Cyber security
Resume:
Harshit Hegde
Cyber Security Engineer
**************@*****.***
Professional Summary
Having 7 years of Experience on multiple cloud environment. Identified security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives.
Provided technical support in the development, testing and operation of firewalls, intrusion detection systems, and enterprise anti - virus and software deployment tools. Assessed, prioritized and updated existing IT security policies and standards to reflect the GRC framework.
Develop, Strategy Planning by utilizing Splunk and other SIEM cybersecurity tools.
Maintaining the MS SQL Server including User Logins, Groups Creations with appropriate roles and monitoring, dropping and locking the logins, granting the privileges to users and groups.
Worked with Security Operations Center (SOC) web application security log analysis and Malware Analysis, Phishing / Spam email Investigation, EDR tool (Titanium / Crowd Strike/Carbon black and other relevant tools.
Knowledge of various security platforms and tools, such as firewall, CASB, proxy, Splunk-SIEM, IDS, IPS, Key-secure, Crowed strike and SOAR.
Working knowledge of the incident response lifecycle and MITRE ATT&CK Framework.
Implementation of appropriate Accreditation and Authorization activities per JSIG, DoD and ICD 503 RMF, NISPOM, or DoD Overprint to the NISPOM on customers requirement.
Raising Tickets using ServiceNow during Investigation of Symantec DLP and understanding of Imperva Management Console.
Worked on continuous improvement and document IT Security technology standards, policies, and processes, including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
Familiar with forensic approach to challenges and vulnerabilities in day-to-day IT infrastructure.
Deep analysis of how cybercriminals work and ability to keep up with the fast pace of change in the cybercriminal world.
Perform security risk assessments for internal systems and processes, new software technology request to include mobile apps, web applications, etc.
Timely Conducts vulnerability scans, penetration testing, and log review to identify risk areas. Administers and updates security measures and operate software to protect systems and information infrastructure, including firewalls, phishing protection, and data encryption programs.
Actively Participates in security investigations and compliance reviews, as requested by internal or external auditors and creates metrics and reporting for network security alerts, vulnerabilities, changes and performs periodic audits.
Timely Updating on information technology trends and security standards and having Strong Knowledge of cyber security tools network protocols and operating systems.
Technical Skills:
Networking
Packet Analysis (tcpdump, Wireshark), IDS (Bro, Snort), Splunk, Firewall,
IDS/IPS, Access Control
System
Administration
DNS, FTP, SSH, DHCP, SMB, HTTP, Virtualization
Vulnerability
Assessment
Nmap, Nessus, Ettercap, Qualys, Metasploit, Honeypots (honeyD, inetSim),
Burp Suite, Nexpose, Acunetix, IBM App Scan, HP Web Inspect
End Point Security
McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Symantec McAfee
Email Security Gateways GUI & CLI, McAfee Network Data Loss Prevention,
McAfee NITRO SIEM Security Information and Event Management
Platform/Application
Continuous Monitoring Vulnerability Management, Web Application Scanning,
Threat Protect, Policy Compliance, Cloud Agents, Asset Management,
Governance, Risk Management and Compliance, SolarWinds, Nexpose, Rapid7
Event Management RSA Archer, Blue Coat Proxy, IBM QRadar, NTT Security,
LogRhythm, Pen Test Tools Metasploit, Kali Linux, Docker, Synk, AuqaSec,
Terraform, AWS cloud formation
Standards &
Framework
OWASP, OSSTMM, PCI DSS
Security Software
Nessus, Ethereal, NMap, Metasploit, Snort, RSA Authentication, PIA
Programming
Languages
C, C++, Java, Python, JavaScript, PowerShell, Linux
Protocols
TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS, NetBIOS, SNMP, TLS
Domain Knowledge
Risk Management, BCP/DRP, ISO 27001, COBIT, SWOT analysis,
Cryptography, Incident Response, Penetration Test, Risk Assessment, SCADA
Security, SCADA Audits, SIEM, ITIL, NIST, FIPS
Work Experience
Role: Cyber Security Engineer Jul 2022 – Present
California Department of Technology, Sacramento
Responsibilities:
Utilize Nessus/Tenable, Nmap, OWSAP and Web Inspect to scan all ports, access points, devices, software and Servers.
Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives. Provides technical support in the development, testing and operation of firewalls, intrusion detection systems, and enterprise anti-virus and software deployment tools.
Install, Troubleshoot, Monitor ASP.NET Web Applications.
Utilize PowerShell, SCCM for scripting, patching, Application Testing and Imaging Windows OS, 7 & 10 machines.
Monitored, Configured, Scan/Patch Network TCP/IP, DNS, Telnet and DHCP.
Managed/Secured and Scanned devices, software, Web applications following NIST protocol & FIPS 140-2
Auditing and documenting systems using DISA auditing tools, Assured Compliance Assessment Solution (ACAS), DISA STIG, and SCAP tools.
Responsible for monitoring and, providing analysis in a 24x7x365SecurityOperation Center (SOC) using Splunk SIEM, IDS/IPS tools.
Lead in implementing security solutions towards SIEM tool using Splunk, and work on setting up the dashboard. Operate closely with data security teams.
Used Splunk Deployment Server to manage Splunk instances and analyzed security-based events, risks & reporting.
Provide support of Splunk integration and deployment, configuration and maintenance
Integration of data feeds (logs) into Splunk.
Managing various industries standard IPS, PIA, CASB, Firewalls, Gateways, VBlock, Rapid7 Virus and Endpoint Managers
Audit and validate configurations of network devices based on DISA STIGs
Utilize RSA Archer platform 6.1
Expertise in implementation, customizations and integrations of eGRCRSAArcher5.5 and 6.x version upgrades
Develop and maintained a formalized GRC framework, utilizing standards-based controls aligned to business.
Administrated Archer Data Feeds, questionnaires, calculated fields, work flow, reports, dashboards, I- views, Packaging.
Assess, prioritize and update existing IT security policies and standards to reflect the GRC framework.
Utilize Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), McAfee Endpoint Encryption Data Leakage Prevention (DLP), PIA, Forcepoint, forensics, sniffers and malware analysis tools.
Monitored and configured Azure, Google Cloud Networks, including Virtual Networks, Network Security Groups Traffic Manager, Network Monitor, Load Balancers and User Defined Routing
Provisioned user accounts and role-based policies for access to Google Cloud, Azure services, Google Cloud, Azure Identity Management services
Setup, configure, and maintain hosted environments such as Microsoft Azure, Google Cloud, and Amazon Web Services.
Role: Cloud Security Engineer Jun 2021 – Jun 2022
Macy's Chicago, IL
Responsibilities:
Experience implementing and administering Cloud Workload Protection Platform (CWPP) or Cloud Security Posture Management (CSPM) tools - e.g., Dome 9, Prisma Cloud, Orca etc.
Experience securing or administering multi-account/subscription public cloud environments (AWS, Azure, GCP)
Experience with using a broad range of AWS technologies (e.g., EC2, RDS, ELB, EBD, S3, VPC, Glacier, IAM, CloudWatch, KMS) to develop and maintain an Amazon AWS based cloud solution, with an emphasis on best practice cloud security
Strong knowledge and experience with AWS cloud architecture (i.e., RDS, S3, ECS, DynamoDB, API gateway, CDK, etc.)
Expertise with GitHub, Gitlab, Terraform, Pulumi, Ansible or other CI/CD tools
Mentor junior team members on cloud security best practices.
Shore Infotech, India Aug 2018 – Jun 2020
Role: Senior Network Engineer
Responsibilities:
Interface with users, technicians, engineers, vendors and other Technical Maintenance personnel to install, update and debug automated systems.
Ensure products and systems comply with cyber security standards and practices. Develop test routines and monitoring solutions. Penetration testing using Nmap and Wireshark.
Provide day to day support of servers, workstations, network and other equipment. Document support procedures specific to systems to be utilized by the Technical Maintenance and Engineering departments.
Designed and built new Cisco datacenter physical and logical network infrastructure to host Sprint’s new 4th generation wireless customers’ interactive web based online billing database (Ensemble) for the migration of 30 million customer accounts.
