Cyber Security Engineering
Resume:
Professional Summary
**+ years’ combined experience in Network/IT and Cyber Security.
Past 8 eight consecutive years concentrated on Cyber Security.
Experienced performing vulnerability analysis for risk management using Tenable Nessus, OpenVas, Acunetix, Qualys, GFI Languard, and Owasp Zap.
Monitored and researched Cyber Threats with a direct and indirect impact to the organization internally with reference to NIST 800-71 and PCI DSS.
Proficient in assessing client security systems using NIST Publications 800-53A, 800-53, 800-37, FIPS 199, FIP 200, OMB A-130, ISO 27001, COBIT, HIPPA, and all related appendices.
In-depth knowledge of FIPS guidelines, System Security Plan (SSP), Security Assessment Plan (SAP), SAR, Plan of Action & Milestone (POA&M), Risk Assessment (Impact Analysis), and Contingency Planning.
Experience in developing policies and procedures based on the respective NIST publication and the FIPs 199 and FIPs 200.
Knowledgeable in standard security and regulatory frameworks, including ISO 27001/31000 and NIST 800.
Skilled in OS fingerprinting, Banner Grabbing, Network Mapping using enumeration tools such as Wireshark, Nmap, Metasploit, John the Ripper, Aircrack, Burp Suite, Cain and Abel, SQLMap, Kali Linux, Nessus, Ettercap, Burp Suite, Aircrack, Snort, Webroot.
Applied encryption and hashing tools and techniques AES Crypt, BitLocker, Steganos Locknote, MD4 hashing calculators (for file integrity checking).
Skillful with SIEM tools such as Splunk, FireEye HX/NX, AlienVault and Elastic Search for evaluating network attacks and alerts. I also used those alerts for preliminary threat hunting.
Conducted vulnerability assessments and mitigate risk through patch management.
Skilled with multiple firewall solutions, network security, and information security practices.
Applied current information assurance technologies to architecture, design, development, evaluation, and integration of systems and network infrastructures.
Experienced with Security Information and Event Management Tools such as Splunk.
Performed manual searches from the gathered logs via Splunk.
Performed security system administration tasks such as network/system troubleshooting, and patch operating systems and applications at NOC stations.
Knowledge in Cisco Switches and Router Configurations.
Reviewed Security logs by checking for activity that may normally not be seen against certain systems.
Worked with Legal and Compliance teams and perform electronic discovery and computer forensics to support investigations.
Coordinated and facilitated Contingency Plans and Exercises for general support systems.
Developed and conducted the evaluation of Business Continuity Planning and Disaster Recovery (DR) operations during annual incident response training.
Supported security tests and evaluations (ST&Es).
Well-organized, self-starter, quick learner, self-motivated, team player with analytical, technical, and communication skills.
Skilled and technically proficient with multiple firewall solutions, network security, and information security practices.
Technical Skills
Network Security
Behavioral Analytics
Firewalls
Application Security
Network Access Control (NAC)
Endpoint Security
Data Loss Prevention
DLP Planning data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage
Email Gateways
User Behavior
Network Access Security Methods
IP Filtering
MAC Filtering
Port Filtering
Access Control List (ACL)
Tunneling & Encryption
Remote Access
Mobile and Wireless
Mobile Device Management (MDM)
Wireless Access Points
Mobile Device Email
Security Tools
WireShark
SNORT
Splunk
SolarWinds
Metasploit
Nessus
OpManager
Symantec
Arcsight
Kali Llinux
Testing
Penetration Testing
Security Assessment
Methods
Network Security Defense
Security Offense
Professional Work Experience
Cyber Security Subject Matter Expert (SME)
TECHMAHINDRA/BAKER AND TAYLOR, Charlotte, NC
Jun 2022 – Current
Baker and Taylor is one of the largest international suppliers of library content, software and services to public and academic libraries in the U.S., in business for over 190 years.
Worked with on-site team and management to understand how different Cyber Security solutions would support specific business objectives.
Managed MIMECSAT, FIREWALLS/PANORAMA, IVANTI/PULSE SECURE, DUO and resolved mission critical tickets using SNOW.
Provided administrative assistances with threat hunting decisions based on the tactics, techniques, and procedures from the MITRE ATTACK Framework.
Improved upon organization incident response procedures' mitigation and reaction capabilities by emulation and analysis of network intrusion events and incidents from emerging cyber risks.
