Security Management
Resume:
E zra eleyazer Manda ************@*****.***
I nformation Securi ty Analyst
CE H, ECSA, CCNA
! I am a PR Holder recently I mmigrated to Canada who had work experience in I ndi a and UK, Will ing to
work in any province !
PROFESSIONAL OBJECT I V E:
Seeking assignments in Information Security Assessments with an organization to provide advisory changes with a
concentration on Information Security and Risk Management.
S umma ry :
Having 4years of Professional experience.
Good at Implementing & consulting on ISO27001; Conducting ISO 27001 GAP ANALYSIS.
Good at developing and maintaining IS procedure, Risk reports and checklists.
Expertise in providing r isk assessment for any new or updated operations affecting confidentiality, integrity
and/or availability of client's Information systems
Broad base of knowledge across the technology spectrum like networking protocols, security scanning products,
anti-virus solutions, security audit tools, operating systems.
Good experience in Securing networks from all external or internal threats.
Expertise in analyzing information system security needs, evaluating end-user requirements.
Can recommend preventive, mitigating, and compensating controls to ensure the appropriate level of protection
and adherence to the goals of the overall Network security strategy in the form of Audit.
Expertise in Vulnerability Assessments, Penetration Testing and Malware Analysis.
Good at executing and documenting vulnerability management procedures.
Strong usage skills in Exploitation & Assessment tools like Metasploit, Armitage, Nikto, W3af etc.
Proficient In usage of Ethical Hacking & Penetration Testing Tools.
Good understanding of Virtual Environments
In-depth technical knowledge/mastery with Int rusion Detection systems/Int rusion Prevention systems.
Good exposure of performing "Deep Packet Analysis" and correlation of log data from multiple sources.
Solid understanding on reading PCAP and been able to differentiate normal vs abnormal t raffic.
Applied knowledge of computer security forensics and security vulnerabilities.
Creating and executing Information Security Awareness Trainings.
Proven experience with network security principles, and general network management best practices.
Experience of testing and analysing complex technical PKI and Certificate based exchanges.
Expertise on PKI, Card management system, Hardware Security Modules, Client-Server Authentication.
Experienced in both proprietary and open source applications.
Have provided hardware installation and support.
PROJECTS:
Client: Srindu soft Ltd, United Kingdom (August 2013 – May 2014)
Role : Security Analyst
Environment: VMWare esxi, Linux Redhat, Centos, Ubuntu, Windows
Subject Matter Expert (SME) on emerging Security technologies for the company.
Acting as Single point of contact for Client Site Security Audits.
Monitoring security systems, analyzes Activity of Interest (AOI), and takes appropriate actions.
Creating and executing IT-Security Awareness Trainings, implementing additional IT-Security Systems like high
availability Site Firewalls, Network Int rusion Detection Systems, and Virus Protection Systems.
Generation and presenting the reports on network based security, vulnerabilities to external customers (Client-
site).
Lead the corrective actions to Fix/Update/Mitigate the vulnerabilities found during scans.
Monitoring & Reporting the Network (LAN & WAN) Traffic for efficient Bandwidth Management by using
Sniffers and other Monitoring Tools.
Conducting and executing of periodical security assessments and managing to build a secured environment at the
client location.
Evaluating new security technology and conducting vulnerability assessments.
Coordinates, documents, and reports on investigations of possible security violations.
Regular analysis of vulnerability assessment of various Client network and IT infrastructure and suggest
remediation plan.
Perform audits as per audit schedule defined and submit clear and accurate reporting of the findings. And to
work with the teams to implement corrective and Preventive Actions.
Study, Analyze and Reported in case of false positive situations.
Identifying potential IT security incidents.
In-depth analysis of security alerts generated by correlating logs from multiple technologies that includes
F irewalls, web servers, databases IDS/IPS, Windows/UNIX servers etc.
Performing BCP & Disaster Recovery Plans and implementing them on a Random and Pre Schedule Basis in line
w ith ISO 27001 and ISO 17799 Standards.
