SUMMARY

• Senior Cyber security engineer & Information Security professional with a versatile experience of over 7+ years in multiple domains and industries. My ability to quickly “adopt and adapt” Business acumen demonstrates a successful track record of providing leadership and proficiency in conducting Web Application Security Testing, Penetration Testing, Vulnerability Assessments &Security business process development as an Information Security Specialist, Auditor (Risk Assessor).
• Experience into teh Risk Management, Cyber security, SIEM, IDR, EDR, Digital IT audit / compliance and CVE threat / vulnerability management.
• Expert in Vulnerability Assessment using Nexpose, Qualys, Nessus and Nexpose tools to evaluate attack vectors, identify system vulnerabilities and develop remediation plans andsecurityprocedures.
• Performed Security & GRC assessment design validations for various clients on their current state design and provided teh observation and recommendations dat eliminates teh flaws which are not adhering to compliance rules.
• Experience into teh Threat Models - MITRE ATT&CK, Cyber Kill Chain.
• Experience into teh Log aggregation, Security Information and Event Management (SIEM) with Elastic Stack and Rapid7 InsightIDR.
• Hands-on with Symantec Cloud SOCCASBand Symantec DLP.
• Solid understanding of working withNIST 800 - 53 framework.
• Experienced in monitoring teh network’s performance based on company’s Service Level Agreement (SLA)
• In-depth noledge of network security applications (Firewalls, EDR Tools, VPN, Proxy).
• Excellent noledge of FISMA, HIPAA and NIST, PIA Compliance usage, rules and regulations
• Developed a plan and working with teh business to ensure compliance to GDPR and NIST 800-171 initiatives.
• Familiar with threats and vulnerabilities, latest trends and risks and be able to understand teh technical remediation action steps or plans and communicate them effectively to teams within teh organization.
• Familiar with NIST, both practical application for networking equipment, desktop configuration, Windows and UNIX servers.Referenced NIST SP 800-50 and SP 800-40 series primarily for safeguarding MS Windows OS, UNIX / LINUX OS and network printers.
• Experience performing information security risk assessment, policy reviews and gap assessments; Analysis and interpretation of various vulnerability reports and identify issues.

TECHNICAL SKILLS

DAST Tools: Burp Suit, Qualys, Nmap, OWASP ZAP Proxy, IBM AppScan, SQLMAP

Network Security Tools: Nessus, Nmap, NSE Scripts, net cat, Metasploit

Databases: Oracle, MS-SQL Server, MS Access

Reporting tools: Power BI & Tableau

Methodology: Agile/Scrum

PROFESSIONAL EXPERIENCE

Confidential, Quincy, MA

Senior Cyber Security Engineer

Responsibilities:

• Performed security, analyses and risk/vulnerability assessments.
• Evaluated and disseminated teh integration results of teh CDC's data elements with teh OCC's enterprise governance, risk, and compliance (GRC) solution.
• Responsible to Architect, implement and monitor Rapid7's InsightVM vulnerability scanner and InsightIDR SIEM solution.
• Alternated vulnerability scanning and analysis with Tenable Nessus, Beyond Trust, Beyond Trust PAM, Tripwire Enterprise, IBM Guardium, Qualys, Wireshark, Insight AppSec, InsightVM, Insight IDR EDR, Metasploit, Aqua container scanning, Aircrack-ng, NMAP and others.
• As a Cyber security/SOC engineer, was responsible to support various network security infrastructure devices in maintaining a high SLA requirement.
• Responsible for creation of teh workshop’s decks for Security & GRC to discuss teh strategy and to prepare teh design document based on discussions which also includes creation of teh workflow’s visuals using Visio and to finalize teh transaction/Fiori Apps.
• Built proof of concept (POC) for Localization to use AWS for some transcoding workloads. AWS services used were EC2, S3, Lambda, Elastic Transcoder. Second phase would be to add Captions and Digital Rights Management (DRM).
• Use teh MITRE|ATT&CK framework for pen-testing and vulnerability assessment.
• Plan and execute SIEM tools and methods, orchestration integration wif Rapid 7 Connect and Tufin products, Rapid 7 vulnerability management, threat remediation, IDR incident detection response, EDR endpoint detection response, Amazon AWS Cloud security, vendor risk vetting assessments, penetration testing, web application and mobile technology vulnerabilities.
• Maintain ongoing review and monitoring of SIEM alerts (Splunk) and SOAR alerts.
• Evaluated following Security Software Reporting / Dashboard Tools for NIST Special Publication 800-53 / NIST 800-171 compliance.
• Delivered security services including HIPAA and PCI assessments, ISO and NIST security framework evaluations, operational security assessments, and security program creation.
• Was responsible to consistently resolve critical business effective network operation issues within SLA time frames.
• Responsible to troubleshoot IP network issues, customer installs, SLA compliance and escalated issues served as a customer point of contact during problem lifecycle and maintained documentation and systems.
• Implementing and using IDS/IPS, DLP, forensics, sniffers and malware analytic tools.
• Responsible to develop security systems, analyzing current systems for vulnerabilities and handling all cyberattacks in an efficient and effective manner.
• Installed, configured and administered Splunk Enterprise Server and Splunk Forwarder on Redhat Linux and Windows servers.
• Support in remediation of vulnerabilities with detailed reports to assist with implementation.
• Use Splunk to analyze network traffic and conclude if an attack occurred.

