SUMMARY

• me am a detail - oriented and highly skilled cybersecurity and project management professional with over 9+ years of experience in multi-disciplinary organizations.
• With my comprehensive technical expertise in security auditing, risk analysis, and information systems, me hope to work with a team of professionals to ensure security compliance at teh highest level.
• Using Enterprise level Vulnerability scanners like McAfee MVM, Qualys.
• Good practical knowledge in vulnerability analysis, Exploit, risk mitigation, and recommendations on how to avert teh security breach.
• Hands-on expertise in SIEM tools: Splunk and Qradar
• Analyzing Real-time traffic, Packet Sniffing using Wire Shark.
• Practical experience in Qradar, A SIEM tool we used to manage queries and alerts triggered.
• Managing McAfee EPO Infrastructure for over 21k nodes.
• Experienced in SPAM handling.
• Experienced analyst in information technology, business solutions and project management.
• Experienced in providing Level-2 Export Control support and managing sensitive data.
• Responsible for managing Ad-hoc quality reports.
• Managed information technology issues related to supply chain production.
• Analyzed information related to quality assurance and production.
• Invested in project completion from start to finish.
• Network Analysis, Packet and Scanning Tools and Vulnerability Assessments
• AWS—Amazon Web Services
• Cloud Native Apps and App Infrastructures
• Network Security Monitoring and Logging
• Offensive Security and Defensive Security
• Hybrid Cloud and Workload Security Solutions
• Virtual Machines and Security Management
• Endpoint Threat Protection Security and Response

TECHNICAL SKILLS

Security Tools: Splunk |ArcSight Logger | Exa Beam | Palisade | Resilient. Carbon Black | Crowd Strike Falcon | Cisco Threat Grid |Symantec A/V | McAfee EPO | Palo Alto Panorama |Wireshark | FireEye (EX, AX, NX) | Cisco IronPort | Proof Point TAP | Proof Point TRAP |PhishMe | Lansweeper | Service-Now GRC

Protocols: TCP/IP | VPN | Telnet | SSH |SSL EIGRP | OSPF | ICMP | SNMP | IPSEC |DHCP

Framework/Compliance: GDPR | HIPAA | SOX | GLBA | PCI | ISO 27001/27002 | NIST

Backup Software: Veritas | Symantec Backup Exec/NetBackup | IBM Tivoli Storage Manager | Windows Backup.

PROFESSIONAL EXPERIENCE

Confidential, New York

Cyber Security Analyst

Responsibilities:

• Provide technical oversight, peer reviews, and input in developing standards, guidelines, and IT security and application support processes.
• Experience working day-to-day operation within an Office 365 Hybrid environment and using GRC software (Service-Now GRC, RAP Archer) to streamline Governance, Risk Management and Compliance for teh organization.
• Serve in a leadership role for IT security compliance, ensuring disaster recovery, business continuity, risk management, and collaborate with HR, Privacy Officer/General Counsel in organizational onboarding and offboarding processes via Service - Now and Azur Active Directory (AAD).
• Monitor, analyze, and review teh daily and weekly SOC (Security Operation Center) Reports, Root Cause
• Analysis (RCA) of any incident, and analyze and investigate any incidents through Fortinet Enterprise Solution Carbon Black Cloud, Lansweeper, etc.
• Involve keeping up to date with teh annual Confidential IT security policy and procedure handbook.
• Core team member of MS Azure AD admin center with security portion and MS 365 Defender Security Center.
• Involve in IT Security internal and external audits, annual Cyber Security Insurance, Application Security, internal and external network vulnerability scans, HIPAA Security Risk Assessment & Vulnerability Management (NIST 800-30) process with third-party vendors.
• Perform vendor risk assessment (VRA) and conduct a periodic review of MSA, BAA, CRF, SOW, etc.
• Initiates, facilitates, and promote activities to foster information security awareness (IT and CISA Alerts) with teh organization and related entities.
• Perform disaster recovery tabletop exercises.
• Involve in teh organization and all IT-related ongoing projects (EPIC Go - Live, Email, AD and Domain migration, new vendors onboarding, etc.).
• Creating Cyber Security framework
• Maintaining and creating third party vendor relationships
• Establishing and leading teh charge of Cyber Security posture
• Creating and enforcing policy
• Use of several Security tools
• Provided 24/7 SOC support for Texas Department of Transportation’s networks
• Collaborated with teh perimeter and endpoint security team to detect malware, hackers, bots, brute force logins, viruses, spyware, foreign and domestic traffic inside TX Dot’s Network/ firewall
• Investigated and analyzed various alerts/incidents using Splunk ES and Microsoft Cloud App
• Security including logs, suspicious logins and web traffic
• Identified and responded to active threats, malware and viruses using incident response management concepts.
• Utilized Cisco AMP for endpoints to detect and monitor incoming and existing threats, malwares and attacks.
• Utilized McAfee ESM SIEM to solve active threats and alarms for over 40 client accounts
• Monitored devices hourly with a device check for ransomware, viruses and malware
• Created tickets based on Severity level of teh alarms handled on a timely basis
• Updated SOC’s SOP (Standard operating procedure) and distributed through SOC team
• Shared shift turnover through documentation and verbally to update incoming analyst
• Monitored Splunk ES SIEM to identify security issues/ evaluate maintain network
• Performed real time log analysis for NTT Data/ Neiman Marcus client leveraging log correlation platforms including reporting, monitoring and shift turnover for logs
• Corresponded with Neiman Marcus group via Service Now to address and resolve ticketing issues including malwares, threat activity, blacklisted ip’s, fraud and other malicious activity

