Executive Summary

• A Security professional with around 8 years of experience in GRC, Enterprise Security tools, Vulnerability Management and Network Security
• Experienced in Archer eGRC 5.X. implementation and solution building.
• Extensive experience in Endpoint and Enterprise Security tools. Nessus, Tripwire, MCAfee ePO and SIEM tools.
• Adequate Knowledge and experience in implementing industry standards ISO 27001, FISMA, PCI DSS, HIPAA regulatory requirements.
• Excellent skills in Red Hat Linux and Windows Server

Work Experience Summary

Technology Lead

Key Projects

Role Enterprise Security Analyst Tool: Nessus, Tripwire, McAfee ePO, McAfee ESM

• Implementation of Tripwire Enterprise, McAfee enterprise Policy Orchestrator, McAfee ESM across Production and Pre Production environment, McAfee Enterprise Data security Suite.
• File integrity monitoring on all the file systems and folders in critical server and database holding FTI data.
• Configuring Red Hat Linux servers and database servers to meet CIS benchmarks.
• Performed real - time Monitoring, Analysis based on Event logs, Logs correlation in Linux and Database
• Involved in SOC operations activities like Firewall log monitoring, Real time security Event and log monitoring, Responsible for identifying attempted compromises of sensitive systems through identification of any suspicious traffic
• Reporting trend analysis on vulnerabilities to client and senior Management. Keeping track of newly evolving vulnerabilities.
• Managing security configuration of Linux Production and Staging servers.
• Monitoring Firewall logs for all the perimeter traffic to internet and other external interfaces in the system.
• Experience in drafting System Security Plan and Security Procedure documents for Vulnerability Management, Risk management Etc.
• Ensuring Web services security to ensure safe communication between Internal and external interfaces in the Health Benefit Exchange systems.
• Worked with IRS and CMS auditors to ensure the system compliance with FISMA, NIST-500 controls for Network Infrastructure, Linux Servers and Databases
• Tracking POA Ms identified in audits till closure.

Confidential

Role GRC Analyst

Involved in developing solution in Archer for BRP/DR testing across regions, Data migration from SharePoint to Archer.

Responsibilities:

• Developed modules in Archer eGRC to record BRP and DRP for Enterprise Applications.
• Worked on coding scripts in archer to calculate risk tier rating of the applications tested.
• Designed and customized reporting feature in Archer to achieve reports on risk rating, Issue remediation report, test compliance etc.
• Presented weekly/monthly summary reports and dashboards to senior management.
• End to End validation of GDCE test results for RTO and RTC.
• Developed automated reporting solutions for executive reporting.
• Participated in Audit and Compliance reviews to remediate internal and Regulatory findings.
• Built strong working relationships across Lines of Business, Technology and Risk Teams
• Extensive Interaction with client in understanding the requirements, exhaustive analysis and providing end-to-end solutions.
• Conducted numerous debrief meetings on BRP/DR test results update in archer with client project team across regions.

IT Security Analyst

Confidential

Key Projects

IT Security India Operations

• Performing Black box testing on the list of client owned in-house and third party web applications for a telecom giant, performed numerous dynamic testing on in-house, and third party applications in the client environment, Responsible for vulnerabilities and trend analysis reporting to client Management.
• Analyzed Clients web application for security assessments, scripting and implementation, Vulnerability assessments with security tools products, remediation guidelines for application team, tracking and reporting.
• Performed periodic vulnerabilities assessment scan over the infrastructure i.e. Servers, Network, DMZ, Workstation segments evaluating the risk and analyzing vulnerabilities and performing Risk assessment.
• Reviewed Change Requests and System Acceptance Tests Evaluating various service and exception requests from security perspective. Evaluation of requests performed with reference to Enterprise Security Guidelines.
• Experience in achieving compliance as per industry standards, ISO27001, PCI DSS, HIPAA Requirements
• Manage and Monitor Log servers like Syslog, TACACS, SCOM and Symantec antivirus server for any threat, security Incidents or a suspicious activity.
• Analyzed risk and evaluating requests for software usage and Technology requirement from the project.
• Ensured Baselines, standards and compliances for a client dedicated infrastructure, conducting audits and infrastructure reviews.
• Performed periodic reconciliation for active directory domain id, sensitive data access to sensitive applications.

NETWORK ANALYST

Confidential

Job responsibilities

• Worked on building and troubleshooting issues in the networking infrastructure equipped with firewalls, Routers and switches.
• Maintained a VLAN setup ports, and built and managed policies on firewall.
• Managed packet shaper and generating weekly reports on Bandwidth utilization.
• Worked towards Security compliance for Network infrastructure.
• Experience in building a site to site and SSL Client VPN.

Network Administrator

Confidential

Systems Analyst/Network Administrator

Key Projects

Insta Backup

• Developed a Java Application for incremental backup of Project files, and database automated the database backup to avoid data loss as well as to increase the overall efficiency. Was successful in data backup and this application is being used across the enterprise.
• Performed hands-on administration, monitoring, and troubleshooting of Local Area network LAN, resulting in optimum performance and minimum downtime