Srujan Kumar Munangi
ac0aee@r.postjobfree.com
Summary:
. Seven years plus experience in IT Security Operations and
implementation, integration & operation of SIEM via QRadar, ArcSight
. Experience in planning, developing, implementing, monitoring and
updating security programs, and advanced technical information
security solutions, and sound knowledge in SOX and PCI compliance
requirements and understanding of NIST and ISO standards
. Develop strategic plans for agency-wide implementation to address the
operations of client services, product support, quality assurance, and
information security training.
. Technical experience in System and Network Analysis, Intrusion
Detection, Malware Analysis
. Maintained up-to-date procedures and documentation to support IT
security processes.
. Experience and knowledge of threats, analysis, and remediation efforts
in reference to Intrusion Prevention and penetrations
. Experience in Network Intrusion detection/Intrusion Prevention System
and Firewalls
. Security Incident handling, SIEM using RSA Envision and IBM Qradar
products Identifying the critical IT infrastructure that requires 24/7
monitoring.
. Experience in troubleshooting LAN and WAN.
. Knowledge in Authentication, End Point Security, Internet Policy
Enforcement, Firewalls, Web Content Filtering, Database Activity
Monitoring (DAM), Data Loss Prevention (DLP), Identity and Access
Management (IAM) solutions
. Proven ability in identifying various network security vulnerabilities
and explain in detail how to remediate the identified vulnerabilities.
. Manage PKI Remedy que
. Knowledge of LAN/WAN networking concepts-- TCP/IP, routing and
switching, OSI Layer; and scripting languages
. Strong troubleshooting, reasoning, problem-solving skills, flexible
and able to deliver quality results
. Understand PKI and SSL key management
EDUCATION & IT CERTIFICATION:
. BACHELOR DEGREE IN COMPUTER SCIENCE
APRIL 2011
. CEH
. CISSP
technical skills:
SPLUNK SPLUNK 5.X AND 6.X, SPLUNK ENTERPRISE, SPLUNK ON
SPLUNK, SPLUNK DB 2 CONNECT, SPLUNK CLOUD, HUNK,
SPLUNK IT SERVICE INTELLIGENCE, SPLUNK WEB
FRAMEWORK
OPERATING SYSTEMS WINDOWS 2000, XP, WIN 10, WINDOWS SERVER,
UNIX/LINUX (RED HAT), FREE BSD
SECURITY / SNORT, WIRESHARK, WEBSENSE, BLUECOAT, PALO ALTO,
VULNERABILITY TOOLS CHECKPOINT
Symantec, Qualys Vulnerability Manager, FireEye
HX, Sophos, Sourcefire
RDBMS Oracle 11g/10g/9i/8i, MS-SQL Server
2000/2005/2008, Sybase, DB2 MS Access, Mysql
Networking Protocols TCP/IP, HTTP/HTTPS, SSH, SSL, DNS, SNMP
and Tools Routers, Switches, Load Balancers, Cisco VPN,
MS- Direct Access,
Programming Language C, C++, Java with Big Data, Python, UNIX shell
scripts
Monitoring Tool Netcool,Dynatrace,tealeaf
Senior IT Security Engineer, Medlife, Tampa, FL Oct-2015
To Till now
. Working in Security Incident and Event Monitoring SIEM platform - IBM
Qradar.
. Security Incident raises according to the alerts and follow-up.
. Monitoring various event sources for possible intrusion and determine
the severity of threat.
. Experience in IBM Qradar SIEM Integration.
. Experience in integrating the log sources with IBM Qradar.
. Creating Reports based on log sources integrated with Qradar for the
Customer requirement.
. SOD Controls and Procedures as a part of Audit Perspective.
. Technical representation for PCI, CPM and SOX Audit Review and
monitoring
. Experience in SIEM devices health monitoring and capacity management.
. Experience in Handling and closing high business impact incidents.
. Experienced in SIEM Technology and analyzing the various Devices Logs.
. Performing investigation, analysis, reporting and escalations of
security events from multiple sources including events like intrusion
detection, Firewall logs, Proxy Logs, Web servers.
