e provide IT Staff Augmentation Services!

Information Security Engineer

Resume
SUMMARY

 Experienced Professional in IT Infrastructure, Risk security, Information Security, and Cyber

Security.
 Information - security expert with a diverse technical background in enterprise networking,
server infrastructure, database technologies, and system security.
 Experience in configuration management and policy implementation.
 Configured and deployed Symantec HIDS on Windows Server 2008 and 2012 and desktops.
 Experience in data de-identification implementation, management, operational, and
troubleshooting.
 Experience in vulnerability scanning g with relevant tools e.g., Nessus, HPE Fortify for SCA
(Static Code Analysis) and WebInspect, and Rapid 7 Nexpose.
 Experience in managing Network infrastructure security using HPE ArcSight ESM/ Splunk for
monitoring and classifying and responding to incidents and threats.
 Experienced with Symantec DLP Policies (DLP templates) compliance and regulation standards
such as SOX, PCI, and HIPAA.
 Strong knowledge of risk management and computer forensic tools, technologies, and
methods. Experienced in IT security design and implementation with a solid understanding of
disaster recovery, intrusion detection systems (IDS), intrusion protection systems (IPS), and
web application firewalls (WAF). Analytical problem solver adept at managing network
changes and troubleshooting network issues to ensure maximum up time.
 Experience with SOC and all time operations.
 Skilled with Penetration testing (white, grey, and black box) with passive and active modules
using Burp suite, Metasploit, custom scripts, and other necessary tools.
 Recommend remediations for flaws discovered in the penetration test.
 Expert understanding on the Cyber-Kill-Chain and APT.
 Experience with network monitoring with SIEM IBM QRadar and Wireshark, Information
Security & Network security configuration and f-functions.
 Experience in configuring deployment server, Splunk Apps and add-ons.
 Hands on experience with several vulnerability forms i.e., SQL injection, XSS etc.
 Hands on Experience with Security frameworks such as NIST, HIPAA
 Experience with NIST SP 800-53A and NIST SP 800-30.
 Experience in Palo Alto Firewall, VPN's, and networking with protocols i.e. NetBIOS, SNMP,
telnet, SSH, ARP, etc.
 Experience with industry recognized SIEM (Security Information and Event Management)
solutions such as IBM QRadar, Splunk, and LogRhythm.
 Perform vulnerability scan with Nessus for improper configurations, missing patches, hosts,
network, and insecure credentials and accounts.
 Experience with HPE Fortify for code Vulnerability analysis reviews and WebInspect scan.
 Experience with application security.
 Excellent understanding of SAST, DAST, IAST and RASP best practices.
 Having hands on experience for Documentation and log analysis
TECHNICAL SKILLS
Qualys Continuous Monitoring: Vulnerability Management, Qualys, Web Application
Scanning, ThreatProtect, Policy Compliance, Cloud Agents, Asset Management, Governance,
Risk Management and Compliance.
Event Management: Splunk, Qradar, ArcSight
Pen Test Tools: Metasploit, NMAP, Wireshark
Security Technologies: Symantec DLP, MacAfee EPO, Qradar, Splunk
Security: McAfee epo, Symantec DLP, Sorecefire IDS, LogRhythm, Tanium
Firewalls: Check Point, Palo Alto PA 3000/5000
Operating Systems: Windows, NT, Windows 98/XP/ 2000/2003/2007 , MS-DOS, Linux
PROFESSIONAL EXPERIENCE
Confidential, Mahwah, NJ
Information Security Engineer
Responsibilities:

