Hakeem Shareef Mohammed

ad4l30@r.postjobfree.com

Cell: 773-***-****

Summary:

·Over 6+ years of combined storage and cybersecurity experience as a cybersecurity analyst with competent and deep experience and a good knowledge of information technology. Specialized in proactive monitoring of SIEM networks (Splunk, ArcSight).

·Deep knowledge in Security tools around logs and performing packet analysis. Finally, malware analysis can be carried out with the general objective of guaranteeing the confidentiality, integrity, and availability of systems, networks, and data.

·Expert in network security implementation, SIEM tools, new concepts, identity management, new security technologies, cloud security architecture, and new security controls and in the development of innovative security controls and processes that meet business and government need to protect information.

·Can use different environments: Microsoft Cloud App Security, Azure, SEP 14, Symantec ERD, Nexpose, Sourcefire, PowerShell, Blue Coat, VMware vSphere, VMware Service Manager, ServiceNow, Active Directory, Joe Sandbox

·Knowledge of the fundamentals of networks IT, SOC components, OSI model, TCP / IP logs, basic concepts of data back up and Information threats and attacks

·Experience with processes within the security assessment and authorization environments, such as categorization security, security, and contingency plan development, security testing and evaluations, system accreditation, and monitoring

·Information security engineer/analyst with good experience in security incident analysis, vulnerability and penetration testing, network monitoring, information security, and network security functions.

·Experience in collecting and analyzing metrics, key risk indicators, and maintaining defined dashboards in the information security field to ensure that our information security program works effectively and efficiently.

·Information protection solutions, including security monitoring, DLP, and auditing solutions from Symantec.

·Experience in collecting and analyzing metrics, key risk indicators, and maintaining defined dashboards in the information security field to ensure that our information security program works effectively and efficiently.

·In-depth knowledge of NIST 800 Special publications, Federal Information Processing Standards (FIPS), and other important federal regulations

·Knowledge of server maintenance, including security logs configuration, network configuration, and troubleshooting.

·Experience with various endpoint tools such as McAfee EPO, Carbon Black, BigFix, Symantec EPO (IDS / IPS)

·Automated centralized detection of security vulnerabilities using scripts for vulnerability assessment tools such as Qualys Guard and Nessus.

·Security Operations Center (SOC) experience with hands-on experience planning, coordinating, and maintaining an organization's information security and CSOC incidents and alerts.

·Ability to multitask, work independently and as part of a team, strong analytical and quantitative skills, and effective interpersonal and verbal / written communication skills.

··Participation in a one-to-one project where I performed a detailed analysis of a malicious packet capture using tools such as Wireshark, Snort, Nessus, and Net witness Investigator.

·Experience configuring and deploying modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption

·Monitor events, respond to incidents, and report results.

·Experience in installation and maintenance of the Windows 2008/2012 server operating system.

·Experience with network monitoring with SIEM IBM QRadar and Wireshark, configuration, and functions for information security and network security.

·Knowledge of common cybersecurity technology tools such as Firewalls, IPS / IDS, DLP, CASB, Network Access Control, DDOS Mitigation, Antimalware, Antivirus, Encryption, and Two-Factor Authentication

·Knowledge of penetration testing, vulnerability analysis, threat detection, and development of security programs by performing vulnerability scans with Nessus and generating reports

·Configured and involved to configure WAF (Web Application Firewall) architecture to inspect HTTP traffic with content filtering capabilities to prevent SQL injection, cross-site scripting, buffer overflow, cookie contamination, and security misconfiguration.

Technical Skills:

DLP Websense, Symantec & McAfee

End Point Security McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Safe boot.

IPS/IDS McAfee IPS, HP Tipping Point, Cisco IDS, SecureWorks IDS/IPS

SIEM RSA Envision, ArcSight, Splunk security manager, IBM QRadar

MSS Vulnerability Assessment, Content Filter, Antispam, IDS/IPS Management

Vulnerability Management Tools Found stone, Qualys Guard, Nessus 7.0, Nmap, Nexpose, Wireshark

Security Tools Splunk ES, McAfee Vulnerability management solutions, Burp suite, OpenVAS, Nessus, Qualys, Solarwinds, Forescout, Darktrace.

Platforms/Applications Continuous Monitoring Vulnerability Management, Web Application Scanning, threat Protect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance, Solarwinds, Nexpose, Forcepoint, Rapid7 Event Management RSA Archer, Blue Coat Proxy, Splunk, NTT Security, Log Rhythm, HP Arcsight PenTest Tools Metasploit, NMAP, Wireshark and Kali

Security Software Nessus, Ethereal, NMap, Metasploit, Snort, RSA Authentication, McAfee EPO Mcafee Epo Patch Management, Mcafee dlp, discover Mcafee drive encryption Mcafee ATD Symantec endpoint manager. Splunk log management tool.

