SUMMARY

• Passionate Cyber Security professional with 8+ years of technical experience.
• I have diverse knowledge from working across multiple IT disciplines and successfully managing several large projects, such as Y2K preparation, a full data - center migration and launching a 24×7 Cyber Security analyst and monitoring team.
• I bring a strong work ethic with the goal of continuous improvement to my security engineering skill sets, while building efficiencies within my team to complete the company mission.
• Experience in directing compliance controls, security requirements and data protection initiatives, with a solid educational base from Graduate Master's Program in Cyber security Technology.
• In-depth knowledge of routing protocols like BGP, OSPF, EIGRP, MPLS and Static routing.
• Expertise in TCP/IP, Subnetting, Network Diagrams, Documentation and troubleshooting L2, L3 connectivity issues.
• Profound working knowledge of administration and management of Palo Alto firewalls using centralized Panorama M-100 and M-500 devices.
• Experience in conducting IT Security Assessments in accordance with NIST Special Publication (Rev.4), FFIEC, 23 NYCRR 500 (NYDFS), NIST Cyber security Framework, HIPPA, PCI- DSS, ISO-72002 framework.
• Strong computer, Windows Operating Systems, Linux, and TCP/IP network troubleshooting abilities.
• Hands - on withDAST, SASTandmanual ethical hacking.
• Expert level knowledge on configuring and troubleshooting IPSec VPN and SSL VPN tunnels for connectivity between site-site and remote location users by using IKE and PKI.
• In depth understanding of security risks such as OWASP Top 10 and SANS Top 25 vulnerabilities.
• Experience in creating Minimum Security Baselines and Enterprise Standards for the Identity Access Management as well as Mobile Device Management
• Hands-on experience in developing threat models, security controls, threat analysis, the creation of risk control matrices and risk mitigation strategies.
• Experience in configuring and managing AAA architecture including RADIUS and TACACS+ servers through Active Directory.
• Strong knowledge of policies and procedures regarding chain of custody practice.
• Experience in implementing Security Incident and Event Management System (SIEM) using HP Arc Sight, Splunk.
• Capable of developing technical solutions following the assessment of complex customer needs.
• Profound experience in working with Nexus-OS, VPC, VDC, OTV, FEX in the data enters.
• Strong experience in upgrading Cisco IOS to Cisco Nexus NX-OS in the data centers.
• Experience in creating Minimum Security Baselines and Enterprise Standards for the Identity Access Management as well as Mobile Device Management.
• Hands-on experience in developing threat models, security controls, threat analysis, the creation of risk control matrices and risk mitigation strategies.
• Familiar with CIS, NIST, HIPPA, STIGS standards and guidelines. Working knowledge of risk assessment procedures, with a focus on ISO/IEC 27001 & NIST Threat Identification, system security categorization, gap analysis and compliance reporting. Experience with the vulnerability (Qualys) and digital certificate management lifecycle (DigiCert).
• Strong knowledge on Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Data Loss Prevention (DLP), DDoS attacks and Kill Chain mitigation techniques.

TECHNICAL SKILLS

Antivirus: McAfee Virus Scan Enterprise, Symantec, Endpoint Protection Suite

DLP: Web sense, Symantec & McAfee

End Point Security: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, and Safe boot

IPS/IDS: McAfee IPS, HP Tipping Point, Cisco IDS, Secure Works IDS/IPS

SIEM: RSA Envision, Arc sight, Splunk security manager, IBM QRadar

MSS: Vulnerability Assessment, Content Filter, Antispam, IDS/IPS Management

Network Security: NIPS/NIDS, Firewall, VPN (IPsec, SSL), DLP.

Endpoint Security/ Information Security: Antivirus, HIPS, Encryption, HDLP, Malware Analysis, Advance Threat

Firewalls/Routers: Nessus, Nmap, Wireshark, Burp Suite, Metasploit, Netsparker, John the Ripper, OPhcrack, OpenVAS, Encryption, Snort, and Yara

SIEM Tools: McAfee SIEM, Splunk SIEM, HP Arc sight

Security Tools: Splunk ES, McAfee Vulnerability management solutions, Nessus

PROFESSIONAL EXPERIENCE

Confidential, Minneapolis, MN

Information Security Engineer

Responsibilities:

