scanning to identify security vulnerabilities in the web application and architectural weaknesses.
• Effectively communicate with Business Operations and other functional areas on web application vulnerabilities. Experience in planning, installing, configuration, and administering IBM Security Identity Manager 7.0.1. Support, performance tuning and troubleshooting ISIM 7. Configure and manage ISIM 7 security e.g., configuration of single sign-on, secure communication with supported middleware etc.
• Hands-on technical experience with testing of web applications in Java or .NET, Experience with audits, e.g. A-123, SOC 1/2, FISCAM. Radius and Kerberos Server experience. API testing using Postman.
• Analyzed security incidents originated from various network/application monitoring devices (e.g., Symantec DLP) and coordinated with engineering teams for tracking and problem escalation, including remediation.
• Experience with Red hat Linux Server, macOS Server, Microsoft Windows Server, MS Active Directory, Azure AD, and Configure and manage AWS/Azure Cloud Infrastructure, Virtualization (VMware NSX, Hyper-V). Extensive experience hands-on Azure IaaS / PaaS. Experience designing and building Azure solutions. PowerShell experience as it relates to Azure, AD, and Office 365.
• Deploy, manage and effectively maintain security systems and their corresponding or associated software, including firewalls, checkpoint firewall, squid firewall, blue coat proxy and routers, IDS, IPS, cryptography systems, Encryption (RSA, AES), Tokenization (OpenNMT), and anti-virus software. Experience in Python, PowerShell and JavaScript programming language.
• Audit and adjust permissions, access-lists, file shares, and any other access control mechanism in place. Troubleshoot and document network security incidents. Produce and present security reports for management. Monitor and analyze network security data.
• Experience setting up Firewalls, using NAV tools, Vulnerability Management platforms, Security Analytics platforms, Penetration Testing frameworks (Metasploit or Resolve).
• Advanced knowledge of Cisco wireless LAN controllers, Cisco access points, Cisco ISE, Cisco routers (Cisco 1921, Rv320, Rv215w, Rv042, Rv042G), Cisco L2/L3 switches, Cisco Prime, Generic Routing Encapsulation, load balancing (F5 BIG-IP Local Traffic Manager, Cisco Load Balancer, Citrix, Azure load balancer), QOS, PBR, WCCP, VPN, NAT, VoIP, IPsec, Multicast, DNS services, MPLS networks, LAN, WAN, Juniper Networks Firewall (Juniper EX series EX2300, EX4300, EX3400, QFX T, QFX, SRX series, Cisco ASA firewalls/Router (5508-x with firepower, 5516, 5585, 5545, 5555), Cisco Meraki MX100 Firewall, and network and routing protocols (Ethernet, TCP/IP, SNMP, VLAN Trunking, BGP, OSPF, ISIS, EBGP,IBGP,RIP).
• Experience utilizing Wi-Fi analyzers, Wi-Fi survey software tools (i.e., AirMagnet, Ekahau, etc.) and test equipment. Experience working across the full stack of enterprise security tools to include everything from the physical layer to the application layer. Cisco Nexus series 5k, 7k, 9k switches, Cisco Catalyst Switches (2960, 3560, 6500), Cisco 300/200 series.
• Ability to lead the design of network security infrastructure and the integration of new requirements into existing architectures. Experience leading compliance assessments of relevant cybersecurity frameworks.
• Remain informed on trends and issues in the security industry, including current and emerging technologies and policies.

Confidential, Marlborough, MA

Cyber Security Analyst

Responsibilities:

• Responsible for detection and response to security events and incidents within global fortune 500 client networks; utilizing ArcSight, Splunk, Tipping Point, Virus Total, IPVOID, FireEye, Wireshark, etc. to gather, analyze, and present forensic evidence of cyber malware and intrusions
• Review System and firewall logs based on individual preset client policies, rules, and standards; also review all host activity for specified timeframe
• Work directly with ESM engineers and Account Information Security Officers to adjust alert criteria
• Coordinated escalations to Forensic Analyst Team with recommendations for remediation
• Acted as liaison and interacted with leadership, account management teams, and engineers to further define the risk and remediation plan
• Evaluated and fulfilled requests from the Account Information Security Risk & Compliance Officers for each client and aligned with the appropriate runbook procedures to attain Client Service Level Objectives and Agreements
• Adjusted network alerts temporarily to suppress excessive alerts prior to engineers making permanent threshold changes
• Facilitated and operated direct telephone communication in order to perform the immediate required escalation requests or engagements of required teams to support clients
• Researched McAfee Threat Center, Symantec, and other vulnerability and threat libraries to identify and formulate remediation plans.

Confidential

Security Analyst

Responsibilities:

• Performed grey box testing of the web applications
• Executed and crafted different payloads to attack the system for finding vulnerabilities with respect to input validation, authorization checks, and more
• Reviewed and Validate the User Access Compliance on a quarterly basis
• Reviewed the requirements for privileged access on an everyday basis and provide recommendations
• Reviewed and validate the privileged users and groups at Active Directory, Databases and application on a periodic basis
• Documented information security guidance in step-by-step operational procedures
• Performed static code reviews with the help of automation tools
• Performed a threat analysis on the new requirements and features
• Burp Suite, DirBuster, Hp Fortify, NMap tools were used as part of the penetration testing, on daily basis to complete the assessments
• Established and improved the processes for privileged user access request
• Reviewed firewall rules and policies in web proxy
• Highlighted the user access and privileged user access risks to the organization and providing the remediation plan.

Environment: MS SQL, MySQL, Web scarab, HTML, Kali Linux, OWSP, DirBuster, NMAP, IBM AppScan, BirpSuite, HP Fortify, Windows XP, PHP.