SUMMARY:

• 6+ years of experience in IT Securityoperations in SIEM, Vulnerability Assessment, Incident Response and Forensics
• Experienced with Vulnerability Scanning tools like Nessus and Qualys
• Implemented and Maintained SIEM infrastructure using QRadar
• Member of Sec - Ops team for Incident Response plans and layouts
• Ability to collect volatile data such as network traces(pcaps),memory capture and process/network/activity data for analysis
• Good understanding of disk dissection & memory issues as part of Incident Response
• Good knowledge in SOX and PCI compliance requirements and understanding of NIST standards.
• Good exposure to System/Network Analysis, Intrusion Detection and Malware Analysis
• Involved in managing documentation to support IT security processes
• Good knowledge of threats analysis and remediation efforts in to Intrusion prevention and penetrations
• Good knowledge in End Point Security, Firewalls and Database Activity Monitoring (DAM)
• Ability to identify network and application vulnerabilities and create a remediation plan
• Good Understand of OWSAP Top 10 and SANS vulnerabilities
• Knowledge of networking concepts - LAN/WAN, TCP/IP, Routing & Switching and OSI Layers
• Strong troubleshooting, reasoning and problem solving skills

TECHNICAL SKILLS:

SIEM Tools: QRadar, Splunk

Security / Vulnerability Tools: Snort, Wireshark, Nessus, Qualys Vulnerability Manager

Networking Protocols: TCP/IP, HTTP/HTTPS, SSH, SSL, DNS, SNMP

Networking Tools: Routers, Switches, Load balancers, Cisco VPN, NAC/NAP

Operating Systems: Linux, Windows

Ticketing Systems: Service Now, Remedy, Heat, ClarifyDAM: IBM Info SphereGuardium

PROFESSIONAL EXPERIENCE:

Confidential, New York

Security Engineer/Analyst

Responsibilities:

• Analyze and review data from SIEM - QRadar for suspicious activity and trigger alerts to the concerned teams.
• Troubleshoot and researched security incidents based on QRadar Network flow and log activity.
• Involved in analysis of multiple log sources including firewalls, routers, switches, web servers and multiple networking devices.
• Responsible for assisting with deployment of network infrastructure configurations across multiple product and technologies.
• Acted as the primary responder for managed security incidents pertaining to client firewalls and all network infrastructure components.
• Part of the Blue Team to identify the vulnerabilities and have a defense mechanism in place.
• Learnt and helped IR team with Log collections, analysis and forensic activities.
• Investigating logs and payloads for server crashes/core dumps, DDoS attacks, SQL/XSS, SPAM, etc.
• Responsible for performing vulnerability assessment on critical systems using Qualys.
• Configured and scheduled Qualys scanner in QRadar to perform scan on regular intervals.
• Collaborate with team members in tuning SIEM applications in an effort to establish a baseline for network activity and rule out false positive events.
• Provide root cause analysis and remediation techniques for management in regards to security incidents and governance documents.

Confidential, Irving, Texas

Security Analyst

Responsibilities:

• Part of a team managing SIEM- Splunk and network infrastructure security.
• Develop historical threat activity through aggregation, correlation and trending to predict future threats.
• Analyze logs from SIEM (Splunk) for suspicious activity.
• Monitor security alerts form Splunk and report any issues to the concerned team.
• Monitor and analyze data feeds of events and logs from firewalls, routers, and other network devices or host systems for security violations and identify vulnerabilities.
• Used Nmap and Nessus for performing vulnerability assessment.
• Track and document incidents right from detection to resolution in case management system as part of IRT - Incident Response Team.
• Coordinate with subject matter experts to resolve any security incidents and correlate threat assessment data as needed.
• Support in the detection, understanding and resolving information security incidents affecting information systems & the business.
• Research and recommend corrective actions to ensure information dissemination regarding targeted or potentially targeted attacks.
• Investigate, document and recommend appropriate corrective action plans relating to IT security.

Confidential

Security Consultant

Responsibilities:

• Performed vulnerability assessments on web applications using IBM App Scan and Databasesystems using Guardium VA.
• Conducted dynamic and static analysis of web application using IBM AppScan.
• Performed security testing, analyze test results, document risk and recommends counter measures.
• Analyzed and reported management on current vulnerabilities and provide countermeasure recommendations
• Responsiblefor performing penetration testing all the way from planning, designing, executing and reporting.
• Used appropriate tools, techniques and conforming to agreed process standards and industry specific regulations.
• Created and maintained test ware (test cases, test scripts, test reports, test plans, etc.) to measure and improve the security of the application being scanned.

Confidential

Security Analyst

Responsibilities:

• Monitor, Analyze and respond to security incidents in the infrastructure.
• Troubleshoot any security issues found in the infrastructure according to the security standards and procedures.
• Expert in using Burp Suite for web application penetration tests.
• Actively used NMAP for port scanning and made sure only appropriate ports are in use.
• Actively researchedon any security gaps that are Confidential the ability of detection by any security scanner.
• Responsible for performing periodic Vulnerability assessment (VA) as per the security policy and standards.
• Involved in documenting all web applications and systems, audit data and ensuring compliance with legal and regulatory requirements.
• Engaged the development team to in corporate security in all phases of SDLC and to perform Threat Modeling, Risk Management, Logging, Penetration Testing, etc.
• Conducted application penetration testing of 20+ business applications and compliance audits.

Confidential

System Engineer

Responsibilities:

• Installation and Configuration of Linux systems like CENT OS, Red Hat and Windows Servers. Also involved in user account management.
• Actively involved in Monitoring the server’s health status using different tools.
• Responsible for application support on Red Hat servers which included apache configurations
• Experience in Performance monitoring, usage and load the system.
• Created Perl and Shell scripts to automate administration tasks.
• RPM package installation & upgrade released by Red Hat in the repository
• Administration of client machines using SSH and FTP
• Supported for application upgrade and rollback, Start or Stop services in Linux Servers.