TECHNICAL SKILLS:

RedHat 4 7, Solaris 8: 9, CentOS 4 - 6, Ubuntu, Fedora, BackTrack5, Kali Linux, Windows Server 2008, 2012, 2016 and Nano Server, Mac OS X

Languages and Web Development: Bash Shell scripting, Python, Ruby, HTML, CSS, PHP, XML

Cloud Infrastructure: OpenStack, Windows Azure (ARM, storage, AD, PaaS,DMA)and Amazon AWS (EC2, S3/Glacier, Route53, VPC, EBS and Security Groups)

Application: Splunk, Puppet, Chef, Ansible, Nginx, Remedy, Apache, Tomcat, MySql, Jenkins, Nagios, Veritas NetBackup, Git, Docker, Vagrant, VMware ESXi and vSphere, Kickstarter and KVM, BigFix, Remote Desktop, Remedy, Microsoft Office Suite (Word, Excel, Outlook, Access and PowerPoint, Microsoft Exchange), System Centre (SCCM), Nagios, MySQL, OpenSQLSecurity Tools: WireShark, Nmap, Zenmap, Metasploit, Armitage, Snort, net stumbler (search unencrypted wifi), Knoppix, Retina, Microsoft Baseline Security Analyzer (MBSA) and Nessus, Rapid7 Nexpose, SoureFire, PaloAlto, linux untangle, Cofee, Encase, GFI LanGuard, McAfee Vulnerability Manager, OpenVAS, SolarWind, RSA Netwitness Endpoint, StealthWatch.

PROFESSIONAL EXPERIENCE:

Confidential, Washington DC

SPLUNK/ SECURITY ENGINEER

Responsibilities:

• Migrated Splunk 6.5 from bare metal servers to AWS
• Create and Manage Private Lab with Dell PowerEdge and AWS to host Splunk Clustered Environment
• Designed a testing form to track metrics and results during testing
• Designing and implementing Splunk - based best practice solutions.
• Use Splunk Search Processing Language (SPL) and Regular expressions.
• Creating, maintain, support, repair, customizing System & Splunk applications, search queries and dashboards.
• Deploy new Splunk systems and Monitor Splunk internal logs from the monitoring Console (MC) to identify and troubleshoot existing or potential issues
• Creation of indexes, forwarder & indexer management, Splunk Field Extractor IFX, Search head Clustering, Indexer clustering, Splunk upgradation,
• Create Script to save old data into AWS Glacier
• Creating users and roles, architecture planning, replication factor, search factor
• Correlating events from a Network, OS, Anti-Virus, IDS/ IPS, Firewalls or Proxies and analyzing them for possible threats.
• Install and configure the following applications: DbConnect, Hunk, Microsoft Exchange App, AWS splunk App, Cisco Network App,
• Use Splunk ES. ITSI on sandbox
• Configure SYSLOG servers for data onboarding from network devices.
• HIPS - currently planning/testing initial configuration and phased deployment with test machines/users.
• Use Cisco ASA and Palo Alto OVA for firewall configuration, create firewall rules for network protection
• Vulnerability Scanning: Initial setup, testing, and configuration of DbProtect/AppDetective database vulnerability scanner, Vulnerability scanning and assessments with tools including Tenable Security Center, Nessus, TripWire, Qualys, Trustwave DbProtect and HP Web Inspect.
• Continuous Diagnostics & Mitigation (CDM): Preliminary planning and implementation of tools including IBM BigFix, Splunk, and Tripwire.
• Design, develop, implement, enforcement & maintenance of system security, policy standards, guidelines and procedures to ensure NIST and PCI regulatory compliance.
• Create Alerts for security events on IDS and IPS
• Provides technical expertise in security risk management, security architectures and implementations, and utilizing effective security risk assessment practices.
• Performed routine security functions for risk detection, prevention, and response. Monitor security systems & events to detect investigate & mitigate threats.
• Configure special purposed equipment using NAC, IPAM and Palo Alto firewall.
• Mobile Device Management (MDM) using MaaS 360
• Configure hot, warm and cold buckets to hold data for extended period.
• Install and configured splunk Enterprise environment on linux, Configured Universal and Heavy forwarder
• Install and configured Splunk clustered search head and Indexer, Deployment servers, Deployers
• Experienced in configuration of the splunk input and output configuration files
• Installed, configured and manage Splunk Enterprise Security.
• Created complex dashboards, forms, and visualizations.
• Edited simple XML to create dashboards that use tokens
• Create Knowledge Objects, regex statement and splunk instances
• Monitored security posture and security incidents regarding trending outside and inside threat vectors.
• Modify, test, and implement custom HIPS rules and establishes exclusions.
• Implement STIG requirements.
• Review DLP policies and investigate violation via non-approved devices.
• Timely and accurately generating IR reports, reviewing possible gaps and updating upper management
• Conducting Installation, configure/maintaining network equipment, endpoint protection, patching, switches and intrusion detection systems
• Improving diagnosing risk, security and compliance incidents with issues involving extensive analysis
• Assist to recommending security resolutions to management for better malware detection and endpoint security
• Providing Information Security Operations Center (ISOC) support, analyze a variety of network and host-based security logs (Firewalls, NIDS, HIDS, Syslog, etc.)

