SUMMARY

• Around 6+ years of IT experience in the areas of Risk Analysis, SIEM, Endpoint Security, DLP, Network Security, Email Security, Web Gateway, Vulnerability Assessment, Pen testing, Windows Server, Domain technology, and Antivirus servers.
• Expert in Vulnerability Assessment using Qualys, Nessus and Nexpose tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans and security procedures.
• Assisted in integrating regulatory compliance requirements (e.g., PCI, NIST) into the organizational security roadmap.
• Hands on experience on Force point and Knowledge of distributed Splunk installation with Forwarders, Clusters, and Search head cluster.
• Possess a well - balanced understanding of business relationships, business requirements, and technical solutions with ability to work collaboratively with business analysts, software testers, developers,
• Hands on experience for development, implementation, and administration of information security policies, standards, and procedures, adhering to industry best practices for clients.
• Assisted in ensuring that the corporate IT environment is secure and complies with all external audit requirements and federal standards
• Designed and facilitated new cloud security architecture at Bluemix data centers for the ECMoCproduct offering using Vyatta 5400/5600, Juniper vSRX, Fortinet/Fortigate series firewalls.
• Efficient and Expert in EIGRP, OSPF, with knowledge on MPLS, BGP (including configuration and troubleshooting)
• Acunetix, Microsoft Project, Tripwire/IP360, Tenable, Project Libre, Visio, Pac2000, SharePoint, PeopleSoft & Nexus, Continuous monitoring, GIS Ware, cloudera, Hadoop, Apache, Microsoft application, endpoint, Security API’s, shodan API + Nmap and others.
• Perform Risk Assessment, Gap analysis & create Risk Mitigation plan.
• Strong understanding of enterprise, network, system/endpoint, and application-level security issuesand risks.
• Oversee Vulnerability assessment / penetration testing of scoped systems and applications toidentify system vulnerabilities.
• Excellent knowledge of FISMA, HIPAA and NIST, PIA Compliance usage, rules and regulations
• Use IBM QRadar Security Manager to identify threats and assigned category.
• Processed daily security operations and log analysis.

TECHNICAL SKILLS

Operating Systems: Windows Server, Windows 10, Mac, Linux - Ubuntu, CentOS, Kali, Security Onion Virtualization - VMware, VirtualBox

Cloud: AWS and Azure (Basics)

Tools: Wireshark, Nmap, Burp suite, Cisco Packet Tracer, Eyewitness, Go Buster, Recon-ng, Rapid 7, Bit Sight, Metasploit, Cobalt strike, Red canary, OpenVAS, Microsoft Threat Modeling, caldera

Forensic Tools: Autopsy, Exif Read, FTK Image

Programming Languages: C, C++, Python, Bash Scripting (Basics)

Networks: IPv4, IPv6, RIP, EIGRP, OSPF, BGP, IGMP, SNMP, VTP, ARP, VLANs, DHCP, DNS, HTTP

Security: Firewall, SSH, IPsec, VPN, WPA2, ACLs, DLP, Active Directory, OWASP 10, Cyber Kill Chain, endpoint protection, encryption standards, Kerberos, OAuth, IAM, NIST, MITRE’s ATT&CK framework, Splunk

Database: MySQL

PROFESSIONAL EXPERIENCE

Confidential, Stamford, CT

Cyber security Analyst

Responsibilities:

