Security Manager
Resume:
Swapnika Pasunuri
ac99rt@r.postjobfree.com
PROFILE SUMMARY
Worked in a 24x7 Security Operations Center (SOC).
Understanding of SIEM Implementation & its Integration with other N/W devices and Applications and the troubleshooting work.
Expertise in Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
Experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC)
Real Time Log monitoring in the Security Operations Center from different devices such as Firewalls, IDS, IPS, Operating Systems like Windows, UNIX, Proxy Servers, Windows Servers, System Application, Databases, Web Servers and Networking Devices.
Ensures the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through the performance of formal Risk Assessments, Policy and Governance, and internal Threat Analysis in regards to a SOC environment, with the use of SIEM tools
Expert Understanding to develop the complex Use Cases, Universal device support Modules on the QRadar SIEM.
Responsible for monitoring networks and security tools to detect suspicious and hostile activity across the Environment.
Supported for Security Operations Center (SOC). Monitor security system and diagnoses malware events to ensure no interruption of service. Identify potential threat, anomalies, and infections and provide report to the customers
Monitoring network traffic for security events and perform triage analysis to identify security incidents.
Analyze Threat Patterns on various security devices and Validation of False/True positive Security Incidents.
Identifying potential threat, anomalies, and infections.
Responding to computer security incidents by collecting, analyzing, providing details evidence (network log files) and ensure that incidents are recorded and tracked in accordance with its guideline and requirements.
Knowledge in Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Database Activity Monitoring (DAM), Data Loss Prevention (DLP), Identity and Access Management (IAM) solutions
SKILLS
Operating Systems
Windows 2000, XP, 10, Windows Server 2008,12, Linux (Red Hat)
Security / Vulnerability Tools
Snort, Wireshark, Websense, Bluecoat,Checkpoint, Symantec, Qualys Vulnerability Manager, FireEye HX,Sourcefire, Nessus
RDBMS
Oracle 11g/10g/9i, MS-SQL Server 2000/2005/2008, Sybase, DB2 MS Access, MySQL
Networking Protocols and Tools
TCP/IP, HTTP/HTTPS, SSH, SSL, DNS, SNMP Routers, Switches, Load Balancers, Cisco VPN, MS- Direct Access
Programming Language
C, C++, Java/J2EE, UNIX shell scripts
Monitoring Tool
Netcool, Dynatrace, tealeaf,Splunk,QRadar,TEPS
PROFESSIONAL EXPERIENCE
Cardinal Healthcare - Dublin, OH Jan 2018 – Present
SOC Analyst
Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives
Migrating existing Reports and Alerts from RSA envision to IBM Qradar.
QRadar Vulnerability manager and Threat Manager (QVM and QTM).
Tuning, Configuration, False Positive Reduction, Custom Log Source Extension development and administration of QRadar.
Provided support in identifying malicious network activity, threats impacting network operations and developing appropriate countermeasures, eliminating network threats and vulnerabilities.
Collecting data on Attacks to help SOC engineers create reports for auditing purposes.
Integration of different devices/applications/databases/ operating systems with QRadar SIEM.
QRadar SIEM v7.2 Administration with SIEM EPS tuning, distributed deployment architectures
Part of deployment team where parsing several Log sources are integrated into QRadar through mid-layer such as F5 for PCI and Syslog services.
Aggregate, correlate, and analyze log data from network devices, security devices and other key assets using Qradar.
Responsible for Incident handling and response, with knowledge of common probing and attack methods, viruses, botnets and other forms of malware. Correlating events from a Network, OS, Applications or IDS/Firewalls and analysing them for possible threats.
Ensure the SOC analyst team is providing excellent customer service and support.
Designed SOA based data service (for data domain) serving master data to authorized systems.
Monitors agencies sensors and SOC (Security Operation Center) systems for incidents and malicious activity.
Executed daily vulnerability assessments, threat assessment, and mitigation and reporting activities in order to safeguard information assets and ensure protection has been put in place on the systems.
Performing security analysis and identifying possible vulnerabilities in eliciting the key derivation function, create Vulnerability Assessment report detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities.
Conduct log analysis, proactive monitoring, mitigation, and response to network and security incident. Analyse security event data from the network (IDS sensors, firewall traffic).
Administrative Office 365 (Exchange Online, SharePoint Online, and skype for business (Lync)
Setup and manage alerts to monitor activity on business critical information as required.
Develop custom applications using InfoPath and other Out of the Box SharePoint features and functionality.
Provided second level support for the Symantec Endpoint Protection Antivirus System Provided after-hours support for the Production environment, generated and provided documented reports for the Threat Remediation Management Team.
Put together E-Business Operations documentation for the Symantec Endpoint Protection Management environment.
Implemented and configured firewall changes within the Symantec Protection environment according to Internal Compliance approved Specifications/recommendations.