 Manage daily operational service monitoring activities over of the SOC security infrastructure.
 Daily monitoring of event collection, security intelligence and emerging threat information
sources including SIEM, vendors, researchers, websites, newsfeeds and other sources.
 Create new content and manage existing notable events in Splunk Enterprise Security →
Worked with Security Operations Centre (SOC) to fine-tune the False-Positives from the
existing SIEM Rules.
 Working with Security Operations Center (SOC) to find the existing log gaps and provide a
better data analysis to increase the overall security coverage.
 Manage Splunk Enterprise to collect, monitor, and analyze machine data.
 Performed/Assisted in installation, configuration, troubleshooting and maintenance of SIEM
Agents, Log Managers/Collectors, and SIEM Central Managers/Aggregators.
 Deploying Splunk; creating Port mirroring/ installing Splunk/ Install Stream Application on
Splunk/ Setting up Sys log in Cent OS/ installing Universal Forwarder.
 Used Splunk Enterprise Security for real time monitoring, to prioritize the acts and for rapid
investigations. Worked with SIEM team monitoring notable events through Splunk ES.
 Deploy, configure and tune Flow data within SIEM; must also document how such data is to
be used during event triage.
 Network Monitoring and security scanning utilizing Nessus Vulnerability scanning.
 Handling SIEM events and response in critical environments (Email Threat Analysis, Web
Threat Analysis, Malware Analysis, etc.).
 Analyze multiple network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys
Logs, etc.) to determine and apply proper remediation actions and escalation paths for each
incident.
 Actively monitored and responded to activity impacting various enterprise endpoints
facilitating network communication and data handling (McAfee End Point Security, DLP,
Splunk)
 Monitor and investigate SOC incidents and alerts with McAfee EPO.
 Document all activities during an incident with status updates during the life cycle of the
incident.
 Analyze network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.).
Confidential, Austin, TX
Information Security Analyst
Responsibilities:

 Responsible for monitoring and, providing analysis in a 24x7x365 using various SIEM, IDS/IPS
tools.
 Schedule scans on Symantec and reviewing results and quarantine risk data
 Perform technical analysis on data de-identification tools.
 Recommended and configure Correlation rules and email alerts and reports and dashboards
in QRadar Environment.
 Investigated emails using various tools such as Email Protection Systems, Malware Sandboxes,
and Anti-Virus Engines.
 Produce efficient DLP policies to ensure necessary in/outbound emails are logged.
 Monitored and responded to potential security incidents using email alerts from Firewalls,
Anti-Virus products.
 Maintaining and troubleshooting Tripwire Enterprise (Servers file configuration integrity
management). Promote baseline monthly for Tripwire Enterprise prior to monthly patching.
 Perform data de-identification implementation in the non-production environment.
 Implementing, integrating, configuring, administering, hardening and maintain the SOC tool
suite, devices, applications, servers and sensors. (Splunk, Tenable, Bigfix, ForeScout, Tripwire
Enterprise, Firepower, Firemon, and WSA)
 Provide AWS Cloud based solutions with auto scale options.
 Define and manage AWS Security Groups and Network ACLs.
 Conducted threat hunting analysis in ArcSight SIEM during each shift per shift report
requirements.
 Utilized ArcSight to investigate incoming cases and create detail report of events during shift.
 Responsible for monitoring and detecting security incidents in Arcsight (SIEM).
 Develops rules, lists, and active channels in ArcSight ESM.
 Installing and Troubleshooting McAfee 8.8, ePO 4.5
 Working closely with Appscan, Symantec and Rapid7 for any malware activity on
environment.
 Ensuring Symantec DLP policies are in place and scanning the environments for incidents.
 Assisting in DLP policy development for the non-production environment.
 Monitoring the enforce console for incidents and troubleshooting.
 Provide real time intrusion detection host based monitoring services using Symantec
Endpoint.
 Assist with the development of process and procedures to improve incident response times,
analysis of incidents, and overall functions.
 Provide network intrusion detection expertise to support timely and effective decision making
of when to declare an accident.
 Actively monitored and responded to activity impacting various enterprise endpoints
facilitating network communication and data handling (McAfee End Point Security, DLP,
Splunk)
 Data Loss Prevention suit, Symantec DLP Product - Implementation and deployment as the
champion team.
 Created Splunk dashboards for investigations
 Monitor and investigate SOC incidents and alerts with McAfee EPO.
 Document all activities during an incident with status updates during the life cycle of the
incident.
 Analyze network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.).
  Design DLP architecture and handle Third party Risk Assessment and Managed SOX audits
 Configure and Install IBM QRadar Enterprise, Agent, and Apache Server for user and role
authentication and SSO.
 Helped Customers configure and maintain their email security and anti-Spam solutions using
Symantec Messaging Gateway and Symantec Mail Security for Microsoft Exchange
 Used McAfee ePolicy Orchestrator to monitor and identify potential intrusions and attacks for
the Security Operations Center (SOC)
 Performed tuning of Symantec DLP to reduce false positives and improving detection rates.
 Perform command line scripting in Linux and Unix to configure Splunk.
 Manage IBM QRadar configuration files like inputs, props, transforms, and lookups.
 Upgrading the IBM QRadar Enterprise to 6.2.3 and security patching.
 Worked on SIEM, as well as solar winds, Symantec end to end point security for malware
detection and threat analysis
 Managed and coordinated activities for multiple Data privacy information security.
 Responsibilities for CSIRT included SIEM, Context Filtering, Web Security, Incident Tracking,
IPS/IDS and Malware Analysis.
 Used Splunk Deployment Server to manage Splunk instances and analyzed security based
events, risks & reporting.
 Deploy, configure and maintain IBM QRadar forwarder in different platforms.
 Ensuring that the application website is up and available to the users.
 Continuous monitoring of the alerts received through mails to check if all the application
servers and web servers are up.
 Responsible for testing vulnerability updates for all releases and patches of IBM QRadar SIEM.
 Integration of IDS/IPS to SIEM and analyze the logs to filter out False positives and add False
negatives in to IDS/IPS rule set.
 Responsible for performing vulnerability assessment on critical systems using Qualys.

