Security Analyst Soc
Resume:
Devika Ardalapudi – SOC Engineer (Cyber Security)
Professional Summary
• Experienced Professional as an IT Security Professional in IT Infrastructure, Risk Management, SOC Analyst, SIEM, Vulnerability Management, Penetration Testing, Validation, Information Security, and Cyber Security.
• Cyber Security and Administration Professional with expertise in Information Security Management, Firewalls, IDS, Penetration Testing, Threat Detection and APT, DLP and industry security standards.
• System Security and Administration Professional with expertise in Information Security Management, Firewalls, IDS, SIEM, Penetration Testing, DLP and industry security standards.
• Experience with Windows, Linux, vulnerability assessment tools, firewalls, IDS/IPS, Nessus, NMAP, Advanced Persistent Threat (APT) hunting, SIEM, Splunk, LogRhythm, ArcSight, Rapid7, Routers, Switches, LAN/WAN, TCP/IP protocols, VMware, Endpoint Security, Cloud Security.
• Strong experience with cloud security strategy, cloud provider ecosystems Microsoft Azure & migrating Enterprise from traditional data center Infrastructure, Application and Data designs to hybrid or fully-cloud enabled practices
• Develop horizontal view of risk posture across Cloud Security Domain using Azure.
• Monitored and escalated potential brute force attempts to client Red Hat servers in Azure cloud by analyzing SSH logs in Splunk ESM and Logger.
• Worked using McAfee best practice standards for OWASP top 10 CIS CSC, DLP, Data classification, and Encryption standards for Contractors and employees.
• Utilized Security Information and Event Management (SIEM) and Advanced Persistent Threat (APT) hunting, Intrusion Detection & Prevention (IDS / IPS) FireEye, malware analysis tools.
• Utilized Digital Guardian to protect most valuable assets with an on-premises deployment or an outsourced managed security program (MSP).
• Remediated vulnerabilities for both Proofpoint edge gateways, Proofpoint DLP and Microsoft Exchange Maintenance.
• Experience in vulnerability scanning g with relevant tools e.g., Nessus, HPE Fortify for SCA (Static Code Analysis) and Web Inspect, and Rapid 7 Nexpose.
• Experienced with Symantec DLP Policies (DLP templates) compliance and worked on information security standards and risk analysis methodologies.
• Strong knowledge of risk management and computer forensic tools, technologies, and methods.
• Experienced in IT security design and implementation with a solid understanding of disaster recovery, intrusion detection systems (IDS), intrusion protection systems (IPS), and web application firewalls (WAF). Analytical problem solver adept at managing network changes and troubleshooting network issues to ensure maximum up time.
• Experience configuring and deploying McAfee modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption, McAfee Network DLP, McAfee DLP Endpoint, McAfee SIEM.
• Hands on Experience with Security frameworks such as NIST, OWASP Top 10
• Develop approaches for industry-specific threat analysis, application-specific penetration tests and the generation of vulnerability reports.
• Experience with identity and access management solutions such as LDAP, Active Directory, XAML, SAML and multi factor authentication
• Excellent understanding of computing environments Linux: RHEL-7/DEB-KALI, Windows 7/10, Server 2012/2016 and Unix Operating systems.
• Perform Risk Assessment, Penetration Testing, Validation, GRC, Gap analysis & create Risk Mitigation plan.
• Excellent knowledge of FISMA, HIPAA and ISO 27001/27002, NIST, COBIT, and OWASP Compliance usage, rules and regulations
Technical skills
• Antivirus: McAfee Virus Scan Enterprise, Symantec, Endpoint Protection Suite
• DLP: Websense, Symantec & McAfee
• SIEM: Splunk ES, McAfee, Arcsight, Qradar, LogRhythm
• PEN TESTING TOOL: BurpSuite, CheckMarx SAST, Red Team, HP Fortify, IBM AppScan, Contrast Security, OWASP Zap, Nmap, Kali Linux, Postman, Rapid7 Nexpose, ReconNG
• End Point Security: McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Safeboot
• IPS/IDS: McAfee IPS, HP Tipping Point, Cisco IDS, SecureWorks IDS/IPS
• SIEM: RSA Envision, Arcsight, Splunk security manager, IBM Qradar
• Cloud Security: AWS, Azure, OpenStack, Docker, Ansible, Chef, Ansible, CI/CD, Terraform
• Proxies/Sniffers Tools: Burp Suite, Web scarab, Wireshark, DirBuster
• Vulnerability Management Tools: Foundstone, QualysGuard, Nessus, Nmap, Nexpose, Wireshark
• Security Tools: Splunk ES, McAfee Vulnerability management solutions, Burpsuite, OpenVAS, Nessus, Qualys, SolarWinds, ForeScout, Security Onion,Docker.
