Information Security Investigator

Anil B Yellamati Phone: +91-962*******

E-mail: hi1guh@r.postjobfree.com

Objective

Provide network, systems, and security experience, knowledge, and solutions in a system and network-diverse environment. Protect confidentiality, integrity, and availability of information and information systems. Advise and engineer secure solutions for business opportunities. Learn and experience, mentor and share.

Technical skills

Skills Level Experience

IP Packet Analysis - Ethereal, tcpdump, Netwitness Expert 6 years

Intrusion Detection – Source fire,Cisco IPS, Mcafee IPS, ISS Expert 6 years

Vulnerability Management – Nessus, Nexpose, Foundstone, Qualys Expert 6 years

Penetration Testing – Core Impact, Metasploit, Backtrack Expert 6 years

Malware analysis – REMnux tools, reversing executables Intermediate 6 years

C, C++, Java, Perl Intermediate 6 years

Microsoft Windows 2003 Intermediate 6 years

UNIX, Linux System Administration (Red Hat/Slack ware/fedora) Intermediate 6 years

Debuggers – Ollydbg, Immunity debugger, IDA Pro. Intermediate 4 years

Certifications

GIAC Reverse Engineering Malware (GREM)

http://www.giac.org/certified-professional/anil-babu/127130

CCSK : Certificate of Cloud Security Knowledge (Cloud Security Alliance)

Certified Ethical Hacker (CEH – EC Council)

McAfee Certified Technical Professional: Network Intrusion Prevention

McAfee Certified Technical Professional: Vulnerability Management

Training attended:

GIAC SANS 610 : Reverse Engineering and Malware analysis Tools and techniques

McAfee's IntruShield 4.1, ePolicy Orchestrator 4.0, Host Intrusion Prevention 6.0,Total Protection for Small Business 4.5, Found stone 6.0.

Professional Experience:

Date: 3rd OCT 2011 to now

Company: Goldman Sachs

Designation: Senior Technology Analyst

Job Profile:

Working As a Information Security Investigator in Security Incident Response Team. Main responsibilities are APT (Advance Persistence Threats) Investigations sources from Intelligence, writing a custom IDS signatures and Splunk queries to alert on custom behavior. Perimeter Security Incident handling.

Perimeter Security Incident Handling and Network Forensics:

Being an escalation point of contact for Goldman sachs, investigating the incidents created by outsourced security operation center, which involved in IDS and Firewall logs. Analyzing the IDS log and find out the Mis-configurations and compromised machines. Understanding the IDS alert and take necessary remediations.

Forensic Investigations:

Grabbing the Main memory image from infected/suspected to be infected hosts and analyzing the Process injections or malicious network activities. Analyzing the malware files in sandbox using Remnux tools, finding out the threat, like IP addresses it is trying to contact, process it is creating, Registry entries created by malware, blocking the malicious IP’s and URL’s, finding out Blackhole exploit kits and Investigating malicious behavior.

Spam Investigation:

Suspected spam emails reported by internal employees, Intelligence and Anti viurs alerts investigated and Analysis of malicious links will be analyzed to the core where to find any script or programs written exclusively for Organization. Find the Impact of the malicious script to the organization, how many have accessed followed by remediation actions.

Date: 8th Feb 2010 to 30th Sep 2011.

Company: Cisco Systems India Pvt Ltd.

Designation: Information Security Engineer II

Job Profile:

Being a Technical Lead of Cisco CSIRT Event analysis Team (Computer Security Incident Response Team), Responsible for Analysis of security events and deep investigations on Security incidents. Performing Analysis on Malware and botnets.

Information Security Investigation: Technical Lead the for Level 1 Security analysts, who is Monitoring 24x7 security events. Responsible for handling the escalations from L1 team and Performing Network forensics in deep Investigations of network traffic from Data centers, DMZ’s, Partner networks and Acquired companies. As a Investigator responsible for Performing analysis of IPS logs, netflow, CSA and Mcafee alerts to reduce false positives cases. Implementation of Splunk Log collection tool to collect logs from Ironport, Cisco IDS, DHCP, VPN servers.

Information Security Engineering: Management of above 250 Cisco IPS sensors, which will include Variable, Tune IPS events using filters, SPAN device’s session monitoring, Signature and software upgrades. Deployments of devices like Cisco IPS, CSA, Lancope (netflow), Netforensics (SIEM), Splunk.

