SUMMARY

• Having 7+ years of Experience on multiple cloud environment. Identified security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives.
• Provided technical support in the development, testing and operation of firewalls, intrusion detection systems, and enterprise anti - virus and software deployment tools. Assessed, prioritized and updated existing IT security policies and standards to reflect the GRC framework.
• Develop, Strategy Planning by utilizing Splunk and other SIEM cybersecurity tools.
• Maintaining the MS SQL Server including User Logins, Groups Creations with appropriate roles and monitoring, dropping and locking the logins, granting the privileges to users and groups.
• Worked with Security Operations Center (SOC) web application security log analysis and Malware Analysis, Phishing / Spam email Investigation, EDR tool (Titanium / Crowd Strike/Carbon black and other relevant tools.
• Knowledge of various security platforms and tools, such as firewall, CASB, proxy, Splunk-SIEM, IDS, IPS, Key-secure, Crowed strike and SOAR.
• Working knowledge of the incident response lifecycle and MITRE ATT&CK Framework.
• Implementation of appropriate Accreditation and Authorization activities per JSIG, DoD and ICD 503 RMF, NISPOM, or DoD Overprint to the NISPOM on customers requirement.
• Raising Tickets using ServiceNow during Investigation of Symantec DLP and understanding of Imperva Management Console.
• Worked on continuous improvement and document IT Security technology standards, policies, and processes, including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
• Familiar with forensic approach to challenges and vulnerabilities in day to day IT infrastructure.
• Deep analysis of how cybercriminals work and ability to keep up with the fast pace of change in the cybercriminal world.
• Perform security risk assessments for internal systems and processes, new software technology request to include mobile apps, web applications, etc.
• Quickly responds to external risk assessments requests from customers or third-party software providers as needed.
• Timely Conducts vulnerability scans, penetration testing, and log review to identify risk areas. Administers and updates security measures and operate software to protect systems and information infrastructure, including firewalls, phishing protection, and data encryption programs.
• Actively Participates in security investigations and compliance reviews, as requested by internal or external auditors and creates metrics and reporting for network security alerts, vulnerabilities, changes and Performs periodic audits.
• Timely Updating on information technology trends and security standards and having Strong Knowledge of cyber security tools network protocols and operating systems.

TECHNICAL SKILLS

Networking: Packet Analysis (tcpdump, Wireshark), IDS (Bro, Snort), Splunk, Firewall, IDS/IPS, Access Control

Systems Administration: Active Directory, DNS, FTP, SSH, DHCP, SMB, HTTP, Virtualization

Vulnerability Assessment: Nmap, Nessus, Ettercap, Qualys, Metasploit, Honeypots (honeyD, inetSim), BurpSuite, Nexpose, Acunetix, IBM App Scan, HP Web Inspect

End PointSecurity: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Symantec McAfee EmailSecurityGateways GUI & CLI, McAfee Network Data Loss Prevention, McAfee NITRO SIEMSecurityInformation and Event Management, Cisco Security (Cisco AMP Umbrella, Cisco Email Security), FireEye HX

Platforms/Applications: Continuous Monitoring Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance, Solarwinds, Nexpose, Rapid7 Event Management RSA Archer, Blue Coat Proxy, IBM QRadar, NTTSecurity, LogRhythm, PenTest Tools Metasploit, KaliLinux, Docker, Synk, AuqaSec, Terraform, AWS cloud formation. s

Standards & Framework: OWASP, OSSTMM, PCI DSS

SecuritySoftware: Nessus, Ethereal, NMap, Metasploit, Snort, RSA Authentication, PIA

Programming Languages: C, C++, Java, Python, JavaScript, PowerShell, Linux

Protocols: TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS, NetBIOS, SNMP, TLS

Domain Knowledge: Risk Management, BCP/DRP, ISO 27001, COBIT, SWOT analysis, Cryptography, Incident Response, Penetration Test, Risk Assessment, SCADASecurity, SCADA Audits, SIEM, ITIL, NIST, FIPS

