CAREER OBJECTIVE:

Actively seeking a challenging career, which gives me an opportunity to learn and contribute my knowledge and skills gained through and 7 years of experience in information security. I aspire to join a reputed company to perform my best abilities in a strong and reliable Information Security Domain.

PROFESSIONAL SUMMARY:

• Having 7 years of experience in Information Security.
• Experience with security technologies including Intrusion Detection & Prevention Systems (IDS/IPS), Firewalls & Log Analysis, Security Event and Incident Management (SEIM), Antivirus, Network.
• Experience in all facets of SDLC viz. requirement analysis, designs, development, testing, and post implementation revisions.
• Expert in installing SPLUNK apps for distributed environment.
• Experience in developing Splunk Infrastructure with associated components.
• Design, Deploy, and Support enterprise Splunk logging application. Assist other enterprise instances as Splunk Subject Matter Expert SME.
• Proficient with Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
• Having experience in IBM Q - Radar, SIEM tools and having good knowledge on the architecture of Q-Radar.
• Monitored the security logs and events related to application logs, authentication logs, DB logs, IDS/IPS and network logs.
• Experience in weekly vulnerability scans using Nexpose and Nessus.
• Worked with vendors from QRadar, ArcSight, Splunk and LogRhythm, and vendors of various associated products and services.
• Monitored the health of Qradar.
• Experience in implementation and migration to QRadar from ArcSight.
• Analyzed the logs which are triggered in Qradar and providing the recommendations to the technical teams.
• Proficient Confidential establishing User Tunnels in Nortel VPN Routers, implementing network security protocols, installing and supporting backup strategies, and planning/executing disaster recovery solutions.
• Excellent troubleshooting skills; tenaciously committed to the thorough resolution of technical issues.
• Experience in implementation of vulnerability scanners like Nexpose and Rapid 7.
• Having strong knowledge of administering any SIEM and knowledge of vulnerability management (Nexpose, Rapid 7, Nessus).
• Extensive experience in writing Packages, Stored Procedures, Functions and Database
• Triggers using PL / SQL and UNIX Shell scripts.
• Excellent understanding of project issues, tracking of issues, solving issues and closing issues.
• Integrated Splunk Web environment with Mobile App.
• Good knowledge in Spunk DB Connect App and Basic understanding of Enterprise Security app.
• Predict fields using Machine Learning Tool kit Splunk app.
• Hands on experience in Python, Shell Scripting, Oracle SQL, PERL, Ruby, CSS, HTML, Auto Hot Key.
• Experience in Penetration Testing, Application Security, Software Security, Enterprise Vulnerability Management, penetration testing and generating reports using tools.
• Provided comprehensive report on vulnerabilities and action plan to mitigate the identified vulnerabilities and VAPT process.
• Evaluation of threats and risk to business operations resulting in security solutions that appropriately balance cost and risk mitigation.
• Organized architecture assessments to identify vulnerabilities in large scale projects.
• Defined the Information Security Incident Response Process and served as the primary Incident Handler.

TECHNICAL SKILLS:

Operating Systems: Windows, Unix/Linux.

SIEM Tools: Splunk, IBM QRadar, ArcSight, Logrhythm

Vulnerability tools: Nexpose Rapid 7, Qualys, Nessus

Others Tools/Software: Symantec Endpoint Protection, Service now- Ticketing tool, Succeed ticketing tool

Data Analysis: Requirement Analysis, Business Analysis, detail design

Web technologies: HTML, CSS, JavaScript, XML, Advanced XML

Concepts: SIEM, SDLC, Object Oriented Analysis and Design

Programming Language: C, Python, UNIX shell scripts, PERL, Ruby

Database: Oracle, MySQL, SQL queries, SQL Procedures

RELEVANT PROJECT EXPERIENCE:

Confidential, Austin, Texas

Security Consultant

Responsibilities:

• Installation and configuration of Splunk product Confidential different environments.
• Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
• Designing and maintaining production-quality Splunk dashboards.
• Splunk Enterprise Deployments and enabled continuous integration on as part of configuration management.
• Configured and developed complex dashboards and reports on Splunk.
• Involved in Installation, Administration and Configuration of Splunk Enterprise and integration with local legacy systems.
• Administer and maintain the corporate DLP environments while structuring and documenting the corporate DLP infrastructure environments.
• Performed Symantec DLP environments management and support configuration as well as data security environments used in testing and configuring client sites prior to installation.
• Managed and scheduled vulnerability scans using Rapid 7.
• Placed in charge of handling all vulnerability management and remediation duties through the use of Nexpose Rapid 7.
• Established VMware EXSI servers in support of multiple VMs, which enabled the company to immolate and test DLP installs on various platforms.
• Splunk DB Connect 2.0 in search head cluster environments of Oracle Experience with Splunk UI/GUI development and operations roles.
• Provided vulnerability solutions.
• Expertise in creating and customizing Splunk applications, searches and dashboards as desired by IT teams and business.
• Drive complex deployments of Splunk dashboards and reports while working side by side with technical teams to solve their integration issues.
• Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
• Recognized potential, successful, and unsuccessful intrusion attempts and compromises through analysis of relevant event logs and supporting data sources.
• Identified misuse, malware, or unauthorized activity on monitored networks.
• Assisted with implementation of counter-measures or mitigating controls.
• Prepared incident reports of analysis methodology and results.
• Experience with security technologies including Intrusion Detection & Prevention Systems (IDS/IPS), Firewalls & Log Analysis, Security Event and Incident Management (SEIM), Antivirus, Network.
• Monitored the infrastructure to include: servers, network devices, i.e. routers/switches, and system applications and databases.
• Implemented firewall rule changes.
• Troubleshoot firewall and bluecoat communication and access issues.
• Provided root cause analysis complete with timeline.
• Responsible for installation, troubleshooting of firewalls (Cisco firewalls, Checkpoint firewalls and Juniper firewalls) and related software, and LAN/WAN protocols.
• Troubleshooting the VPN t6unnels by analyzing the debug logs and packet captures
• Configuring failover for redundancy purposes for the security devices. Implemented the stateful & serial failover for PIX/ASA firewalls, Checkpoint Clustering and load balancing features.
• Conducted application penetration testing on business applications.
• Conducted Vulnerability Assessment on Various Applications and bypass weak cryptography, authentication flaws etc.
• Configuration of Nexpose to meet individual scanning requirements.
• Responsible for managing all aspects of the Vulnerability Risk Management Program including vulnerability identification, analysis, remediation coordination and reporting.
• Assessing the risk of a proposed solution, escalating appropriately and driving to closure.

Confidential, Dallas, Texas

Security Analyst

Responsibilities:

• Experience in creating Access controls, to user by creating AD (Active Directory) groups power and user groups.
• Experience with Active Directory and SSO Single sign-On option.
• Configure the add-on app SSO Integration for user authentication and Single Sign-on in Splunk Web.
• Experience in Python, PERL and Ruby general scripting, Hands on Experience in secure coding.
• Responsible for documenting the current architectural configurations and detailed data flow and Troubleshooting Guides for application support.
• Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
• Conduct network, endpoint, and log analysis by utilizing various consoles on a regular basis to analyze and triage cyber security events e.g. SIEM (Qradar, Splunk) IDS, IPS, firewall, etc. and perform continuous hunt activities across the environment.
• Demonstrated excellence in analytical and problem-solving skills related to network and system events/logs.
• To write regular expressions using python to extract the meaningful fields.
• Played a major role in understanding the logs, server data and brought an insight of the data for the users.
• Expert in creating Splunk knowledge objects. Hands on experience in installing Splunk TAS, Symantec DLP, Splunk DB connect Splunk App for AWS and more.
• Develop the Scenarios for the detection of zero-day threats in the Qradar Network anomaly detection and Qradar SIEM Tool.
• Tunes performance and event data flow of ArcSight Appliances and Connectors to ensure system efficiency.
• Develop the Queries in PERL in Qradar Log Manager Tool to check the integrity of event and flow logs to determine if the logs were modified.
• Perform QRadar Incident Forensics. which helps to search, verify that an incident occurred, determine the severity, reconstruct the event, review it, determine the root cause, and take corrective and preventative action.
• Monitored Intrusion Detection Systems (IDS) to identify security threats.
• Maintained IDS signatures and policies (SourceFire/Snort).
• Modified /added custom IDS policies and signatures for known or suspicious activities.
• Utilized End Point Detection systems like HBSS, SEP
• Planning, designing and implementing a secure ODC Network setup for upcoming projects.
• Responsible for implementing Data Center Security best practice, audit and compliance (PCI/SOX/DOD) requirements.
• Automation of security operations and optimizing the usage of infrastructure.
• Responsible for managing Network & Security Engineering implementation that architect, design, builds, manages and supports Network and Security Infrastructure and Data Centers.
• Configured redundant interfaces, dhcp server, dhcp relay, ntp settings, and sub interfaces on firewalls.
• Implementing Cisco ACS server for the firewall Authentication, Accounting & Authorization purpose.

