Information Security Analyst Resume
PA
SUMMARY
- IT Security Analyst with 7+ Years of IT experience.
- Participated in Information systems risk assessments and Gap Analysis.
- Conducted Security/risk awareness programs and seminars for business staff.
- Confidential, managed a project to bring a SIEM solution into the organization. This project entailed coordinating efforts with outsourced solution provider and internal implementation teams in order to install, configure, and operate the SIEM in a value added way.
- Participated in the Incident Response Team in responding to various Security incidents.
- Assists in the development, implementation, testing, and maintenance of the Disaster Recovery/Business Resumption Plans.
- Security Information and Event management (SIEM) support utilizing RSA Envision.
- Experience with SOX, Regulatory Compliance and Controls.
- Research events using SIEM technology, packet captures, reports, data visualization, and pattern analysis.
- Experience with Microsoft Windows Installer packages using Wise Package Studio and Admin Studio. Advertised and managed packages and collections in SCCM environment.
- Monitor SIEM, AV, and firewall consoles, and detected/raised/responded to alerts.
- Provided special technical guidance and recommendations to the Information Technology department and business about the risks and control measures associated with new and emerging Information systems technologies.
- Worked with the Business/Technology teams to identify Security issues and agree corresponding actions to accept or mitigate the risks.
- Evaluate/recommend Security products for various platforms and initiatives.
- Experience with intrusion detection/intrusion prevention (IDS/IPS) architectures and implementations.
- Developed Security administration procedures that comply with the existing Security policies, standards and procedures established by Client's Security steering committee.
- Maintained ongoing communications with all system users, resource owners and organization nominated chief Information Security officer (Operations).
- Experience with ArcSight ESM and tools to resolve security failures.
- Thorough knowledge of SDLC, RUP methodology, RequisitePro, ClearCase and Rational Rose.
- Strong analytical skills to analyze security requirements and to solve them with proper security mechanisms.
- Use of Active Directory and privileges for assisting in audits.
- Experience in designing and developing project document templates based on SDLC methodology.
- Proficient in programming languages like C, C++, Java, and .Net Technologies.
- Proficient in writing SQL Queries for data analysis and validation.
- Trained users with regard to the operation and maintenance of the new features by providing training sessions and enhanced documentation.
- Change Management and Impact analysis.
- Excellent communication and presentation skills.
TECHNICAL SKILLS
O/S: Windows XP/2000/Millennium/NT 4.0/98/95 Linux
Languages: C++, XML, HTML, PL/SQL, Java, J2EE
Tools: MS Project, MS PowerPoint, Visio, Rational Rose, RequisitePro, Crystal Reports, ClearCase, ClearQuest, Microsoft SCCM, Active Directory, TestDirector, SIEM, ArcSight ESM, ArcSight Logger, UML, Argo UML,Sun Java System, Windows 9x/NT/2000/XP, UNIX (Sun Solaris, AIX, HP - UX), Linux, Mainframe
PROFESSIONAL EXPERIENCE
Confidential, PA
Information Security Analyst
Responsibilities:
- Part of the Change Management team in reviewing various changes.
- Part of Cadence Core Innovative Technology team which works for innovative/new ideas.
- Perform regular internal audits with ISS scanner to identify host and network based vulnerabilities (per Sox Scan).
- Research events using SIEM technology, packet captures, reports, data visualization, and pattern analysis.
- Perform System Center Configuration Management (SCCM) infrastructure development, alteration, deployment, and access control.
- Work with Anti-Malware Solutions like McAfee and kaspersky.
- Formulated security content data such as filters, reports, signature and mapping.
- Prepared system plans and executed ArcSight architecture modifications.
- Managed, upgraded and maintained operational data flows and ArcSight platforms.
- Maintained and modified hardware and software components, content and documentation.
- Analyzed ArcSight and related tools and resolved IT security failures.
- Monitor SIEM, AV, and firewall consoles, and detected/raised/responded to alerts.
- Prepare an analysis report based on the COTS evaluation.
- Work with different versions of System Center 2012.
- Involved with SCCM upgrades from SCCM configMgr to System Centre 2012
- Consolidate analysis of multiple business lines after the COTS evaluation.
- Administer/maintain Active Directory, MS Exchange Server 2003 and 2007.
- Prepare ROI Analysis Report after evaluating COTS product of multiple business lines.
- Develop/manage Project Plans and Schedules. Manage resolution of Project issues/conflicts.
- Responsible for daily security administration of 1,200 user accounts on multiple platforms.
- Provide LAN security using Active Directory.
- Subject Matter Expert for developing Information Systems policies and procedures for data protection.
- Sun Java System Identity Manager 7.1 full lifecycle implementation.
- Designed physical and logical architecture, business and system requirements, password management use cases, provisioning workflow use cases, test cases, and training
- Work with Architecture, and planning of integrating legacy provisioning application in Sun Java System Identity Manager.
- Active Directory group creation, membership admin, and account provisioning.
- Develop security awareness training programs/processes and procedures to implement it.
- Provide user access by using Active Directory.
- Monitor/maintain security baselines audits for all production and development servers within network domain.
Confidential, MA
Information Security Analyst
Responsibilities:
- Led in the analysis, development/adoption, and implementation of Information Security policies, procedures, standards and guidelines.
