SUMMARY:

• 5+ years’ experience in Network Security Operations, content authoring, design, installation, administration, upgrades, monitoring, implementation, integration operation of an HPE Arc Sight/Splunk/Nessus/Rapid 7/IBM Qradar/ Qualys Guard/McAfee EPO.
• Experience in IT Database Security Operations and implementation and Incident handling And Certified Ethical Hacker V4.
• Analyze security logs generated by Intrusion Detection/Prevention Systems (IDS/IPS), Firewalls, Anti - Virus, and/or other security logging sources and SIEM aggregators.
• Authored, directed the SOC Analyst and Engineering playbooks for functional areas such Threat Intelligence operations (collection, analysis, and dissemination), malicious code analysis, custom Sourcefire IDS signature analysis, Sourcefire Threat Feeds.
• Experience with life-cycle management of the ArcSight platforms too including coordination and planning of upgrades, new deployments, and maintaining current operational data flows.
• Designed, configured and managed public/private cloud infrastructures utilizing Amazon Web Services (AWS)including EC2, Auto-Scaling in launching EC2 instances, Elastic Load Balancer, Elastic Beanstalk, S3, Glacier, Cloud Front, RDS, VPC, Direct Connect, Route53, Cloud Watch, Cloud Formation, IAM, SNS.
• On-site Security/Risk Assessments, AlgoSec deployment and configuration, McAfee Web Gateway, McAfee ePO and Endpoint Security deployment including Virus Scan enterprise, endpoint security 10.x, HIPS, DLP, whitelisting with Solidcore (File Integrity Manager, Application Manager).
• Experienced in building Automation frameworks related to Application Security and proficient in Java, Python and Unix shell scripts and PowerShell.
• Expertise in Kerberos, DNS, Load Balancers, Active Directory.
• Creates and maintains functionality of automation scripts using Unified Functional Tester (formerly QTP) and Selenium tools to increase testing productivity by providing technical solutions, utilities, and process improvement initiatives.
• Involved in the administration of F5 ASM and Bluecoat SSL6v and responsible for writing rules and policies.
• Cyber vulnerability assessment and remediation as part of NERC Standard CIP-007.
• Access review and reporting for physical and electronic security controls as part of NERC StandardsCIP-005 & CIP-006.
• Experience in developing the vulnerability assessment report for the vulnerabilities and non-compliance issues that were detected. Recommend possible mitigating measures (Rapid7, Nessus, Qualys Guard).
• Setting up users with current McAfee software and connecting to EPO. System Admin activities related to that, such as some admin of EPO.
• Provide PKI support and subject matter expertise for application developers in enabling their applications to support PKI.
• Experience in working with various web filters and web security gateways like
• Bluecoat Secure web gateway, McAfee Web Gateway, F5 Secure Web Gateway.
• Experience with network security technologies such as ForeScout, Palo Alto, Check Point, Fortinet, Juniper, and Sourcefire and The SANS Investigative Forensic Toolkit ("SIFT").
• Implemented Symantec DATA Loss prevention to secure all end points. Configured and instrumented Symantec management console, Symantec management server and Symantec database on Oracle.
• Experience with enterprise-class security products such as web proxy, reverse proxy, load balancing, IDS/IPS, DLP, Firewall, IPsec/SSL VPN, WAN/LAN, wireless and remote connectivity.
• Extensive knowledge of security controls (ISO/27002, NIST 800-53) used to implement regulatory compliance (NERC CIP, PCI, SOX, HIPAA) with ArcSight products.
• Analyze network traffic with Splunk and ArcSight tools on network traffic, firewall (Source Fire defense center) and AV (McAfee) logs.

