PROFESSIONAL PROFILE

• 6+ years’ experience in Network Security Operations, content authoring, design, installation, administration, upgrades, monitoring, implementation, integration operation of an IBM Qradar /Splunk/Nessus/Rapid 7/McAfee EPO.
• Symantec Data Loss Prevention (DLP) administrator
• Expert level understanding ofQradarImplementation & its Integration with other N/W devices and Applications and the troubleshooting work.
• Expert Understanding to develop the complex Use Cases, Universal device support Modules on theQRadarSIEM.
• Integration of different devices/applications/databases/operating systems with QRadar SIEM.
• Worked with SIEM, IDS/IPS, Bluecoat proxy servers and Administrating. Experience with Load Balancers for administrating and monitoring global & local traffic using F5 BIG IP LTM & GTM.
• Knowledge of cleaning up log auto - discovered sources inQradarby identifying duplicates, correcting misidentified log sources, and identifying log sources from their logs.
• Expertise in Creating Scripting for Configuration Backup, Report backup,QradarDevice Reports and for Metric Generation.
• Experience working with Bluecoat WAN Accelerator, Bluecoat Packet shaper and Bluecoat Proxy.
• Bluecoat proxy deployment to manage all Internet traffic for consumers
• Experience in editingbuilding blocksto reduce the number of false positives that are generated by IBM Security QRadar and writing co-relation rules.
• Develop processes and perform investigations on all identified attacks via IPS, IDS, Firewall, Antivirus, and Data Loss Prevention Tools.
• Proficiency in Splunk 5.x / 6.x Development, System integration under cross platform consisting of Red Hat Linux and Windows operating system.
• Engineered Splunkto build, configure and maintain heterogeneous environments and in-depth knowledge of log analysis generated by various systems including security products
• Architecture various components within Splunk(indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, Parsing, Indexing, searching concepts, Hot, Warm, Cold, Frozen bucketing, License model.
• Upgraded and Optimized Splunksetup with new discharges.
• Worked on Setup SplunkForwarders for new application levels brought into environment. Extensive experience in deploying, configuring and administering Splunkclusters.
• Helped application teams in on-boarding Splunkand creating dashboards, alerts, reports etc.
• Developed custom app configurations (deployment-apps) within Splunkin order to parse, index multiple types of log format across all application environments.
• Analyze security logs generated by Intrusion Detection/Prevention Systems (IDS/IPS), Firewalls, Anti-Virus, and/or other security logging sources and SIEM aggregators.
• Authored, directed theSOCAnalystand Engineering playbooks for functional areas such Threat Intelligence operations (collection, analysis, and dissemination), malicious code analysis, custom SourceFire IDS signature analysis, SourceFire ThreatFeeds.
• On-site Security/Risk Assessments, McAfee Web Gateway, McAfee ePO and Endpoint Security deployment including Virus Scan enterprise, endpoint security 10.x, HIPS, DLP, whitelisting with Solidcore (File Integrity Manager, Application Manager),FireEye MTP and Proofpoint.
• Conduct vulnerability scanning using Nessus
• Involved in the administration of F5 ASM and Bluecoat SSL6v and responsible for writing rules and policies.
• Experienced in building Automation frameworks related to Application Security and proficient in Java, Python and Unix shell scripts and PowerShell.
• Expertise in Kerberos, DNS, Load Balancers, Active Directory.
• Cyber vulnerability assessment and remediation as part ofNERCStandardCIP-007.
• Access review and reporting for physical and electronic securitycontrolsas part ofNERCStandardsCIP-005&CIP-006.
• Experience in developing the vulnerability assessment report for the vulnerabilities and non-compliance issues that were detected. Recommend possible mitigating measures (Rapid7, Nessus, Qualys Guard).
• ProvidePKIsupport and subject matter expertise for application developers in enabling their applications to supportPKI.
• Experience in working with various web filters and web security gateways likeBluecoat Secure web gateway, McAfee Web Gateway, F5 Secure Web Gateway.
• Experience with network security technologies such as Palo Alto, Check Point, and Sourcefire and TheSANS Investigative Forensic Toolkit ("SIFT").
• Implemented Symantec DATA Loss prevention to secure all end points. Configured and instrumented Symantec management console, Symantec management server and Symantec database on Oracle.
• Experience with enterprise-class security products such as web proxy, reverse proxy, load balancing, IDS/IPS, DLP, Firewall, IPsec/SSL VPN, WAN/LAN, wireless and remote connectivity.
• Extensive knowledge of security controls (ISO/27002, NIST 800-53) used to implement regulatory compliance (NERC CIP, PCI, SOX, HIPAA) with IBM Qradar products.
• Proficient in design, implementation, management and troubleshooting of Check Point firewalls, Check Point Provider-1 / VSX, Palo Alto IDS/IPS modules, Data Center Migration, Foundry/F5 Load Balancers and Bluecoat URL filtering & Packet Shaper systems.
• Analyze network traffic with Splunk and IBM Qradar tools on network traffic, firewall (Source Fire defense center) and AV (McAfee) logs.

