PROFESSIONAL EXPERIENCE

Confidential

Senior Cyber Security Analyst

Responsibilities:

• Utilized confidential to confirm disparate network devices are reporting events to Confidential ’s Global Security Incident Response Team (GSIRT)
• Acted as a liaison between Confidential GSIRT SOC and the Confidential Pictures Entertainment (SPE) to on - board new security devices and alerted SPE in regards to those devices that have stopped reporting events.
• Utilized PCRE RegEx to write custom parsers in confidential.
• Modified already existing alarms in McAfee Nitro to include custom-built parsers.
• Performed Enterprise Log Management (ELM) searches in McAfee Nitro to pull relevant logs.
• Utilized JIRA ticketing system to report and escalate issues to operations team.

Confidential

Senior Cyber Security Analyst

Responsibilities:

• Utilized  confidential to monitor and correlate security events from variety of devices for multiple customers.
• Created Active channels, filters, trends, dashboards, queries, queries viewers, drill-downs, and field sets in ArcSight SIEM to analyze security events.
• Utilized ArcSight Logger to pull and export security events.
• Provided monitoring, analysis, and escalation support to clients in the Amazon AWS cloud.
• Monitored and escalated potential brute force attempts to client Red Hat servers in AWS cloud by analyzing SSH logs in ArcSight ESM and Logger.
• Monitored and escalated potential reconnaissance and privilege escalation events on client servers in AWS cloud by analyzing audit logs in ArcSight ESM and Logger.
• Utilized Syslog-NG on Red Hat Linux to pull firewalls, Windows, and DHCP logs.
• Utilized Windows Event Viewer on Windows Server 2008 to pull security events.
• Utilized HP Tipping Point IPS to monitor potential intrusion events.
• Utilized WhatsUpGold to monitor critical devices’ health and uptime.
• Utilized McAfee ePO to run reports and checks on end hosts.
• Utilized McAfee NSM to pull historical data and export PCAPs in Wireshark.
• Utilized Wireshark to analyze DNS and HTTP traffic traces.
• Imported data sources into Splunk and wrote custom RegEx to parse key fields.
• Ran searches in Splunk and exported logs as CSV.
• Mentored junior analysts on not only information security but also on networking concepts, design, and terms.
• Mentored junior analysts on potential security events’ investigation using ArcSight ESM.
• Reviewed junior analysts’ work and advised them before escalating security events to clients.
• Briefed management on security events pertaining to clients’ environment during daily morning calls.
• Created weekly activity reports for management regarding security events handled by the SOC.
• Created SOPs for monitoring the SIEM health and performing packet level analysis.
• Utilized Remedy ticketing system to update and track incidents, tasks, and work orders.

Confidential

Information Security Specialist

Responsibilities:

• Utilized QRadar SIEM to monitor events from Cisco ASA firewall.
• Created custom filters, rules, and reports in QRadar SIEM.
• Created Log Source Extensions in QRadar SIEM.
• Extracted custom fields in QRadar SIEM using regular expressions (RegEx).
• Utilized Wireshark to analyze DNS and HTTP traffic traces.
• Utilized McAfee ePO HIDS to monitor end users.
• Utilized Nessus Security Center and Nexpose to conduct vulnerability and compliance scans on different subnet of the FHFA network.
• Created custom reports in Nessus Security Center and Nexpose vulnerability assessment tools.
• Sent daily network traffic analysis report to chief security officer.

Confidential

Network Security Analyst

Responsibilities:

• Utilized Splunk to conduct network traffic analysis on DHS HQ LAN-A network. Utilized Splunk to create search queries, dashboards, summary index, and alerts. Utilized ArcSight SIEM to monitor network traffic on DHS HQ LAN-A network.
• Utilized Wireshark to analyze DNS and HTTP traffic traces.
• Utilized Syslog-NG on Red Hat Linux to pull firewalls and DNS logs.
• Utilized ArcSight SIEM to create rules, filters and channels. Utilized McAfee NSM NIDS to create daily health check reports. Utilized McAfee NSM NIDS to monitor IDS alerts on DHA HQ LAN-A network. Utilized McAfee ePO HIDS to monitor end users on DHS HQ LAN-a network. Utilized BigFix to conduct software and registry checks on DHS HQ LAN-A network. Utilized Mandiant MIR to conduct custom audits on DHS HQ LAN-A network. Created Security Event Notifications for potential malicious traffic or unauthorized download of software on DHS HQ LAN-A network.

