SUMMARY

• Experience in Network Security Operations, content authoring, design, installation, administration, upgrades, monitoring, implementation, integration operation of an IBM Qradar /Splunk/Nessus/Rapid 7/McAfee EPO.
• Conducted Vulnerability Assessment using Qualys, Nessus and Nexpose tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures. Addressing those Vulnerability using HP Fortify and efficient Patch Management.
• Expertise on tools such asNessus, APPSCAN, NMAP, acunetix web vulnerability scanner, Assessing Vulnerabilities and performing patching, Assist in penetration testing to secure organization’s data.
• Strong knowledge on Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Data Loss Prevention (DLP), DDoS attacks and Kill Chain mitigation techniques.
• Integration of different devices/applications/databases/operating systems with QRadar SIEM.
• Knowledge of cleaning up log auto - discovered sources inQradarby identifying duplicates, correcting misidentified log sources, and identifying log sources from their logs.
• Experience in editingbuilding blocksto reduce the number of false positives that are generated by IBM SecurityQRadar and writing co-relation rules.
• Experience configuring and deploying McAfee modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM,Device/EMR Integration, Medical Device connectivity, and IoT Cyber Security.
• Develop processes and perform investigations on all identified attacks via IPS, IDS, Firewall, Antivirus, and Data Loss Prevention Tools.
• Experience with SOC and 24/7 operations.
• Analyze security logs generated by Intrusion Detection/Prevention Systems (IDS/IPS), Firewalls, Anti-Virus, and/or other security logging sources and SIEM aggregators.
• Authored, directed theSOCAnalystand Engineering playbooks for functional areas such Threat Intelligence operations (collection, analysis, and dissemination), malicious code analysis, custom Source fire IDS signature analysis, Source fire ThreatFeeds.
• Collected data dumps over TCP (IPv4), UDP, LDAP, HTTP and analyzed log files on UNIX and Linux systems to detect system performance, vulnerability and threat incidents in Client, Server, and Cloud environments.
• On-site Security/Risk Assessments, McAfee Web Gateway, McAfee ePO and Endpoint Security deployment including Virus Scan enterprise, endpoint security 10.x, HIPS, DLP, whitelisting with Solidcore (File Integrity Manager, Application Manager),FireEye MTP and Proofpoint.
• Conduct vulnerability scanning using Nessus
• Expertise in Kerberos, DNS, Load Balancers, Active Directory.
• Cyber vulnerability assessment and remediation as part ofNERCStandardCIP-007.
• Access review and reporting for physical and electronic securitycontrolsas part ofNERCStandardsCIP-005&CIP-006.
• Extensive knowledge of security controls (ISO/27002, NIST ) used to implement regulatory compliance (NERC CIP, PCI, SOX, HIPAA) with IBM Qradar products.
• Experience in developing the vulnerability assessment report for the vulnerabilities and non-compliance issues that were detected. Recommend possible mitigating measures (Rapid7, Nessus, Qualys Guard).
• Implemented Symantec DATA Loss prevention to secure all end points. Configured and instrumented Symantec management console, Symantec management server and Symantec database on Oracle.
• Experience with enterprise-class security products such as web proxy, reverse proxy, load balancing, IDS/IPS, DLP, Firewall, IPsec/SSL VPN, WAN/LAN, wireless and remote connectivity.
• Extensive knowledge of security controls (ISO/27002, NIST ) used to implement regulatory compliance (NERC CIP, PCI, SOX, HIPAA) with IBM Qradar products.
• Analyze network traffic with Splunk and IBM Qradar tools on network traffic, firewall (Source Fire defense center) and AV (McAfee) logs.

TECHNICAL SKILLS

Information Security Skills: Vulnerability Assessment, Risk Assessment, Collective Intelligence Framework, Threat Analysis, Auditing, ReportingIdentity and Access Management, Patch Management, HIPAA, PCI.

Security Knowledge: OWASP, Cryptography, Hashing, SSL, Malware, Firewall, Security Standards, IDS, IPS, HTTP, TCP, DNS, DHCP, HIPAA, PCI, SOX

Networking Knowledge: Software Defined Networking, OpenVswitch, Open Flow, Routing Protocols, CDN, Cloud-Computing, VMs, VLAN, VPN

Network Security Tools: Burp Suite, Carbon Black, Archer, McAfee ePO, iTOP, Kali-Linux, Websense, Sourcefire IDS, Metasploit, Snort, Splunk, Nessus, Qualys, Mininet, Bit9 Carbon Black, Wireshark, N-map, GNS3.