. Implementation and Integration of Servers (Windows, Linux and Unix),
Security devices like Firewall, IPS, IDS, WAF, Nessus, McAfee Proxy,
Symantec Endpoint Protection)
. Assist with the development of processes and procedures to improve
incident response times, analysis of incidents, and overall SOC
functions.
. Experience in Information Security Platform by providing support on
known/ unknown vulnerabilities/ threats found via security devices/
product. Experience in developing & creating SIEM Procedures (SOP)
documentation.
. Experience in developing & Fine-tuning SIEM rule alerts and reports.
. Experience in handling clients reported cyber-attacks and incidents.
. Network Security (IDS/IPS, N/W Sniffing, Wireshark, TCPDUMP, NMAP).
. Running vulnerability & compliance scan and report vulnerabilities
mitigate risks associated with vulnerabilities reported.
. Report/Track the vulnerability reports periodically and submit the
report to management.
. Collaborate with worldwide Team members/customers, attend team
meetings.
. Provide input into all aspects of PKI
. Create, modify, maintain, or provide input for technical documents
such as but not limited to User Guides, build guides, adhering to
Government technical, operational, and integration requirements and
standards
. Act as subject matter expert and answer questions related to
vulnerability scanner.
. Engage and network with groups outside of IT Services such as Audit
Services, Legal, TI businesses, vendors, customers, and partners.
. Monitoring Snort (writing rules, monitoring BASE), creating the CASE
of unknown alerts, Splunk, Arcsight
. Writing Snort Signatures, Tripwire (HIDS), and OSSEC (HIDS),
. Vulnerability assessment using NESSUS.
. Working on Backtrack UNIX.
. Shell Scripting.
. Application/Web Security (OWASP).
. Audit & Compliance (ISO27001).
. Wireshark, TCPdump, Ettercap, Cain & Abel, Ettercap, C EH Modules.
IT Security Engineer Paypal Inc, Austin,TX USA
Nov-2012 to Oct-2015
. working in Security Incident and Event Monitoring SIEM platform - RSA
Envision.
. Security Incident raises according to the alerts and follow-up.
. Monitoring various event sources for possible intrusion and determine
the severity of threat.
. Hauling Ad hoc report for various event sources and, customized
reports, and scheduled reports as per requirements.
. Collecting the logs of all the network devices and analyze the logs to
find the suspicious activities.
. Monitor RSA envision dashboards to keep track of real time security
events, health of SIEM devices.
. Investigate the security logs, mitigation strategies and Responsible
for preparing Generic Security incident report.
. Hands on Experience with RSA envision centralized IPDB.
. Analyze the Malware through static and Dynamic analysis with tools.
. Responsible to preparing the Root cause analysis reports based on the
analysis.
. Knowledge in Websense, NIPS, Symantec Antivirus, Checkpoint, Active
Directory, Cisco switch & Cisco AC
. Designed and Deployed Microsoft PKI Windows 2012 Standard R2 and Key
Certificate Life Cycle Management Solution with Venafi Trusted
Protection Platform.
. Preparation of documents of all aspects of related efforts on
intrusion analysis, which is submitted to higher officials to conduct
audit and worked with various IT and business unit leads to ensure
timely and accurate reports.
. Responsible for monitoring & acquiring data feeds from a variety of
technologies for Splunk (Firewalls, BlueCoat proxy, Windows, Linux,
Imperva, RSA, etc)
. Setup Integration of FireEye alert in other security systems.
. Setup Automation of FireEye alerts to block infected devices in other
security systems.
. PKI refresh by deploying best industry practices solution.
. Secured company internet access using BlueCoat proxies.
. Engineered BlueCoat policies to follow company's policy's &
procedures.
. Responsible for maintaining McAfee IDS/IPS policies.
. Constructed actionable reports & alerts from RSA Security Analytics.
. Created & maintained policies for Axway Mailgate & secure email
appliances
. Conducted network vulnerability assessments to identify system
vulnerabilities.
. Developed remediation plans & security procedures
. Created custom scripts to save time & labor cost on attestation of
50,000 + accounts
. Collaborated with other departments in investigations for HiPPA & PCI
violations
. Provide consultative services at the time of PCI audits & reviews.
. Installed and configured Symantec Enterprise Anti-Virus.