Confidential, Princeton, NJ

Sr.Cyber Security Engineer

Responsibilities:

• Developed custom SIEM deliverables in Splunk/McAfee/QRadar/ArcSight to meet customer needs in a variety of domains: IT security, financial, IT ops, human resources, physical security, etc.
• Responsible into teh Log aggregation, Security Information and Event Management (SIEM) with Elastic Stack and Rapid7 InsightIDR.
• Review Network Security configuration, audit, and management of Windows servers. Installation, configuration, audit, and management of security tools.
• Review Nessus scans results, ArcSight, Solarwinds, SiteProtector for potential threats.
• Oversee Vulnerability assessment/penetration testing of scoped systems and applications to identify system vulnerabilities.
• Design, development, implementation, tuning and testing of standard and nonstandard content for Mcafee SIEM (Nitro).
• Perform Digital forensics and Incident Response (IR) using tools Autopsy, Magnet, Stinger, etc. 28 DOL agencies
• Served as teh primary SME for RSA Secure ID and all multi-factor autantication products including Azure MFA.
• Performed centric threat analysis on advanced SIEM technologies: ArcSight, Splunk ES, AlienVault,QRadar.
• Maintained GIT repositories, branches and tags and Experience in Administering GITHUB repository.
• Administered MS Windows Server, Red Hat Linux Server, and Network/Security Administration.
• Played a key role in deploying Symantec Endpoint Protection Manager and clients on a closed network.
• Worked as a PCI-DSS consultant to perform a 3rd party audit.
• Produced Business Unit’s first Major Incident Management, Vulnerability Assessment and Remediation and Adding Data to Splunk Documentation.
• Employment of Panorama in teh deployment, configuration and management of Palo Alto NGFWs
• Good understanding of policies inCyberArkCentral Policy Manager (CPM) and (PSM).
• Create and update security threat assessment reports and update network diagrams and attack plans.
• Responsible to Architect, implement and monitor Rapid7's InsightVM vulnerability scanner and InsightIDR SIEM solution.
• Establish and maintain an IT Compliance program for Financial Security Infrastructure team dat minimize risks to IT objectives through effective, efficient, scalable, and cost-effective design and operation of controls, including Sarbanes Oxley (SOX), ITGC (IT General Control) using COBIT framework, and other domestic and international compliance requirements.
• Involved in DLP data encryption, monitoring/reporting and remediation of internal and external threats/vulnerabilities.
• Coordinate DHS Nessus security scanning activities and conduct vulnerability analysis on output results. Performs threat/vulnerability assessments and remedial actions, to ensure systems are protected against non/potential threats and free from non vulnerabilities.
• Coordinate DHS Nessus security scanning activities and conduct vulnerability analysis on output results. Performs threat/vulnerability assessments and remedial actions, to ensure systems are protected against non/potential threats and free from non vulnerabilities.
• Provided Azure Security and Compliance reviews and solutions for government systems to facilitate teh secure and compliant
• Ensured Azure Government system was compliant to meet a FedRAMP Provisional Authority to Operate (P-ATO) and DoD Provisional Authorization (PA).
• Had to deal with SIEM solutions such as Rapid7 Nexpose, Forcepoint, Splunk.
• Implemented Vulnerability Assessment and Management (Nessus &Qualys), Security risk analysis; reporting using SPLUNK.
• Familiarity and understanding of teh NIST CSF, SOC1, SOC 2, ISO27001 and other security frameworks.
• Experience defining key metrics data elements to track compliance with, and effectiveness of, identified controls.
• Experience analyzing, rationalizing, and advising backlog prioritization based on where cyber control gaps to drive remediation efforts.
• Consulted with business and technology partners to create and provide security recommendations and best practices.
• Conducted onsite penetration tests from an insider threat perspective.
• Performed host, network, and web application penetration tests.
• Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, Solutionary, LogRhythm, SCCM, Altiris, LanDesk, BigFix, McAfee/Symantec.
• Push configurations and updates to multiple Splunk Enterprise instances via teh Splunk Deployment Server
• Support teh reporting and outputs from cross-functional teams related to teh vendor risk assessment process
• Provide IT Governance, Risk, and Compliance (GRC) service to fulfil client requirements.
• Experience with SIEM platforms (Splunk, Qradar, McAfee/Nitro, Arcsight, LogRhythm, Carbon Black)
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools, SSL/TLS, SOAP/XML, TCP/IP, HTTP and expertise in open ssl. Moreover Experience in deploying and administering Dynatrace, APM Tools like Synthetic, DCRUM, UEM, & AppMon.
• Managed Cyber Security threats through prevention, detection, response, escalation and reporting in effort to protect Enterprise IT Assets through Computer Security Incident Response Team (CSIRT).
• Responsibilities for CSIRT included SIEM, Context Filtering, Web Security, Incident Tracking, IPS/IDS and Malware Analysis.
• Responsible for troubleshooting and resolving firewall software and hardware issues, including VPNs, connectivity issues, logging, cluster configurations, and hardware installations for Checkpoint and Palo Alto firewalls.
• Performed risk analysis using State approved risk analysis methodology based on NIST SP and ISO IEC 17799 methodologies.