• Assisting in red teaming and vulnerability management activities
• Deployed and monitoring honeypot with a dashboard in the AWS cloud environment to learn more about attackers TTP (Tactics, Techniques and Procedures)
• Deployed a C2 (command and control) environment using cobalt strike tool, adversary simulation software designed to execute targeted attacks and emulate the post-exploitation actions of advanced threat actors to detect network vulnerabilities that were not monitored by the SOC team.
• Experienced in active and passive reconnaissance part using various tools like Nmap, Maltego, DNS Lookup, Recon-ng, Virus total, etc. to find out the attack surface of the whole network to think like how threat actors will collect information about the organization.
• Utilized a tool called “Eyewitness” to find out the splash pages, service unavailable, login pages that are exposed to the internet and to take screenshots of websites provide some server header info and identify default credentials if known.
• Experienced in threat modeling using Microsoft threat modeling software to identify and mitigate potential security issues early using a proven methodology.
• Reviewed various documents/reports generated by third party vendors to make sure that company assets are secured and monitored.
• Assisting with security operations team (SOC) and various projects to address current and potential security risks.
• Performing data analysis, data consolidation, and data reporting used for decision-making and reporting metrics.
• Assisting with maintaining and organizing collaborative sites and mailboxes.
• Providing administrative and logistical assistance to ensure security-related meetings run smoothly and effectively
• Staying knowledgeable about current security technologies, news, and events and how they impact security operations.

Confidential, Charlotte, NC

Cyber Security Analyst

Responsibilities:

• Administered data security policies and developed AWS IAM permissions and policies.
• Worked on detect, protect and respond concepts in CyberArk privileged access control system.
• Detected and mitigated insider threats by utilizing CyberArkPAS/PAM components.
• Responsible for creating attack methods to capture the flag on a target server.
• Attacked a server through SSH and HTTP vulnerabilities after network and Nmap scans.
• Implemented Security Culture Framework with CIS recommendations and measured progress.
• Educated on internal threat actors and keeping check to external threat actors.
• Worked onWireshark for packet captures, analyzed http traffic and scanned vulnerabilities.
• Used Autopsy tool on Kali Linux to analyze iPhoneas a part of data forensic analysis.
• Worked on CyberArktool with Access, Account setup and Safe creations.
• Used Splunk extensively for log search, analyze and monitor big chunks of data.
• Captured large amounts of Splunk data and created visualizations, reports, configured alerts.
• Implemented zero-day vulnerabilities concepts and documented steps.
• Worked on restricting DDoS, XSS, SQL injections, Botnets, RAT Viruses and worms.
• Conducted a penetration test on a VMWare server to find hidden flags.
• Knowledge of SonarQube for Static and Dynamic Application Security Testing (SAST&DAST).
• Provided Security Controls assessment, Risk Analysis and Risk Management solutions.
• Automation of container security scanning process (DevSecOps) into the build environment with CI/CD pipeline using Jenkins, Maven, Gradle, GitHub tools.
• Participated in the implementation of AWS Cloud security for applications being deployed in the Cloud. Developed WACLS and configured to rules and conditions to detect security vulnerabilities in the Cloud Front.
• Implemented Security Group Policies for Elastic Compute Cloud (EC2) instances within AWS. Developed AWS Service Roles to protect Identity Provider access.
• Participated in the implementation of developing security policies and security groups for AWS Cloud infrastructure including, EC2, Security Groups, Route 53 and Virtual Private Cloud (VPC).
• Participated in the development of IT risk assessments for enterprise applications. The NIST framework has been utilized for IT risk assessments.
• Developed threat modeling framework (STRIDE, DREAD) for critical applications to identify potential threats during the design phase of applications.
• Found malware, Trojan and harmful virus files in .dll format and provided vulnerability report.
• Documented data security recommendations from various cyber security organizations.
• Worked with Internal Audit, IT Governance, IT Compliance groups, provided recommendations.

Confidential - Quincy, MA

Cyber Security Engineer

Responsibilities:

• Developed custom SIEM deliverables in Splunk/McAfee/QRadar/ArcSight to meet customer needs in a variety of domains: IT security, financial, IT ops, human resources, physical security etc.
• Design, development, implementation, tuning and testing of standard and nonstandard content for Mcafee SIEM (Nitro).
• Perform Digital forensics and Incident Response (IR) using tools Autopsy, Magnet, Stinger, etc.
• Establish and maintain an IT Compliance program for Financial Security Infrastructure team that minimize risks to IT objectives through effective, efficient, scalable, and cost-effective design and operation of controls, including Sarbanes Oxley (SOX), ITGC (IT General Control) using COBIT framework, and other domestic and international compliance requirements.
• Involved in DLP data encryption, monitoring/reporting and remediation of internal and external threats/vulnerabilities.
• Provided Azure Security and Compliance reviews and solutions for government systems to facilitate the secure and compliant use of Azure for government agencies and third-party providers building on behalf of government.
• Ensured Azure Government system was compliant to meet a FedRAMP Provisional Authority to Operate(P-ATO) and DoD Provisional Authorization (PA).
• Assist penetration testing and investigation. • Served as the primary SME for RSA SecurID and all multi-factor authentication products including AzureMFA.
• Maintained GIT repositories, branches and tags and Experience in Administering GITHUB repository.
• Played a key role in deploying Symantec Endpoint Protection Manager and clients on a closed network
• Worked as a PCI-DSS consultant to perform a 3rd party audit.
• Collaborate with Internal audit, External Audit, SOX PMO in a regular cadence, discuss changes tothe control environment and prepare effective, efficient compliance and substantive test plans and SOX Calendar.
• Assessment guidance/standards used; NIST SP, NIST, NIST, ISO27002, ISO27005, to ensure regulatory compliance and proper assessment of risk.
• Understand the threat landscape as related to vendors and perform vendor risk assessments
• Develop documentation for new/existing policies and procedures in accordance with Risk Management Framework (RMF), NIST SP requirements. • Used GZIP with AWS Cloud front to forward compressed files to destination node /instances.
• Dynamic monitoring and analysis of Intrusion Detection Systems (IDS) to identify security issues for remediation.
• Analyze, recognize, correlate, and report any potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information from AccelOps SIEM, Snort logs and Checkpoint FW logs.
• Assisted CSO with completion of established goals, objectives, and streamlining of internal office procedures.
• Deployed the following Azure services to enable IT Security and IT Operations to move applications into the Azure cloud environment by allowing for monitoring and alerting: Azure Operations Management Suite (OMS), Service Map, Network Watcher, and Wire Data.
• Performed host, network, and web application penetration tests.
• Consulted with business and technology partners to create and provide security recommendations and best practices.
• Conducted onsite penetration tests from an insider threat perspective.
• Work closely with the Risk and finance teams to associate a monetary value to security risks within the User Behavior Analytics (UBA) tool.
• Conduct internal and external security audits based on standard cybersecurity frameworks from ISO27002, COBIT, NIST, OWASP and Cloud Security Alliance
• Worked extensively in Configuring, Monitoring Elk, Extrahop.
• Expertise in development of Information Security Programs based on frameworks such as NIST, NIST,NIST, ISO 27002, COBIT 5.0, FFIEC, GLBA, SOX, PCI & PII with IT Risk drivers KPI's and KRI's to ensure Financial regulatory compliance and data security.
• Works with Encase, FTK, Cellebrite, Gargoyle, IEF, tools, plus dozens of utilities for ripping, extracting, repairing, copying, de-duplicating, automating and more
• Played an Integral role in migrating company's security firewall environment from FortiOS 4.0 firewall

Confidential, West Haven, CT

Research Assistant - Network Security

Responsibilities:

• Worked with the faculty in the network security projects, and performed experiments, data acquisition, analysis and reporting, presentation development and publications.
• Performed various activities in the research life cycle, including literature review, design, implementation, results, and analysis.
• Understood the vulnerabilities that exist in WIFI 5 and WIFI 6 and performed attacks on WIFI5 and WIFI6 routers to test the security of the network.
• Analyzed various methods and implemented attacks with networking devices and tools like Wi-Fi range extender with promiscuous mode and Aircrack-ng.
• Cracked weak, default, and medium complex password of WIFI5 using hash cat by capturing WPA handshakes with the Wireshark
• Laboratory setup and configuration for network security, contributed to research paper writing and publication.