Responsible for maintaining availability, reporting and communication of the SIEM between it, its event-sources and the endpoints.
Responsible for the management, design, and dissemination of relevant data from the global security information and event management (SIEM) system.
Assisted in designing, implementing and evaluating applications, systems and utilities relevant to Active Directory services.
Perform static and dynamic malware analysis on virtual servers with proper documentation and steps for removal on infected systems. .
Experienced on configuration, installation, and patches upgrades of Tripwire Log Centre on windows environment.
Interacts with end users, including first responders and explosive experts, identifying and aligning user needs with Tripwire resources.
Experience with Firewall Administration, Rule Analysis, Rule Modification.
Recognizes potential, successful, and unsuccessful intrusion attempts and compromises through analysis of relevant event logs and supporting data sources. Utilized Sourcefire, Wireshark.
Walmart - Bentonville, AR Oct 2016 – Dec 2017
SOC Associate
Responsible for QRadar SIEM monitoring and configuration aligned to internal PCI and SOX controls
Manage the day-to-day log collection activities of source devices that send log data to SIEM QRadar.
Cleaning up log sources auto-discovered in QRadar by identifying duplicates, correcting mis-identified log sources, and identifying log sources from their logs.
Assisted in monitor and maintain server systems. Install server hardware and operating systems.
Participated in the product selection and installation of QRadar Security Information Event Manager SIEM consisting of multiple collectors and a high-performance MS SQL database
Designed and implemented enterprise SIEM systems: centralized logging, NIDS, alerting and monitoring, compliance reporting, based on QRadar 7.0 SIEM.
Configuration trouble shooting on SIEM for data sources.
Dashboard / Enterprise dashboard customization for various team based on the log source type requirements.
Experienced in Operations Center environment/team such as: Computer Emergency Response Team (CERT), Computer Incident Response Team (CIRT)
SIEM troubleshooting and processing assigned enhancement request for various SIEM issues.
Access control for browsing, Authentication for all hits from browsing on proxy servers, maintenance of proxy logs for forensic purpose
Identifies, validates and documents substation asset classifications. Maintains substation asset tracking systems and databases as well as the credential management system.
Serves as a team member that properly prepares for and address incidents across the organization, a centralized incident response team is formed and is responsible for analysing security breaches and taking any necessary responsive measures.
Implementation, configuration and support of Checkpoint and ASA firewalls for clients.
Understanding the whole network & requirement of the organization.
EPS calculation and storage calculation as per compliance.
Understanding of various OS, web, database and application servers and respective integration mechanism.
Define logging as per customer’s requirement.
Integration of different data sources like Linux servers, windows servers, web servers, databases, security controls, network elements.
Responsible for end device configuration to push / pull logs to/from SIEM receivers.
Fine tuning of default rules, reports and alarms.
Rational Technologies, Hyderabad, India Sept 2015 – Aug 2016
IT Security Engineer
Implementation of SIEM tool.
Managing and maintaining Windows NT, 2000, 2003, 2008 and 2012 server administration Remote Administration using Terminal Services.
Performed Windows user administration, managing user accounts, permissions, User rights, Account policies, Security policies and performed software and hardware maintenance.
Hands on experience on Remedy7.2, AF Remote, and HP Open view, TEPS, HP insight manager, IBM Director, etc.
Primary troubleshooting and knowledge in Windows clusters.
Monitoring & managing Weekly server reboots.
Performing Disk cleanups and disk management for windows OS drives
Working on high CPU and Paging file issues
Performing daily checks to ensure stability in the environment
Experience in fixing IBM (RSA) and HP (ILO) connectivity with Blade and Brick Servers
Working on file/folder restoration issues on user’s requests.
Hands on experience in network devices like port resets, logs collections, investigations, etc.
EDUCATION
Master of Computer Science Aug 2016 – May 2019
Wright State University, Dayton OH [3.25/4.00]
Bachelor of Software Engineering
SRM University, Chennai, India [8.4/10.0] Aug 2012 - May 2016
CERTIFICATIONS
Certified Ethical Hacker(CEH) Aug 2017
Certified by: EC-Council
Baseline for Information Security Professionals.
Deep understanding on how to look for vulnerabilities and weaknesses in a target system.
Network+ July 2018
Certified by: CompTIA(Online)
Network Administration.
Skills needed to create, configure, manage and troubleshoot wireless and wired networks.
Security+ June 2018
Certified by: CompTIA(Online)
Benchmark for IT Security.
Concepts on communication security, organizational and operational security.
Cloud+ June 2016
Certified by: CompTIA(Online)
Administer cloud based technologies and systems.
Concepts on Cloud concepts and models, virtualization, infrastructure and resource management.
Linux Plus June 2016
Certified by: CompTIA(Online)
Broad awareness of Linux operating systems.
Can demonstrate a critical knowledge of installation, operation, administration and troubleshooting devices.
Contact this candidate