Cyber Security Service Manager
Resume:
UMAR NAREJA
Chicago, IL *****
************@*****.*** +1-872-***-****
PROFESSIONAL SUMMARY
• IT Security Professional with 6+ years' experience in Qualys, CrowdStrike Falcon, Zscaler, Mimecast, DLP, WAF, Splunk, and knowbe4
• Completed an individual project where I provided a detailed analysis of a malicious packet capture using tools like Wireshark, Snort, Nessus, and Netwitness Investigator
• Knowledge of Computer Networking Basics, SOC Components, OSI model, TCP/IP protocols, Data Backup basics, Information Threats and Attacks.
• Can use different environments: Microsoft Cloud App Security, Azure, SEP 14, Symantec ERD, Nexpose, Sourcefire, PowerShell, Blue Coat, VMware vSphere, VMware Service Manager, ServiceNow, Active Directory, Joe Sandbox.
• Worked on McAfee VSE product for Stop worms, spyware, and viruses, get high- performance security, lessen damage from outbreaks.
• Knowledge of common cyber security technology tools such as firewalls, IPS/IDS, DLP, CASB, Network access control, DDOS Mitigation, Anti-Malware, Anti-Virus, encryption, and two factor authentication.
• Experience with various Endpoint tools like McAfee EPO, Carbon Black, CrowdStrike Falcon, BigFix, Symantec EPO (IDS/IPS).
• Perform vulnerability scans using Tenable Nessus, Qualys, Rapid7 Nexpose and prepare reports.
• In-depth knowledge of NIST 800 Special publications, Federal Information Processing Standards (FIPS), and other important federal regulations
• Expert at implementing network security, SIEM tools, new concepts, identity management, new security technologies, securing cloud architecture, and new security controls as well as in developing innovative security controls and processes that meet business and executive requirements in order to protect information.
• Worked on SOC department which runs 24*7 days and able to analyse all security incidents.
• Extensive knowledge of information security principles and practices, understanding of security protocols, standards and defense in depth.
• Automated the centralized detection of security vulnerabilities with scripts for Vulnerability assessment tools like Qualys Guard and Nessus.
• Information protection solutions, including Monitoring, DLP and Security Auditing solutions from Symantec.
• Experience with network monitoring with SIEM IBM QRadar and Wireshark, Information Security & Network security configuration and functions.
• programs by performing vulnerability scans with Nessus and generating reports Configured and involved to configure WAF (Web Application Firewall) architecture to inspect HTTP traffic with content filtering capabilities to prevent SQL injection, cross- site scripting, buffer overflow, cookie contamination, and security misconfiguration.
• Having Strong understanding of DLP Architecture.
• Experience working in Security Operations Center (SOC) TECHNICAL SKILLS & TOOLS
Vulnerability Management
Qualys, Tenable Nessus, Rapid7
Endpoint Security
CrowdStrike Falcon, Palo Alto Cortex
XDR, SentinelOne, Microsoft Defender
for Endpoint
SIEM & Log Analysis
Splunk, ArcSight, Microsoft Sentinel
Network Security
Zscaler, Palo Alto Firewalls, Bluecoat
Proxy
DLP
Symantec DLP,Microsoft Purview DLP
Email Security
Mimecast, Microsoft EOP, Cofense
PhishMe
Threat Intelligence & Hunting
MITRE ATT&CK, VirusTotal,
URLVoid, IPVoid, Robtex
Incident Response
Digital Forensics, Root Cause Analysis,
Incident Playbooks
Cloud Security
AWS Security, Azure Security, SaaS
Security Controls
Patch Management
Windows Updates, Linux Patching,
Server Hardening
Identity & Access Management
Multi-Factor Authentication (MFA),
Least Privilege, IAM Policies
Compliance & Risk
ISO 27001, NIST CSF, SOC 2, HIPAA,
GDPR, PCI-DSS, SOX
Automation & Scripting
Python, PowerShell, Bash, Splunk
Queries
Forensics & Malware Analysis
Wireshark, Windows Event Logs, Static
Malware Analysis
Security Awareness Training
KnowBe4, Cofense PhishMe, Employee
Phishing Training
Security Operations Center (SOC)
Security Monitoring, Log Analysis,
Intrusion Detection
Ticketing & Incident Management
ServiceNow, Jira, Remedy
Operating Systems
windows, linux,macos,Ubuntu
protocols
HTTPS,HTTP,SMTP,FTP,UDP,TLS,SSL
,TCP,SSH,SPF,DKIM,DMARC,WPA2/
WPA3,EAP,DNSSEC,NetFlow,SNMP,IP
Sec,SFTP,LDAP,RADIUS,TACACS+,O
Auth & OpenID Connect,ARP
Security Analytics & Reporting
Power BI, Excel, Splunk Dashboards
WORK HISTORY