PROFESSIONAL EXPERIENCE

CYBER SECURITY ENGINEER

Confidential, Boston, MA

Responsibilities:

• Utilize Nessus/Tenable, Nmap, OWSAP and Web Inspect to scan all ports, access points, devices, software and Servers.
• Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives. Provides technical support in the development, testing and operation of firewalls, intrusion detection systems, and enterprise anti-virus and software deployment tools.
• Install, Troubleshoot, Monitor ASP.NET Web Applications.
• Utilize PowerShell, SCCM for scripting, patching, Application Testing and Imaging Windows OS, 7 & 10 machines.
• Monitored, Configured, Scan/Patch Network TCP/IP, DNS, Telnet and DHCP.
• Managed/Secured and Scanned devices, software, Web applications following NIST protocol & FIPS 140-2
• Auditing and documenting systems using DISA auditing tools, Assured Compliance Assessment Solution (ACAS), DISA STIG, and SCAP tools.
• Responsible for monitoring and, providing analysis in a 24x7x365SecurityOperation Center (SOC) using Splunk SIEM, IDS/IPS tools.
• Lead in implementing security solutions towards SIEM tool using Splunk, and work on setting up the dashboard. Operate closely with data security teams.
• Used Splunk Deployment Server to manage Splunk instances and analyzedsecurity-based events, risks & reporting.
• Provide support of Splunk integration and deployment, configuration and maintenance
• Integration of data feeds (logs) into Splunk.
• Managing various industries standard IPS, PIA, CASB, Firewalls, Gateways, VBlock, Rapid7 Virus and Endpoint Managers
• Audit and validate configurations of network devices based on DISA STIGs
• Utilize RSA Archer platform 6.1
• Expertise in implementation, customizations and integrations of eGRCRSAArcher5.5 and 6.x version upgrades
• Develop and maintained a formalized GRC framework, utilizing standards based controls aligned to business.
• AdministratedArcherData Feeds, questionnaires, calculated fields, work flow, reports, dashboards, I- views, Packaging.
• Assess, prioritize and update existing IT security policies and standards to reflect the GRC framework.
• UtilizeSecurityInformation and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), McAfee Endpoint Encryption Data Leakage Prevention (DLP), PIA, Forcepoint, forensics, sniffers and malware analysis tools.
• Participate supporting RSA Archer version upgrades
• Managed, configured, account creation and supported CDM Dashboard within eGRC Archer platform
• Managed, Configured of 3rd party applications data feeds
• Conducts complex security architecture analysis to evaluate and mitigate issues. Develops policies and procedures for securing the system infrastructure and applications.
• Develops complex technical and programmatic assessments, evaluates engineering and integration initiatives and provides complex technical support to assess security policies.
• Created vulnerability risk assessments for in house, COTS and 3rd party applications.
• Utilize Wireshark, Nessus to Pen-test and analyze the network and software’s.
• Utilize McAfee ePolicy/End Point Protection Suite administration including virus protection, HIDS/HIPS, firewall, encryption and other workstation security technologies.
• Address known exploits using the Host Intrusion Prevention System (HIPS) also, configured, monitored, installed and updated the application as well.
• Denied/Approved Software applications after testing the software for vulnerabilities and malware.
• Manage and monitor ticketing system ensuring tickets are completed in a timely manner
• Manage system backupManage email, spam, andvirus protectionAdminister servers,desktop computers, printers, routers, switches, firewalls, phones, personaldigital assistants, smartphones, software deployment, security updates andpatches.
• Monitor network usage and security; undertake routine preventative measures to ensure network security. resolve technical problems with LANs, WANs, network segments, internet, intranet and other data communication systems; ensure network connectivity is on par with technical considerations Install, modify, and repair server / computer hardware (cables, hubs, routers, wireless adaptors.) and software.
• Manage and maintain VMware virtual server environment
• Manage and maintain the VMware virtual client environment
• Manage and maintain the SAN/NAS (e.g. NetApp) storage systems
• Setup, configure, and maintain hosted environments such as Microsoft Azure and Amazon Web Services.
• Manage and maintain Active Directory, User Accounts, Group Accounts, Computer Accounts, DHCP DNS and Domain Controllers.
• Manage and maintain the Microsoft System Center Configuration Manager (SCCM) for server updates as well as for client updates and automated builds and deployments.
• Ensure the proper execution of regular system backups
• Manage, maintain and patch Windows/Linux server operating systems and the applications running on those servers.
• Remain up-to-date on security concerns and implement solutions as necessary
• Oversee and manage the Office 365 based email solution.
• Utilize O365 Security Configuration, Set up multi-factor authentication, Raise the level of protection against malware in mail, Protect against phishing attacks with ATP Safe Links, Protect your email from phishing attacks, Raise the level of protection against malware in mail & Use dedicated admin accounts .
• Implemented Google Cloud, Microsoft Azure solutions using Azure Active Directory, Azure Automation, Azure Log Analytics and other Azure PaaS offerings
• Monitored and configured Azure, Google Cloud Networks, including Virtual Networks, Network Security Groups Traffic Manager, Network Monitor, Load Balancers and User Defined Routing
• Provisioned user accounts and role-based policies for access to Google Cloud, Azure services, Google Cloud, Azure Identity Management services
• Setup, configure, and maintain hosted environments such as Microsoft Azure, Google Cloud, and Amazon Web Services.
• Developed execution plan to support the transformation to Agile methodology, including development of processes, templates, artifacts, training materials, and lessons-learned.
• Managed corporate wide Agile software engineering support across customer organization.

