Mamatha

ac53lb@r.postjobfree.com +1-469-***-****

7+ Years of Information Technology & 5+ years of experience in Network security, SIEM tools, Security Assessments and Risk Remediation processes.

Experience on Network Security Integrations, Implementation, Operation Support, Vulnerability assessment, Development and implementation of IT processes aligned with business objectives for effective security management.

Five Plus years of extensive experience in Security information and Event management (SIEM) tools like ArcSight, RSA Netwitness, LogRhythm, Splunk, RSA Envision, QRadar.

Experience working in Banking, Financial, Energy, Transportation, and HealthCare domain.

Extensively worked on development and configuration of SIEM connectors for unsupported devices by Arcsight, Splunk and ESS Security.

Designed and implemented Skybox firewall and network compliance assurance as a risk Management solution.

Experienced with Vulnerability Assessments with various tools like QualysGuard, Rapid7 Nexpose, NMap, Nessus and packet sniffers like Etherial.

Integration of TACACS+, LDAP Authentication & Access Controls with the security devices like Sonic wall, Checkpoint, Cisco firewalls and FireEye.

Experience in performing detailed technical network security evaluations and recommendations via vulnerability Management.

Adept in conceptualizing, analyzing software system needs, evaluating end-user requirements, custom designing solutions & troubleshooting for complex software systems.

Designed and implemented network & system monitoring test solutions on Log logic and RSA Netwitness.

Experience in design, installation, configuration, administration and troubleshooting of LAN/WAN infrastructure, routing protocols & packet flow using netflow monitoring tool- Stealthwatch.

Designed security policies adhering to regulatory compliances like PCI DSS and NIST.

TECHNICAL SKILLS:

oSIEM Technologies: HP ArcSight, RSA Netwitness, LogRhythm, Splunk, RSA Envision and QRadar.

oOperating Systems: Windows NT / 2000 / XP, Linux, Cisco IOS

oNetworking: TCP/IP, Routing Protocols (RIP, OSPF, BGP, IGRP, EIGRP), PPP, PPTP, L2TP, NAT, IPSec, H.323, SS7, SGCP, MGCP.LAN, WAN, WLAN, VPN, Frame Relay, Ethernet, Ether Channel, RIP, EIGRP, OSPF, NAT, STP, VTP, VLAN, GLBP, VoIP, multicast protocols, ISIS, LDP, IPSEC, L2TP.

oNetwork Hardware: Cisco Routers/Switches/PIX/FWSM/ASA, Sonic Wall and Check Point Firewalls

oRisk Assessment: Skybox & Checkpoint Tufin

oVulnerability Assessment: Qualys Guard, Rapid7 Nexpose, Nmap, Nessus

oDatabases: DB2, ORACLE, SYBASE AND MS SQL 2005

oWeb Application Firewall: F5 ASM

oFile Integrity monitoring: Tripwire

oWeb Proxy: Cisco Iron port

oIntrusion Detection (IDS/IPS) technologies: SourceFire, Deep Security, AirTight andMcAfee, Stealthwatch.

Certifications : CEH (Certified Ethical Hacker), ECSA (EC Council Certified Security Analyst), Logrhythm U Certified Professional, HCL Infosec Administrator.

Education Qualification: Masters in Computer Science Engineering, Texas A&M University.

PROFESSIONAL EXPERIENCE:

Client: Becton Dickinson, Franklin Lakes –NJ May’2017- present

Role: Security Engineer in Architecture & Engineering team for Security operations

Roles& Responsibilities:

Providing technical design (architectures and solutions), Development (Scripting), and debugging of computer

Configuring log generation and collection from a wide variety of products distributed across

Categories of servers, network devices, security devices, databases and apps.

Installation of Connectors and Integration of multi-platform devices with Arcsight SIEM,

Develop content for the Arcsight/ RSA Netwitness Unsupported devices / Custom Apps

Develop Use cases for Arcsight like correlation rules, dashboards, reports and filters,

Active lists and Session list

Creating alerts and reports as per business requirements and Threat modeling with specific Security control requirements

Arcsight asset modeling implementation, to populate asset properties in Correlation rules

and reports.