AREAS OF EXPERTISE:

• IBM QRadar
• Linux
• Unix
• Splunk 5.x and 6.x
• Firewalls-Checkpoint,PaloAlto
• IPS-Sophos,PaloAlto
• Bluecoat Proxy
• IDS - Snort,Tripwire
• PCI,SOX,HIPAA
• Symantec DLP and SEP
• Mcafee EPO
• Rapid-7 Nexpose

PROFESSIONAL EXPERIENCE

Confidential, Durham, North Carolina

DLP Consultant/SIEM.

Roles & Responsibilities:

• Initial set-up, installation, and implementation of new SIEM solution (IBMQradar).
• Scanning Data and in-coming alerts/false positives to recognize red flags and patterns in the DLP console - Data Loss Prevention(Symantec system)
• Creating, maintaining security related documentation (excel sheets and data) and working within company processes and procedures for security documentation and alert resolution.
• Assisted in data security projects to include data classification, data discovery, data mapping and data loss prevention integration.
• Experienced on Palo Alto and Bluecoat CLI commands and make configuration changes to both platforms.
• Aggregate, correlate and analyze log data from network devices, security devices and other key assets usingQRadar.
• Created SIEM dashboard forQradarand reconciliation with Storage, Database Server,Workstation and Server and Network Devices.
• Along with creating custom views, reporting and automated alerting for both operational and security use usingIBM QRadar.
• Assist multiple security projects with the goal of exceeding compliance objectives. Responsible for maintenance, administration, and configuration of the log aggregation solution.
• Responsible for maintaining availability, reporting and communication of the SIEM between it, its event-sources and the endpoints.Analysis of various use cases in theQradarconsole like Malware, AD-related issues.
• Worked with Internet Engineering team in the design and configuration ofBlueCoatInternet proxy. ImplementedWebFilter database for URL content Filtering.
• Responsible for web traffic hygiene and threat management/prevention in large-scale financial organizations (CPPIB, Sunlife and Manulife), using Bluecoat (ProxySG, SWG, CAS).
• Provided administration and support onBluecoatProxyfor content filtering and internet access to primary, remote site offices and VPN client users
• Responsible for creating weekly, ad hoc and monthly reports using exposeRapid 7vulnerabilitytool to analyze reports using excel to create pivot charts to show trends.
• Using Symantec DLP monitored the transmission of confidential data contained in corporate emails that were sent using Microsoft Exchange and downloaded to mobile devices.
• Assisted in themonitor and set policies inEPOserver, maintain updates on HBSS server, domain servers, and domain workstations, pushMcAfeepolicies to required computers, and Symantec to servers.
• Involved in Upgradingbluecoatproxyservers from SG900-10s to SG 9000-20B.
• Used consultative selling skills to prospect, identify opportunities, overcome objections, and, Compliance (HIPPA, PCI, SOX), and Vulnerability software technology.
• Assist in development and implementation of an information security vulnerability management policies, procedures, and standards based on National Institute of Standards and Technology (NIST) 800-53 standards, best practices, and compliance requirements.
• Created reusable and auditableautomationtest scripts to evaluate the entire financial transaction process through the BST application during the SDLC process from business requirements review, design, development, final system testing, and release readiness testing.
• Provided management and troubleshooting of all networks Bluecoat proxy devices.
• Given the authority to build and lead the effort towards the improvement and development of the Incident Response Program. Also co-opted into the Symantec Data Loss Prevention (DLP) program to keep track of potential breaches of PCI and other sensitive data in the environment.
• Experienced on Setup SplunkForwarders for new application tiers introduced into environment and existing applications.
• Worked closely with Application Teams to create new Splunkdashboards for Operation teams.
• Troubleshoot and resolve the Splunk- performance, log monitoring issues; role mapping, dashboard creation etc.
• Created Splunkapp for Enterprise Security to identify and address emerging security threats through the use of continuous monitoring, alerting and analytics.
• Created Regular Expressions for Field Extractions and Field Transformations in Splunk.
• Anonymize the PII (Personally Identifiable Information) data in Splunk.
• Masked sensitive information such SSN numbers, Addresses when showing results in Splunk.
• Configured Splunkfor all the mission critical applications and using Splunkeffectively for Application troubleshooting and monitoring post go lives
• Created Dashboards and Reports to show Login count of each application, to show which app resources being accessed more, Number of failed logins, statistics on High hitting applications.
• Configured Splunkforwarder to send unnecessary log events to "Null Queue" using props and transforms configurations to reduce license costs.
• Developed a custom application in SplunkFetched the data from databases using "DB Connect Application"

