Post Job Free
Sign in

Information Security Analyst

Location:
Front Royal, VA
Posted:
June 14, 2024

Contact this candidate

Resume:

Sanjana Reddy

Sr. Cloud Security Engineer, IT Information Security Analyst

Email: ******************@*****.***

Cell: 972-***-****

SUMMARY OF QUALIFICATIONS:

●Security professional with over 9+ years of progressive experience in the IT industry, specializing in Information Security, Vulnerability Assessment & Penetration Testing, and Networks.

●Seeking a challenging role where I can utilize my technical expertise and passion for election security to contribute to the integrity and security of the electoral process.

●Implemented and managed CI/CD pipelines using tools such as Jenkins, GitLab CI/CD, and Travis CI to automate build, test, and deployment processes.

● Proficient in CVSS (Common Vulnerability Scoring System) assessments, utilizing Python to calculate and analyze vulnerability severity scores based on various metrics such as exploitability and impact, enabling effective risk evaluation and prioritization.

●Implemented monitoring with Grafana visualization infrastructure in the Kubernetes cluster.

●Experienced in leveraging Python to interact with CVE (Common Vulnerabilities and Exposures) databases, extracting and analyzing vulnerability data, and generating actionable reports to support vulnerability management and mitigation efforts.

●Deployed and configured Cyberark PAS solutions, including Enterprise Password Vault (EPV), PSM, and Central Policy Manager (CPM).

● Possesses a deep understanding of common network protocols and their role in security monitoring and is familiar with security incident response methodologies and best practices, as well as various operating systems' security features.

●Skilled in adhering to security standards such as ISO 27001, PCI DSS, CIS, and NIST 800-53.

●Proven ability to assess, mitigate, and respond to security threats in enterprise environments.

●Automated security testing processes by integrating tools such as SonarQube, OWASP ZAP, and Checkmarx into the DevOps pipeline.

● Strong knowledge of Python frameworks like Scikit-learn and TensorFlow, enabling the development of machine learning models for anomaly detection, malware analysis, and predictive threat intelligence.

●Extensive knowledge of Azure architecture, services, and best practices for building secure and scalable cloud environments.

●Set up monitoring and logging for Vault using tools like Prometheus, Grafana, and ELK stack to ensure the health and performance of Vault instances.

●Hands-on experience in deploying and managing virtual machines, virtual networks, and Azure Resource Manager templates.

●Skilled in Azure Active Directory for identity and access management, including user provisioning, authentication, and role-based access control (RBAC).

●Proficient in managing and securing Windows environments, implementing best practices, and staying abreast of the latest security threats and vulnerabilities.

●Proficient in Cloud Security Posture Management (CSPM) with hands-on experience in leveraging industry-leading tools to assess, monitor, and enhance cloud infrastructure security across multiple platforms.

●Focused on cloud strategy, particularly AWS, as well as product marketing, competitive research, customer journey analysis, and strategic partnerships.

●Designed and implemented custom Grafana dashboards for real-time monitoring and visualization of key metrics and KPIs.

●Familiarity with DHS security protocols and guidelines, including risk assessment, threat mitigation, and information sharing practices to protect critical infrastructure and enhance national security.

●Actively engaged in participating and contributing to online security forums to stay abreast of the latest developments, exchange knowledge with industry peers, and continuously enhance expertise in the ever-evolving field of cybersecurity.

●Implemented and managed HashiCorp Vault across multi-cloud environments for secure secret storage and access management.

●A proactive member of online security communities, leveraging forums as valuable platforms to share insights, seek guidance, and collaborate with professionals to collectively strengthen global cybersecurity practices.

●Established robust monitoring and alerting mechanisms for OMS platforms using Prometheus and Grafana, enabling proactive identification and resolution of performance issues.

Technical Skills:

Networking Technologies

Network Traffic Analysis (NTA), Endpoint detection and response, IDS/IPS, Security Operation Center, Forensic analysis

Networking Hardware

Cisco Switches, Cisco Routers, ASA/Pix/Palo Alto/Fortinet/Juniper firewalls.

Forensic Technologies

Encase, FTK Imager, Autopsy, Kali

Security Technologies

PAP, CHAP, Cisco PIX, Blue Coat, Palo Alto, ASA, Fortinet, Checkpoint

Security Tools

QualysGuard, Metasploit, Nessus, Threat connects, Tenable, Nikto, Burp Suite, Alien Vault, Splunk, Qradar, Rapid 7, Proof point.

