SUMMARY

• IT Security Analyst with 7+ Years of IT experience.
• Participated in Information systems risk assessments and Gap Analysis.
• Conducted Security/risk awareness programs and seminars for business staff.
• Confidential, managed a project to bring a SIEM solution into the organization. This project entailed coordinating efforts with outsourced solution provider and internal implementation teams in order to install, configure, and operate the SIEM in a value added way.
• Participated in the Incident Response Team in responding to various Security incidents.
• Assists in the development, implementation, testing, and maintenance of the Disaster Recovery/Business Resumption Plans.
• Security Information and Event management (SIEM) support utilizing RSA Envision.
• Experience with SOX, Regulatory Compliance and Controls.
• Research events using SIEM technology, packet captures, reports, data visualization, and pattern analysis.
• Experience with Microsoft Windows Installer packages using Wise Package Studio and Admin Studio. Advertised and managed packages and collections in SCCM environment.
• Monitor SIEM, AV, and firewall consoles, and detected/raised/responded to alerts.
• Provided special technical guidance and recommendations to the Information Technology department and business about the risks and control measures associated with new and emerging Information systems technologies.
• Worked with the Business/Technology teams to identify Security issues and agree corresponding actions to accept or mitigate the risks.
• Evaluate/recommend Security products for various platforms and initiatives.
• Experience with intrusion detection/intrusion prevention (IDS/IPS) architectures and implementations.
• Developed Security administration procedures that comply with the existing Security policies, standards and procedures established by Client's Security steering committee.
• Maintained ongoing communications with all system users, resource owners and organization nominated chief Information Security officer (Operations).
• Experience with ArcSight ESM and tools to resolve security failures.
• Thorough knowledge of SDLC, RUP methodology, RequisitePro, ClearCase and Rational Rose.
• Strong analytical skills to analyze security requirements and to solve them with proper security mechanisms.
• Use of Active Directory and privileges for assisting in audits.
• Experience in designing and developing project document templates based on SDLC methodology.
• Proficient in programming languages like C, C++, Java, and .Net Technologies.
• Proficient in writing SQL Queries for data analysis and validation.
• Trained users with regard to the operation and maintenance of the new features by providing training sessions and enhanced documentation.
• Change Management and Impact analysis.
• Excellent communication and presentation skills.

TECHNICAL SKILLS

O/S: Windows XP/2000/Millennium/NT 4.0/98/95 Linux

Languages: C++, XML, HTML, PL/SQL, Java, J2EE

Tools: MS Project, MS PowerPoint, Visio, Rational Rose, RequisitePro, Crystal Reports, ClearCase, ClearQuest, Microsoft SCCM, Active Directory, TestDirector, SIEM, ArcSight ESM, ArcSight Logger, UML, Argo UML,Sun Java System, Windows 9x/NT/2000/XP, UNIX (Sun Solaris, AIX, HP - UX), Linux, Mainframe

PROFESSIONAL EXPERIENCE

Confidential, PA

Information Security Analyst

Responsibilities:

• Part of the Change Management team in reviewing various changes.
• Part of Cadence Core Innovative Technology team which works for innovative/new ideas.
• Perform regular internal audits with ISS scanner to identify host and network based vulnerabilities (per Sox Scan).
• Research events using SIEM technology, packet captures, reports, data visualization, and pattern analysis.
• Perform System Center Configuration Management (SCCM) infrastructure development, alteration, deployment, and access control.
• Work with Anti-Malware Solutions like McAfee and kaspersky.
• Formulated security content data such as filters, reports, signature and mapping.
• Prepared system plans and executed ArcSight architecture modifications.
• Managed, upgraded and maintained operational data flows and ArcSight platforms.
• Maintained and modified hardware and software components, content and documentation.
• Analyzed ArcSight and related tools and resolved IT security failures.
• Monitor SIEM, AV, and firewall consoles, and detected/raised/responded to alerts.
• Prepare an analysis report based on the COTS evaluation.
• Work with different versions of System Center 2012.
• Involved with SCCM upgrades from SCCM configMgr to System Centre 2012
• Consolidate analysis of multiple business lines after the COTS evaluation.
• Administer/maintain Active Directory, MS Exchange Server 2003 and 2007.
• Prepare ROI Analysis Report after evaluating COTS product of multiple business lines.
• Develop/manage Project Plans and Schedules. Manage resolution of Project issues/conflicts.
• Responsible for daily security administration of 1,200 user accounts on multiple platforms.
• Provide LAN security using Active Directory.
• Subject Matter Expert for developing Information Systems policies and procedures for data protection.
• Sun Java System Identity Manager 7.1 full lifecycle implementation.
• Designed physical and logical architecture, business and system requirements, password management use cases, provisioning workflow use cases, test cases, and training
• Work with Architecture, and planning of integrating legacy provisioning application in Sun Java System Identity Manager.
• Active Directory group creation, membership admin, and account provisioning.
• Develop security awareness training programs/processes and procedures to implement it.
• Provide user access by using Active Directory.
• Monitor/maintain security baselines audits for all production and development servers within network domain.