Worked with the SOC team to provide 24/7 Cyber Security coverage, responding to all alerts per SLAs.
Conducted Cyber Security Awareness Training with SOC Team for all end-users and management.
Responsible for assisting the SOC team in maintaining SIEM tools, hardware for network security and their configurations, change management, security logging, and assisting in incident response.
Monitored Mimecast for email security and checked on the application if there are any emails held.
Added domain name system (DNS) into the permitted list for the web application.
Applied policies based on client request and blocked email communication between the client domain and trusted domains to bypass policies.
Experienced with Mimecast by controlling the email flow within the organization and following policies to filter email and reject/block suspicious senders by releasing their emails.
Monitored firewalls logs and checked for abnormal behavior, writing policies, blocking suspicious Ips, as required.
Used Pulse secure/IVANTI Virtual Private Network (VPN) application in Baker and Taylor.
Created credentials for new users/removed or deleted users who were no longer working for the Company.
Reviewed audit logs and provided Cyber Security documentation guidelines to business process owners and management.
Helped users/customers with VPN issues by troubleshooting and resolving them.
Used DUO for Multi Factor Authentication (MFA) access to the VPN for all users by creating a profile by making sure the information is matching with the Active Directory (AD) and by sending an activation code to the users/customers phone number to activate them.
Used SERVICE NOW to create tickets, resolve incidents, and raise change requests.
Utilized Splunk dashboards for Cyber Security incident reports in Splunk and helped create automated reports for greater understanding of, and accountability for, Cyber Security issues and Incident Response Plan and Continuous Monitoring in accordance with NIST 800 series guidelines.
Used Microsoft teams for all our scrum meetings and MS Outlook for emails to communicate with team members within the organization.
Cyber Security Subject Matter Expert (SME)
American Tower Corporation, Boston, MA
October 2020 – May 2022
American Tower Corporation is an American real estate investment trust and an owner and operator of wireless and broadcast communications infrastructure in several countries worldwide
Worked with on-site team and management to understand how different Cyber Security solutions would support specific business objectives.
Identified gaps in the organizational security stack and evaluated technologies to close them, resulting in improved security posture.
Collaborated with stakeholders, including project managers, architects, and other technical leads around cybersecurity requirements throughout the lifecycle of the project.
Performed analysis to validate all security requirements and recommended additional security measures and safeguards.
Evaluated security measures to protect against threats or hazards to data.
Engaged with external auditors and third parties in support of security activities.
Developed project plans, estimations, specifications, flowcharts, and presentations.
Conducted a gap analysis of the firm's anti DDoS capabilities and documented the security requirements for an enterprise-wide anti DDoS solution in a hybrid environment.
Designed and developed a Business Continuity Plans and Network Perimeter Security including Endpoint Security.
Conducted a DMZ security architecture review of multiple data centers across the globe to highlight gaps in common security controls.
Assessed rules for effectiveness and prioritized for implementation based on maximum risk reduction.
Outlined a plan for website security following OWASP Top 10.
Architected end-end Identity and Access Management solutions in On Prem and hybrid following HIPAA regulatory compliance standards.
Provided holistic data governance solutions with an emphasis on data classification and data leakage prevention.
Supervised the development of training content for issues related to IT Cybersecurity.
Worked with clients to ensure that controls adhered to the overall solution architecture.
Made recommendations to mitigate risks during the development and production cycle.
Managed and ensured compliance with IT structures / processes / guidelines /technologies.
Oversaw troubleshooting of complex, technical situations by providing solutions based on established cybersecurity standards.
Streamlined the legacy security architecture questionnaire into one based on the NIST Cybersecurity Framework v1.1 with scoring to reduce the time of a security architecture review by 30+%.
SOC 3 Analyst
Colgate-Palmolive Company, New York, NY
November 2018 – October 2020
Colgate-Palmolive Company is a multinational consumer products company that specializes in the production, distribution and provision of household, health care, personal care and veterinary products.
Investigated, captured, and analyzed events related to cyber incidents.
Analyzed network data traffic using SIEM tools such as Splunk and IBM's Resilient Systems.
Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.
Monitored IDS/IPS, Syslog, and OpenDNS.
Monitored and responded to various endpoint detections via SEPM.
Researched emerging cyber threats to understand and present hacker methods and tactics, system vulnerabilities, and indicators of compromise (IOC).