02/2024 to Current Cyber Security Engineer
Southwest Airlines – Chicago, IL(Hybrid)
• Conducted vulnerability management using Qualys, ensuring timely detection, assessment, and remediation of security risks
• Managed email security solutions using Mimecast, reducing phishing and spam attacks through advanced filtering and threat intelligence
• Implemented web security policies with Zscaler, enforcing URL filtering, SSL inspection, and zero-trust access controls
• Configured CrowdStrike Falcon to enhance Endpoint Detection & Response
(EDR), identifying and mitigating malware and advanced threats
• Analyzed security logs and threat intelligence feeds in Splunk, proactively detecting security incidents and anomalies
• Administered SIEM solutions to correlate logs and automate alerts, improving real-time threat detection and response
• Managed patch management processes, ensuring timely updates across servers, workstations, and cloud environments
• Enforced multi-factor authentication (MFA) and access control policies, reducing unauthorized access risks
• Developed and fine-tuned firewall and proxy rules, optimizing security while balancing performance
• Monitored and analyzed network traffic for Indicators of Compromise (IoCs), ensuring rapid response to security threats
• Led data loss prevention (DLP) policy enforcement, safeguarding sensitive information from unauthorized access or exfiltration
• Strengthened cloud security by configuring and auditing controls in AWS, Azure, and SaaS platforms
• Created automated security reports and dashboards using Excel, Power BI, and Splunk to visualize security trends and incident metrics
• Managed security incidents via a ticketing system, ensuring accurate tracking, resolution, and documentation of security events
• Assisted in digital forensics and root cause analysis, gathering evidence and lessons learned from incidents
• Ensured compliance with ISO 27001, NIST CSF, SOC 2, HIPAA, and GDPR, implementing security controls and policies
• Conducted third-party security assessments, evaluating vendor risk and compliance with organizational standards
• Performed risk assessments and collaborated with teams to mitigate vulnerabilities across IT infrastructure
• Assisted in security audits, gathering evidence, and implementing remediation for compliance gaps
• Developed security policies, procedures, and standards to align with industry best practices
• Led security awareness training with KnowBe4, reducing phishing susceptibility among employees
• Conducted security briefings for non-IT stakeholders, making complex security concepts easy to understand
• Collaborated with IT, DevOps, and business teams to integrate security into software development and cloud deployments
• Provided security guidance to executives and cross-functional teams, ensuring security risks were properly understood and mitigated
• Developed and refined incident response playbooks, improving the organization's ability to handle security threats
• Responded to security incidents, performing containment, eradication, and recovery to minimize impact
• Worked closely with SOC teams to monitor, detect, and contain security threats in real-time
• Used threat intelligence feeds to stay ahead of emerging cyber threats, strengthening defenses proactively
• Identified opportunities to automate security operations, reducing manual effort and increasing efficiency
• Improved ticketing system workflows, ensuring streamlined incident tracking and resolution
02/2023 to 01/2024 Cyber Security Analyst
Chase– Chicago, IL (Remote)
• Monitored security events in Splunk SIEM, analyzing logs and correlating alerts to detect potential threats
• Conducted threat hunting using advanced queries in Splunk and Palo Alto Cortex XDR, identifying hidden security risks
• Led incident response efforts, performing containment, eradication, and recovery for phishing, malware, and insider threat incidents
• Investigated Indicators of Compromise (IoCs) and performed root cause analysis to prevent future security breaches
• Conducted forensic analysis on compromised endpoints using Palo Alto Cortex XDR and Windows event logs to gather evidence and insights
• Managed SIEM tuning and rule optimization, reducing false positives and improving detection efficiency
• Acted as an escalation point for junior SOC analysts, mentoring and guiding them on incident handling and response best practices
