SUMMARY

Experience working in the field of Cyber Security for Federal and Commercial clients with a strong understanding of domestic and foreign actor sets and their modus operandi. Experience in producing analyst level reports on current cyber threats and future attack vectors.

SPECIALITIES

• Intrusion/Prevention/Extrusion Detection IDS/IPS/WIDS
• Packet Data Analysis
• Network Traffic Flow/Trend Analysis
• Network Abuse

SECURITY CLEARANCE

• Top Secret Clearance - Current.

LANGUAGE SKILLS

• Telugu Read, Write, Converse
• Hindi Read, Write, Converse
• Urdu Converse
• Gujarati Understand

PROFESSIONAL EXPERIENCE

Confidential

Immigration and Customs Enforcement SOC Senior Cyber Security Analyst:

• Providing 24X7 security monitoring using ISS Site-Protector and ISS Proventia.
• Built a Malware analysis lab from scratch using Linux and running multiple host O/S under VMWare with an extensive list of open source and closed source tools utilized in analyzing malicious code.
• Successfully installed and ran Snort IDS to monitor the Malware analysis lab. Tools in the malware analysis lab were but not limited to IDA Free, OllyDBG, CygWin, OffVis, FileInsight, Wireshark, NetworkMiner, RegShot, BinText, LordPE, Malzilla, QuickUnpack, Python tools such as pdfparser, pdfid, sysinternals suite, Nmap, OfficeMalScanner, Shellcode2exe, FakeDNS, Various Firefox addons such as Firebug, Firecookie, Hackbar, Headerspy, Tamperdata etc.,
• Ran malcode in a controlled environment and analyzed behavioral characteristics of the malware and analyzed the generated packet captures to identify callbacks and other pertinent preproc information and wrote custom signatures for Snort IDS.
• Wrote documentation on using the malware lab for a first time user along with a brief description about the tools installed and analysis papers on analyzing malcode hidden in pdf's, office documents etc.,

Confidential

FAA - Cyber Security Management Center Detection Group Lead:

• Providing Tier III higher level analysis to the Tier-1 analysts when needed and also reviewing incident tickets and editing them as needed before the information disseminated to the client.
• Used data gathered from the US-CERT's Einstein sensor and performed analysis to identify suspicious traffic and made recommendations to the client to mitigate threats. The information for this purpose was gathered from multiple sources both internal and external to the organization.
• Acted as the main point of contact for the detection group between the client and the team.
• Involved in scheduling training for analysts, assigning specialized tasks on items such as custom and vendor supplied signature review in an effort to reduce false positives, working with them on a regular basis to identify any specific training needs and also to identify opportunities for any process improvements.
• Responsible for delivering managerial and analyst level reports to the Program manager and also to the client.
• Being a board member for the Change Control Board CCB I am involved extensively in providing valuable input in regards to any proposed changes.
• As part of the COOP team, I was involved in assessing various disaster recovery scenarios for Continuity of Operations and putting forth a Standard Operating Procedure that would entail policies, processes and procedures under specific circumstances.
• Interviewed candidates for open positions and submitted recommendations to the hiring manager.
• Worked closely with the technical writing / process and documentation team in creating new and updating existing SOP with new policies and procedures.
• Scheduled myself to work nights twice a month to work closely with the night shift and answer any questions concerns or comments they might have.
• Regular meetings with the program manager and updating him with status on personnel and also any current ongoing projects tasked for the team.

Confidential

• Providing real-time security monitoring, data analysis and incident reporting on data gathered by the ArcSight SIEM from Snort, SourceFire, Cisco, ISS and AirDefense Sensors.
• Extensively working on US-CERT's Einstein1 sensor to detect possible security threats and breaches and aide in any internal and external investigations.
• Opening tickets on investigated events/incidents and notifying the shift watch officer for further follow with responsible parties.
• Reviewing events/incidents escalated by the Tier-1 analysts for further clarification/investigation.
• Managing and supervising four Tier-1 analysts while on shift and assuming the team lead position in the absence of a detection group lead.
• Making recommendations for tuning the ArcSight SIEM, Cisco, Snort, SourceFire and other IDS/IPS devices to limit the number of false positives to security engineering.
• Attended multiple security briefings, Cyber-Intel briefs in conjunction with multiple security/federal agencies and is well aquainted with various known state sponsored actor sets and their behaviour.
• Using various tools online to aid in investigating a security incidents like Centralops.net, Serversniff.net, Wepawet, Anubis, Network-tools.com, Multiple RWhois sites, wfetch, Search engines like Google and many more.
• Updating self and peers of any new security threats currently prevailing in the field of Information Assurance/Security from various sources like SANS, Security Focus, US-CERT and SearchWindowsSecurity, BitPipe, Slashdot.org etc.,