Information Security Malware analysis: Finding the infected machines using Mcafee virus scan and IRC custom signatures in IPS. Responsible for finding the infected host using dhcp and vpn logs and collecting the malware file and analyzing the malware file using REMnux tools for analyzing malicious pdf, swf and other debuggers like olly and immunity. Analyzing the logs from fireeye, damballa.

Tools expertise: Cisco IPS, CSA, Netforensics, Lancope, Nagios, Cacti, Qualys, CS-MARS, Cisco WSA (Ironport ), Splunk.

Date: 5th Feb 2009 to 5th Feb 2010.

Company: Supervalu Services India.

Designation: Specialist – Protection Services.

Job Profile:

Vulnerability Management:

Performing the vulnerability scans for the retail stores and corporate offices of Supervalu Inc to achieve PCI Compliance.

Tools: Eeye Retina, Tenable Security Center.

Penetration Testing:

Conducting the penetration testing’s for the stores and public facing servers of Supervalu Inc. Synchronizing them with the latest vulnerabilities and exploits. Developing Remote/Local exploits using the websites milw0rm etc.

Tools: Core Impact v9, Metasploit, Milw0rm, Few Backtrack tools.

Basics of Vulnerability Research and Exploit writing:

Performing Reversing engineering on different applications using major debuggers like Ollydbg and IDA Pro.

Finding the Buffer overflows and different vulnerabilities by analyzing Assembly language code. Writing exploits and shellcode for penetration testing.

Web Application Security:

Conducting Web application testing for internal and external websites of Supervalu Inc. Finding the web vulnerabilities such as, SQL Injection, XSS, and CRSF etc... HTTP Requests and replies manipulated manually by using Paros Proxy, Webscrab and Burp tools.

Tools: IBM Appscan, Paros proxy, Grendel scan, Nikto.pl

Wireless Security and Penetration Testing:

Providing the Wireless security to Supervalu Inc by finding the rogue AP’s in wireless environment. And Conducting Quarterly Wireless Penetration tests on Live Store AP’s (WEP cracking).

Tools: Airwave, Aircrack-ng, airsnort, kismet etc...

Date: 24th July 2006 to 30th Jan 2009.

Company: Computer Sciences Corporation India Pvt Ltd.

Designation: Associate Engineer – Information Security.

Team: Managed Security Services (Security Operation Center)

Description of Services:

Managed Wireless Security Services:

Configuring the wireless sensors which are located in client location depending on the clients requirements.

Responsible for replacement of faulty sensors, authorization of access points, Maintains of Alert tuning from Air defense manager to Mysql database server.

Tools: Air defense, Netstumbler, Airdefense Mobile and CSC Propriety Tools for Monitoring and Configuring.

Managed Host Based Intrusion Detection Systems/Intrusion Prevention Systems.

Providing Security services for different clients, Monitoring, Engineering (Configuring, Signature updates, Alert tuning to CSC Propriety tools).

Tools: McAfee HIDS, Dragon from Enterasys Networks, McAfee ePolicy Orchestrator, IBM ISSand CSC Propriety Tools for Monitoring and Configuring.

Managed Network Based Intrusion Detection Systems/Intrusion Prevention Systems.

Providing Security services for different clients, Monitoring, Engineering (Configuring, Signature updates, Alert tuning to CSC Propriety tools). Hands on experience on different NIDS/IPS and NIDS Tools: McAfee IntruShield, Network Flight Recorder (NFR ), McAfee ePolicy Orchestrator, and CSC Propriety Tools for Monitoring and Configuring.

Managed Vulnerability Assessment:

Deploying and Managing McAfee FS1000 and McAfee FS850 (only scan engine) Appliances, Hands on appliance maintains for different Clients. Providing Threat management for different clients, Configuring Enterprise manager, database server, scan engine.

Education:

B.Tech in Computer science and engineering 74.5% in 2006

GITAM College of Engineering (Andhra University)

Visakhapatnam, India.

Diploma in Computer science and engineering 70.08% in 2003

Andhra Polytechnic (State board of technical education)

Kakinada, India.

SSC completed in the year 2000 with 74.5%

Achievements:

• Got certificate of achievement for Best service delivery to the client.

• Developed IDS/IPS monitoring system with sensor deployment using snort with Mysql in Linux.

Contact this candidate