- As part of a Security team worked with network teams, storage teams, project managers, business units, ISMS/Business Continuity audit, and other professional services personnel to ensure a smooth implementation and transition from start-up to integration/production mode
- Responsibilities included the execution of all consulting engagements, which encompass evaluating business' strategic business issues, identifying requirements, creating business case justifications, and proposing appropriate enterprise solutions.
- Maintained the organizations Security Procedures as per PCI DSS requirements that.
- Evaluation/compliance with Encryption Key Management issues.
- Storage - Backup, Disaster Recovery and Emergency operating procedures.
- Environmental Security Incident Response and process protocols including Incident Reporting and Sanctions.
- Testing of security procedures, mechanisms and measures.
- Approved authority for all the Information Security approvals, reviewing and validating all the requests as per ISO 27001 and HIPAA compliance.
- End-to-End Execution (leading, planning, managing) of risk based internal audits.
- Oversaw and/or assisted the Chief Information Security Officer with the development and completion of IT risk assessment, audit plan, developing high-level IT policies (focusing on security), analyzing, notifying and managing security projects and issues, monitoring for violations, and investigation of security incidents.
- Sustained appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and/or transmitted patient data and protect against reasonably anticipated threats and hazards.
- Install Microsoft updates using SCCM and image of computer hard drives using Microsoft SCCM
- Configuring SCCM to handle monitoring and deploying updates to all servers
- Conducted functionality and Gap Analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements.
- Evaluated/recommended new Information Security technologies and counter-measures against threats to information or privacy.
- Ensured compliance through adequate training programs and periodic security audits. These audits should be both internal and external in nature.
- Responsible for business impact of security issues and suggesting corrective/preventive actions to be performed.
- As part of the team responsible for audit and monitoring security platforms such as Firewall Management (PIX Firewall), Vulnerability Assessment, Anti-Virus Management (McAfee ePO 3.6, 4.0; Symantec virus scan) and cleaning unauthorized software.
- Conducted sessions on Information Security awareness for new hires as part of New Hire Orientation Program (NHO) in the company.
Confidential, TX
Sr. Information Security Analyst
Responsibilities:
- Rationalized Rule Set Review for Perimeter Network relevant to PCI DSS.
- Asset Inventory for all PCI DSS Systems and applications.
- Managed a project to bring a SIEM solution into the organization. This project entailed coordinating efforts with outsourced solution provider and internal implementation teams in order to install, configure, and operate the SIEM in a value added way.
- Monitored SIEM tool for intrusion activity.
- PCI DSS relevant applications and assets and mapping it with the existing organizations process and develop security solutions, requirements, controls and processes.
- Evaluated critical systems and applications for audit log management and providing evidence of report/non-report for systems and applications.
- Push software to end user via SCCM tool
- Install, configure and support Lotus Notes
- Manage, create, and modify user accounts in Active Directory.
- Re-Image workstations remotely using SCCM tool imaging process
- Ensured compliance to policy and procedure development; assessing the organization effort to fulfill Gap- Analysis with respect to PCI DSS processing.
- Responsible for all presentations to Architectural Review Boards, IT & Security Governance, Human Resources and Business and End User communities
- Mapped PCI DSS categorized Activities with InfoSec Risk Management Events.
- Ensured mitigation of risks by Information Security Compliance/Risk departments and other respective departments necessary on PCI DSS (as categorizes into activities as per PCI DSS requirements).
- Setup/managed User Accounts in Active Directory.
- Coordinated compliance processes with Internal Audit Department and other necessary measures that may be required to ensure compliance with PCI DSS.
Confidential, IL
Business Analyst
Responsibilities:
- Designed the business requirement collection approach based on the project scope and SDLC methodology.
- Facilitated and managed meeting sessions with committee of SMEs from various business areas including Loan Monitoring and Marketing.
- Excellent Knowledge of Customer Segmentation, Portfolio Analysis/Mgmt., FDR processes and FICO Score generation. Conducted interviews with key business users to collect requirement and business process information.
- Worked with removal/upgrade/installation packages in SCCM
- Conducted a budget planning of the project through walkthroughs and meetings involving various leads from Development, QA and Technical Support teams.
- Analyze business requirements and segregated them into Use Cases and activity diagrams using Rational Rose according to UML methodology thus defining the Data Process Models.
- Design and develop the data load process using XML Style sheets and ACORD.
- Creation of UML Diagrams including Context, Business Rules Flow, and Class Diagrams.
- Tested the final application for Usability testing to verify whether all the User Requirements were catered to by the application.
- Prepared a simple and detailed User manual for the application, for an intended user.
Confidential, WI
Business Analyst/Data Analyst
Responsibilities:
- Strong knowledge and understanding of the various steps in the Mortgage Loan Lifecycle.
- Serve as Property & Casualty Insurance SME, reporting to the President, addressing various Insurance industry issues as they arise and the point person for the development and adoption of the ACORD xml standards.
- Developed/documented business process models for Mortgage Origination, Mortgage Servicing, Loan Monitoring, Assets Assessment and Secondary Mortgage Market.
- Designed/customized data models for Data Warehouse. Derived Functional Requirement Specifications based on User Requirement Specification. Understood/articulated business requirements from user interviews and then converted requirements into technical specifications.