• Work both as an engineer and analyst for multiple security tools such as SIEM, Confidential and web filter proxies.
• Configure, Manage and Monitor Palo Alto firewall models (Specifically the PA-5050 and the PA-5260).
• Hands-on withdatabase security / Vulnerability scannerusingImperva ScubaandIBM Guardium.
• Performed migrations from Check Point firewalls to Palo Alto using the PAN Migration Tool MT3.3.
• Implement advanced Palo Alto Firewall features like URL filtering, User-ID, App-ID, Content-ID on both inbound and outbound traffic.
• Conducted vulnerability testing and validation with automated and manual testing tools.
• Tracked, tuned, and compiled metrics from security devices and team member shift diaries for daily, weekly and monthly reports.
• Implemented Application Security program (DASTandSAST) at the enterprise level to identify, report and remediate security vulnerabilities from applications.
• Maintained good communication with IBM Guardium support and sales teams. I was able to successfully negotiate and activate expired support hours previously purchased from a third party vendor prior to IBM's acquisition of Guardium.
• Developed a 24×7 SOC team for security monitoring with Red team testing for internal applications and services
• Deployed Palo Alto firewalls using Confidential NSX through L2 and L3 interfaces on models such as VM-300, VM-500, and VM-1000-HV.
• Implement the Global Protect VPN, IPSec python VPNs and SSL VPNs through IKE and PKI on Palo Alto firewalls for site-to-site VPN Connectivity.
• Prepare risk-based test plans and perform the security testing (tool-based testing, manual penetration testing, source code review, etc.) on the different layers of those information systems in support of the Certification & Accreditation.
• Performed Static and Dynamic Analysis and Security Testing (SASTandDAST) for various applications as per firm’s security standards (i.e.,OWASPTOP 10).
• Subject Matter Expert for web content filtering and proxy devices for the enterprise
• Provided technical assistance to the team in configuring F5 full proxy LTMs by creating profiles, defining Load balancing algorithms, SSL Bridging and implementing SNAT, NAT rules.
• Performing manual vulnerability assessment and penetration testing of applications, produce reports and walk development team through issues.
• Strong Knowledge on Anomaly detection system (ADS), Intrusion Prevention System (IPS) and SPLUNK/QRadar SIEM tools to monitor and analyse security related issues.
• Configured HSRP, VRRP, GLBP for default gateway redundancy.

Confidential, Houston, TX

Information Security Engineer

Responsibilities:

• Develop, test and modify custom scripts and applications for vulnerability testing.
• Conduct vulnerability assessments for networks, applications and operating system.
• Use automated tools (Nessus & Qualys) to pinpoint vulnerabilities and reduce time-consuming tasks
• Work with team to develop security policies and baselines for mobile and web applications. Performed compliance audits to ensure security policies and baselines have been adequately implemented.
• Reviewed and undertook new opportunities such as SQL Server 2012 Change Data Capture, GRID upgrade on OVM, IBM Guardium evaluation, review, implementation and upgrade, Microsoft SCCM 2012, implementation of Hyperion Essbase and HFM/FDMin the capacity of application administrator.
• Migrated from Cisco ASA to Palo Alto firewalls.
• Enabled the User-ID feature while creating policies based on users and groups rather than individual IP addresses.
• Assessment of existing products to determine vulnerabilities and develop strategies.
• Maintain security by monitoring and ensuring compliance to standards, policies, and procedures.
• Configured windows USER-ID agent to collect host information using Palo Alto Global Protect.
• Configured 802.1X port-based authentication on Cisco switch-to-TACACS+ server communication.
• Scheduled a Penetration Testing Plan throughout the organization and completed all the tasks in the given time frame.
• Perform network and application penetration testing.
• Classify and prioritize the risk of new vulnerabilities according to the specifics of environment's risk level, mitigating factors, and assessment of the impacts of internal and external threats.
• Engineer application, system and network security solutions to meet security requirements for varied operating environments.
• Research and assess new threats, vulnerability security trends and security alerts, recommend remedial action.
• Performed penetration testing over the enterprise systems to audit the standards to comply withPCI DSS regulations.
• Implementing and Maintaining Network Management tools (OPAS, Solar Winds, Cisco Works).

Confidential - Omaha, NE

Security Analyst

Responsibilities:

• Analyze network traffic for anomalies and detect malicious activity.
• Acted as a member of SOC team dedicated to solving cyber security threats.
• Performed proactive network monitoring and threat analysis.
• Monitored systems, detecting, analyzing, and resolving all incidents/events reported by various SIEMs.
• Monitored and investigated large sets of data on clients' portal to detect fraudulent activities.
• Reviewed provided or requested Artifacts and Plan of Action & Milestones (POAMs) to determine if controls are implemented correctly.
• Responsible for completing threat analysis using Security tools (Alien Vault, Splunk)
• Provided weekly status reports.
• Switching technologies like VLAN, Inter-VLAN Routing, Ether-channel, VTP, MLS, HSRP, VRRP
• Perform advanced troubleshooting using Packet tracer and tcp dump on firewalls.
• Developed customized application configurations in SPLUNK to parse, index multiple types of log format across all application environments.
• Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.
• Supported security tests and evaluations (ST&Es).
• Monitored controls post-authorization to ensure continuous compliance with the security requirements.
• Conducted Security Control Assessments (SCA) on Information Systems by interviewing, examining and testing methods and documented control findings in the SRTM worksheet
• Worked to determine strategies and takes measures to mitigate risk.
• Assessed an alignment with DLP, PCI-DSS, and NIST-800controls for critical enterprise systems; developed effective and efficient processes to remediate the compliance gap.
• Performed internal vulnerability testing such as ACAS and SCAP scans and perform appropriate remediation.
• Performed security control assessment of all assigned systems, developed test plans and assessment reports in support of system authorization.