Protocols TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS

Operating System Windows, Linux, Unix

Security Intelligence White Hat Web Security, iDefence, NTT Security, LogRhythm

SIEM Splunk, Solarwinds, Arcsight, Nitro, IBM QRadar, Forcepoint, Rapid7 Nexpose

Routers Cisco Routers ASR 1002 / 7606 / 7304 / 7206 / 3945 / 2951 / 2600

Information security standard's ISO 27001, PCI, NIST, SOS

Professional Summary:

Client: World Bank, Washington DC Nov 2022 to Present

Cybersecurity Engineer / DLP Engineer

Responsibilities:

Experience with email system (e.g., on-premises and cloud) administration services (e.g., mailbox administration, add/move/delete, mailbox permissions, creation of distribution lists and owners, managing address list, creating storage groups, backup/restore), including wireless device components.

Responsible for monitoring and providing analysis in a 24x7x365 Cyber Security Operation Center (CSOC) using IDS/IPS tools.

Successfully tuned and optimized existing DLP rules to reduce false positives and negatives, improving overall accuracy and efficiency of data protection measures.

Worked with team on migration activities and setting up email authentication solutions.

Actively participated in the hands-on review and analysis of DLP events to identify and assess potential data security risks.

Problem determination and resolution within SLA's.

Install, Configure, Maintain, and troubleshoot Exchange servers.

Managing Databases (Creation, Deletion, Modify Settings for Maintenance and Logs) and Database recovery.

Configure, Maintain, and troubleshoot connectors, Email Address Policies, CAS Arrays, etc.

Responsible for support, troubleshooting, and providing solutions for: Azure Active Directory, AAD Connect, EXO, Intune MDM, OneDrive, and MS Teams.

Responsible for managing Email gateways security and email archiving solutions like Enterprise vault, Mimecast, and Proofpoint archiving.

Responsible for providing a senior level of support for the Exchange Team.

Participate in team on-call response 7x24x365.

Monitored performance levels and capacity of supported applications and assist in proper capacity planning and management.

Engaged with the monitoring team to ensure proper monitoring of all supported Messaging Applications.

Able to produce detailed, accurate technical documentation.

EOP (Exchange online protection).

Responsible for protecting company email data and configuring a secure email environment.

Good understanding of SPF /DKIM and DMARC records.

Able to analyze DMARC reports and take appropriate actions.

Configured and managed Anti-Spam policies for the company.

Resolved support tickets and requests.

Directly supported migration/onboarding to Office 365 Azure-hosted solution

Provide support for Exchange Online, Skype / Teams, and Active Directory

Assisted with large-scale O365 migrations.

Configured tools for monitoring and use them to proactively identify issues within email & messaging systems.

Able to Provide configuration support for messaging connectors (e.g., SMTP) to the Internet and other electronic mail systems.

Created and maintain technical documentation.

Strong customer service skills.

Performed related duties as assigned.

Worked on creating policies in O365 for Anti-Phishing / Microsoft ATP Defender.

Served as a Threat Analyst in SOC Operations my responsibilities were monitoring and analyzing logs for threats from various security/ Industrial appliances using HP ArcSight ESM console, ArcSight Logger

Life-cycle management of security monitoring platforms including SIEM, Vulnerability Scanners, Intrusion Detection/Protection Systems (IDS) / (IPS), firewalls, DLP, CASB, and/or Threat Intelligence tools and processes.

Managed Cyber Security threats through prevention, detection, response, escalation, and reporting to protect Enterprise IT Assets through Computer Security Incident Response Team (CSIRT).

Monitored Security Management Console for Security Operation Centre (SOC) for ensuring confidentiality, Integrity, and Availability of Information systems.

Responsible for 24x7 CSOC Operations including Log monitoring which include detection, tracking, and analyzing of incidents, generating daily, weekly, and monthly report and preparing it in the proper format, and sharing it with the customer with proper resolution & actions taken also notifying for log stoppage.

As CSOC team Security Analyst, composed Cyber Security alert notifications and other communications.

Followed CSOC team Incident Response plan in responding to and investigating Cyber Security alerts and incidents.

Successfully responded to Cyber Security incidents within SLA specified time frame.

Security Monitoring, Infrastructure Implementation, Security Enforcement and Support activities related to Cyber Security Operation Center (CSOC)

Provided leadership in implementing security solutions towards Qualys and SIEM tools like ArcSight.

Analyses detected vulnerabilities and vendor reported vulnerabilities for applicability, severity, and solutions.

Experienced with DLP, Bluecoat web sense, Proofpoint, Trend Micro, and Microfocus ArcSight Enterprise SIEM security tools to monitor network environment.

Involved in Security Operation, Vulnerability, and Risk Assessment, alerting report generation and analysis with various security tools (Splunk, McAfee ePO, Symantec DLP, Imperva, Sourcefire (IDS/IPS), FireEye. Bluecoat Proxy, etc.

Working as Analyst SOC Operations for monitoring, analyzing logs from various security/ Industrial appliances using ArcSight.

Opened, Assigned, and closed the tickets assigned in SOC Security Management Console towards Qualys for various Remediation Process and Patch Management Process.

Assist the Cyber Security Operations Security Infrastructure and Enforcement team as per Client security policies and procedures.