Confidential, Washington DC

SYSTEM ADMINISTRATOR

Responsibilities:

• Use Virtualization tools (VMware ESXi 5.5, Hyper-V and Oracle Virtual Box) to host and manage VMs.
• Set up firewall configuration using IPChains/IPTables/Firewall-cmd and SELinux
• Assembled and use Puppet Master, Agent and Database servers on Red Hat Enterprise Linux Platforms.
• Configure Apache, Tomcat, Nginx (Proxy + load Balancer), MySQL server on Red Hat 6 for virtual and web hosting,
• Configure and manage both Windows and Linux server platforms
• Account management using LDAP and Kerboros configurations protocols, ACLs and file management
• Monitoring and Maintaining system configuration and log files and system error with password recovery and performance tuning, perform fault isolation and root-cause analysis of recurring issues.
• Archiving, compression backup and restoration of data from Veritas NetBackup
• Provided 24/7 support in a production and staging environment, troubleshooting and documentation for future referance
• Use Red Hat Satellite server to deploy, monitor and manage systems updates
• Creating or attaching existing VHD, simple volume, spanned volume or striped volume allocation, and VHD partitioning. RAID 0,1,5 and 10 configuration settings.
• TCP/IP network configuration (IP addressing and Subnetting) and linking servers to central domain server.
• Install and configure Active Directory Domain Services and Active Directory Lightweight Directory Services for deployment of applications, Creating Organizational Units(OU's) and setting up Group Policy Objects(GPO), and Group Policy Containers (GPC)
• Integrate LDAP running on Linux with Active Directory Services on Windows.
• Deploy and Configure DNS, DHCP Servers, VPN, RADIUS, NAT, DirectAccess
• Implementation of Failover Clustering, Windows Server migration Tools, Windows Server Backup Group Policy Management, SMTP Server,
• Server management using WSUS, WDS, System Center Configuration Manager (SCCM)
• Cloud experience on OpenStack private cloud, Windows Azure and Amazon). Assist to design, configure, manage, and maintain the deployment and operations in Amazon EC2, AWS, VPC, S3, Elastic Search services and creating security groups.