Confidential - New York, NY

Security Engineer

Responsibilities:

• Providing enterprise support for Confidential and Continuous Monitoring and Risk Scoring (CMRS).
• Provide SME level knowledge of Confidential for development of policies and.
• Report on vulnerability scoring for Command Cyber Readiness Inspection scoring.
• Respond to and track alerts, as well as provide artifacts and other documentation to the Company project management team.
• Configured and resolved complex OSPF issues in a multi area network.
• Troubleshoot LAN/WAN infrastructure including routing protocols like EIGRP, OSPF, HSRP and VRRP.
• Created documentation and network diagrams of the network infrastructure using MSVISIO.
• Created network diagrams and documentation for design using documentation tools like MS VISIO.
• Configured complete routing access to the local network infrastructure by implementing EIGRP as the primary routing protocol.
• Deployed Cisco routers and ethernet switches to simulate EIGRP, OSPF, DHCP protocols.
• Investigate Indicators of Compromise (IOC) from multiple reporting tools and submit remediation actions.

Confidential

Security Engineer

Responsibilities:

• Responsible for Threat Intelligence, basic malware analysis, security incident handling.
• Installing and configuring of McAfee ESM and IBM Open Pages and components and integration of various data sources in McAfee Nitro.
• Respond to Cyber-drill using MITRE attack framework
• Supported secure system operations and maintenance by monitoring IDS (Intrusion Detection Systems) / Intrusion Prevention Systems (IPS) through using network tools and appliances including Arc Sight, QRadar, Nitro, Source fire, Fire Eye, Bluecoat, and SPLUNK
• Review and updated System Security Plan (NIST SP ), Risk Assessment (NIST SP ), and Security Assessment Report (NIST SP A).
• Formatted and analyzed Nessus Tenable credentialed scans; Utilized Tenable Security Center to report on vulnerabilities.
• Analyze security events in Symantec, Arc sight and QRadar Incident Managers for clients.
• Tested Cloud Access Security Broker (CASB) Palo Alto Aperture for SaaS Solutions primary for Microsoft O365.
• Utilized BMC ADDM and Tenable PVS to monitor automated asset inventory discovery.
• Responsible for analyze, respond, and provide recommendation for security incidents manually or automated forensic analysis tools.
• Create Incident response plan with guidance from special publication as well as Information security
• Monitoring various event sources for possible intrusion, determine the severity and create correlation rules to detect thereat in SIEM.
• Assisted risk teams in tracking, reporting and comparing monthly operational losses; stepped up to develop a new root cause library that met industry best standards and was implemented in PNC's issue tracking/reporting system.
• Installs, Implements and troubleshoots CASB, Web cloud security products
• Configuration and maintenance of SIM/SIEMS tool - Qradar.
• During third rotation created/maintained the Independent Technology Risk management (ITRM) database and restructured the SharePoint data hub site that housed information and required artifacts.
• Development and maintenance of SOP and Root cause analysis reports for security incidents.
• Worked on transaction projects to implement of SIEM solutions to various stake holders.
• Good knowledge in various perimeter and endpoint security device logs and level of attacks (AV, Web gateway, IDS & IPS, Firewall).

Confidential

Security Engineer

Responsibilities:

• Identifying and implementing practices in security to enhance the operations of the clients.
• Manage the Security Incident and Event Management (SIEM) infrastructure
• Troubleshoot System Notifications on Qradar Environment.
• Enhancement and fine tuning of Correlation rules on QRadar based on daily monitoring of logs.
• Fine tuning existing correlation rules to reduce noise and false positives.
• Enhancement and fine tuning of Correlation rules on QRadar based on daily monitoring of logs.
• QRadar and Qualys report monitoring and fixing issues when needed.
• Integrated Threat intelligence with Qradar to combine external threat data from trusted sources with in-house data to eliminate false positives and discover relevant threats.
• Configure Network Hierarchy and Back up Retention configuration in QRadar SIEM.mation and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Analyze network traffic and various log data and open source information to determine the threat against the network required response, containment, investigation, and remediation.
• Responsible for incident response, tuning, system administration, operations and maintenance of the Security Incident and Event Management (SIEM) system