Programming Language: Python, C++, JAVA, PL/SQL, R-Statistical, Shell-Scripting, HTML, PowerShell, Ansible

Operating System: Windows Server 2008 (R2), Windows, LINUX

Other: AWS - EC2, Microsoft Office, Service Now, SPSS, Visio, Knowledge of SDLC & UML

PROFESSIONAL EXPERIENCE

Confidential, KY

Cyber Security Analyst

Responsibilities:

• Led high priority vulnerability assessments from start to finish, responsibilities included configuring Nessus, AppDetective and Burp on production and non-production jump boxes, scanning the client's environment (Windows/Linux servers, databases and websites), troubleshooting with the client to resolve network and scan related issues, manually analyzing the results to remove false positives before creating and delivering a final report
• Analyzing vulnerability scans provided to us by our client to remove false positives from a variety of tools (Nessus, AppDetective, WebInspect and QualysGuard) before creating and delivering a final report.
• Used MITRE ATT&CK Framework to assess organizational security tool maturity and improve security defenses
• Guided risk-based projects centered on introduction of key performance indicators (KPI) to analyze project risks within Risk Management division.
• Received training on network security concepts such as advanced persistent threats, intrusion prevention, cyber kill chain, zero-day malware, network sandboxing, and targeted attacks.
• Installed Splunk Common Information Model add-on is packaged with Splunk Enterprise Security, Splunk IT Service Intelligence, and the Splunk App for PCI Compliance.
• Utilizing monitoring systems to update accounts and document activity
• Established a world class core technology enablement team to build a high performing dev ops environment to build a IT Risk Intelligence Framework and Platform.
• Daily participation in Level 1 Incident Response utilizing NIST Cybersecurity framework and kill chain methodologies
• Assurance and Performance Management Reporting (CRSA/KPI's/KRI's)
• Self-employed associate providing risk management consulting, corporate security & compliance, and quality.
• Developed the Cyber Threat Intelligence Framework.
• Opened, Assigned and closed the tickets assigned in SOC Security Management Console towards Qualys for various Remediation Process and Patch Management Process.
• Implementation of security log management and monitoring
• Investigating ArcSight SIEM events to determine any true intrusions. Investigate DDoS attacks, Fireeye, Sourcefire, malwares, web sense event that are prone to Confidential Network and NBCUniversal. Connectors are set for all the IDS/IPS appliance to Arcsight.
• Raytheon IIS)/Senior Engineer(Forcepoint) - SureView Insider Threat Cross Platform Agent (Linux, Android, and MacOS)
• Analyzing suspicious web or email files for malicious code discovered through the SOC's own.
• Develop scripts in PERL, Python, BASH, and Powershell to automate common Splunk tasks such as forwarder deployment, configuration, etc.
• Work closely with External security organization to constantly monitor security threats and defense.
• Review and present on quarterly global threat intelligence reports (NIST/ProofPoint/other) with the purpose to correlate threats to the Cyber Kill Chain and owned systems designed to mitigate those threats
• Developed, maintained, and communicated a consolidated risk management activities and deliverables calendar. analysis or reported to the SOC.
• Monitored Security Management Console for Security Operation Centre (SOC) for ensuring confidentiality, Integrity and Availability of Information systems.
• Configure and maintain Elk and Gemini security systems
• Worked on identifying and developing processes and controls to protect IoT and connected platforms from cyber threats, company-wide.
• Used GZIP with AWS Cloud front to forward compressed files to destination node /instances
• Assisted with selection and implementation of controls that apply security protections to systems, processes and information resources using the NIST family of security controls.
