Security Operation Center Analyst Resume
Boise, ID
SUMMARY
- Worked in a 24x7 Security Operations Center (SOC).
- Understanding of SIEM Implementation & its Integration with other N/W devices and Applications and the troubleshooting work.
- Experience in Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
- Experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC)
- Real Time Log monitoring in the Security Operations Centre from different devices such as Firewalls, IDS, IPS, Operating Systems like Windows, UNIX, Proxy Servers, Windows Servers, System Application, Databases, Web Servers and Networking Devices.
- Ensures the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through the performance of formal Risk Assessments, Policy and Governance, and internal Threat Analysis in regards to a SOC environment, with the use of SIEM tools
- Expert Understanding to develop the complex Use Cases, Universal device support Modules on the QRadar SIEM.
- Responsible for monitoring networks and security tools to detect suspicious and hostile activity across the Environment.
- Supported for Security Operations Center (SOC). Monitor security system and diagnoses malware events to ensure no interruption of service. Identify potential threat, anomalies, and infections and provide report to the customers
- Monitoring network traffic for security events and perform triage analysis to identify securityincidents.
- Analyze Threat Patterns on various security devices and Validation of False/True positive Security Incidents.
- Identifying potential threat, anomalies, and infections.
- Responding to computer security incidents by collecting, analyzing, providing details evidence(network log files) and ensure that incidents are recorded and tracked in accordance with itsguideline and requirements.
- Knowledge in Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Database Activity Monitoring (DAM), Identity and Access Management (IAM) solutions
TECHNICAL SKILLS
Operating Systems: Windows 2000, XP, 10, Windows Server 2008,12, Linux (Red Hat)
Security / Vulnerability Tools: Snort, Wireshark, Websense, Bluecoat,Checkpoint, Symantec, Qualys Vulnerability Manager, FireEye HX,Sourcefire, Nessus
RDBMS: Oracle 11g/10g/9i, MS - SQL Server 2000/2005/2008 , Sybase, DB2 MS Access, MySQL
Networking Protocols and Tools: TCP/IP, HTTP/HTTPS, SSH, SSL, DNS, SNMP Routers, Switches, Load Balancers, Cisco VPN, MS- Direct Access
Programming Language: C, C++, Java/J2EE, UNIX shell scripts
Monitoring Tool: Netcool, Dynatrace, tealeaf, QRadar,Splunk,TEPS
PROFESSIONAL EXPERIENCE
Confidential, Boise, ID
Security Operation Center Analyst
Responsibilities:
- Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives
- Provided support in identifying malicious network activity, threats impacting network operations and developing appropriate countermeasures, eliminating network threats and vulnerabilities.
- Collecting data on Attacks to help SOC engineers create reports for auditing purposes.
- Integration of different devices/applications/databases/ operating systems with QRadar SIEM.
- QRadar SIEM v7.2 Administration with SIEM EPS tuning, distributed deployment architectures
- Part of deployment team where parsing several Log sources are integrated into QRadar through mid-layer such as F5 for PCI and Syslog services.
- QRadar Vulnerability manager and Threat Manager (QVM and QTM).
- Tuning, Configuration, False Positive Reduction, Custom Log Source Extension development and administration of QRadar.
- Aggregate, correlate, and analyze log data from network devices, security devices and other key assets using Qradar.
- Responsible for Incident handling and response, with knowledge of common probing and attack methods, viruses, botnets and other forms of malware. Correlating events from a Network, OS, Applications or IDS/Firewalls and analysing them for possible threats.
- Ensure the SOC analyst team is providing excellent customer service and support.
- Monitors agencies sensors and SOC (Security Operation Center) systems for incidents and malicious activity.
- Executed dailyvulnerabilityassessments, threat assessment, and mitigation and reporting activities in order to safeguard information assets and ensure protection has been put in place on the systems.
- Performing security analysis and identifying possible vulnerabilities in eliciting the key derivation function, createVulnerabilityAssessment report detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities.
- Conduct log analysis, proactive monitoring, mitigation, andresponseto network and securityincident. Analyse security event data from the network (IDS sensors, firewall traffic).
- Setup and manage alerts to monitor activity on business critical information as required.
- Provided second level support for the Symantec Endpoint Protection Antivirus System Provided after-hours support for the Production environment, generated and provided documented reports for the Threat Remediation Management Team.
