We provide IT Staff Augmentation Services!

Information Security Analyst Resume

2.00 Rating



  • IT Security Analyst with 7+ Years of IT experience.
  • Participated in Information systems risk assessments and Gap Analysis.
  • Conducted Security/risk awareness programs and seminars for business staff.
  • Confidential, managed a project to bring a SIEM solution into the organization. This project entailed coordinating efforts with outsourced solution provider and internal implementation teams in order to install, configure, and operate the SIEM in a value added way.
  • Participated in the Incident Response Team in responding to various Security incidents.
  • Assists in the development, implementation, testing, and maintenance of the Disaster Recovery/Business Resumption Plans.
  • Security Information and Event management (SIEM) support utilizing RSA Envision.
  • Experience with SOX, Regulatory Compliance and Controls.
  • Research events using SIEM technology, packet captures, reports, data visualization, and pattern analysis.
  • Experience with Microsoft Windows Installer packages using Wise Package Studio and Admin Studio. Advertised and managed packages and collections in SCCM environment.
  • Monitor SIEM, AV, and firewall consoles, and detected/raised/responded to alerts.
  • Provided special technical guidance and recommendations to the Information Technology department and business about the risks and control measures associated with new and emerging Information systems technologies.
  • Worked with the Business/Technology teams to identify Security issues and agree corresponding actions to accept or mitigate the risks.
  • Evaluate/recommend Security products for various platforms and initiatives.
  • Experience with intrusion detection/intrusion prevention (IDS/IPS) architectures and implementations.
  • Developed Security administration procedures that comply with the existing Security policies, standards and procedures established by Client's Security steering committee.
  • Maintained ongoing communications with all system users, resource owners and organization nominated chief Information Security officer (Operations).
  • Experience with ArcSight ESM and tools to resolve security failures.
  • Thorough knowledge of SDLC, RUP methodology, RequisitePro, ClearCase and Rational Rose.
  • Strong analytical skills to analyze security requirements and to solve them with proper security mechanisms.
  • Use of Active Directory and privileges for assisting in audits.
  • Experience in designing and developing project document templates based on SDLC methodology.
  • Proficient in programming languages like C, C++, Java, and .Net Technologies.
  • Proficient in writing SQL Queries for data analysis and validation.
  • Trained users with regard to the operation and maintenance of the new features by providing training sessions and enhanced documentation.
  • Change Management and Impact analysis.
  • Excellent communication and presentation skills.


O/S: Windows XP/2000/Millennium/NT 4.0/98/95 Linux

Languages: C++, XML, HTML, PL/SQL, Java, J2EE

Tools: MS Project, MS PowerPoint, Visio, Rational Rose, RequisitePro, Crystal Reports, ClearCase, ClearQuest, Microsoft SCCM, Active Directory, TestDirector, SIEM, ArcSight ESM, ArcSight Logger, UML, Argo UML,Sun Java System, Windows 9x/NT/2000/XP, UNIX (Sun Solaris, AIX, HP - UX), Linux, Mainframe


Confidential, PA

Information Security Analyst


  • Part of the Change Management team in reviewing various changes.
  • Part of Cadence Core Innovative Technology team which works for innovative/new ideas.
  • Perform regular internal audits with ISS scanner to identify host and network based vulnerabilities (per Sox Scan).
  • Research events using SIEM technology, packet captures, reports, data visualization, and pattern analysis.
  • Perform System Center Configuration Management (SCCM) infrastructure development, alteration, deployment, and access control.
  • Work with Anti-Malware Solutions like McAfee and kaspersky.
  • Formulated security content data such as filters, reports, signature and mapping.
  • Prepared system plans and executed ArcSight architecture modifications.
  • Managed, upgraded and maintained operational data flows and ArcSight platforms.
  • Maintained and modified hardware and software components, content and documentation.
  • Analyzed ArcSight and related tools and resolved IT security failures.
  • Monitor SIEM, AV, and firewall consoles, and detected/raised/responded to alerts.
  • Prepare an analysis report based on the COTS evaluation.
  • Work with different versions of System Center 2012.
  • Involved with SCCM upgrades from SCCM configMgr to System Centre 2012
  • Consolidate analysis of multiple business lines after the COTS evaluation.
  • Administer/maintain Active Directory, MS Exchange Server 2003 and 2007.
  • Prepare ROI Analysis Report after evaluating COTS product of multiple business lines.
  • Develop/manage Project Plans and Schedules. Manage resolution of Project issues/conflicts.
  • Responsible for daily security administration of 1,200 user accounts on multiple platforms.
  • Provide LAN security using Active Directory.
  • Subject Matter Expert for developing Information Systems policies and procedures for data protection.
  • Sun Java System Identity Manager 7.1 full lifecycle implementation.
  • Designed physical and logical architecture, business and system requirements, password management use cases, provisioning workflow use cases, test cases, and training
  • Work with Architecture, and planning of integrating legacy provisioning application in Sun Java System Identity Manager.
  • Active Directory group creation, membership admin, and account provisioning.
  • Develop security awareness training programs/processes and procedures to implement it.
  • Provide user access by using Active Directory.
  • Monitor/maintain security baselines audits for all production and development servers within network domain.