• Review and Assess privacy controls in compliance with Privacy Impact Assessment (PIA) and Privacy Threshold Analysis (PTA) using NIST
• Experience in AWS Cloud platform and its features which includes EC2, VPC, EBS, AMI, EBS, Cloud Watch, VPN Servers and Microsoft Azure
• Conduct analysis, cyber threats, the discovery of IT vulnerabilities, monitoring for cyber intrusions, troubleshoot and response to security incidents detected from HP ArcSight or related SIEM. IDS/IPS, and other security applications
• Run internal and external Network Vulnerabilityscans at least quarterly after any significant change in network such as a new system component, installations, changes in network topology, firewall rule modifications and product upgrades.
• Responsible for monitoring and, providing analysis in a 24x7x365 Security Operation Center (SOC) using Splunk SIEM, IDS/IPS tools.
• Evaluation of high volume siem software (including ELK)
• Write, Review and Recommend Secure Security options to comply with organizational standards.
• Conduct Various security scans like Web application scans, Network Vulnerabilityscans, Port scanning, Host and Database scan, using a variety of tools like Nmap, Nessus, Nikto, Lynis.
• Review new Vulnerabilities disclosed and perform proactive assessments on the Network environment, applications and system.
• CIS/B2B Requests - Processed CIS and B2B requests according to user's position with necessary access and functionality
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools,Serve as a cyber-security S-IoT for client redesignnetwork/zone segmentation and helping to drive operational efficiency and reliability and promote safety.
• Conduct and perform passive application assessments and maintain assessment platforms.
• Evaluate, Prepare and deliver a comprehensive assessment to outline the risk, analyze findings and offer strategic and tactical recommendations to management.
• Participate in the change and Advisory Board, Representing Vulnerabilities management and recommendations.
• Validate critical security controls with critical patches, security settings and Vulnerabilitymanagement security configuration policies.
• Analyze Vulnerabilities reports from various scans and assessments by acting on high risk / critical Vulnerabilities to other Vulnerabilities.
• Worked with Desktop and Server engineer on managing applications and security.
• Perform a quarterly scan on all system components and facilities.
• Implement methodologies for penetration testing with testing on application layer, inside and outside of the Network.
• Highly experienced in AWS Cloud platform and its features which includes EC2, VPC, EBS, AMI, SNS, RDS, EBS, Cloud Watch, Cloud Trail, Cloud Formation, AWS Config, Auto Scaling, Cloud Front, IAM, S3 and Route53
• Devised training objectives for blue team members pertaining to detection for threats along the Cyber Kill Chain and Mitre ATT&CK model.
• Utilizing Cloud and High Scalability architecture design patterns in successful solutions.
• Examine Pen Testing methodologies and interview responsible personnel to verify a methodology that is implemented.
• Examine the scope of work and result from the most recent internal penetration test to verify that penetration is performed on timely bases for current changes in the environment and systems.
• Configure and supportfirewallsand VPN solutions
• Installedd and configured Cisco, Juniper, Arista, and Brocade routers and switches as well as Cisco ASAfirewalls.
• Conduct Web Application Scanning andPenetrationTesting. Scan run against TA web application and web services to identify any known vulnerabilities accessible on the public facing TA infrastructure
• Engage in Security Assessment Report that contain vulnerability andpenetrationtest results. The report will include, at a minimum:
• Performing sophisticatedpenetrationexaminations for the purpose of ascertaining the technical weaknesses existing the computer systems

