- Experienced in Network Engineering/management, Intrusion Detection and Software Engineering
- Senior level IDS packet analysis and event correlation skills
- Motivated self-starter capable of handling multiple tasks efficiently
- Highly productive under pressure and amidst constantly changing priorities
- Java, C/C /C , SQL, Perl, J2EE, Java Server Pages JSP / Servlets, Struts, Android
- Enterprise IDS Symantec Manhunt, Snort SourceFire, Enterasys Dragon, ISS SiteProtector, Cisco IDS
- Network management platforms NetForensics, ArcSight, ForeScout, NetScout
- Cisco ASA-X FirePower Platforms 5515, 5525, 5545, 5585
- MS Windows, UNIX Solaris, Fedora, OpenBSD
- LAN/WAN protocols TCP/IP, IPX/SPX, Ethernet, RIP, IGRP, EIGRP, OSPF, BGP, MPLS
Perform testing of all SourceFire IPS/NGFW appliances and open source snort. Create packet captures and snort rules to test SourceFire sensor operation and verification of traffic. Verify feature changes and bug fixes done by developers and write test cases for all bugs, product changes and enhancements. Create separate test cases for the SourceFire product and OpenSource Snort for manual as well as automated testing. Maintain working state of various unix based test platforms OpenBSD.FreeBSD, Ubuntu, Fedora, OpenSuSE, CentOS .
Monitored and managed VA ECSIP gateway devices cisco routers, switches, firewalls, web filtering and caching to ensure their uptime and availability. Troubleshot problems with site-to-site VPN's and internet connectivity issues. Provided Tier 3 support on SourceFire IPS/NGFW sensor placement and deployments. Assisted junior analysts in packet analysis and snort rule creation. Interacted with parties both internal and external to the VA to coordinate troubleshooting efforts. Performed configuration changes on all devices as needed. Wrote software to perform configuration backups on Cisco routers, switches and firewalls. Maintained records of all activities via the trouble ticketing system. Handled VPN user calls regarding the Cisco VPN client and helped them correct connection problems.
Monitored and maintained network security devices in a PCI environment for TNS customers. Created design docs and network layout diagrams for SourceFire IDS sensor and ARCSight connector appliances.. Assessed potential network segments and made network adjustments to accommodate for proper SourceFire IPS/NGFW operation as well as sensor visibility. Created security policies in ForeScout NAC and created ArcSight rules in ESM. Correlated events in ArcSight with vulnerability assessment data from Qualys scanners. Monitored and tuned IDS alerts for possible network intrusions in SourceFire and Cisco IPS units.
Provided Tier 3 support on all assigned security devices. Monitored various security devices and reported on suspicious security events to the customer using multiple IDS products Enterasys Dragon,, Sourcefire/Snort, IntraShield, ISS Proventia, Cisco IPS . Performed customer network assessments and made recommendations on SourceFire sensor placement and configuration. Generated customer tickets and provided to the customer phone based support to help bring security incidents to resolution. Evaluated, reviewed, and recommend action to customers based on their security posture. Maintained awareness of current threats and vulnerabilities. Monitored and troubleshoot device health issues. Perform device trouble-shooting and engineering support, as required. Support the implementation of new security products/services for customers.
- Analyzed Dragon and Cisco NIDS sensor packet data along with information from other security appliances
- PIX and Raptor firewalls, Dragon HIDS to report network intrusions. Performed in depth byte-level analysis to develop Snort/SourceFire rules and Dragon Signatures. Configured SourceFire sensors for deployment in critical/high volume network segments. Managed multiple VLANS using Cisco 3550 and 6509 switches to monitor different network segments and traffic. Created detailed trouble tickets on actual network intrusions and future prevention configurations. Reported Dragon NIDS signatures that needed to be tuned or filtered and aided in the IDS sensor tuning process. Correlated network events with ARCSight and investigated reports of network intrusions to determine their validity. Designed applications to further enhance the packet analysis process. Wrote procedures for the SOC Security Operations Center on ticket escalation and IDS analysis process.
Managed multiple Cisco devices 7600, 7200 series routers and 3550, 2600 series switches in a large WAN/LAN environment which supported over 250,000 users. Implemented network changes and troubleshot network connectivity issues between sites. Created trouble tickets to document daily network operations. Performed traffic / trending analysis with NetScout to monitor and correct improper traffic flows. Performed network troubleshooting to isolate and identify routing problems. Assisted other network teams in tracking down faulty devices and configuration errors.
Collected and analyzed multi-source packet data through the NetForensics console from multiple IDS vendors. Used Enterasys Dragon, Snort/Sourcefire, ISS Site Protector and Symantec Manhunt to detect, assess and report network intrusions. Suggested possible remediation and proper prevention practices. Performed byte-level analysis to develop Snort rules and Dragon signatures. Monitored network security devices' up/down status with 'HP OpenView' and 'What's up Gold'. Handled VPN user helpdesk calls and resolved all issues as needed. Designed Java based client/server software applications to interact with various database management systems and automate the reporting process. Assisted other application developers in software designs and implementations.