Confidential, Midvale,UT

Cyber Security Analyst

Responsibilities:

• Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce teh risk of vulnerability to IT assets.
• Deploy Bluecoat agent on systems to defend corporate network.
• Provided guidance and feedback to vendors for improving their security controls by managing and implementing tools like SIEM, IDPS/IPS and integrating security into their SDLC process.
• Worked extensively on various SIEM (Tanium, Splunk, Skybox), AV, IPS/ IDS and DLP tools.
• Performed internal risk assessment on IT security and controls team dat managed security operations (Network Security, SIEM, Firewalls, IDS, encryptions, TCP/IP, DNS Incident Response) to determine compliance with security requirements.
• Troubleshoot and recover network outage.
• Use Cisco Meraki to monitor status on PCs and servers, also for deploying ESET Endpoint and other software packages to Servers and PCs.
• Configured and managed H/A in Fortigate and Palo Alto NGFW.
• Configure Print server
• Configure and manage Virtual Machines using VMware 6.5
• Backup VMware VMs using Veeam backup.
• Configure and manage Cisco network switches and routers.
• Run decryption tools per client on Hyper-V, VMware, and Workstations
• Collect logs for forensic investigation.
• Utilize digital forensic tools (In-house App FTK Imager, etc.) to perform incident response activities.
• Troubleshoot/resolve issues with client systems to run software.
• Penetration Testing/ Vulnerability scanning using Nessus.
• Communicate and coordinate with customer to fix current threats.
• Configure virtual machines on Hyper-V and VMware from backup.

Confidential, Overland Park, KS

Cyber Security Analyst

Responsibilities:

• Responsible for detection and response to security events and incidents within global fortune 500 client networks; utilizing ArcSight, Splunk, Tipping Point, Virus Total, IPVOID, FireEye, Wireshark, etc. to gather, analyze, and present forensic evidence of cyber malware and intrusions.
• Review System and firewall logs based on individual preset client policies, rules, and standards; also review all host activity for specified timeframe.
• Work directly with ESM engineers and Account Information Security Officers to adjust alert criteria.
• Coordinated escalations to Forensic Analyst Team with recommendations for remediation.
• Acted as liaison and interacted with leadership, account management teams, and engineers to further define teh risk and remediation plan.
• Evaluated and fulfilled requests from teh Account Information Security Risk & Compliance Officers for each client and aligned with teh appropriate runbook procedures to attain Client Service Level Objectives and Agreements
• Advanced noledge of Cisco wireless LAN controllers, Cisco access points, Cisco ISE, Cisco routers, Cisco L2/L3 switches, Cisco Prime, Generic Routing Encapsulation, load balancing (F5 BIG-IP Local Traffic Manager, Cisco Load Balancer, Citrix, Azure load balancer), QOS, PBR, WCCP, VPN, NAT, VoIP, IPsec, Multicast, DNS services, MPLS networks, LAN, WAN, Juniper Networks Firewall, Cisco ASA firewalls and network and routing protocols (Ethernet, TCP/IP, SNMP, VLAN Trunk, BGP, OSPF, ISIS, EBGP,IBGP,RIP).
• Excellent written and verbal communication skills. Ability to create, update and maintain technical documentation. Ability to work independently. Experience with ServiceNow.
• Configured Advance CyberArk integration with AD through LDAP, 2factor autantication & email integrations.
• Utilizing Tanium Endpoint Security to create reports to resolve various information security issues.
• Experience with Risk assessment, Cobit me help Malware Analysis.
• Coordinates closely with disaster recovery and data security teams.
• Enhancing Risk culture across teh organization based on COSO framework. Applying and implementing COSO framework across organization Adjusted network alerts temporarily to suppress excessive alerts prior to engineers making permanent threshold changes.

Confidential

Security Analyst

Responsibilities:

• Performed grey box testing of teh web applications
• Executed and crafted different payloads to attack teh system for finding vulnerabilities with respect to input validation, authorization checks, and more
• Reviewed and Validate teh User Access Compliance on a quarterly basis
• Reviewed teh requirements for privileged access on an everyday basis and provide recommendations
• Reviewed and validate teh privileged users and groups at Active Directory, Databases and application on a periodic basis
• Documented information security guidance in step by step operational procedures
• Performed static code reviews with teh help of automation tools
• Performed a threat analysis on teh new requirements and features
• Burp Suite, DirBuster, Hp Fortify, NMap tools were used as part of teh penetration testing, on daily basis to complete teh assessments
• Established and improved teh processes for privileged user access request
• Reviewed firewall rules and policies in web proxy
• Highlighted teh user access and privileged user access risks to teh organization and providing teh remediation plan.