Monitored network for suspicious activity using continuous monitoring with various security tools (e.g., Wireshark, Splunk, Alien Vault) to identify potential incidents, network intrusions, and Malware events, etc.
Monitored systems and detected, analyzed, and resolved incidents/events reported by various SIEMs (SourceFire, Tripping Point).
Monitored and analyzed network traffic with Source-Fire and Stealth-Watch Intrusion Detection systems.
Monitored the general support system for vulnerabilities, including weak password settings and weak configuration settings.
Performed Vulnerability Assessment using Metasploit.
Conducted above-core software reviews to ensure applications requested by users complied with requirements, guidelines, and standards before installing on systems.
Performed security testing and analyzed results to identify vulnerabilities and violations of information security.
Developed and maintained security Implementation policies, procedures, and data standards.
Identified areas for improvement, controlled security gaps, and evaluated the impact of various Cyber Security measures.
Documented and logged technical incident details for future reference.
Developed and implemented a complete restructuring of security groups to manage domain permissions to resources more effectively.
Assessed business processes to identify potential risks.
Promoted awareness of information security issues among system owners and executive leadership to ensure they understand and adhered to systems security policies and procedures.
Defined, established, and managed security risk metrics and tracked effectiveness.
Monitored security patch levels of servers, workstations, network environments, and anti-virus systems.
Performed proactive network monitoring and threat analysis.
Recommended and addressed the acceptability of software products for a continuous monitoring project.
Monitored and analyzed Intrusion Detection Systems (IDS) to identify security issues for remediation.
Assisted in planning and developing a security system aimed to establish a security infrastructure.
SOC 2 Analyst
Ameren Corporation, St. Louis, MI
October 2016 – November 2018
Ameren Corporation (AEE) provides power for millions of people throughout Illinois and Missouri. Ameren Illinois provides electric distribution and transmission service, as well as natural gas distribution service, while Ameren Missouri provides vertically integrated electric service, with generating capacity of over 10,200 megawatts, and natural gas distribution service.
Served as SOC analyst responsible for monitoring all in-place security solutions for proactive and efficient Cyber Security operations.
Monitored Cyber Security controls for compliance and effectiveness.
Monitored and analyzed Intrusion Detection Systems (IDS) to identify Cyber Security issues for remediation.
Monitored all user-related settings for vulnerabilities such as weak password settings, and weak configuration settings.
Analyzed Cyber Security event logs, system logs, and firewall logs.
Monitored incoming event queues for potential Cyber Security incidents and responded according to SOC team incident response procedures.
Detected Cyber Security events and reported all threats regardless of classification level or type.
Provided SOC support for a range of Cyber Security services including external threat monitoring, detection, event analysis and incident reporting.
Audited End protect Protection tool to verify compliance with security controls.
Performed security testing and analyzed the results to identify vulnerabilities and violations of information security policy.
As SOC team member, participated in presentation reviews, threat reporting, and reporting on events and responses.
Managed Splunk user accounts (create, delete, modify, etc.).
Investigated network access incidents in the network logs using Splunk.
Identified changes to systems that impacted security controls. Performed security impact assessment of proposed changes, reported any change in risk posture, and provided recommendations for risk mitigation.
Identified the likelihood and impact of organizational or technical cyber risks based upon NIST requirements.
Performed Cyber Security Vulnerability Testing, Risk Analysis and Security Assessment.
Used pfSense for Firewall security management as part of SOC operations.
Followed-up Cyber Security audit findings to ensure that management has taken corrective actions and that any issues or vulnerabilities have been resolved.
Provided user training on Cyber Security and conduct Security Awareness Trainings with members of the SOC.
Troubleshot and resolved issues with Cyber Security compliance tools and dashboards most of them in Splunk.
Provided technical support for Cyber Security Risk Management Program and as SOC analyst, identified threats and vulnerabilities.
Conducted network monitoring and incident response operations supporting the client 24x7x365.
Implemented processes to capture both current and historical audit findings to identify systemic failures and patterns for corrective action.
Helped with evaluating and testing of incident playbooks to see where improvements can be made.
Penetration Tester
Turner Construction, New York, NY
June 2014 – October 2016
Turner is a North America-based international construction services company and is a leading builder in diverse and numerous market segments.
Performed pen tests over different business applications and network devices of the organization.