Network Monitoring

Solar winds, Wireshark, HRping, NsLookup, TCP Dump, Infoblox, SPLUNK

Operating Systems

Windows 7, KALI LINUX, Parrot Sec

Capacity & performance

Cascade Riverbed (Flow Monitor), WAN Killer

Programming Languages

C, C++, Perl, PowerShell, Python, SQL

Simulation Tools

GNS3, VMware, OPNET IT GURU, OPNET Modeler, Cadence

Firewalls

Juniper Net Screen (500/5200), Juniper SRX (650/3600), Pix (525/535), ASA (5520/5550/5580), McAfee Web Gateway, Checkpoint, Palo Alto firewalls, Trend micro-Antivirus.

AAA Architecture

TACACS+, RADIUS, Cisco ACS

EDUCATION:

Bachelors in IT, JNTU, INDIA, 2014

CERTIFICATIONS:

Certified Ethical Hacker (CEH)

Certified Information Systems Security Professional (CISSP)

Professional Experience:

Client: Frontier Communications, Allen, TX Dec’2022 to till date

Role: Cloud Security Engineer

Responsibilities:

●Implemented proactive measures to maintain awareness of the latest critical information security vulnerabilities, threats, and exploits, ensuring timely response to emerging risks.

●Collaborated with cross-functional teams to facilitate vulnerability and compliance scanning activities, ensuring accurate identification and reporting of security issues.

●Developed and maintained relationships with key stakeholders, including developers and infrastructure teams, to effectively communicate vulnerability findings and drive remediation efforts.

●Integrated SQL queries with cybersecurity tools and SIEM platforms to correlate security events and perform forensic analysis.

●Set up monitoring and logging for Vault using tools like Prometheus, Grafana, and ELK stack to ensure the health and performance of Vault instances.

●Integrated security scanning tools (e.g., SonarQube, OWASP ZAP) into CI/CD pipelines to ensure code quality and identify vulnerabilities early in the development lifecycle.

●Integrated Cyberark with various platforms such as Active Directory, UNIX, databases, and cloud environments.

●Demonstrated proficiency in leveraging vulnerability management reports and metrics to prioritize and track remediation activities across specified areas of the environment.

●Developed and implemented Python scripts for automating cybersecurity tasks such as log analysis, threat detection, and incident response.

●Conducted in-depth analysis of IT and vulnerability management data sets using tools such as Excel and Power BI, providing insights to support decision-making processes.

●Skilled in conducting endpoint security assessments and implementing CrowdStrike's endpoint protection solutions.

●Created alerting rules in Prometheus to detect and notify of critical issues using Alert manager.

●Assisted in the deployment and configuration of HashiCorp Vault for secure data management.

●Actively participated in zero-day events, contributing to time-sensitive escalations, developing specialized reports, and conducting thorough investigations to mitigate risks effectively.

●Utilized Python libraries (e.g., Requests, BeautifulSoup) for web scraping and data extraction to gather threat intelligence and vulnerability information.

●Led the implementation of DevOps practices to streamline software development and deployment processes.

●Played a key role in the design and documentation of vulnerability management processes, ensuring clarity and consistency in procedures across the organization.

●Applied CrowdStrike's advanced detection techniques such as behavioral analysis and machine learning for identifying sophisticated threats.

●Integrated Spark Streaming with cybersecurity tools to enable real-time threat detection and response.

●Provided mentorship and knowledge transfer to team members, sharing expertise in areas of vulnerability management and cyber security best practices.

●Proficient in CICD tools (Jenkins, GitLab CI/CD, GitHub Actions)

●Conducted regular vulnerability scans using industry scanning tools including HCL AppScan, Burp Suite, and Ready API, ensuring timely identification and remediation of security gaps.

●Created stored procedures and triggers in SQL to automate routine security tasks and enforce data integrity constraints.

●Conducted incident investigations using Rapid7 InsightIDR's centralized log management and correlation capabilities.

●Conducted performance tuning of Prometheus instances, optimizing scrape intervals, and retention settings to balance performance and resource usage.

●Implemented cryptographic functions and algorithms in Python for secure data transmission and storage within cybersecurity systems.

●Generated comprehensive reports and dashboards in Qualys to provide insights into the security posture and analyzed vulnerability data and trends to identify areas of improvement and prioritize remediation efforts.

●Performed comprehensive security assessments of web applications, identifying vulnerabilities and potential attack vectors in adherence to industry best practices and OWASP TOP 10.