- Put together E-Business Operations documentation for the Symantec Endpoint Protection Management environment.
- Implemented and configured firewall changes within the Symantec Protection environment according to Internal Compliance approved Specifications/recommendations.
- Responsible for maintaining availability, reporting and communication of the SIEM between it, its event-sources and the endpoints.
- Responsible for the management, design, and dissemination of relevant data from the global security information and event management (SIEM) system.
- Assisted in designing, implementing and evaluating applications, systems and utilities relevant toActiveDirectoryservices.
- Perform static and dynamic malware analysis on virtual servers with proper documentation and steps for removal on infected systems..
- Experienced on configuration, installation, and patches upgrades ofTripwireLog Centre on windows environment.
- Interacts with end users, including first responders and explosive experts, identifying and aligning user needs withTripwireresources.
Confidential, Birmingham, AL.
Security Analyst(Splunk)
Responsibilities:
- Created Dashboards, Visualizations, Statistical reports, scheduled searches, alerts and also worked on creating different other knowledge objects.
- Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Universal and Heavy forwarder.
- Provide Regular support guidance to Splunk project teams on complex solution and issue resolution.
- Work with Splunk GUI, command line interface and directly with configuration files.
- Configured Splunk multisite indexer cluster for data replication.
- Have Knowledge in various search commands like stats, chart, time chart, transaction, strptime, strftime, eval, where, xyseries table etc. and difference between event stats and stats.
- Experience in working with Splunk authentication and permissions and having significant experience in supporting large scale Splunk deployments
- On boarding of new data into Splunk. Troubleshooting Splunk and optimizing performance
- Worked on installing Universal Forwarders and Heavy Forwarders to bring any kind of data fields in to Splunk.
- Designing and maintaining production-quality Splunk dashboards.
- Involved in admin activities and worked on inputs.conf, index.conf, props.conf and transform.conf to set up time zone and time stamp extractions, complex event transformations and whether any event breaking.
- Integrate Service Now with Splunk to consume the alerts from Splunk and create service now tickets.
- Splunk DB Connect 2.0 in search head cluster environments of Oracle, MySql.
Confidential
IT Security Engineer
Responsibilities:
- Implementation of SIEM tool.
- Managing and maintaining Windows NT, 2000, 2003, 2008 and 2012 server administration Remote Administration using Terminal Services.
- Provide Incident Response (IR) support when threat and vulnerability analysis requires action
- Performed Windows user administration, managing user accounts, permissions, User rights, Account policies, Security policies and performed software and hardware maintenance.
- Hands on experience on Remedy7.2, AF Remote, and HP Open view, TEPS, HP insight manager etc.
- Primary troubleshooting and knowledge in Windows clusters.
- Monitoring & managing Weekly server reboots.
- Performing Disk cleanups and disk managipsement for windows OS drives
- Performing daily checks to ensure stability in the environment.
- Working on file/folder restoration issues on user’s requests.
- Hands on experience in network devices like port resets, logs collections, investigations, etc.
Confidential
Security associate
Responsibilities:
- Working on Incident and problem management for resolving incidents within the SLA using ticketing tool Remedy 7.2
- Worked on Service now ticketing tool for creating tickets and changes according to the business requirements.
- Implemented and configured all the monitoring agents and tools in multiple servers.
- Active involvement in monitoring server performance, network traffic to reduce performance bottleneck.
- Ensuring that the change process is followed for any configuration changes in the environment and upon request for technical solutions.
- Physical and virtual Server Rebuilds and Decommissions with proper documentation
- Responsible for server weekly scheduled reboots and patching schedules on Blade logic and WSUS.
- Good knowledge in Installing, Configuring and Managing VMware vSphere.
- Troubleshooting virtual machine issues like, RDP issues to VMs, Restarting VMs, Application Issues, etc.
- Identify and resolve various technical, application, network, and infrastructure compatibility issues.
- Monitoring and managing performance of ESX servers and Virtual Machines.
- Knowledge on Hardware RAID configurations (RAID 1, RAID 5...).
- Basic knowledge on SAN/NAS/DAS environment.
- Understand network performance analysis and capacity planning best practices.
- Thorough understanding of performance impact of network security configuration options.