Confidential
Cyber Security Analyst
Responsibilities:

 Managed DLP solution which included configuring and fine tuning DLP filters. Took action on
alerts generated off of DLP.
 Creates and implements new insider threat processes as appropriate
 Configures Smart Connectors on ArcSight Connector Appliance.
 Configuring and administering Arcsight loggers, ESM, and database systems.
 Used ArcSight Loggers/ESM on daily basis to investigate security alerts
 Processes vulnerability and threat data from a variety of internal and external sources to
provide actionable intelligence to internal consumers.
 Create and implement Splunk Enterprise Security use cases for the Insider Threat team.
 Monitor network traffic off of QRadar SIEM and Sourcefire IDS tools for any suspicious
activity.
 SIEM: Building software & application to enhance SOC operations and cohere Threat Intel
interactions. Creating custom data visualization tools to interpret data correlated from event
logs. Designing & implementing security content/use-cases on SIEMs, utilizing various event
log sources. Delivering solutions, maintenance and support to currently deployed SIEM
engines.
 Performed information security incident response and incident handling based on Working
with multiple clients on Real time threat management using SIEM and solutions.
Categorization and in accordance with established procedures
  Understanding and evaluating the cyber threat landscape, and assess what threats are most
relevant to respective client
 Supplying actionable recommendations to other teams within the Cyber Security Center, to
bolster cyber security efforts
 Managing indexes and cluster indexes, Splunk web framework, data model and pivot tables.
 Performed troubleshooting and/or configuration changes to resolve Splunk integration issues.
 Writing Splunk Queries, Expertise in searching, monitoring, analyzing and visualizing Splunk
logs.
 Configured and scheduled Qualys Scanner in QRadar to perform scan on regular intervals
 Vulnerability Management by scanning, mapping and identifying possible security holes using
Qualys Guard and Nessus scanner.

Hire Now

Report an issue

We'd love your feedback!

submit

Privacy Policy

RESUME CATEGORIES
 .NET Developers/Architects Resumes
 Java Developers/Architects Resumes
 Informatica Developers/Architects Resumes
 Business Analyst (BA) Resumes
 Quality Assurance (QA) Resumes
 Network and Systems Administrators Resumes
 Help Desk and Support specialists Resumes
 Oracle Developers Resumes
 SAP Resumes
 Web Developer Resumes
 Datawarehousing, ETL, Informatica Resumes
 Business Intelligence, Business Object Resumes
 MainFrame Resumes
 Network Admin Resumes
 Oracle Resumes
 ORACLE DBA Resumes
 Other Resumes
 Peoplesoft Resumes
 Project Manager Resumes
 Quality Assurance Resumes
 Recruiter Resumes
 SAS Resumes
 Sharepoint Resumes
 SQL Developers Resumes
 Technical Writers Resumes
 WebSphere Resumes
 Hot Resumes