Conducted penetration tests on systems and applications using automated and manual techniques with tools such as Metasploit, Burp Suite, IBM App Scan, Kali Linux, and many other open-source tools as needed. Work with support teams to address findings as a result of the tests.
Completed tasks such as researching and identifying security vulnerabilities on the networks and systems.
Participated in assigned exercises (e.g., COOP, network vulnerability, "red team/blue team", etc.)
Conducted attack analysis on the IDS reports to detect the attacks and reported the analysis.
Conducted intrusion testing and prevention, created and annotated log data samples, and managed a Malware lab sandbox environment.
Differentiated potential intrusion attempts and false alarms and prioritized response using Splunk and Snort.
Scheduled a Penetration Testing Plan throughout the organization and completed all the tasks in the given time frame.
Determined cause and researched attack vectors, extent of exposure, and overall risk to environment.
Demonstrated problem-solving abilities by finding vulnerabilities and risks in computer networks and taking measures to correct or exploit those vulnerabilities.
Performed Vulnerability Assessments and Penetration Tests using tools such as Burp Suite, Nessus, and Kali Linux.
Performed security vulnerability assessments and penetration tests to ensure client environments and data are secure as well as satisfying regulatory compliance requirements for such regulations.
Burp Suite, DirBuster, Hp Fortify, N-map, SQL Map tools were used as part of the penetration testing, on daily basis to complete the assessments.
Tested for vulnerabilities and confirmed exploitability using Burp Suite, Metasploit, Kali Linux, and custom scripts and manual techniques.
Established and improved processes for privileged user access request.
Promoted a new and cost-effective Plan against Phishing Attacks and successfully reduced the volume of phishing mails up to 60%.
Led penetration tests and security assessments for applications and infrastructure, including web application assessments, mobile application assessments, API assessments, and physical penetration of properties.
Explored OWASP top 10 vulnerabilities along with remediation recommendations.
Network Engineer
Kimberly-Clark Corporation, Irving, TX
August 2011 – May 2014
Kimberly-Clark Corporation is a multinational personal care corporation that produces mostly paper-based consumer products (sanitary paper products) and surgical and medical instruments.
Communicated and engaged with senior management (ACIO, CISO, and ISSO) and system owners to assure information sharing and timely incident response and risk reporting.
Responsible for (Intrusion Detection System) IDS/IPS (Intrusion Prevention System) configuration, tuning, deployment and monitoring.
Performed comprehensive investigations of cybersecurity breaches, analysis on most prevalent vulnerabilities, threats, attack methods, and infection vectors.
Monitored various client's ePOs, SEPMs, SiteProtectors and NSMs.
Used various security and monitoring tools to increase production efficiency and reliability.
Conducted network monitoring and incident response operations supporting the client 24x7x365.
Advised leadership on encryption products, solutions, and issues.
Conducted analysis of IA requirements related to customers, organization, infrastructure, and support services.
Monitored and investigated suspicious network activities utilizing a variety of tools such as Splunk and FireEye.
Investigated network access errors as well as network logs using Splunk.
Assisted in the evaluation, testing and recommendation of hardware, software, and network
Applied concepts of dual control and split knowledge, integral in applying least-privilege principles and maintaining the security of sensitive keys or data.
Applied signature Updates Deployment on the Management Components and all the Individual IPS/IDS devices Intrusion Prevention System - IDS/IPS Implementation and Upgrade for Site Protector.
Efficiently facilitated and expedited the tracking, handling, and reporting of all security events and computer incidents.
Implemented deep dive analyses on alerts received from enterprise security tools and took action on remediation process.
Deployed, configured, and maintained Splunk forwarder on different platforms.
Coordinated with application and system owners to onboard applications in Splunk and ensure logging capabilities were functional.
Produced and submitted appropriate forms to ensure the proper guidance for the protection and handling of security information.
Ensured the confidentiality, integrity, and availability of systems, networks, and data through security programs, policies, procedures, and tools.
Implemented, validated, and maintained Information Assurance controls.
Education
University of Kinshasa – Bachelor of Science (Computer Science)
Certifications
CompTIA Security+ (Certified)
Certified Ethical Hacker (CEH)
Azure Fundamentals AZ-900
AWS Fundamentals
Azure Security AZ-500
AWS Security Specialist
Certified Information Security Auditor (CISA)
Certified Information Security Manager (CISM)
Certified Information Systems Security Professional (CISSP)
Splunk Fundamentals part1
Contact this candidate