CLOUD SECURITY ENGINEER

Confidential, NY

Responsibilities:

• Experience implementing and administering Cloud Workload Protection Platform (CWPP) or Cloud Security Posture Management (CSPM) tools - e.g., Dome 9, Prisma Cloud, Orca etc.
• Experience securing or administering multi-account/subscription public cloud environments (AWS, Azure, GCP)
• Experience with using a broad range of AWS technologies (e.g. EC2, RDS, ELB, EBD, S3, VPC, Glacier, IAM, CloudWatch, KMS) to develop and maintain an Amazon AWS based cloud solution, with an emphasis on best practice cloud security
• Strong knowledge and experience with AWS cloud architecture (i.e. RDS, S3, ECS, DynamoDB, API gateway, CDK, etc.)
• Expertise with GitHub, Gitlab, Terraform, Pulumi, Ansible or other CI/CD tools
• Mentor junior team members on cloud security best practices.

SENIOR NETWORK ENGINEER

Confidential, FL

Responsibilities:

• Interface with users, technicians, engineers, vendors and other Technical Maintenance personnel to install, update and debug automated systems.
• Ensure products and systems comply with cyber security standards and practices. Develop test routines and monitoring solutions. Penetration testing using Nmap and Wireshark.
• Provide day to day support of servers, workstations, network and other equipment. Document support procedures specific to systems to be utilized by the Technical Maintenance and Engineering departments.
• Designed and built new Cisco datacenter physical and logical network infrastructure to host Sprint’s new 4th generation wireless customers’ interactive web based online billing database (Ensemble) for the migration of 30 million customer accounts.
• Responded to outages and joined bridge calls to troubleshoot connectivity & participate in network design & planning alongside engineers in remote locations from other vendors including Sprint, Telcordia, AT&T Mobility.
• Monitored & queried Unix file systems to check Pix firewall logs on Sprint Perimeter firewall modules.
• Used Cacti, Multi Router Traffic Grapher (MRTG), HP Openview, Ciscoworks & SolarWinds Configured Cisco content services module (CSM) load balancers, Cisco firewall switch modules, Cisco Pix 535 firewalls, Cisco 7206 VXR VPN routers, Cisco 6500 series blade switches, and a few Catalyst 5500’s. Routing & network protocols configured and supported include BGP, OSPF, EIGRP, HSRP, PPTP, QOS, SSH, Telnet, 802.1Q, MPLS, ATM, frame relay, HDLC Supported a mission critical, production infrastructure in a fast paced environment where outages were measured in seconds.
• Reviewed detailed engineering change scripts, executed change and validation procedures & provided feedback for improvements in engineering design meetings.
• Attended change control meetings and represented the network team, explaining the impact and need to implement technical changes to the director on call and to obtain approval to implement these changes.
• Worked shifts in the command and control center (CCC) as needed to maintain network monitoring coverage.
• Designed Cisco router & switch configurations.
• Created & maintained Visio network diagrams outlining interconnections and merged existing Visio diagrams to reflect changes.
• Modified access control lists (ACL’s) on Cisco firewalls.
• Added, removed, and created streams & serverfarms on the Cisco content services module (CSM) load balancers.