Working on integrating devices (Switches, Routers, packets and network traffic) to Arcsight SIEM for monitoring

Integration of AWS to Arcsight and analyze the traffic to filter out False

Positives and add True Positives into rule set

Integration of different devices data to RSA Netwitness Environment and also creating dashboards and reports in Netwitness

Evaluating RSA Netwitness for SIEM requirements and sharing observations to management team

Troubleshooting the issues which are related to Arcsight ESM, Management Center, Smart Connectors, Collectors, UDP Directors, RSA Broker, Concentrators and Decoders.

Client: Fidelity Information Services. - Milwaukee - WI Jan ’2015-April’2017

Role: Security Consultant

Roles and Responsibilities:

Worked as part of the Security Operation Center (SOC) and was responsible for maintaining different components like Log Collector, Log Decoder, Concentrator, Broker configuring log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases and apps.

Creating alerts and reports as per business requirements and Threat modeling with specific security control requirements.

We on-boarded 2500+ devices to RSA Security Analytics for Threat detection.

Attending weekly client meetings in that need to discuss about on boarding and content testing results status.

Created installation and configuration and test case scenarios documents for each specific device Connectors.

Integration of different devices data from RSA Security Analytics Environment forwarded through the Z-connectors into Security Analytics.

Develop content for RSA Security Analytics like correlation rules, dashboards, reports and filters.

Integration of IDS/IPS to RSA Security Analytics and analyze the logs to filter out False positives and add False negatives in to IDS/IPS rule set.

Debugging the issues which are related to RSA Security Analytics performance, reporting, collection of logs from various devices.

Recommended security strategies based on real time threats.

Client: Google Maps, Hyderabad-India

Role: Network Security Specialist Aug ’12 – Nov ‘13

Roles & Responsibilities:

Worked in this project as Network Security Specialist.

Maintain LogRhythm components like Platform Manager (PM), Data Processor (DP), Data Indexer (DX), Data Collector (DC), Network Monitor (NM) for Log collection and monitoring.

Integrate the devices like Juniper Network Secure Access, Aruba Mobility Controllers, Bluecoat, Fire Eye, ISS site protector, Checkpoint, Palo Alto, Source fire, VMware Venter, Symantec End point, AD servers with Logrythm SIEM.

Integrate Qualys guard scanner to LogRhythm to populate vulnerability information to associate internal assets.

Recommended and configure Correlation rules and reports and dashboards in Logrhythm Environment.

Configure Network Hierarchy and Back up Retention configuration in Logrhythm SIEM.

Extract customized Property value for devices which are not properly parsed by Logrhythm.

Monitoring of day to day system health check-up, event and flow data backup, system configuration backup.

Analysis of Offenses created based on different device types of logs via Correlation rules.

Integrate different feeds to Splunk Environment.

Enhancement and fine tuning of Correlation rules on Logrhythm based on daily monitoring of logs.

Integration of different devices data to Splunk Environment and also created dashboards and reports in Splunk.

Recommended and Configure Daily and weekly and monthly reports in Logrhythm and Splunk based on Compliance requirements.

Environment: Logrhythm SIEM, Splunk, Windows and Redhat Linux.

Client: SERCO, Hyderabad-India Sep ’11 – June ‘12

Role: Data Analyst:

Roles &Responsibilities:

Worked as an L-2 engineer and was responsible for configuring log generation and collection from a wide variety of products distributed across categories of servers, network devices, security devices, databases and apps.

Categorize the messages generated by security and networking devices into the multi-dimensional Arcsight normalization schema.

Installation of Connectors and Integration of multi-platform devices with Arcsight ESM, Develop Flex Connectors for the Arcsight Unsupported devices / Custom Apps

Develop content for Arcsight like correlation rules, dashboards, reports and filters, Active lists and Session list.

Creating alerts and reports as per business requirements and Threat modeling with specific security control requirements.

Arcsight asset modeling implementation, it is used to populate asset properties in Correlation rules and reports.

We on-boarded 12000+ devices (Windows, Linux, IIS, DNS, DHCP, NPS, Main frame) to Arcsight ESM for monitoring.

Integration of IDS/IPS to Arcsight and analyze the logs to filter out False positives and add True Positives in to IDS/IPS rule set.

Integration of different devices data to Splunk Environment and also created dashboards and reports in Splunk.

Troubleshooting the issues which are related to Arcsight ESM, logger, Oracle DB and Conapps performances.

Environment: HP ArcSight SIEM, Splunk, Windows, Linux Servers and Networking tools

Client references will be provided upon request.

Contact this candidate