Environment: Nessus, Splunk, Windows, Nessus Scanner, Rapid 7 Nexpose,McAfee Network Security Platform (NSP).

Confidential, Houston, TX

Vulnerability/ Security Analyst

Responsibilities:

• Manage the health and wellness of all scanners and scan environments to include resolution of network, port and service issues. Assist with enterprise level configuration changes to include deployment of Nessus upgrades and patch management commitments
• Established and improved the SOC security system reporting and monitoring capabilities from FY 2011 to FY 2012.
• Risk Metrics - KPI's
• Threat hunting experience, familiar with TTP's, Cyber Kill chain, detection validations,Malicious/ Infected systems DNS sinkholing, etc.
• Cyber Security Work Force at NIOC Norfolk, including cyber research and analysis as well as providing intelligence framework for exercise preparation.
• Implement newsletters alerting existing clients to current trends in the insurance and risk management industry.
• Familiar with cybersecurity frameworks and processes to include NIST 800 series, ISO 2700, FIPS compliance, as well as Cyber Kill Chain.
• Maintaining the user accounts (IAM), RDS, Route 53, SES and SNS services in AWS cloud.
• Scan IP addresses for malware, malicious activities and open Vulnerabilityon the system using NESSUS. Do Port scanning, OS dictation, network inventory, traffic generation using Nmap
• Analyzed network traffic, Packet Capture (PCAP file) using SNIFFER, WIREHARK
• Focused on Security Incident Management, Detection, Investigation, Technical Response & Reporting.
• Assist with the development of process and procedures to improve incident response times, analysis of incidents, and overall SOC functions.
• Monitor site servers for capacity planning and management of drive space and Log management.
• Configure Arc Sight connectors and loggers; add missing assets in Arc Sight.
• Migration of Data Center and Perimeter Security technologies to Cloud security Technologies
• Maintained both government STIG and Enterprise business CIS Harding rules using tool like Retina, Nessus Scanner, Blade Logic, Found stone scanner
• Experienced in building Automation frameworks related to Application Security and proficient in Java, Python and UNIX shell scripts and PowerShell.
• Responsible for penetration testing, Vulnerabilityscans, Threat and Risk management using a variety of tools.
• Worked with IT Operations and Network Engineers to mitigate system vulnerabilities discovered in network devices (routers, switches, VPN Concentrator), servers, and workstations.
• Reassessed and updated System Security Plan (SSP) and Security Assessment Report (SAR) based on findings from Assessing controls using NIST SP rev1, NIST SP A rev4 and NIST SP .
• Launching and configuring of Amazon EC2 (AWS) Cloud Servers using AMI's (Linux/Ubuntu) and configuring the servers for specified applications.
• QRadar SIEM v7.2 Administration with SIEM EPS tuning, distributed deployment architectures. Part of deployment team where parsing several Log sources are integrated intoAdded few Custom Log Sources via Universal DSM/LSX - QID adding/mapping and creating building blocks/rules.
• Created custom searches, custom reports, rules, reference sets and reference maps.
• Performed CERT/SOC operations, including IDS event monitoring and analysis, security incident handling, incident reporting, and threat analysis. Performed security incident handling, incident reporting, and threat analysis.
• Experience with security tools from various vendors to include: Cisco, Checkpoint, CISCO ASA, Iron Port, McAfee, Symantec, Source fire, Sophos, Arc Sight, Tenable, Juniper, Imperia, Bluecoat, Encase, Fire Eye, Bitlocker
• Worked on PCI, SOX and HIPPA security baseline support and as Information Security Professional
• Create Spelunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards.
• Responsible for testing vulnerability updates for all releases and patches of Arc Sight ESM (Enterprise Security Manager) product.
• Conductingpenetrationtests, to include internal externalpenetrationtesting network and application (including web application)penetrationtesting, social engineering, etc.
• Conducting in-house internal and externalpenetrationtests to TECH LOCK network, RevSpring (TECH LOCK's parent company) network, and other TECH LOCK's sister companies network.
• Provide technical administration services for the Arc Sight ESM, Logger, and Connector software platform deployed.
• Performvulnerability, configuration and compliance scan withRapid7to detect deficiencies and validate compliance with information systems configuration with organization's policies and standards.
• Create test scripts for computer network device, such as:Implemented a test web UI by Perl, Python, and TCL/Expect. Analyze network traffic by Perl, python.
• Experience on working with Integration of UNIX and LINUX with Active Directory using Certify Tool Provided 24x7 on-call Support for Production Environments.
• Implemented and troubleshootedfirewallrules in Palo Altofirewallsusing Panorama
• Performingfirewallrule audit using differentfirewalloptimization tools like Tufin, Firemon and Algosec.
• Configuring, Administering and troubleshooting the Checkpoint and ASAfirewall.
• Environment: IBM QRadar, Linux, Spelunk, Rapid 7 Nexpose,Symantec DLP and SEP,SYSLOG-NG,Java and Unix shell scripting,Bluecoat Proxy.
• Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Havij, DirBuster for web applicationpenetrationtests.
• Acquainted with various approaches to Grey & Black box securitytesting.

Confidential, Cary, North Carolina.

SIEM Engineer/Cyber security consultant

Responsibilities:

• Installation of Connectors and Integration of multi-platform devices with IBM Qradar.
• Configuring log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases, and apps.
• Integration of IDS/IPS to IBM Qradar and analyze the logs to filter out False positives and add False negatives into IDS/IPS rule set.
• Lead efforts to establish an automated indicator sharing capability that provides automated integration with network devices using the Collective Intelligence Framework (CIF).
• Conducts comprehensive kill chain analysis of malicious traffic and events to determine root cause, true source, and potential vulnerabilities in the DoD information network.
• Categorize the messages generated by security and networking devices into the multi-dimensional IBM Qradar normalization scheme.
• Develop content for IBM Qradar like correlation rules, dashboards, reports and filters, Active lists, and Session list.
• Demonstrated competency using security controls to disrupt the attack kill chain.
• Review and updating SystemSecurityPlan (SSP) based on findings from Assessing controls using NIST SP rev1, NIST SP a rev4, and NIST SP .
• Integration of IDS/IPS to Arc Sight and analyze the logs to filter out False positives and add False negatives in to IDS/IPS rule set.
• Develop content for Arc Sight like correlation rules, dashboards, reports and filters, Active lists and Session list.
• Experience with Carbon Black endpoint security platform detecting malicious behavior and prevents malicious files, Anti-Malware defense.
• Replicate and migrate Arc Sight Express from 6.1 to 6.9.
• Migrate logs on Arc Sight Logger 6.3 and configure Smart Connectors for syslog and audit log forwarding.
• Configure Symantec Critical System Protection IDS to forward logs to Arc Sight Express for File Integrity Monitoring. Configured remote logging to Arc Sight with flexible fields.
• Responsible for testing and implementation Arc Sight with setup to AD (Active Directory), and LDAP.
• Troubleshooting the issues which are related to Arc Sight Express.
• Scheduled enterprise vulnerability scans to ensure there is no impact on client facing or critical information assets. (Internal Nessus, Nexpose and Metasploit scans in coordination with the enterprise Red Team, and external scans (Qualys)). This role required the ability to configure scanning tools and identify the scope of the scans being performed (target range, expectations, support role delegation).
• Serves as a team member that properly prepares for and addressincidentsacross the organization, a centralizedincidentresponseteam is formed and is responsible for analyzing security breaches and taking any necessary responsive measures.
• Implementation, configuration, and support of Checkpoint and ASA firewalls for clients.
• Sound knowledge and industry experience in Vulnerability Assessment andPenetrationTestingon WEB based Applications, Mobile based application and Infrastructurepenetrationtesting.
• Experience in different web application securitytestingtools like Acunetix, Metasploit, Burp Suite, SQL map, OWASP ZAP Proxy, Nessus, Nmap and HP Fortify.

Environment: IBM QRadar, Spelunk, UNIX, HP Tipping Point NX Next-Generation Intrusion Prevention System, Bluecoat secure web gateway, Symantec DLP, and Endpoint.

Confidential

Security Engineer/ Information Security Analyst

Responsibilities:

• Performed vulnerability scanning on web applications and databases to identify security threats and vulnerabilities.
• Conducted Security Risk Assessment on all new applications, IT Systems or changes to existing IT systems to verify if they satisfy established security baseline before adoption into Corporate Regional offices.
• Conducted Security Risk Assessment on new Vendors and annual Vendor Risk Assessment.
• Assisted management in authorizing the IT Systems for operation on the basis of whether the residual risk is at an acceptable level or whether additional compensating controls should be implemented.
• Coordinated with system owners and ISSOs across the organization to ensure timely compliance
• Participated in meetings to discuss system boundaries for new or updated systems to help determine information types for categorization purposes. Determined the classification of information systems to aid in selecting appropriate controls for protecting the system.
• Worked with Palo Alto Panorama management tool to manage all Palo Alto firewall and network from central location.
• Configured and troubleshooting DHCP issues on Switches.
• Created of Network diagrams on Visio.
• Install and configure the Qradar SIEM including all its components, local & or remote log collectors.
• Worked on SIEM tool Qradar for reporting and data aggregation
• Responsible for analyzing, detecting, preventing malware with security analysis tools and compliance tools.
• Audit of Cisco ACL, Active Directory, and rules in F5 ASM.
• Conduct penetration testing & Auditing of the organization network by using tools.
• Foot printing, Scanning, Sniffing and monitoring Network activities by using Open source & commercial tools like (Wire shark, Nmap).
• Expertise in virtual server technology (VMWare, ESXi, VSphere).
• Installing, Configuring of Networking Equipment’s: Routers and Switches and LAN/WAN design, implementation and optimization using Cisco routers and switches.
• Used Layer 3 protocols like EIGRP and BGP to configure Routers in the network.
• Configure and Implement Remote Access Solution: IPSEC VPN, Remote Access.
• Conducted evaluation of intranets and firewalls on a regular basis.
• Worked closely with project team members to document current PCI requirements and instructed team members on appropriate control rationalization and test evidencing Techniques.

Environment: Windows, Linux, LAN, WAN, Antivirus.