Security Information
Resume:
SAI SARATH P
** ***** *****, **********, ***********. ac0cqr@r.postjobfree.com 203-***-****
Summary:
Five years plus experience in IT Security Operations and implementation, integration & operation of SIEM via QRadar, ArcSight, and Splunk.
Experience in planning, developing, implementing, monitoring, and updating security programs, and advanced technical information security solutions, and sound knowledge in SOX and PCI compliance requirements and understanding of NIST and ISO standards.
Security Incident handling, SIEM using RSA Envision and IBM Qradar products Identifying the critical IT infrastructure that requires 24/7 monitoring.
Develop strategic plans for agency-wide implementation to address the operations of client services, product support, quality assurance, and information security training.
Technical experience in System and Network Analysis, Intrusion Detection, Malware Analysis.
Experience in Handling cybersecurity risk management framework assessments; ensures enterprise cybersecurity policies fully support all legal and regulatory requirements and ensures cybersecurity policies are applied are applied in new and existing IS resources.
Experience and knowledge of threats, analysis, and remediation efforts about Intrusion Prevention and penetrations.
Experience in Network Intrusion detection/Intrusion Prevention System and Firewalls
Knowledge in Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Data Loss Prevention (DLP), Identity and Access Management (IAM) solutions.
Proven ability in identifying various network security vulnerabilities and explain in detail how to remediate the identified vulnerabilities.
Knowledge of LAN/WAN networking concepts–- TCP/IP, routing and switching, OSI Layer; and scripting languages.
Experience in troubleshooting LAN and WAN.
Maintained up-to-date procedures and documentation to support IT security processes.
Strong troubleshooting, reasoning, problem-solving skills, flexible and able to deliver quality results.
Senior Cyber Security Analyst NextEra, Florida USA Oct-2015 To Till now
Working in Security Incident and Event Monitoring SIEM platform – IBM Qradar/Mcafee/Splunk ES.
Monitoring various event sources for possible intrusion and determine the severity of threat.
Experience in IBM Qradar SIEM Integration.
Experience in integrating the log sources with IBM Qradar.
Creating Reports based on log sources integrated with Qradar for the Customer requirement.
Experience in SIEM devices health monitoring and capacity management.
Experienced in SIEM Technology and analysing the various Devices Logs.
Experience in developing & Fine-tuning SIEM rule alerts and reports.
Security Incident raises according to the alerts and follow-up.
SOD Controls and Procedures as a part of Audit Perspective.
Technical representation for PCI, CPM and SOX Audit Review and monitoring
Performing investigation, analysis, reporting and escalations of security events from multiple sources including events like intrusion detection, Firewall logs, Proxy Logs, Web servers.
Implementation and Integration of Servers (Windows, Linux and Unix), Security devices like Firewall, IPS, IDS, WAF, Nessus, McAfee Proxy, Symantec Endpoint Protection).
Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.
Experience in Information Security Platform by providing support on known/ unknown vulnerabilities/ threats found via security devices/ product. Experience in developing & creating SIEM Procedures (SOP) documentation.
Experience in handling clients reported cyber-attacks and incidents.
Network Security (IDS/IPS, N/W Sniffing, Wireshark, TCPDUMP, NMAP).
Running vulnerability & compliance scan and report vulnerabilities mitigate risks associated with vulnerabilities reported.
Worked on OWASP TOP 10 attacks like, XSS, SQL Injection, CSRF, PHP Injection etc.
Interacation with customer regarding security alerts and attacks.
Worked on DDOS mitigation and have good idea on different kind flood attacks.
Report/Track the vulnerability reports periodically and submit the report to management.
Experience in Handling and closing high business impact incidents.
Collaborate with worldwide Team members/customers, attend team meetings.
Plan, implement and manage vulnerability scanner environment.
Interface with vendors to resolve vulnerability scanner related issues and upgrades.
Act as subject matter expert and answer questions related to vulnerability scanner.
Engage and network with groups outside of IT Services such as Audit Services, Legal, TI businesses, vendors, customers, and partners.
Monitoring Snort (writing rules, monitoring BASE), creating the CASE of unknown alerts, Splunk, Arcsight
Writing Snort Signatures, Tripwire (HIDS), and OSSEC (HIDS),
Vulnerability assessment using NESSUS.