Confidential, MA

Information Security Analyst


  • Led in the analysis, development/adoption, and implementation of Information Security policies, procedures, standards and guidelines.
  • As part of a Security team worked with network teams, storage teams, project managers, business units, ISMS/Business Continuity audit, and other professional services personnel to ensure a smooth implementation and transition from start-up to integration/production mode
  • Responsibilities included the execution of all consulting engagements, which encompass evaluating business' strategic business issues, identifying requirements, creating business case justifications, and proposing appropriate enterprise solutions.
  • Maintained the organizations Security Procedures as per PCI DSS requirements that.
  • Evaluation/compliance with Encryption Key Management issues.
  • Storage - Backup, Disaster Recovery and Emergency operating procedures.
  • Environmental Security Incident Response and process protocols including Incident Reporting and Sanctions.
  • Testing of security procedures, mechanisms and measures.
  • Approved authority for all the Information Security approvals, reviewing and validating all the requests as per ISO 27001 and HIPAA compliance.
  • End-to-End Execution (leading, planning, managing) of risk based internal audits.
  • Oversaw and/or assisted the Chief Information Security Officer with the development and completion of IT risk assessment, audit plan, developing high-level IT policies (focusing on security), analyzing, notifying and managing security projects and issues, monitoring for violations, and investigation of security incidents.
  • Sustained appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and/or transmitted patient data and protect against reasonably anticipated threats and hazards.
  • Install Microsoft updates using SCCM and image of computer hard drives using Microsoft SCCM
  • Configuring SCCM to handle monitoring and deploying updates to all servers
  • Conducted functionality and Gap Analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements.
  • Evaluated/recommended new Information Security technologies and counter-measures against threats to information or privacy.
  • Ensured compliance through adequate training programs and periodic security audits. These audits should be both internal and external in nature.
  • Responsible for business impact of security issues and suggesting corrective/preventive actions to be performed.
  • As part of the team responsible for audit and monitoring security platforms such as Firewall Management (PIX Firewall), Vulnerability Assessment, Anti-Virus Management (McAfee ePO 3.6, 4.0; Symantec virus scan) and cleaning unauthorized software.
  • Conducted sessions on Information Security awareness for new hires as part of New Hire Orientation Program (NHO) in the company.

Confidential, TX

Sr. Information Security Analyst


  • Rationalized Rule Set Review for Perimeter Network relevant to PCI DSS.
  • Asset Inventory for all PCI DSS Systems and applications.
  • Managed a project to bring a SIEM solution into the organization. This project entailed coordinating efforts with outsourced solution provider and internal implementation teams in order to install, configure, and operate the SIEM in a value added way.
  • Monitored SIEM tool for intrusion activity.
  • PCI DSS relevant applications and assets and mapping it with the existing organizations process and develop security solutions, requirements, controls and processes.
  • Evaluated critical systems and applications for audit log management and providing evidence of report/non-report for systems and applications.
  • Push software to end user via SCCM tool
  • Install, configure and support Lotus Notes
  • Manage, create, and modify user accounts in Active Directory.
  • Re-Image workstations remotely using SCCM tool imaging process
  • Ensured compliance to policy and procedure development; assessing the organization effort to fulfill Gap- Analysis with respect to PCI DSS processing.
  • Responsible for all presentations to Architectural Review Boards, IT & Security Governance, Human Resources and Business and End User communities
  • Mapped PCI DSS categorized Activities with InfoSec Risk Management Events.
  • Ensured mitigation of risks by Information Security Compliance/Risk departments and other respective departments necessary on PCI DSS (as categorizes into activities as per PCI DSS requirements).
  • Setup/managed User Accounts in Active Directory.
  • Coordinated compliance processes with Internal Audit Department and other necessary measures that may be required to ensure compliance with PCI DSS.

Confidential, IL

Business Analyst


  • Designed the business requirement collection approach based on the project scope and SDLC methodology.
  • Facilitated and managed meeting sessions with committee of SMEs from various business areas including Loan Monitoring and Marketing.
  • Excellent Knowledge of Customer Segmentation, Portfolio Analysis/Mgmt., FDR processes and FICO Score generation. Conducted interviews with key business users to collect requirement and business process information.
  • Worked with removal/upgrade/installation packages in SCCM
  • Conducted a budget planning of the project through walkthroughs and meetings involving various leads from Development, QA and Technical Support teams.
  • Analyze business requirements and segregated them into Use Cases and activity diagrams using Rational Rose according to UML methodology thus defining the Data Process Models.
  • Design and develop the data load process using XML Style sheets and ACORD.
  • Creation of UML Diagrams including Context, Business Rules Flow, and Class Diagrams.
  • Tested the final application for Usability testing to verify whether all the User Requirements were catered to by the application.
  • Prepared a simple and detailed User manual for the application, for an intended user.

Confidential, WI

Business Analyst/Data Analyst


  • Strong knowledge and understanding of the various steps in the Mortgage Loan Lifecycle.
  • Serve as Property & Casualty Insurance SME, reporting to the President, addressing various Insurance industry issues as they arise and the point person for the development and adoption of the ACORD xml standards.
  • Developed/documented business process models for Mortgage Origination, Mortgage Servicing, Loan Monitoring, Assets Assessment and Secondary Mortgage Market.
  • Designed/customized data models for Data Warehouse. Derived Functional Requirement Specifications based on User Requirement Specification. Understood/articulated business requirements from user interviews and then converted requirements into technical specifications.

We'd love your feedback!