Professional Experience
PayPal, Arizona May 2021 to till date
Sr. Security Engineer
• Experience with new and emerging technologies such as cloud services and infrastructure, mobility models, and big data concepts and usage and how those relate to enterprise security technology/controls; the areas of focus include vulnerability management, cyber security, and data protection disciplines
• Managing security as a business is important to the firm and setting the tone and strategic direction of this focus area is a part of the role
• Spear heading and ownership of innovative concepts and architectural areas across our technical security domains
• Oversight and development of technical security strategies
• Review and assessment of technical security roadmaps aligned against strategic direction
• Management of research and short-term innovation projects exploring new security technology
• Creating and maintaining working partnerships with architecture, engineering, and operations to understand needs, feasibility of strategic recommendations, and impact to organizations and people; relationship management is a key role function
• Ability to liaise and a strong comfort level with Executives and Senior Leadership
• Supports the development, implementation, and maintenance of the global information security strategy program. Plays a key role in recommending strategic direction for the firm
• Leading technology specialist in all aspects of information security
• Excellent people skills particularly as it related to relationship management and consensus building
• Vulnerability Management and Cyber Security – e.g., vulnerability scanning, vulnerability program management, network forensics, SIEM, cyber security technologies, incident response program implementation and technology enablement, and security reporting
• Endpoint Security – e.g., anti-virus, firewall, endpoint encryptions technologies, port/device controls and network access controls
• Network and Perimeter Security – e.g., firewalls, IDS/IPS, secure remote access and secure file transfer Shell, Houston, Texas August 2020 to April 2021
Cyber Security Engineer
• Designed, deployed, optimized Enterprise Security solutions and services e.g. Cyber Threat Management & Intelligence, Security Analytics solutions, SIEM, Malware detection & analytics, APT detection and containment etc.
• Automated the centralized detection of security vulnerabilities with scripts for Vulnerability assessment tools like ArcSight.
• Experience in supporting Symantec Endpoint Protection 12.1 workstation clients in an enterprise environment. Installation, configuration, and day-to-day management of Symantec Endpoint Protection.
• Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level.
• Perform research, analyze, and understand log sources utilized for security monitoring focusing networking devices.
• Review risk assessments completed by security team based on National Institute of Standard and Technology
(NIST) and International Standard Organization (ISO) by using its methodology is based on the PDCA cycle, which builds the management system that plans, implements cybersecurity, maintains, and improve the whole system.
• Monitoring using Splunk/ Wily Introscope and setting up WebSphere Global Security for access to the admin- console. Configuring the HTTP Server for various clustered application servers using virtual hosting and enabling SSL security.
• Consult clients on automating business processes & risk management activities in the RSA Archer GRC.
• Prepared risk-based test plans and perform the security testing (tool-based testing, manual penetration testing, source code review, etc.) on the different layers of those information systems in support of the Certification & Accreditation.
• Performed regular review and recertification of DLP Policies, TLS Domain whitelisting, SOP for enhancement with ITRM (Information Technology Risk Management) and Risk assessment.
• Worked to improve logging in our SIEM and helped create better visibility across our network through LogRhythm.
• Utilized McAfee Threat Intelligence Platform and other OSINT sources such as news articles and research papers to pull IOCs and conducted searches in LogRhythm.
• Security Engineer for the deployed SIEM tool (LogRhythm) including troubleshooting, updating/patching, configuration, and availability of the SIEM.