Conducting ISMS GAP ANALYSIS and ISMS internal audits; consulting on ISO 27001 implementation and QMS.
Patch management and Back up activity Monitoring.
Performing cyber security incident response, event analysis, investigations, and forensics duties.
Client: British gas Centrica, United Kingdom (January 2013 – July 2013) smart metering project
Role : Security Analyst
Environment: Linux, Windows and communications via 3G and Zig-bee protocols
Responsibilities:
Analysis of security context, interpret requirement of 3rd party (Trilliant & Landys + Gyr) supplied Head end system.
Co-ordinate with information Risk team to identify requirements and mitigate risk by addressing the requirements.
Interpret test requirements and create testing collateral.
Applied network security features.
Analysed PKI cryptography exchanges (key and certificate exchange methodology).
Implemented hardware and interface security.
Security protocol testing - TLS implementation.
Exposure to the strategic security evaluation involving assets distributed over the GPRS networks.
Investigated real time incidents in the test infrastructure.
Client: www.pkr.com, United Kingdom (May 2012 – December 2012)
Role : Junior Penetration tester
Environment: Linux Ubuntu, Windows
Perform ethical cracks (hacks) to assess the vulnerabilities of test, Internet, and/or Intranet connected systems,
networks and applications including Windows, Linux.
Generate and present reports on security vulnerabilities.
Help to develop communications and promote information security awareness among staff
Advise internal organizations on best practices for securely managing information
Performing assessments of SDLC processes
Developing testing scripts and procedures
Client: One Alliance IT Services Ltd, India (June 2010 – April 2012)
Role : System admin
Environment: Windows
Provide technical support for One Alliance it Services staff and patrons at each branch location.
Coordinated and established priority of work orders to appropriate technician for service and follow up.
Provided statistically reports per technician while monitoring the overall progress of assigned tasks.
Established network users, user environment, directories and security for networks and software installed.
Installed, upgraded and configured network printing, directory structures, rights and software on file servers.
Provide assistance for network administrator with minimal network troubleshooting to isolate and diagnose common network
problems.
Maintained configuration and performance standards for network environment.
Responded to the needs and questions of staff concerning their access of resources on the network.
Resolved software and hardware configuration issues, recover and transfer data from old to new machines.
TOOL BELT:
Excellent knowledge about OWASP guides and exploits.
Various Automated Web Application Testing Platforms (IBM App scan, Acunetix, HP WebInspect)
Vulnerability management tools (Retina, Nessus, Nexpose, McAfee Vulnerability manager)
Various Interception Proxies / Testing Frameworks (Burp / Paros / w3af )
Various Browsers / Plug-ins / Add-ons (Firefox, Chrome, Safari, IE, cookie editor etc)
Various Network Penetration Testing tools (Nmap, Wireshark, Metasploit framework, Cain etc)
Various wireless tools (Aircrack, Kismet, Netstumbler)
Web application security testing using SQL injections, XSS, Local file inclusions, DOS etc.
Various Encryption tools (Open SSL, Open SSH, Putty, SSL Strip)
Good understanding on Cryptography and algorithms (Encoding, Encryption, Hashing)
Able to analyze PKI and Certificate exchange methodologies during TLS/SSL, HTTPS sessions.
Packet crafters (Netcat, Hping, Socat)
Competent in website UI design (HTML, CSS, Adobe Flash).
Excellent in Adobe Photoshop.
Intermediate knowledge in programming, scripting in c, python, java script.
Intermediate knowledge in code analysis (HP Fortify).
Competent user of Backtrack linux, Kali linux, Samurai WTF, Metasploit frame work.
Thorough knowledge on OSI/ISO and TCP-IP model stack.
Knowledge on IP sec concepts (IPv4, IPv6).
IDS-IPS tools (Snort).
Firewalls (ASA, Checkpoint)
Virtualization (VM-Ware, Prox-mox, Citrix xen)
Networking principles and protocols
Operating systems (Windows, Linux, Mac).
Contact this candidate