Confidential, MA

Information Security Analyst

Responsibilities:

• Led in the analysis, development/adoption, and implementation of Information Security policies, procedures, standards and guidelines.
• As part of a Security team worked with network teams, storage teams, project managers, business units, ISMS/Business Continuity audit, and other professional services personnel to ensure a smooth implementation and transition from start-up to integration/production mode
• Responsibilities included the execution of all consulting engagements, which encompass evaluating business' strategic business issues, identifying requirements, creating business case justifications, and proposing appropriate enterprise solutions.
• Maintained the organizations Security Procedures as per PCI DSS requirements that.
• Evaluation/compliance with Encryption Key Management issues.
• Storage - Backup, Disaster Recovery and Emergency operating procedures.
• Environmental Security Incident Response and process protocols including Incident Reporting and Sanctions.
• Testing of security procedures, mechanisms and measures.
• Approved authority for all the Information Security approvals, reviewing and validating all the requests as per ISO 27001 and HIPAA compliance.
• End-to-End Execution (leading, planning, managing) of risk based internal audits.
• Oversaw and/or assisted the Chief Information Security Officer with the development and completion of IT risk assessment, audit plan, developing high-level IT policies (focusing on security), analyzing, notifying and managing security projects and issues, monitoring for violations, and investigation of security incidents.
• Sustained appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and/or transmitted patient data and protect against reasonably anticipated threats and hazards.
• Install Microsoft updates using SCCM and image of computer hard drives using Microsoft SCCM
• Configuring SCCM to handle monitoring and deploying updates to all servers
• Conducted functionality and Gap Analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements.
• Evaluated/recommended new Information Security technologies and counter-measures against threats to information or privacy.
• Ensured compliance through adequate training programs and periodic security audits. These audits should be both internal and external in nature.
• Responsible for business impact of security issues and suggesting corrective/preventive actions to be performed.
• As part of the team responsible for audit and monitoring security platforms such as Firewall Management (PIX Firewall), Vulnerability Assessment, Anti-Virus Management (McAfee ePO 3.6, 4.0; Symantec virus scan) and cleaning unauthorized software.
• Conducted sessions on Information Security awareness for new hires as part of New Hire Orientation Program (NHO) in the company.

Confidential, TX

Sr. Information Security Analyst

Responsibilities:

• Rationalized Rule Set Review for Perimeter Network relevant to PCI DSS.
• Asset Inventory for all PCI DSS Systems and applications.
• Managed a project to bring a SIEM solution into the organization. This project entailed coordinating efforts with outsourced solution provider and internal implementation teams in order to install, configure, and operate the SIEM in a value added way.
• Monitored SIEM tool for intrusion activity.
• PCI DSS relevant applications and assets and mapping it with the existing organizations process and develop security solutions, requirements, controls and processes.
• Evaluated critical systems and applications for audit log management and providing evidence of report/non-report for systems and applications.
• Push software to end user via SCCM tool
• Install, configure and support Lotus Notes
• Manage, create, and modify user accounts in Active Directory.
• Re-Image workstations remotely using SCCM tool imaging process
• Ensured compliance to policy and procedure development; assessing the organization effort to fulfill Gap- Analysis with respect to PCI DSS processing.
• Responsible for all presentations to Architectural Review Boards, IT & Security Governance, Human Resources and Business and End User communities
• Mapped PCI DSS categorized Activities with InfoSec Risk Management Events.
• Ensured mitigation of risks by Information Security Compliance/Risk departments and other respective departments necessary on PCI DSS (as categorizes into activities as per PCI DSS requirements).
• Setup/managed User Accounts in Active Directory.
• Coordinated compliance processes with Internal Audit Department and other necessary measures that may be required to ensure compliance with PCI DSS.

Confidential, IL

Business Analyst

Responsibilities:

• Designed the business requirement collection approach based on the project scope and SDLC methodology.
• Facilitated and managed meeting sessions with committee of SMEs from various business areas including Loan Monitoring and Marketing.
• Excellent Knowledge of Customer Segmentation, Portfolio Analysis/Mgmt., FDR processes and FICO Score generation. Conducted interviews with key business users to collect requirement and business process information.
• Worked with removal/upgrade/installation packages in SCCM
• Conducted a budget planning of the project through walkthroughs and meetings involving various leads from Development, QA and Technical Support teams.
• Analyze business requirements and segregated them into Use Cases and activity diagrams using Rational Rose according to UML methodology thus defining the Data Process Models.
• Design and develop the data load process using XML Style sheets and ACORD.
• Creation of UML Diagrams including Context, Business Rules Flow, and Class Diagrams.
• Tested the final application for Usability testing to verify whether all the User Requirements were catered to by the application.
• Prepared a simple and detailed User manual for the application, for an intended user.

Confidential, WI

Business Analyst/Data Analyst

Responsibilities:

• Strong knowledge and understanding of the various steps in the Mortgage Loan Lifecycle.
• Serve as Property & Casualty Insurance SME, reporting to the President, addressing various Insurance industry issues as they arise and the point person for the development and adoption of the ACORD xml standards.
• Developed/documented business process models for Mortgage Origination, Mortgage Servicing, Loan Monitoring, Assets Assessment and Secondary Mortgage Market.
• Designed/customized data models for Data Warehouse. Derived Functional Requirement Specifications based on User Requirement Specification. Understood/articulated business requirements from user interviews and then converted requirements into technical specifications.