Environment: IBM Qradar, Splunk, Windows, Nessus Scanner, Rapid 7 Nexpose,McAfee Network Security Platform(NSP),Java and Python Shell scripting,SymantecDLP, and SEP.

Confidential, Princeton, New Jersey

Security Analyst

Responsibilities:

• QRadar SIEM v7.2 Administration with SIEM EPS tuning, distributed deployment architectures. Part of deployment team where parsing several Log sources are integrated intoQRadarthrough mid-layer such as F5 for PCI and Syslog services.
• IBM QRadarVulnerability manager and Threat Manager (QVM and QTM).
• Administrator for Bluecoat Symantec Security Analytics, writes rules for new threats for detection in Bluecoat.
• Added few Custom Log Sources via Universal DSM/LSX - QID adding/mapping and creating building blocks/rules.
• Working experience with splunk to forward the Checkpoint Firewall and Bluecoat proxy logs.
• Created custom searches, custom reports, rules, reference sets and reference maps.
• Experience in Security Incident handling SIEM using RSA Envision and IBMQradarproducts Identifying the critical IT infrastructure that requires 24/7 monitoring.
• Expert level understanding ofQradarImplementation & its Integration with other N/W devices and Applications and the troubleshooting work.
• Performed CERT/SOC operations, including IDS event monitoring and analysis, security incident handling, incident reporting, and threat analysis. Performed security incident handling, incident reporting, and threat analysis.
• Performvulnerability, configuration and compliance scan withRapid7to detect deficiencies and validate compliance with information systems configuration with organization's policies and standards.
• Create test scripts for computer network device, such as:Implemented a test web UI by Perl, Python, TCL/Expect. Analyze network traffic by Perl, python.
• Controlled and monitored employee's internet traffic using Bluecoat proxy devices located in both data centers in conjunction with BlueCoat CAS Device for antivirus protection.
• Experience on working with Integration of UNIX and LINUX with Active Directory using Certify Tool Provided 24x7 on-call Support for Production Environments.
• Review and updating SystemSecurityPlan (SSP) based on findings from Assessing controls using NIST SP 800-18 rev1, NIST SP 800-53a rev4, and NIST SP 800-53.
• Actively monitored and responded to activity impacting various enterprise endpoints facilitating network communication and data handling (McAfee End Point Security, DLP, Splunk)
• Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco PIX Firewall, Cisco ASA, NOKIA Firewalls, Nortel VPN Concentrators TCP/IP, NAT and Checkpoint ESX/GSX firewall.
• Troubleshoot connectivity issues throughBluecoatas well writing and editing web policies.
• Responsible for identifying and validating indicators of threat from multiple intel sources (i.e. Crowdstrike, FS-ISAC, BlueCoat, etc.) against internal assets to determine an accurate threat landscape and remediation targets (i.e. Splunk endpoint analysis, Vulnerability analysis (Qualys, Nessus, Metasploit).
• Worked on Palo Alto Firewalls (50+ firewalls) PA-3020, PA-3050, PA-5020, PA-5050, PA-5060 series.