Confidential, Nashville, Tennessee

Security Analyst

Responsibilities:

• Implementation of SIEM in the customer environment.
• Performing Admin level activities of integrating Devices like Windows, Unix etc.
• Troubleshooting of log source servers to successfully forward the log events to QRadar.
• Organizing meeting on weekly and daily basis to communicate the work status.
• Having strong knowledge of administering any SIEM and knowledge of vulnerability management(Rapid 7).
• Provided administrative support of DLP services/systems.
• Monitored and responded to daily alerts generated from the DLP system; investigated events and escalated as necessary to the Data Privacy Group; followed the initial steps of the Incident Response Process (IRP) - Detection, Investigation, Containment, and Remediation.
• Maintaining coordination with security teams of the customer form various locations around the world.
• Experience in migration from ArcSight to QRadar, creation of searches, dashboards and reports.
• Experience in creating the log source groups, validating the log sources and reports.
• Handling customer calls in case if any information security issue.
• Creating new process documents which would help the Analyst in analyzing events.
• Timely escalation of incidents to security management team.
• Operated the QRadar SIEM in a 24/7 SOC environment to investigate alarms, and mitigate incidents and events.
• Handling threat management tasks by subscribing various security alerts from various sources.
• Follow-ups with asset owners for remediation of vulnerabilities either Confidential OS or application level.
• Tracking, validation and closure of critical and high vulnerabilities.
• Produce graphs and charts showing vulnerability posture on a weekly, monthly, and quarterly basis.
• Provide risk-based analysis of identified vulnerabilities on a weekly basis.
• Keeping tracks of incident created and utilization of customer response for future analysis
• To perform detailed event analysis, trending correlate with emerging threats and appropriate escalate information security events.

Confidential

System/Security Analyst

Responsibilities:

• Used ArcSight Express for SIEM/Correlation functionality and ArcSight Logger for Log Management.
• Managed DLP policies through McAfee orchestrator hardware appliances.
• Performed Symantec DLP environments management and support configuration as well as data security environments used in testing and configuring client sites prior to installation.
• Enable DLP installation immolation and testing on different platforms.
• Wrote Logger API that can be used in ArcSight Integration Commands and Rules.
• Development of Tuning/Designing of Correlation rules to reduce the false positives and to generate the alerts/offenses/notifications for the attacks, Security Violations and any deviation in the traffic/flow.
• Identifying IT related risks throughout areas including perimeter, network, and host & application security.
• Installing, administration & maintenance of client networks and Install new software releases such as MS Office, System upgrades
• Evaluate and install patches. Manage projects for updates and maintenance Routines on servers, labs, and classroom
• Supported core Windows technologies (Windows server 2003 & 2008, Windows 7/XP)
• Deploy Windows 7, and upgrade from Windows XP
• Assisted in administering and supporting Active Directory environment
• Develop system access, monitoring, control, and evaluation; establishing and testing disaster recovery policies and procedures; completing back-ups; maintaining documentation, and performing system and software upgrades and patches
• Testing and Installation of computers and Medium hardware systems connected PCs in a network and set up peripheral equipment, hardware components
• IT establishes system specifications by conferring with users; analyzing workflow, access, information, and security requirements; support DNS, DHCP, TCP/IP; NetBIOS, PXE
• Troubleshooting a windows server operating system, IIS and Intel server related hardware issues

Environment: Arcsight, Windows 2003, XP, 7, MS Office, DNS, DHCP, NetBIOS, PXE, HTML.