LINUX SYSTEM ADMINISTRATOR

Confidential

Responsibilities:

• Installation, configuration and connecting RHEL 6, Centos 6.4 and Solaris 10 servers to a network using standard installation and Kickstart.
• Review server platforms, installations and configurations to ensure corporate and industry standard were followed
• Experienced in Virtualization (VMware Esxi 5.5, Hyper-V and Oracle Virtual Box).
• Hardening, and patching both Red Hat 6 and Solaris servers and upgrade new release on standalone servers (using single user mode), and also on production servers.
• Setting up firewall configuration using IPChains/IPTables and SELinux
• Perform multiplatform volume management using LVM and VCS volume manager and manage swap configurations.
• Assembled Puppet Master, Agent and Database servers on Red Hat Enterprise Linux Platforms.
• Use Puppet and Ansible as automation tools for application management and OS management.
• Create cron jobs for periodic processes using crontab or bash scripting
• Manage crash and core dump files, archive, compress files and send to vendors.
• Configure Apache, Tomcat, Nginx (Proxy + load Balancer), MySQL server on Red Hat 6 for virtual and web hosting, install and configure samba for quick publishing using third arty web page maker.
• User and security account management using LDAP and Kerboros configurations protocols, and file management using RWX permissions or ACL.
• Monitoring and Maintaining system configuration and log files and system error with password recovery and performance tuning, perform fault isolation and root-cause analysis of recurring issues.
• Responsible for data management using Red Hat utilities for archiving, compression backup and restoration
• Experience in Server monitoring, capacity planning, application monitoring with the help of Nagios, Cacti, Zabbix, Puppet, Splunk.Perform backup using Snapshots, Rsync, Veritas NetBackup and Jenkins backup add-on
• Configuration of cisco network Security appliance (NSA) with WAN login, VPN (SSL, IPSec and Site-to-site), SNMP, Intrusion Detection and Prevention Security; IPS and IDS, firewall, DMZ, LAN, DNS, DHCP server, NAT, web Threat protection, Email Security and account management
• Implementing Intrusion using snort
• Configuring TrendNet-BGN for wireless access protocols WAP, MAC filtering, WiFi Protocol Security WPS, LAN settings and user management
• Prevent zone transfers of Active Directory in Windows servers.
• Configure IP Cameras through switch console manager
• Configuring Windows Defender to filter malware within network
• Drive encryption and bitlocker configuration
• Implementing access controls, biometric systems, single sign-on (SSO) configuration, smartcard authentication and NTFS permissions
• Implement IPsec, Remote access deployment using RADIUS and TACACS+
• Encryption using both symmetric and asymmetric methods
• Maintain and managing certificates and Public Key Infrastructure (PKI)
• Implement business continuity Planning (BCP) for disaster recovery plan (DRP) and Data Loss Prevention (DLP)
• Using Access Data Forensic Took Kit to scan compromised hard drives
• Assist to implement environment control mechanisms in server room to help increase life span of servers
• Setup secure mobile and BYOD devices using Mobile Device Management (MDM), Microsoft Intune Cloud, app control using Mobile Application Management(MAM), geotagging and geofencing
• Inspection, IOS, Firewall, bandwidth
• Using Retina, Microsoft Baseline Security Analyzer (MBSA) and Nessus tools to scan rogue hosts, vulnerability assessment,
• Operating system hardening and penetration testing using Knoppix STD,
• Cisco Router and switching configurations; Spanning Tree Protocol (STP), VLANs and interVLANs, Trunking, switch security, remote access, route summarization, Open shortest path first (OSPF), EIGRP, DHCP, ACL, NTP, PPPoE, SNMP, Logs, Netflow
• Setup Firewall rules, networks Security and hardening of instances using CIS benchmark and STIG
• Implementation of NFS, SAMBA file servers and SQUID proxy servers
• Monitoring ticket trafficking with REMEDY and perform troubleshooting, maintenance and operations of OS's
• Security implementation through ACL, IPTABLES and TCP Wrappers.
• Experienced in implementing and maintaining an LAMP stack web service environment; Apache Tomcat /MySQL/PHP. Handled installation and configuration of SQUID Web proxy.
• Installation and configuration of DNS, DHCP, Active Directory, Print Server, Remote Access, VPN, Mail servers, file sharing and network drive mapping on Windows Server 2003