●Collaborated with database administrators to optimize SQL database performance and implement database security best practices.

●Developed and managed customized security configurations for diverse Public Safety Answering Points (PSAPs) engaged in the 911 program.

●Utilized Databricks MLflow for managing machine learning experiments, model training, and deployment in cybersecurity use cases.

●Led the deployment and configuration of HashiCorp Vault across multiple environments, ensuring secure management of secrets and sensitive data.

●Collaborated with cross-functional teams to integrate CrowdStrike solutions into existing security infrastructure.

●Utilized a systematic approach to address unique requirements, ensuring the adequacy and effectiveness of security controls across all PSAPs.

●Leveraged Apache Spark for large-scale data processing and analysis to detect security incidents and anomalies in real-time.

●Provided tier-3 support for complex Cyberark issues, including connectivity, integration, and performance problems.

●Developed and presented detailed vulnerability assessment reports to stakeholders, highlighting findings, recommendations, and actionable insights.

●Implemented the Risk Management Framework (RMF) across multiple programs, strictly adhering to the guidelines set forth by the National Institute of Standards and Technology (NIST).

●Implemented Databricks Delta Lake for managing versioned and transactional data in cybersecurity analytics environments.

●Established and enforced robust security best practices, conducting comprehensive reviews of vendor designs to guarantee seamless compliance with the stringent security standards and governance models mandated.

●Integrated InsightIDR with existing SIEM tools to centralize security event monitoring and streamline incident response.

●Implemented and managed Snowflake cloud data warehouse environments for storing and analyzing cybersecurity data at scale.

●Maintained a proactive stance in identifying potential gaps and proposing solutions to mitigate risks.

●Performed API security testing of web services, encompassing SOAP, REST, and JSON/XML protocols to identify and address potential vulnerabilities.

●Engineered scalable architectures to accommodate a growing user base, improving the SaaS platform's performance and reliability.

●Developed Spark applications for processing security logs and network traffic data to identify potential threats and security breaches.

●Utilized Snowflake for secure data sharing and collaboration across cybersecurity teams and external stakeholders.

●Utilized InsightIDR's deception technology to detect and respond to attackers at various stages of the attack lifecycle.

●Conducted load testing and optimized database queries, resulting in a 25% increase in system efficiency.

●Demonstrated excellent oral and written communication skills when engaging with customers, stakeholders, partners, and technical specialists, effectively conveying complex information, and ensuring clarity and understanding.

●Developed SQL queries and stored procedures in Snowflake for querying and analyzing large volumes of security logs and events.

●Utilized both manual and automated tools to perform network scanning, enumeration, and exploitation of security weaknesses.

●Developed detailed reports outlining vulnerabilities, risks, and recommended remediation measures, ensuring effective communication with clients.

Environment: Incident Response (IR), Cyber Threat Intelligence, Open-source data repositories, IDS/IPS sensors, Log analysis, Security Operations Center (SOC), EDR Solutions, TTP’s, Antivirus servers.

Client: Cigna, Philadelphia, PA Jan’ 2019 to Nov’ 2022

Sr. Cloud Security Analyst

Responsibilities:

●Responsible for working with multiple systems and data domains to enable operational efficiencies, risk detection and prevention through policy rule development and optimization and associated operationalization of response capabilities.

●Conducted regular vulnerability assessments and penetration tests to identify weaknesses in the organization's infrastructure, resulting in proactive remediation and improved security posture.

●Acted as a subject matter expert in virtualization, cloud, and container technologies, providing insights and recommendations to enhance security controls in these environments.

●Utilized Spark SQL for querying and analyzing structured security data stored in distributed environments.

●Conducted threat hunting exercises using CrowdStrike to proactively identify and mitigate security risks.

●Developed and maintained scripts using Python to automate repetitive tasks related to vulnerability scanning, data analysis, and reporting, increasing efficiency and accuracy.

●Collaborated with cross-functional teams to develop and implement security standards and best practices for system administration, networking, and cyber security.

●Integrated Snowflake with ETL (Extract, Transform, Load) tools and data pipelines for ingesting and processing security data.

●Established robust monitoring and alerting mechanisms for OMS platforms using Prometheus and Grafana, enabling proactive identification and resolution of performance issues.

●Designed and maintained a robust security architecture using HashiCorp Vault, focusing on high availability and disaster recovery.

●Served as a liaison between the vulnerability management team and external vendors, ensuring timely resolution of issues and effective utilization of vendor tools and services.