IT Security Analyst Hasting Mutual, Hasting USA Feb-2014 to Oct-2015
working in Security Incident and Event Monitoring SIEM platform – RSA Envision.
Monitor RSA envision dashboards to keep track of real time security events, health of SIEM devices.
Hands on Experience with RSA envision centralized IPDB.
Collecting the logs of all the network devices and analyse the logs to find the suspicious activities.
Investigate the security logs, mitigation strategies and Responsible for preparing Generic Security incident report.
Monitoring various event sources for possible intrusion and determine the severity of threat.
Hauling Ad hoc report for various event sources and, customized reports, and scheduled reports as per requirements.
Analyse the Malware through static and Dynamic analysis with tools.
Generating malware behavioural analysis report.
Working on Mcafee ePO, Mcafee virus scan, monitoring malware activities in the network.
Responsible to preparing the Root cause analysis reports based on the analysis.
Responsible for maintaining McAfee IDS/IPS policies.
Knowledge in Websense, NIPS, Symantec Antivirus, Checkpoint, Active Directory, Cisco switch & Cisco AC.
Preparation of documents of all aspects of related efforts on intrusion analysis, which is submitted to higher officials to conduct audit and worked with various IT and business unit leads to ensure timely and accurate reports.
Responsible for monitoring & acquiring data feeds from a variety of technologies for Splunk (Firewalls, BlueCoat proxy, Windows, Linux, Imperva, RSA, etc)
Setup Integration of FireEye alert in other security systems.
Setup Automation of FireEye alerts to block infected devices in other security systems.
Secured company internet access using BlueCoat proxies.
Engineered BlueCoat policies to follow company's policy's & procedures.
Constructed actionable reports & alerts from RSA Security Analytics.
Conducted network vulnerability assessments to identify system vulnerabilities.
Developed remediation plans & security procedures
Created custom scripts to save time & labour cost on attestation of 50,000 + accounts
Collaborated with other departments in investigations for HiPPA & PCI violations
Provide consultative services at the time of PCI audits & reviews.
Installed and configured Symantec Enterprise Anti-Virus.
Administered and managed SEP Client deployments to Workstations and Servers.
Set up policies for servers with specific policies for apps running on servers.
Performing DLP inventory scans.
Created DLP role-based access controls, DLP device policies, DLP application file access protection.
Worked with project managers to ensure incorporation of security activities in all ongoing projects and to identify security impact of new release.
Develop, implement, and maintain employee database for multiple departments.
Worked with Global Security Team.
Working with global security team for the Server Compliance and risk management.
IT security Engineer Tamana Infotech, Hyd INDIA Mar-2013 to Jan-2014
Worked on Multiple Operating Systems Environments likes Windows (2003, 2008) and Linux (Redhat, fedora, Debian), Virtual Infrastructure.
Conducting cyber forensics activities to check the process of cyber forensics after cyber-crime was conducted successfully by collecting evidence and securing the evidence.
Worked on implementation of different third party security tools like Rapid7, Demistro and DUO.
Maintaining the antivirus solution i.e. Symantec Endpoint Solution.
Audit of Cisco ACL, Active Directory, and rules in F5 ASM.
Conduct penetration testing & Auditing of the organization network by using tools.
Foot printing, Scanning, Sniffing and monitoring Network activities by using Open source & commercial tools like (Wireshark, Nmap).
Education Qualification and Certification
2009-2013: Bachelor of Engineering with Honours in Computer Science (CGPA- 3.2). Anna University (INDIA)
Certified Information System Security Professional
Language and Technologies
Information Security
:
SIEM- QRadar, Splunk, ArcSight, McAfee ESM, Guardium DAM
Security/ Vulnerability Tools
:
Palo Alto, Imperava, IBM Security Guardium Vulnerability, OpenVAS, MBSA, Nexpose
Networking Protocols
:
TCP/IP, SSH, SSL, DNS, SNMP, ICMP, RIP, OSPF, BGP, TACACS+
Network Tools
:
Routers, Wireshark, Sniffer Pro, Cisco prime, Nessus, Nmap
Operating Systems
:
Windows 10/8/7/XP/NT/98, Unix, Linux- REMnux, Virtualization(VMware)
Languages
:
C, C++, C#, HTML, Java, PL/SQL, Python, XML.
Ticketing System
:
ServiceNow, Remedy.
Contact this candidate