AREAS OF EXPERTISE:

• SPLUNK 6.3.1
• Linux
• Unix
• Cisco Routers and switches
• Firewalls-Checkpoint,Sonic
• PKI management
• IBM Qradar
• Bluecoat
• ArcSight 5.20,6.05 and 6.8C
• IBM Guardium
• Guardium Compliance Module
• Rapid-7 Nexpose
• Tripwire
• Symantec DLP
• Nessus

PROFESSIONAL EXPERIENCE:

Confidential, Wilmington, DE

Sr.Security Engineer

Responsibilities:

• Administrated ArcSight ESM, Connectors, Loggers and responsible for Installation of Connectors and Integration of multi-platform devices with ArcSight ESM, Develop Flex Connectors for the ArcSight Unsupported devices / Custom Apps and also Administrator for Cisco IronPort Gateway.
• Manage the operation of ArcSight Security Information and eventmanagement systems to include ArcSightExpress, Connector appliances/SmartConnectors, Logger appliances, Windows and Linux servers, network devices and backups.
• Responsible for creating weekly, ad hoc and monthly reports using nexpose rapid 7 vulnerability tool to analyze reports using excel to create pivot charts to show trends.
• Trained and mentored all new members of the Automation Team. Responsible for advising on best practices, coding standards, and script review prior to implementation.
• Using Symantec DLP monitored the transmission of confidential data contained in corporate emails that were sent using Microsoft Exchange and downloaded to mobile devices.
• Assisted in the monitor and set policies in EPO server, maintain updates on HBSS server, domain servers, and domain workstations, push McAfee policies to required computers, and Symantec to servers.
• Used consultative selling skills to prospect, identify opportunities, overcome objections, and, Compliance (HIPPA, PCI, SOX), and Vulnerability software technology.
• Used forensic tools like Forensic tools such as EnCase, ObserveIT, Nuix, Axiom to investigate any data breaches.
• Responsible for setup and executions of security scripts using Fortify and Web Inspect. Scripts include coverage of UI, Web Services, and Database. Manual PIN testing performed as required. Maintains up to date knowledge of advances in test tools and how they may benefit HES Teams.
• Assist in development and implementation of an information security vulnerability management policies, procedures, and standards based on National Institute of Standards and Technology (NIST) 800-53 standards, best practices, and compliance requirements.
• Responsible for the validation of indicators of threat from multiple intel sources and interested communities (i.e. Crowdstrike, FS-ISAC, BlueCoat, etc.)
• Created reusable and auditable automation test scripts to evaluate the entire financial transaction process through the BST application during the SDLC process from business requirements review, design, development, final system testing, and release readiness testing.
• Given the authority to build and lead the effort towards the improvement and development of the Incident Response Program. Also co-opted into the Forcepoint Data Loss Prevention (DLP) program to keep track of potential breaches of PCI and other sensitive data in the environment.

Environment: HP ArcSight SIEM, Splunk, Windows, Nessus Scanner, Tripwire, McAfee Network Security Platform (NSP), Java and Python Shell scripting, Symantec DLP and SEP, Qualys Guard.

Confidential, Farmington Hills, MI

Security Consultant ( SOC )

Responsibilities:

• Administrated ArcSight components like ESM, Logger and collector appliances, ArcSight Management center.
• Migration of ArcSight ESM from 6.0 to 6.9 version by exporting the packages and import into the 6.9 version.
• Experience in Security Incident handling SIEM using RSA Envision and IBM Qradar products Identifying the critical IT infrastructure that requires 24/7 monitoring.
• Expert level understanding of Qradar Implementation & its Integration with other N/W devices and Applications and the troubleshooting work.
• Performed CERT/SOC operations, including IDS event monitoring and analysis, security incident handling, incident reporting, and threat analysis. Performed security incident handling, incident reporting, and threat analysis.
• Perform vulnerability, configuration and compliance scan with Qualys Guard to detect deficiencies and validate compliance of information systems configuration with organization's policies and standards.
• Create test scripts for computer network device, such as: Implemented a test web UI by Perl, Python, TCL/Expect.Analyze network traffic by Perl, python.
• Experience on working with Integration of UNIX and LINUX with Active Directory using Certify Tool Provided 24x7 on call Support for Production Environments.
• Review and updating System Security Plan (SSP) based on findings from Assessing controls using NIST SP 800-18 rev1, NIST SP 800-53a rev4, and NIST SP 800-53.
• Actively monitored and responded to activity impacting various enterprise end points facilitating network communication and data handling (McAfee EndPoint Security, Arbor Alerts, peak flow, DLP, Splunk)
• Worked on Cisco Routers, Active /Passive Hubs, Switches, Cisco PIX Firewall, Cisco ASA, NOKIA Firewalls, Nortel VPN Concentrators TCP/IP, NAT and Checkpoint ESX/GSX firewall.
• Performed network administration tasks such as creation and management of VLANs, Port security, Inter-VLAN routing, and LAN security.
• Responsible for identifying and validating indicators of threat from multiple intel sources (i.e. Crowdstrike, FS-ISAC, BlueCoat, etc.) against internal assets to determine an accurate threat landscape and remediation targets (i.e. Splunk end point analysis, Vulnerability analysis (Qualys, Nessus, Metasploit).
• Worked on Palo Alto Firewalls (50+ firewalls) PA-3020, PA-3050, PA-5020, PA-5050, PA-5060 series.

Environment: HP ArcSight, Linux, Splunk, Nexpose, Symantec DLP and SEP, SYSLOG-NG, Java and Unix shell scripting,Bluecoat secure web gateway,Qualys Guard.

Confidential, Cary, NC

SIEM Engineer/Cyber security consultant

Responsibilities:

• Installation of Connectors and Integration of multi-platform devices with ArcSight ESM.
• Configuring log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases, and apps.
• Integration of IDS/IPS to ArcSight and analyze the logs to filter out False positives and add False negatives into IDS/IPS rule set.
• Categorize the messages generated by security and networking devices into the multi-dimensional ArcSight normalization scheme.
• Develop content for ArcSight like correlation rules, dashboards, reports and filters, Active lists, and Session list.
• Review and updating System Security Plan (SSP) based on findings from Assessing controls using NIST SP 800-18 rev1, NIST SP 800-53a rev4, and NIST SP 800-53.
• Scheduled enterprise vulnerability scans to ensure there is no impact to client facing or critical information assets. (Internal Nessus, Nexpose and Metasploit scans in coordination with the enterprise Red Team, and external scans (Qualys)). This role required the ability to configure scanning tools and identify the scope of the scans being performed (target range, expectations, support role delegation).
• Serves as a team member that properly prepares for and address incidents across the organization, a centralized incident response team is formed and is responsible for analyzing security breaches and taking any necessary responsive measures.
• Implementation, configuration, and support of Checkpoint and ASA firewalls for clients.

Environment: ArcSight SIEM, Splunk, UNIX, HP TippingPoint NX Next-Generation Intrusion Prevention System, Qualys Guard, TCP dump, NMAP, Bluecoat secure web gateway.

Confidential

IT Engineer

Environment: Windows, Linux, LAN, WAN, Antivirus.

• Performed vulnerability scanning on web applications and databases to identify security threats and vulnerabilities.
• Responsible for analyzing, detecting, preventing malware with security analysis tools and compliance tools.
• Audit of Cisco ACL, Active Directory, and rules in F5 ASM.
• Conduct penetration testing & Auditing of the organization network by using tools.
• Footprinting, Scanning, Sniffing and monitoring Network activities by using Open source & commercial tools like (Wireshark, Nmap).
• Expertise with virtual server technology (VMWare, ESXi, VSphere).
• Installing, Configuring of Networking Equipment’s: Routers and Switches and LAN/WAN design, implementation and optimization using Cisco routers and switches.
• Used Layer 3 protocols like EIGRP and BGP to configure Routers in the network.
• Configure and Implement Remote Access Solution: IPSEC VPN, Remote Access.
• Conducted evaluation of intranets and firewalls on a regular basis.
• Worked closely with project team members to document current PCI requirements and instructed team members in appropriate control rationalization and test evidencing techniques.