Chethan Katarki

E-mail: ac4f1y@r.postjobfree.com

Phone: 508-***-****

SUMMARY:

An Information Security Analyst with focus on Cyber security, continuous monitoring, access control and compliance. Performed advanced cyber security operational monitoring and analysis of security events Ex: Security information monitoring tools, network and host based intrusion detection tools, system logs such as windows, mainframes applications and databases with different security technologies i.e, SIEMS (McAfee, RSA) cisco, IronPort proxy, McAfee endpoint such as VSE, HIPS, McAfee encryption, remediation of workstation and servers for antivirus with ePO.

TECHNICAL SKILLS:

Networking: Switches, Routers, Hubs, Cables, LAN, WAN, TCP/IP, DNS.

Security: Malware Analysis, Firewall & Proxy, Data Security, Security Risk Management, Fraud Detection, Network Security, McAfee ePO, McAfee ESM SIEM, DLPe, Drive Encryption, IT Monitoring Software SolarWinds Orion Platform, McAfee nDlp, Tippingpoint, Proofpoint, Secureworks, Solera, Imperva DAM, WIPS, Proxy, Splunk.

Certifications: Pursuing CEHv9

PROFESSIONAL EXPERIENCE:

SECURITY OPERATIONS ANALYST, Atlanta, GA

AFLAC Inc April 2017 – Till date

Responsibilities:

Investigated suspicious emails forwarded by the users and requested for appropriate blocks for the infected files/blacklisted domains after analyzing the files and mail headers to InfoSec Tools Operations and InfoSec Engineering team.

Maintained, performed and updated Cyber Security and IT Risk Assessment process and reporting to include tracking and management of any follow-up action items or process updates as required.

Monitored and analyzed Intrusion Detection Systems (IDS) & Intrusion Prevention System (IPS) to identify security issues for remediation.

Regularly worked with Incident Response team to discuss and potential escalate critical incidents after initial triage.

Provided support in the detection, response, mitigation, Exploits, vulnerabilities, network attacks and reporting of real or potential cyber threats to the environment and assisted in the automation of these processes.

Performed analysis on data from systems to identify unexpected or malicious activity across channels and experienced in cyber investigation and fraud identification.

Provided support 24x7 on call for escalated security incidents on a rotational basis SOC environment.

Developed and maintained up to date Run-Books and Standard Operation Procedures to maintain relevancy, address current/emerging threats.

Ensured complete integration of monitoring dashboard comprising monitoring tools and the systems.

Monitored and analyzed different SIEM tools, network traffic, Intrusion Detection Systems (IDS), security events and logs.

Analyzed information security data from network and applications security logs and tools such as firewalls, proxies, application vulnerability scanners, network flow data, external data sources and cyber threat intelligence to identify potential compromises.

Prioritized and differentiated between potential incidents and false alarms.

Helped analyzing security tools and systems and reports on security and performance.

Stayed abreast of current technologies, developments, security compliance requirements, standards and industry trends to help achieve the goals of the department.

Detailed investigation of files to determine the safety of the mails being received from users by using security tools.

Worked with compliance teams to support security and privacy audits and helped to develop a mitigation strategy. Worked to obtain and compile necessary documentation and evidence for all this position but are not intended to be complete or all-inclusive listing.

Independently follow procedures to contain analyze and eradicate malicious activity

Assisted with the development of processes and procedures to improve incident response times, analysis of incident, and overall SOC functions

INFORMATION SECURITY ANALYST, Cincinnati, OH

US Bank Aug 2016 to Dec 2016

Responsibilities:

Correlated data from intrusion and prevention systems w/data from sources. Ex: Web server, DNS logs to identify misuse, malware or unauthorized activity on networks, Communicated and escalated issues, incidents required by process.

Monitored and investigated DLP and endpoint events; Utilized and understood AV, Fraud or signature matching technologies. Customized intrusion detection system and other tool signatures to maximize the value of event logs and minimize number of false-positives.