●Implemented CrowdStrike's EDR (Endpoint Detection and Response) capabilities for real-time threat detection and incident response.

●Proficient in DevOps methodologies and tools (Jenkins, GitLab CI, Travis CI)

●Implemented machine learning algorithms with Spark MLlib to build predictive models for cybersecurity threat detection and mitigation.

●Contributed to the enhancement of enterprise vulnerability management platforms such as Rapid7 Nexpose, Tenable Nessus, and Qualys, providing feedback and recommendations for feature improvements.

●Actively participated in security incident response activities, including the investigation and containment of security incidents and the coordination of remediation efforts.

●Implemented Snowflake security features including role-based access control (RBAC), encryption, and data masking for protecting sensitive data.

●Demonstrated strong leadership skills by mentoring junior team members, providing guidance on technical skills development and career growth opportunities.

●Engaged in continuous learning and professional development to stay abreast of the latest trends and developments in technology and cyber security.

●Implemented and managed Databricks clusters for scalable and collaborative data analytics and machine learning in cybersecurity projects.

●Assisted in the deployment and maintenance of Cyberark solutions.

●Deployed and configured Rapid7 Insight IDR (InsightIDR) for comprehensive detection and response across network and endpoints.

●Optimized Spark jobs for performance and scalability, fine-tuning cluster configurations and resource management.

●Reviewed and updated the System Security Plan (SSP) based on findings derived from assessing controls using industry-leading frameworks such as NIST SP 800-18 rev1, NIST SP 800-53A rev4, and NIST SP 800-53.

●Leveraged Databricks notebooks for interactive data exploration, visualization, and model development in cybersecurity analytics.

●Conducted security assessments and audits to identify weaknesses and gaps in cybersecurity defenses.

●Conducted cloud security assessments using Qualys Cloud Platform, including scanning and compliance monitoring.

●Leveraged InsightIDR's User Behavior Analytics (UBA) for identifying anomalous user activities and potential insider threats.

●Addressed security challenges specific to cloud environments (e.g., AWS, GCP, Azure) using Qualys solutions and implemented cloud security best practices and recommendations provided by Qualys.

●Developed complex SQL queries to extract and analyze security-related data from relational databases for threat detection and incident response.

●Implemented logging and monitoring solutions to proactively identify and address performance bottlenecks.

●Addressed complex level 3 security-related issues, combining in-depth technical knowledge with analytical problem-solving skills.

●Configured and fine-tuned security policies in DNS, assessed and optimized Active Directory security roles and policies, and ensured the completeness and accuracy of firewall policies.

●Developed Spark-based applications on Databricks for real-time threat detection and response using streaming data.

●Integrated Qualys with other security tools and systems, such as CMDB, SIEM, and ticketing systems.

●Automated vulnerability scanning, reporting, and remediation workflows to improve efficiency and accuracy and developed custom scripts and API integrations to extend the functionality of Qualys platform.

●Monitored and managed security protocols and firewalls, implementing necessary configurations to protect the organization's network infrastructure.

●Utilized SQL for database management tasks including schema design, table creation, and indexing for optimal query performance.

●Contributed to penetration testing efforts by conducting thorough vulnerability assessments, identifying system threats and vulnerabilities, and implementing container security best practices to ensure the integrity and confidentiality of applications and infrastructure.

●Performed API security testing on web services, including SOAP, REST, and JSON/XML protocols, identifying potential vulnerabilities and recommending security enhancements to mitigate risks.

●Implemented database security measures such as role-based access control (RBAC) and data encryption using SQL.

●Identified and recommended appropriate measures to manage and remediate vulnerabilities, placing significant emphasis on reducing potential impacts on information resources to an acceptable level, aligning with established policies and standards.

●Conducted comprehensive cybersecurity risk assessments of IT systems, documenting findings in formal risk assessments and supporting artifacts to facilitate the Assessment & Authorization (A&A) process.

●Revised and modified topology diagrams, while also overseeing Ports, Protocols, and Services Management (PPSM) to guarantee optimal network security.

Environment: NIST, AWS, SIEM, Splunk, POA&M, SOAP, REST, JSON/XML, EISA, CCI, RMF Controls, PPSM.

Client: State of Connecticut May’ 2016– Dec’ 2018

Role: Sr. Security Engineer

Responsibilities:

●Responsible for working with multiple systems and data domains to enable operational efficiencies, risk detection and prevention through policy rule development and optimization and associated operationalization of response capabilities.

●Responsible for design and implementation of security requirements, standards and reference architectures for incorporation into corporate policies and technical standards.