Confidential, New York

IT Security Analyst/Project Manager

Responsibilities:

• Perform daily, weekly, and monthly administrative o365, Exchange On-Line, and Exchange on-prem during teh office 365 migration project.
• Responsible for IT security audits, Network internal and external vulnerability scans using various tools software such as NESSUS.
• Play a crucial role in helping security compliance for various organizations in New York City, such as HIPAA and FERPA.
• Coordinate with NYC HRO/Mayor’s Office and other vendors to obtain and complete projects incybersecurity.
• Create and maintain comprehensive documentation with Microsoft Project & Visio engineering drawings.
• Resolve issues with DNS records configuration, Message Trace Tools, MX and SPF Records, Block Lists, Phishing, Email Filtering, and Virus Protection.
• Maintaining and creating third party vendor relationships
• Establishing and leading teh charge of Cyber Security posture
• Creating and enforcing policy
• Use of several Security tools
• Maintain and develop security practices. Using GDPR and newly implemented CCPA guidelines.
• In charge of maintaining CCPA regulations
• Gained skills from software development and SOC support to sales and professional services.
• Took teh following exams and received two cybersecurity certifications during teh 10-week tenure: Trend Micro Certified Professional for Apex One and Advanced Threat Protection.
• Worked with AWS through spinning up EC2 Instances, RDS, and Identity Access Management while preparing for teh AWS Certified Solutions Architect Associate exam as well as teh Security+ exam.
• Experienced anti-malware scanning, behavior monitoring, predictive machine learning, and teh utilization of sandboxes to safely study an unknown file.
• Received hands-on training with Kali Linux and hacking tools like Cain and Abel while covering Linux and Unix fundamentals and commands such as pwd, cd, ls, cat, and Vim Editor.
• Worked on a solution for teh security and management of thousands of virtual machines (VMs).
• Explored SaaS and covered workload security and host-based firewall and intrusion prevention systems using Advanced Threat Response to examine logs and security attacks using packet sniffers.
• Created a customer scenario focused on compliance issues faced by companies transitioning to teh cloud, secure identity governance, security groups, and cloud formation templates.
• Traced attacks while patching vulnerabilities on a network level for new and legacy operating systems.
• Learned about container security, how to shift left by providing image scanners, how to automate remediations, as well as how to provide security against teh OWASP Top 10 for Applications.
• Performed Incident Investigations specifically for firewalls, data loss prevention, and device control.

Confidential, New York

Security Analyst/Project Manager

Responsibilities:

• Responsible for Endpoint Security, Splunk (IT operations and security), and Deep Packet inspection
• Solid working knowledge of ITI, ISO27001/2, NIST (SP-800.53. Rev 4) Security and Privacy Controls for Federal Information Systems and Organizations
• Involve as a core team member in teh security team for teh Memorial Sloan Kettering Cancer Center (MSKCC) and Josie Robertson Ambulatory Surgery Center. Ensured Energy Code Compliance and security progress inspections for this state-of-teh-art, 179,000square-foot building with high-end technology dat offered unique requirements to meet regulatory compliance.
• Responsibilities were involved for Special inspections, as required by teh New York City Department of Buildings, including information systems, engineering systems, and energy code compliance.
• Core Risk Analyst for New York City Health and Hospitals Corporation (HHC) includes Queens Hospital Center and Metropolitan Hospital Center.
• Perform penetration testing and report results using Metasploit.
• Perform vendor risk analysis and IT security auditing.
• Perform disaster recovery tabletop exercises.
• Involve as Security Analyst for special inspection services for teh redevelopment of teh Fulton Center in Lower Manhattan.
• Played key roles in maintaining regulatory compliance in Microsoft Dynamics Environment for critical projects in New York City, such as for teh Brooklyn Navy Yard (BNYDC) and La Guardia Airport (LGA Airport.)
• Experience configuring SPF, DKIM, and DMARC security settings.
• Experience performing Health, Security, and SMTP Mail routine checks.