Confidential

• Watch Officer responsible for shift security operations and supervision of four security analysts.
• Providing real-time security monitoring and incident reporting by monitoring and analyzing data gathered by ArcSight a Security Information Management tool, and from IDS/IPS sensors/consoles such as ISS Proventia, IntruShield, Cisco, TopLayer Snort.
• Opening Incident Reports on investigated and confirmed security risks to the customer network with recommendations to successfully mitigate it.
• Chairing the daily shift turn over conference calls with the government watch standers to discuss open incident reports, suggestions and any concerns they might have.
• Reviewing open/pending incident reports and advising the customer of any new activity.
• Using various tools online to aid in investigating a security incidents like Centralops.net, Serversniff.net, Network-tools.com, Multiple RWhois sites, wfetch, Search engines like Google and many more.
• Making recommendations for tuning ArcSight, Cisco, Snort, IntruShield and other IDS/IPS devices to limit the number of false positives to Engineers.
• Completing daily assigned tasks in a timely fashion, answering phone calls promptly and courteously.
• Training junior analysts and new staff members on shift, help them in analyzing data, investigating incidents, available tools, tips tricks and answering any questions they have.
• Updating self and peers of any new security threats currently prevailing in the field of Information Assurance/Security from various sources like SANS, Security Focus, US-CERT and SearchWindowsSecurity, BitPipe, Slashdot.org etc.,
• Successfully detected a zero day event in progress where an internal machine was visiting a Chinese domain known for malicious activity and opened a back-port to other Chinese IP's to connect to it to ex-filtrate data and also trying to find other vulnerable internal systems to create a botnet.
• Preparing the daily end of shift reports.

Confidential

Network Security Technician IDS Analyst:

• Notifying Courts with any suspicious activity within the network in regards to infections, unauthorized use of software such as p2p, bit- torrents and any other suspicious activity.
• Working with the IDS Console for interpreting suspicious activity, identifying security threats and work in accordance with the threat level and the Standard Operating Procedure specified for remedial action.
• Blocking suspicious IP's for unauthorized network / system access and assisting system administrators and other court IT personnel in cleaning internal infected systems and advising them of required security patches.
• Monitoring NAGIOS and other ISS consoles and report any unusual activity to senior engineers for in-depth analysis.
• Alerting any new security threats discovered while on shift to everyone else on the team and other senior level engineers.
• Updating the tickets with any new incidents and following up with the courts until a positive resolution is received within the specified time frame and escalating it to senior engineers where a positive resolution is not received.
• Completing assignments given on time and creating daily report at the end of the shift.
• Experience in working with Cisco IDS, IBM ISS Site Protector / Proventia, Web Sense, Nessus Scanner, various internal databases, and firewall logs.

Confidential

NOC Engineer Network Abuse Hosting Center Tech:

• Handling Network Abuse issues ranging from Dos attacks, Port scans, Viruses, Phishing, Open relay / proxy, Child porn, spam etc., and prioritizing the issues on basis of importance according to the company's policies.
• Following up with customers until a positive resolution is reached in a professional manner.
• Sending weekly notifications to customers who have been infected by various viruses like bagle, toxbot, korgo, spybot etc., and advice on remedial process on cleaning those infected hosts.
• Experienced in using Remedy-the ticketing software, Secure CRT to work with routers, switches, firewalls etc., various tools online like DNSStuff.com, Centralops.net, samspade.org, various RWhois interfaces etc.,
• Work with Spamhaus.org in resolving SBL listings.
• Respond to Subpoenas received via Fax, E-mail, Snail mail and other modes.
• Black-Holing IP's in case the issue is not resolved within the specified time frame.
• Often gave tech advice to novice customers who do not have an active IT wing within their company on how to tackle network abuse issues and on how to prevent them in future.
• Notifying all required people in the company regarding any active priority-one network abuse issues.
• Keeping others and myself in my team informed of any new viruses or any new kind of intrusions going on in the industry in terms of network abuse.
• Providing remote hands to customers in an event of server outage and perform regular server reboots and replacing tapes in tape drives.
• Regularly checking the Hosting center for proper temperature control, airflow and to make sure that all the customer's racks are properly closed and secured.

Confidential

Tier II - Computer Support Technician:

• Monitoring the bank's network devices infrastructure and troubleshooting the issues with network engineers and if need be open trouble tickets with Telco and the ISP.
• Assisting the bank users with computer, printer, and application related problems.
• Provide troubleshooting assistance to users for PC, Cisco's VPN 4.8 and 5.0, and Blackberry related problems.
• Used Symantec SSM to verify users current level of AV coverage and issues related to infections, viruses, malware etc., clean systems and push updates when required.
• Reviewing Symantec AV alerts and sending notifications to the concerned branch/office about the virus activity and schedule a field service technician to remediate the issue.
• Involved in new Server and PC builds and harden the OS as per the bank's guidelines.
• Researched on newly found viruses, malware out in the wild and gave my recommendations to curb them on issues that could affect the normal operations of the bank.
• Assuming the role of the shift supervisor in the absence of one and be the primary point of contact to the client on escalated issues.

Confidential

• Informing the customers, Network Engineers and Sales representatives regarding Network outages through Phone, E-mails Paging.
• Providing Level-1 phone support to customers and field engineers in case of network outages and emergencies.
• Providing basic Trouble shooting to the customers.
• Opening Tickets with various Telecom companies for high end testing and trouble shooting of the circuits.
• Entering Data into the system for various databases development.
• Building and configuring various Desktops, Rack mounts and Servers for IP Cameras used for Surveillance purposes.
• Building and configuring high-end desktops for security guy workstations.
• PC Hardware and Software upgrades.
• Provide On call backup for emergencies.