Conducted security assessment and penetration testing on organizational network.

Responsible for working with Endpoint Management team to manage software deployment to PCs using tools such as 2008/2012 Active Directory, Microsoft WSUS patching, Anti-virus and endpoint protection using McAfee ePO. Creation and management of PC Build Images WinXP and Win7, and application for PCI security policies.

Ensure vulnerabilities and risks are efficiently mitigated in accordance with the organization-monitoring plan.

Ensuring audit logs are reviewed periodically in accordance with departmental policy and the Security Authorization documentation.

Respond to the request received from the business unit (SPOC), maintaining the dashboard and status of the projects.

Updating Issue trackers if any issues occur in the tool with possible mitigation by coordinating with the support team.

Creating Project trackers and sharing them with the leads.

Conducting security awareness programs for development community monthly targeting developers and tech Specialists.

Environment: Microsoft Cloud App Security, Cofense Phishme, Azure, SEP 14, Symantec ERD, Nexpose, Sourcefire, PowerShell, Blue Coat, VMware vSphere, VMware Service Manager, ServiceNow, Active Directory, Joe Sandbox

JP Morgan Chase, Dallas, TX Apr 2019 to Oct 2022

SOC Analyst/Cybersecurity Engineer

Responsibilities:

Conduct proactive monitoring, investigation, and mitigation of security incidents.

Analyze security event data from the network (IDS, SIEM).

Perform static malware analysis on isolated virtual servers.

Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.

Ensure the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.

Investigate malicious phishing emails, domains and IPs using Open-Source tools and recommend proper blocking based on analysis.

Research new and evolving threats and vulnerabilities with potential to impact the monitored environment.

Conduct log analysis using Splunk.

Identify suspicious/malicious activities or codes.

Monitoring and analysis of security events to determine intrusion and malicious events.

Search firewall, email, web, or DNS logs to identify and mitigate intrusion attempts.

Deployed and implemented Cofense PhishMe Report Phishing button in Outlook.

Responsible for handling and responding Phishing attacks and taking appropriate action to control and working as an SME for Cofense Phishme

Created Rules and Recipes to automate phishing reports in the Cofense PhishMe portal.

Conducted base-level analysis to determine the legitimacy of files, domains, and emails using tools such as Wireshark as well as online resources such as Virus Total, URLVoid, IPVoid, and Robtex

Utilized tools such as Bluecoat and EOP to identify suspicious web and email traffic going in or leaving the network.

Monitored Intrusion Detection Systems and ArcSight channels for threats and vulnerabilities.

Assess incident severity and escalate to the next level as needed.

Responsible for malware analysis and forensic analysis of Security Incidents

Working as SOC Analyst for monitoring, analyzing logs from Security/Industrial appliances like ArcSight Logger

Identifying and remediating any threats and vulnerabilities as a Security Monitoring (SOC), Triage and escalation to IR also worked closely with IR team in the incident of account compromises.

Environment: Microsoft Cloud App Security, Cofense Phishme, Azure, SEP 14, Symantec ERD, Nexpose, Sourcefire, Powershell, Blue Coat, VMware vSphere, VMware Service Manager, ServiceNow, Active Directory, Joe Sandbox

Franklin Templeton, Hyderabad, India Apr 2015 to Sep 2016

System Administrator / Engineer

Responsibilities:

Assisted in and/or implementing the design of information security controls in computing systems, applications, and network software/hardware.

Assisted in and/or implement the design, implementation, and maintenance of various information technology network security systems such as firewalls, intrusion detection systems, virtual private networks, anti-virus, anti-spam, web filters, and network account access.

Assisted in architectural design and implementation of the network over which all enterprise services, systems, and applications operate.

Performed internal network security audits using various standard network security tools and processes.

Maintained all system and network addresses, documentation, diagrams, and account information.

Responsible for capacity planning, anticipating future network needs, and proactively identifying solutions to satisfy needs.

Worked with all IT vendors for product evaluations and quotes.

Assisted in the design, implementation, testing, and maintenance of a disaster recovery solution.

Provided monitoring, support, and maintenance of home-grown production applications, and production and test databases.

Performed network monitoring, server administration, performance tuning, and troubleshooting to ensure smooth operations.

Ensured that all critical security and system patches and services packs have been applied to servers and network components.

Participated in the development of corporate policies, SOPs, and standards in the following areas: network and systems security, business continuity, systems/data backup and recovery, computer access control and usage, daily administration, and maintenance.

Evaluated Internet-wide security threats in relation to local systems.

Plan and implement company-wide additions, upgrades, and major modifications to the supporting infrastructure in coordination with corporate leadership.

Consult with customers, suppliers, peers, and department colleagues to evaluate, recommend, and implement improvements to existing systems, networks, and procedures in alignment with the latest industry technologies.

Other duties as assigned.

Educational Details:

Bachelor’s in commerce completed in 2013 from Osmania university India.

Master’s in business administration completed in 2016 from Osmania university India.

Master’s in science and information technology completed in 2020 from university of the Potomac, VA.

Contact this candidate