. Administered and managed SEP Client deployments to Workstations and
Servers.
. Set up policies for servers with specific policies for apps running on
servers.
. Performing DLP inventory scans.
. Created DLP role-based access controls, DLP device policies, DLP
application file access protection.
. Worked with Global Security Team.
. Tripwire IP360, Tripwire CCM, Symantec CCS, Nessus, Nmap, Tcpdump,
Wireshark, Kali Linux, ArcSight, Splunk.
. Working with global security team for the Server Compliance and risk
management.
. Working on Symantec ESM (Enterprise Security Manager), Algosec,
Tripwire.
. Working on Mcafee ePO, Mcafee virus scan, monitoring malware
activities in the network.
SIEM Consultant Raymond James Tampa, FL, USA
Mar-2012 to oct-2012
. Participated in the product selection and installation of HP Arcsight
Security Information Event Manager SIEM consisting of multiple
collectors and a high performance MS SQL database
. Designed and implemented enterprise SIEM systems: centralized logging,
NIDS, alerting and monitoring, compliance reporting, based on HP
Arcsight 7.0 SIEM.
. Responsible for HP Arcsight SIEM monitoring and configuration aligned
to internal PCI and SOX controls
. Manage the day-to-day log collection activities of source devices that
send log data to SIEM HP Arcsight
. Managed and monitored McAfee EPO 4.6. Installed Linux/Windows agents
and Virus Scan Enterprise
. Recommended Web Sense Internet proxy and Web Security Gateway Anywhere
to manage corporate Internet proxy traffic and supporting
infrastructure
. Access control for browsing, Authentication for all hits from browsing
on proxy servers, maintenance of proxy logs for forensic purpose
. Maintain McAfee antivirus applications and appliance, including
ePolicy Orchestrator, VSE 8 and 8.5, and Secure Content Manager SCM
3200 SPAM, Virus, and content filtering of web and email traffic.
. Develop Knowledge base of various challenges faced in implementing
SIEM solution and maintaining it.
. Dashboard / Enterprise dashboard customization for various team based
on the log source type requirements.
Network Security Consultant HCL, Chennai, India
May-2011 to Mar-2012
Project lead for RMM implementation of Kaseya to manage all client devices
and streamline remote support and
monitoring.
Managed Kaseya for our clients with over 1000 agents deployed.
Worked with clients on IT roadmaps and planning for the technology spending
and growth.
Managed the day to day IT work for all my clients, including server,
network, workstation, mobile device support.
Automated installations of workstations, using scripting, group policy,
deployment packages and documentation.
Assist in the planning and execution of the Connect Wise,
Schedule and manage tickets on service board
Project manage new and existing projects with clear measurable goals
Proactively research and maintain knowledge of IT solutions provider and
related industries
Responsible for the oversight and support an organization's infrastructure
systems such as File and Print Services, Email, Network OS and
Applications.
Perform maintenance and support of the availability and functionality of
these systems.
Maintenance (includes OS Patching and upgrades), implementation rollouts of
new systems, L1,2&3 break fix
Resolve inbound tickets (Level 1 & 2 helpdesk as needed), and ensure SLAs
are maintained
Review and monitor our service-ticket boards, and ensure routine network
maintenance occurs
Manage all server/desktops to keep them up-to-date with Microsoft and third-
party patches, virus definitions, and malware, using our Remote Monitoring
Management (RMM) software
Assist with consistent monitoring of Backup devices and manage/escalate
failures as needed
Installed & Configured Windows server 2003, 2008, 2012 VMware vSphere,
hyper v, Exchange server 2010/2013& Linux operating systems.
Perform day-to-day Macintosh support activities and processes to deliver
enterprise-wide technical support services for Macintosh systems and
applications
Installed and Configured applications like Veritas NetBackup / Veeam Backup
and Replication.
Experience as a System Administration on various Linux Windows Server
2003/2008/2012 and Mac OS Server Snow Leopard/Lion/Maverick
Record your own work, as well as maintain, update, and create technical
support and end-user support documentation
Escalate technical issues outside your skillset to other technical team
members
Environment: MS SQL Server 2005/2008, Kaseya RMM Tool, Connectwise.