●Maintained cybersecurity asset inventory and ensured cybersecurity related protections are fully deployed and healthy, and all necessary security patches are applied.

●Assist with security operations necessary to maintain the confidentiality, availability, and integrity of enterprise data and information systems.

●Assist in maintenance of security tools and technologies throughout the enterprise environment.

●Assist with monitor and respond to daily SIEM alerts.

●Conducted SQL injection vulnerability assessments and remediation in database-driven applications.

●Maintaining, reviewing and updating Information Security System documentation, to include but not limited to System Security Plan (SSP), Plan of Action & Milestone, Risk Assessment, policies and procedures, security control baselines in accordance with NIST guidelines and security practices and CSI goals and objectives.

●Conduct IT controls risk assessment to identify system threats, vulnerabilities and risk, and generate reports.

●SIEM monitoring and security event analysis for all critical servers and applications utilizing customized Splunk queries, network traffic analysis, and Symantec Endpoint Manager.

●Highly skilled in Splunk to build, configure and maintain different environments and in-depth knowledge of log analysis generated by various operating systems.

●Scripted SQL Queries in accordance with the Splunk.

●Field Extraction, Using IFX, Rex Command, and Regex in configuration files.

●Splunk administers in environments like Window Servers, Red Hat Linux Enterprise Servers.

●Develop and conduct security test and evaluation according to NIST SP 800-53A.

●Developed System Security Plan to provide an over life of the system security requirements.

●Track security activities of assigned systems and brief leadership on said activities.

●Provide technical support, assisting users facing network problems. Perform advanced troubleshooting, diagnostics and provide level-1 solutions to network failures.

●Attend Security Training as requested by senior leadership.

●Develop, plan and maintain documentation necessary for operation in support of LAN to WAN connectivity.

●Adding websites to blocked list on the bluecoat proxies based upon business requirement.

●Worked on bluecoat proxy to optimize WAN Performance by analyzing and scanning malwares to protect the infrastructure and URL filtering.

●Experience with SIEM using vendor tools.

●Configuration and maintenance of ACL lists.

●Performed Qualys/CVE remediation duties, including firmware and port security.

●Designs, tests and deploys IT security systems, solutions and ecommerce environment.

●Working on Service Now ticket management tool by providing support service to clients by implementing and working on change request, Incident request and troubleshooting.

●Configuration of checkpoint firewall mainly VSX according to client topology and checkpoints features such as Application & URL filtering, IPS, Identity Awareness, IPS, VPN.

●Configuration of Palo Alto Next-Generation Firewall mainly VSYS according to client topology and working on Content-ID, User-ID, App-IP.

●Experience in Qualys policy compliance in detecting internal and external Threats and vulnerability.

●Responsible for internal Qualys WAS services and White Hat Security scans.

●Worked on security tools and software’s like Cisco WSA, Qualys, Splunk, Symantec Endpoint Protection, Bit9, HP Network Node Management.

●Exposure to wildfire advances malware detection using the IPS feature of Palo Alto.

●Worked on bluecoat proxy to optimize WAN Performance by analyzing and scanning malwares to protect the infrastructure and URL filtering.

●Organized all the Security Assessment and Accreditation for existing systems in the SDLC.

●Routing and Switch protocols: BGP, OSFP, VLAN, VTP, STP, RIP, RSTP.

●Firewall deployment, rules migrations, firewall administration and converting existing rule based onto new Checkpoint and Palo Alto Next-Generation Firewall platforms.

Kroger Inc, OH Feb’ 2015- Apr’ 2016

Internship/Security Analyst

Responsibilities:

●Apply security concepts, review information, execute defined tasks, analyze requirements, review logs, and create documentation.

●Perform investigation and data loss prevention, data manipulation, and coordination of activities.

●Perform actions to address or mitigate risks and vulnerabilities. Review and define controls.

●Advise on more complex security procedures and products for teams, security administrators and network operations.

●Participate in enforcement of control security risks and threats; potential of one more control subject to manager discretion. Share knowledge with staff.

●Conduct security assessments and other information security routines consistently.

●Investigate and recommend corrective actions for data security related to established guidelines.

●Perform various assurance and auditing activities to ensure that IT Security controls can protect enterprise data assets.

●Ensure the distribution and communication of these procedures in appropriate systems and media.

●Enable the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations. Develop a means of continuous monitoring.

●Establish suitable information security awareness, training, and educational activities.



Contact this candidate