Environment: IBM QRadar, Linux, Splunk, Rapid 7 Nexpose,Symantec DLP and SEP,SYSLOG-NG,Java and Unix shell scripting,Bluecoat Proxy.

Confidential .,Cary, North Carolina

SIEM Engineer/Cybersecurity consultant

Responsibilities:

• Installation of Connectors and Integration of multi-platform devices with IBM Qradar.
• Configuring log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases, and apps.
• Integration of IDS/IPS to IBM Qradar and analyze the logs to filter out False positives and add False negatives into IDS/IPS rule set.
• Categorize the messages generated by security and networking devices into the multi-dimensional IBM Qradar normalization scheme.
• Develop content for IBM Qradar like correlation rules, dashboards, reports and filters, Active lists, and Session list.
• Review and updating SystemSecurityPlan (SSP) based on findings from Assessing controls using NIST SP 800-18 rev1, NIST SP 800-53a rev4, and NIST SP 800-53.
• Scheduled enterprise vulnerability scans to ensure there is no impact on client facing or critical information assets. (Internal Nessus, Nexpose and Metasploit scans in coordination with the enterprise Red Team, and external scans (Qualys)). This role required the ability to configure scanning tools and identify the scope of the scans being performed (target range, expectations, support role delegation).
• Serves as a team member that properly prepares for and addressincidentsacross the organization, a centralizedincidentresponseteam is formed and is responsible for analyzing security breaches and taking any necessary responsive measures.
• Implementation, configuration, and support of Checkpoint and ASA firewalls for clients.

Environment: IBM QRadar, Splunk, UNIX, HP TippingPoint NX Next-Generation Intrusion Prevention System, Bluecoat secure web gateway, Symantec DLP, and Endpoint.

Confidential

IT Engineer

Responsibilities:

• Performed vulnerability scanning on web applications and databases to identify security threats and vulnerabilities.
• Responsible for analyzing, detecting, preventing malware with security analysis tools and compliance tools.
• Audit of Cisco ACL, Active Directory, and rules in F5 ASM.
• Conduct penetration testing & Auditing of the organization network by using tools.
• Footprinting, Scanning, Sniffing and monitoring Network activities by using Open source & commercial tools like (Wireshark, Nmap).
• Expertise in virtual server technology (VMWare, ESXi, VSphere).
• Installing, Configuring of Networking Equipment’s: Routers and Switches and LAN/WAN design, implementation and optimization using Cisco routers and switches.
• Used Layer 3 protocols like EIGRP and BGP to configure Routers in the network.
• Configure and Implement Remote Access Solution: IPSEC VPN, Remote Access.
• Conducted evaluation of intranets and firewalls on a regular basis.
• Worked closely with project team members to document current PCI requirements and instructed team members on appropriate control rationalization and test evidencingtechniques.