• Implementing and managing the threat detections tools and solutions to support the team’s mission
• Analyzing potential threats against the client’s computing environment
• Own all aspects of cloud security product definition including vendor integration, platform integration and monitoring for cloud platforms including but not limited to Microsoft Azure
• Expert knowledge of Public Cloud security architectures and Azure infrastructure Black Hawk, VA Jan 2020 to July 2020
Cyber Security Engineer
• Performed Vulnerability Assessments and taking the required counter actions and measurements to ensure the security of the IT infrastructure / systems.
• Designed, tested, and implemented security infrastructure including centralized logging, IDS, HIDS
• Analyzed network traffic PCAP and TCP dump with Wireshark.
• Worked on OWASP top 10, CIS CSC, DLP, Data classification, and Encryption standards for Contractors and employee's and experience with object-oriented programming (OOP) concepts using Python, C++, C# and PHP.
• Provided technical engineering support and research in advanced persistent threats (APT), software assurance (SWA) and threat replication.
• Investigated and researched events using LogRhythm SIEM (Security Information and Event Management), correlating with FW, IPS/IDS, Symantec Proxy SG, Proofpoint, WAF and Web logs.
• Created connections with Tanium in to Splunk to track software removals, vulnerabilities, IOC and various hardware
• Performed regular review and recertification of JDA Policies, TLS Domain whitelisting, SOP for enhancement with BU Risk.
• Skilled using Burp Suite, Acunetix Automatic Scanner, NMAP, Dir-Buster, HP Fortify, Qualys-guard, Nessus, SQL Map for web application penetration tests and infrastructure testing.
• Helped the SOC team and Cyber security team to see what are the Vulnerabilities and Risks that are hitting the environment and see what are machines that have vulnerabilities.
• Monitor performance of network and servers (Microsoft and Linux) to identify potential problems and bottleneck.
• Narrow down anomaly traffic with Wireshark for hostile string or Domain.
• Monitored controls post authorization to ensure continuous compliance with the security requirements.
• Performed Risk compliance checks against industry standard and regulatory mandates such as FISMA, DISA, HIPAA, SCAP.
• Strong understanding of enterprise, network, system/endpoint, and application-level security issues and risks Quad One Technologies March 2019 –December 2019
Cyber Security Analyst
• Collaborate effectively with developers, system/network administrators and other associates to ensure secure design, development, and implementation of applications/networks.
• Perform VAPT of Web Applications to understand the business requirements of products.
• Singlehandedly create test plan document, security checklist and review the testing documents.
• Performed manual and automated static code analysis to identify vulnerabilities and flaws.
• Leveraged high exposure on Akamai.com for web application pen testing and cloud security policies.
• Worked closely with IBM app Scan for Dynamic vulnerability assessment of web applications.
• Provide quality training and supervision to development team to ensure strict adherence to the OWASP secure coding practices.
• Developing and updating systems documentation (e.g., Con Ops, Operating procedures, systems architecture documents) and providing oversight of the PKI library
• Reputed for high exposure in configuring web application firewalls, performing security analysis, and eliminating the false positives based on the Dynamic scan reports.
• Attended the remediation review meetings, project meetings and other stake holders.
• Extensively involved in defect tracking and reporting to developers. Information gathering about client network.
• Gathered vital information related to the open ports in the network using Nmap.
• Scanned known vulnerabilities/service exploit using Nessus and Qualys while maintaining the testing status sheet with daily and monthly updates.
Cynosure Software Solutions August 2015 to Feb 2019 Cyber Security Analyst
• Provided quality support with the development of processes and procedures to improve incident response times, analysis of incidents and overall SOC functions.
• Championed IT audit procedures to identify risks or deficiencies in business controls; (This includes tests of controls over IT infrastructure, network applications, data bases, systems security, and compliance activities).
• Developed and implemented online security procedures, updated security software to prevent database security threats and equally implement system recovery procedures to minimize losses should an attack occur.
• Worked closely with Crowd Strike management protection, and threat intelligence to update security Policies and address current concerns.
• Communicated effectively with clients to implement system security measures, develop computer security plans and provide technical guidance and training.
• Identified and troubleshoot issues while working with team to efficiently solve problems and implement effective solutions.
• Assisted in developing IT audit programs and preparing audit reports of findings related to compliance activities or other risk exposures.
Contact this candidate