Participated in the computer security incident response team efforts and other mitigation strategies used in security operations.

Executed response and mitigation procedures for a myriad of potential security incidents escalated from US Bank’s Tier 2 SOC and create reports to reflect on our detection and mitigation strategies.

Monitored and analyzed real-time security alert analysis and (DDoS) mitigation response attacks using tools.

Communicated security, data protection, and data loss prevention related concepts to a broad range of technical and non-technical staff effectively at multiple organizational levels.

Regularly worked with Computer Security Incident Response to discuss and potential escalate critical incidents after initial triage.

Stayed abreast of current technologies, developments, security compliance requirements, standards and industry trends to help achieve the goals of the department.

INFORMATION SECURITY ANALYST Aug 2015 – July 2016

Ernst & Young, New York, NY

Responsibilities:

Analyzed, troubleshoot, and investigated security-related, information systems’ anomalies based on security platform reporting, network traffic, log files, host-based and automated security alerts.

Reviewed recorded, and acted on alerts from network and host-based security platforms such as:

o Network-based Intrusion Detection/Prevention Systems (IDS/IPS)

o Security Information & Event Management (SIEM) platform

o Endpoint protection

o Firewall and network access controls lists

o Web and E-mail proxy and filtering systems

Documented investigation of security events and conducted research on emerging security threats by using sources like Reddit and SANS.

Provided response support as needed for information security related events/investigations.

Have in depth knowledge of network and security concepts such as OSI and TCP/IP model, operating systems and the CIA triad.

Experienced with network protocols including HTTP, HTTPS, FTPS, SFTP, SNMP, SMTP, SSH, SSL, RDP, and SIP.

Hands-on experience with tools including IDS/IPS, SIEM, and web filtering solutions.

Web attack methods such as Cross Site Scripting attacks (XSS) and SQL Injection.

Maintained and updated relevant system and process documentation and develop ad-hoc reports such as activity statistics.

Assisted with the development of security tool requirements, evaluations, as well as security operations procedures and processes.

Established and maintained a strong working relationship with security and engineering team members.

Monitored threat intelligence from internal and external sources to identify new methods of attack and evaluate potential remediation plans.

Successfully managed time and technical responsibilities, set accurate expectations and met deliverable deadlines while working in a team and information-sharing environment.

ADVANCED ANALYST (Information Security) Jan 2011 to July 2015

Ernst & Young Private Limited – Bengaluru

Responsibilities:

Researching, analyzing and understanding log sources from security and networking devices such as firewalls, routers, anti-virus products, and operating systems

Performed real-time proactive Security monitoring and reporting on various Security enforcement systems, such as NITRO (SIEM), Anti-virus, Internet content filtering/reporting, malware code prevention.

Identifying and remediating any threats and vulnerabilities as a Security Monitoring (SOC), Triage and Escalation to T2.

Documenting incident results and reporting details through ticketing system

Escalating issues to Tier-2 and follow up as required.

Identifying and remediating any threats and vulnerabilities.

providing systems administration or systems engineering support with experience in McAfee products: ePolicy Orchestrator (ePO), Host Intrusion Prevention System (HIPS), Virus Scan Enterprise (VSE), Data Loss Prevention (DLP).

Triaging emails sent by internal users depending on the categories and responding to the customers after investigating the emails.

Investigated DDoS attacks, Fire-eye, Source-fire, malwares, web sense event that are prone. Connectors are set for the entire IDS/IPS appliance.

Executed on appropriate mitigation strategies for identified threats.

Provided Rotation 24/7 On Call support.

Formulated and configured Logger appliances and analyzed system anomalies.

Managed, upgraded and maintained operational data flows and McAfee SIEM platforms.

Maintained and modified hardware and software components, content and documentation.

Created and documented reports, rules, trends and Dashboard.

Provided guidance for equipment checks and supported processing of security requests.

Experience in Network Intrusion detection/Intrusion Prevention System and Firewalls.

Utilize Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.

Contact this candidate