Information Security Technical Support

Summary:

Over ** years of experience in Security Operations and Monitoring.

Proficient in Public and Private Cloud Environments (VMware ESXi, Azure, AWS & GCP).

Skilled in Microsoft Windows & Linux installation and configuration.

Comprehensive understanding of Security, Virtualization concepts, and SIEM tools.

Experience with Qualys for Vulnerability and Compliance management, FireEye for Endpoint Security, and Mimecast for email security.

Familiarity with compliance regulations such as SOX, HIPAA, and PCI.

Proven ability to design and implement informative dashboards for senior executives.

Adaptability to high-pressure environments with strict deadlines and multiple deliverables.

Dedicated to providing high-quality technical support and ensuring customer Satisfaction.

Experienced in developing correlation rules mapping MITRE ATT&CK framework and creating SOP’s/KB articles & OLA’s.

Track threat actors, their tactics, techniques, and procedures (TTPs), and their associated Indicators of Compromise (IOCs) and coordinate with clients to develop countermeasures.

Technical Skills:

Email Security – Proofpoint, FireEye EX

Endpoint Security – Sysmon, FireEye HX, Symantec SEP

SIEM – Splunk, FireEye Helix, Sentinel One, IBM QRadar, Secure-IQ

Monitoring tools – SolarWinds, Nagios, IBM Tivoli, LogicMonitor

Vulnerability Assessments – Qualys, Tenable, Rapid7

Patch Management – BigFix, SCCM

Incident Response – Jira, ManageEngine, Axios Assyst

Operating System – Windows and Linux

Professional Experience:

Client: PEPTALK Health LLC, NY April 2024 – Till Date

Job Title: Cloud SecOps Analyst

Responsibilities:

Emphasize my role in ensuring secure logins and managing database access permissions across all environments.

Implemented to protect sensitive data during migrations, backups, and daily operations this could include encryption of data in transit and at rest, masking of sensitive information, and adherence to compliance standards such as GDPR or HIPAA.

Highlight adherence to security best practices in database administration, including regular security audits, vulnerability assessments, and patch management to mitigate potential risks.

Managed AWS Cloud, including configuring security groups, implementing IAM (Identity and Access Management) policies, and leveraging AWS security services like AWS KMS (Key Management Service) for encryption.

Robust disaster recovery and high availability solutions for database, ensuring data resilience and business continuity in case of disruptions.

Client: SS&C Technologies Jan 2018 to Mar 2024

Job Title: Sr. NOC Engineer

Responsibilities:

Responsible to support 24x7 on-call.

Conduct in depth analysis of the offenses received from SIEM tool to identify/ filter genuine/ false positive traffic from malicious one

Perform analysis of network traffic/threat logs, DNS query logs, proxy logs, network packet captures, and other logs from operating systems, applications like Azure AD, O365 (Threat Management, DLP).

Identifying, ticketing, dispatching, and escalating system faults.

OS patches and firmware upgrades using BIG FIX Tool

Reporting real-time vulnerabilities/threats with risk to organization.

Provide continuous surveillance of hardware and software monitoring systems. Investigate all alerts, troubleshoot, and repair issues, escalate as required following established protocol.

Providing risk assessment for any new or updated existing controls which affecting

Perform daily checklist procedures and shift handoff procedures.

Client: Parexel Jun 2015 to Dec 2017

Job Title: Sr. NOC Engineer

Responsibilities:

Analyzing the offenses using Q Radar SIEM for identifying any possible infections in the network and creating blocks for False Positives due to anomalies.

Identifying the hosts responsible for suspicious traffic and identifying any successful attack attempts from external sources by reviewing Firewall/IPS/Authentication/DHCP/IIS logs.

Managed DLP (Data Loss Prevention) incidents and escalate them to Privacy Incident Response teams for cases requiring further inspection.

Identify re-occurring issues and analyze the data for permanent solution.

Quickly respond to the critical problems by logging into the servers and perform necessary steps as instructed by the L3 teams for swift resolutions.

Identify the opportunity of resolving issues through L1 tasks/ Service restarts to ensure high availability of the services.

Perform preliminary investigation of the alerts and deep dive to understand the cause of the issue while simultaneously work with the next level support teams to resolve the issues.

Proactively identify the errors/issues and research to understand the nature of the problem to escalate with accurate information to the L2/L3 teams.

Drive Priority incidents for all critical services through bridge calls, track the updates/progress until resolution.

Work with multiple technical teams to gather event details occurred during an incident and capture for resolution steps and preventive measures to report to the Management.

Handle day to day operations and activities of NOC.

Analyze shift volume and additional tasks incurred during the shift to prioritize the tasks and assign to the Analyst for ensuring smooth operations.

Generate Monthly reports for the Management.

Client: CtrlS Data centers Jan 2014 to May 2015

Job Title: SOC Engineer

Responsibilities:

Active member of a group responsible to research on the SIEM product most suitable for Hosting (Cloud) Infrastructure.

Strategically deployed Sentinel (LEM) and SecureIQ (SIEM) in line to the business requirement.

Configure the log sources to remit all events to correlation engine in SIEM to identify threats.

Configure rules on SIEM to filter legit user activity based on public destination IPs, ports, and protocols.

Maintained DNS resolution policy, processed PKI certificate requests, blocked malicious websites using Websense, and maintained pattern-based SPAM filters on Symantec Bright Mail Gateways.

Identifying vulnerabilities on different environments using Nessus and escalating them to the concerned Business leads depending on the risks involved.

Gather up to date Cyber Intelligence Information and document them for analysis of patterns while overseeing security incidents.

Proactive communication and escalations on the status of the incidents to SMEs.

Configuring Syslog on multivendor platforms to fetch the logs

Identifying the Blacklisted IP From UCE Protect

Education and Certifications:

Bachelors in Technology: Electronics and Communication Engineering from JNT University, India.

Certified CCNA Routing and switching.

Certified CompTIA Security+.

ITIL V4.

Certified Six Sigma Yellow Belt.

Contact this candidate