CYBER SECURITY ANALYST

Confidential, PLANO, TX

Responsibilities:

• Responsible for detection and response to security events and incidents within global fortune 500 client networks; utilizing ArcSight, Splunk, Tipping Point, VirusTotal, IPVOID, FireEye, Wireshark, etc. to gather, analyze, and present forensic evidence of cyber malware and intrusions.
• Review System and firewall logs based on individual preset client policies, rules, and standards; also review all host activity for specified timeframe.
• Work directly with ESM engineers and Account Information Security Officers to adjust alert criteria.
• Coordinated escalations to Forensic Analyst Team with recommendations for remediation
• Acted as liaison and interacted with leadership, account management teams, and engineers to further define the risk and remediation plan.
• Evaluated and fulfilled requests from the Account Information Security Risk & Compliance Officers for each client and aligned with the appropriate runbook procedures to attain Client Service Level Objectives and Agreements.
• Adjusted network alerts temporarily to suppress excessive alerts prior to engineers making permanent threshold changes.
• Facilitated and operated direct telephone communication in order to perform the immediate required escalation requests or engagements of required teams to support clients.
• Researched McAfee Threat Center, Symantec, and other vulnerability and threat libraries to identify and formulate remediation plans.

END POINT SECURITY ANALYST

Confidential, PLANO, TX

Responsibilities:

• Led a team of 6 to support the monitoring and maintaining of EDS client endpoint protection platforms, such as McAfee ePO, Symantec, and Trend Micro; provided investigation and remediation responses to security incidents and alerts working and following up with end users as well as system administrators, and Account Information Security Officers; received inquiries from level 1 helpdesk surrounding threat and vulnerability management; provided troubleshooting assistance with issues installing and updating anti-virus software as well as the removal of malware and vulnerability patching.
• Proactively monitored vendor websites for new or updated information regarding vulnerabilities and medium and high impact virus threats and updated the internal knowledge base accordingly; as warranted created and issued internal news bulletin warnings of possible vulnerabilities and malicious code threats and providing instructions to mitigate threat and clean up instructions for machines which may have been infected
• Maintained anti-virus software platforms with vendors, including signature and DAT file releases, AV software updates and patches.
• Worked with implementation project team to onboard new clients; responsible for understanding the business agreement between the client and EDS, creating the technical operations document, along with obtaining access to the clients environment and ensuring all baseline configurations and exemptions were implemented prior to handing off to the team; coordinated with the production engineer for the implementation hand-off.

INFRASTRUCTURE SECURITY ANALYST

Confidential

Responsibilities:

• Processed approved dataset access request and user id request for internal EDS and client platforms using ACF2, RACF, UNIX, and Windows.
• Participated in off-site quarterly Disaster Recovery Drills, providing access to the model office environment and troubleshooting dataset access issues, account creations, and password resets.
• Managed onboarding of external clients (health care, banking, telecom, etc.).
• Participated in annual audits of critical data to ensure we were PHI, PII, PCI, and SOX compliant.