Confidential

Network Support Engineer

Responsibilities:

• Supported the confidential PACER-Net and DCN network consolidation project. Utilized Tufin to compare Cisco 3845 routers, Cisco 3560G and 2950 switches configurations.
• Verified access control lists on Cisco routers and switches. Conducted ping scans from Red Hat Linux servers using Nmap.
• Conducted network connectivity tests from Red Hat Linux servers using Netcat. Created network diagrams using Microsoft Visio.

Confidential

Network Engineer

Responsibilities:

• Created access control lists according to project needs and applied them on Cisco 3845, 2821 routers and Cisco ASA 5520 firewalls. Applied access control lists on Checkpoint firewall running R70 code using Smart Dashboard. Modified Site to Site VPN tunnels to allow communications to flow between datacenter and remote offices. Configured static routes on Cisco 3845, 2821 routers, Cisco ASA 5520 and Checkpoint firewalls. Configured SNMP v3 on Cisco 3560G switches, 3845 routers, and ASA 5520. Configured AAA on Cisco 3560G switches, 3845 routers, and ASA 5520 using TACACS+. Upgraded Cisco IOS on 3845, 2821 routers, and 3560G switches using SCP protocol. Performed packet captures on Cisco ASA firewalls using CLI. Created user accounts and assigned to different groups in Cisco ACS. Assigned RSA token to users, reset PINs, and unlocked user accounts in RSA Authentication Manager.
• Monitored network performance and network device utilization using Orion SolarWinds NPM. Backed up network devices configuration using Orion SolarWinds NCM.

Confidential

Firewall Engineer

Responsibilities:

• Created firewall rules change requests according to DHS customer’s need.
• Configured firewall rules on Cisco 6500 FWSM and Cisco ASA 5580 running in transparent mode with multiple contexts.
• Migrated contexts from FWSMs to Cisco ASA 5580. Performed packet captures on ASA and FWSM using CLI. Worked with Cisco MARS to troubleshoot network connectivity issues.
• Worked with Remedy ticketing system to update and track change requests, tasks, and work orders.

Confidential

Network Engineer

Responsibilities:

• Configured ACLs, NATs, static routes, and syslog on Cisco ASA 5520 firewalls. Configured and managed sixteen different VLANs, configured ACLs, and static routes on Cisco 4506E switch.
• Migrated IPSEC Site to Site VPN tunnels from Cisco VPN Concentrator 3000 to Cisco ASA 5520 firewall.
• Configured static routes and ACLs on Cisco 3845 routers. Configured AAA using RADIUS on Cisco 2950, 3750, and 4506E switches. Setup and configured Citrix remote VPN environment from scratch using MPX
• 5500 Netscaler 9.1 with access gateway license, configured static routes, configured outsideinside, DMZ and virtual interfaces, configured authentication, authorization, and session policies.
• Setup Citrix Xenapp 5.0 presentation server and configured it for web SSL VPN use. Migrated ISP from Qwest to Cogent Co., Modified the ASA 5520 outside interface IP, and external NATs and ACLs. Built network diagrams using Microsoft Visio. Used Wireshark to troubleshoot network latency and connectivity issues. Monitored network bandwidth and collected SNMP traps using SolarWinds Orion NPM.

Confidential

Firewall Engineer

Responsibilities:

• Setup and configured Nagios/MRTG on Ubuntu Linux to monitor Cisco 2950G and 3560G switches with SNMP. Configured SSL Remote Access VPN with multiple profiles and Split Tunneling. Setup and configured Entrust Identity Guard and RSA Authentication Manager Two-Factor
• Authentication system on Windows Server 2003 and integrated it with Cisco ASA 5510 firewall.
• Setup Site to Site IPSec VPN Tunnel between two locations on Cisco ASA 5510.

Confidential

IT Intern and Network Engineer

Responsibilities:

• Managed wired and wireless network around the office.
• Managed and maintain network closet. Configured and monitored Cisco 2950, 3560G, and 4500E Switches. Configured Cisco 3845 router to carry voice traffic. Configured Cisco 3560G switch to separate Voice and Data VLANs.
• Configured PIX 515 and ASA 5505 firewall to segregate multiple networks. Configured ACLs and NATs on PIX 515E and ASA 5505 firewall. Configured IPSec VPN on PIX 515E and SSL VPN on ASA 5505 firewall.
• Setup a SNORT Intrusion Detection System machine on CentOS Linux. Experienced with Virtual Infrastructure/ESX 3i.
• Installed KVM switches in the server room.
• Built Windows server 2003 boxes. Experienced with Red Hat Linux OS. Replaced bad hard drives and memory in servers. Troubleshoot and fixed employees’ computer related issues. Installed printers and attach them to the network.