Responded to outages and joined bridge calls to troubleshoot connectivity & participate in network design & planning alongside engineers in remote locations from other vendors including Sprint, Telcordia, AT&T Mobility.
Monitored & queried Unix file systems to check Pix firewall logs on Sprint Perimeter firewall modules.
Used Cacti, Multi Router Traffic Grapher (MRTG), HP OpenView, Cisco works & SolarWinds Configured Cisco content services module (CSM) load balancers, Cisco firewall switch modules, Cisco Pix 535 firewalls, Cisco 7206 VXR VPN routers, Cisco 6500 series blade switches, and a few Catalyst 5500’s. Routing & network protocols configured and supported include BGP, OSPF, EIGRP, HSRP, PPTP, QOS, SSH, Telnet, 802.1Q, MPLS, ATM, frame relay, HDLC Supported a mission critical, production infrastructure in a fast paced environment where outages were measured in seconds.
Reviewed detailed engineering change scripts, executed change and validation procedures & provided feedback for improvements in engineering design meetings.
Attended change control meetings and represented the network team, explaining the impact and need to implement technical changes to the director on call and to obtain approval to implement these changes.
Worked shifts in the command-and-control center (CCC) as needed to maintain network monitoring coverage.
Designed Cisco router & switch configurations.
Created & maintained Visio network diagrams outlining interconnections and merged existing Visio diagrams to reflect changes.
Modified access control lists (ACL’s) on Cisco firewalls.
Added, removed, and created streams & server farms on the Cisco content services module (CSM) load balancers.
HDFC Bank, Hyderabad, India May 2016 – Jul 2018
Role: Cyber Security Analyst
Responsibilities:
Responsible for detection and response to security events and incidents within global fortune 500 client networks; utilizing ArcSight, Splunk, Tipping Point, Virus Total, IPVOID, FireEye, Wireshark, etc. to gather, analyze, and present forensic evidence of cyber malware and intrusions.
Review System and firewall logs based on individual preset client policies, rules, and standards; also review all host activity for specified timeframe.
Work directly with ESM engineers and Account Information Security Officers to adjust alert criteria.
Coordinated escalations to Forensic Analyst Team with recommendations for remediation
Acted as liaison and interacted with leadership, account management teams, and engineers to further define the risk and remediation plan.
Evaluated and fulfilled requests from the Account Information Security Risk & Compliance Officers for each client and aligned with the appropriate runbook procedures to attain Client Service Level Objectives and Agreements.
Adjusted network alerts temporarily to suppress excessive alerts prior to engineers making permanent threshold changes.
Facilitated and operated direct telephone communication in order to perform the immediate required escalation requests or engagements of required teams to support clients.
Researched McAfee Threat Center, Symantec, and other vulnerability and threat libraries to identify and formulate remediation plans.
MyZingo ecommerce Services Pvt Ltd, India Jun 2015 – Apr 2016
Role: Infrastructure Security Analyst
Responsibilities:
Processed approved dataset access request and user id request for internal EDS and client platforms using ACF2, RACF, UNIX, and Windows.
Participated in off-site quarterly Disaster Recovery Drills, providing access to the model office environment and troubleshooting dataset access issues, account creations, and password resets.
Managed onboarding of external clients (health care, banking, telecom, etc.).
Participated in annual audits of critical data to ensure we were PHI, PII, PCI, and SOX compliant.
Proactively monitored vendor websites for new or updated information regarding vulnerabilities and medium and high impact virus threats and updated the internal knowledge base accordingly; as warranted created and issued internal news bulletin warnings of possible vulnerabilities and malicious code threats and providing instructions to mitigate threat and clean up instructions for machines which may have been infected
Maintained anti-virus software platforms with vendors, including signature and DAT file releases, AV software updates and patches.
Education:
Master of Science: Computer Information System & Cyber Security
AUBURN UNIVERSITY AT MONTGOMERY (AUM) Montgomery, AL
Professionalized - Ethical Hacking, Penetration testing, Computer Software & Network Security
Bachelor of Computer Application
AMRITA VISHWA VIDYAPEETHAM Mysore, India
Won Best Poster Award at an International Conference - RICCIS'19 for a project titled "IP Packet Payload Classification using SDN Algorithm"
Contact this candidate