• Created detailed incident reports and executive summaries, translating technical findings into business-impact insights
• Utilized MITRE ATT&CK framework to classify threats and improve response strategies
• Collaborated with threat intelligence teams, integrating real-world threat data into the SOC's detection and defense mechanisms
• Worked with Vulnerability Management teams, ensuring swift remediation of high-risk findings from Tenable
• Conducted red team vs
• Blue team exercises, testing the bank's defensive capabilities against simulated attacks
• Reviewed and enforced access control policies, ensuring least-privilege principles for critical systems
• Supported compliance efforts for PCI-DSS, SOX, and FFIEC regulations, aligning SOC operations with banking security requirements
• Designed and implemented SOC playbooks and standard operating procedures
(SOPs), improving response consistency
• Engaged with cross-functional teams, including IT, Risk, and Legal, to enhance the organization's cybersecurity posture
• Provided security awareness training to employees, educating them on phishing threats and social engineering tactics
• Participated in security audits and tabletop exercises, ensuring readiness for real- world cyber incidents
• Automated repetitive SOC tasks using Python scripts and Splunk alerts, improving response efficiency
03/2021 to 09/2022 Cyber Security Analyst
Deloitte – Hyderabad, India
• Conduct proactive monitoring, investigation, and mitigation of security incidents
• Analyze security event data from the network (IDS, SIEM)
• Perform static malware analysis on isolated virtual servers
• Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
• Ensure the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices
• Investigate malicious phishing emails, domains and IPs using Open-Source tools and recommend proper blocking based on analysis
• Research new and evolving threats and vulnerabilities with potential to impact the monitored environment
• Conduct log analysis using Splunk
• Identify suspicious/malicious activities or codes
• Monitoring and analysis of security events to determine intrusion and malicious events
• Search firewall, email, web, or DNS logs to identify and mitigate intrusion attempts
• Deployed and implemented Cofense PhishMe Report Phishing button in Outlook
• Responsible for handling and responding Phishing attacks and taking appropriate action to control and working as an SME for Cofense Phishme
• Created Rules and Recipes to automate phishing reports in the Cofense PhishMe portal
• Conducted base-level analysis to determine the legitimacy of files, domains, and emails using tools such as Wireshark as well as online resources such as Virus Total, URLVoid, IPVoid, and Robtex
• Utilized tools such as Bluecoat and EOP to identify suspicious web and email traffic going in or leaving the network
• Monitored Intrusion Detection Systems and ArcSight channels for threats and vulnerabilities
• Assess incident severity and escalate to the next level as needed
• Responsible for malware analysis and forensic analysis of Security Incidents
• Working as SOC Analyst for monitoring, analyzing logs from Security/Industrial appliances like ArcSight Logger
• Identifying and remediating any threats and vulnerabilities as a Security Monitoring (SOC), Triage and escalation to IR also worked closely with IR team in the incident of account compromises
06/2019 to 02/2021 Cyber Security Analyst
Tech Mahindra – Hyderabad, India
• Monitored security alerts and logs in SIEM solutions, identifying potential cyber threats
• Performed initial triage of security events, determining severity and escalating critical incidents
• Analyzed firewall, endpoint, and network logs to detect suspicious activities and unauthorized access attempts
• Identified and reported Indicators of Compromise (IoCs) related to malware, brute- force attacks, and phishing
• Monitored user behavior and login activity, identifying potential account compromises or insider threats
• Investigated failed login attempts, privilege escalations, and policy violations to detect possible security breaches
• Acted as the first point of contact for security incidents, following incident response procedures
• Escalated high-severity threats to Level 2 and Level 3 SOC analysts, ensuring a rapid response
• Provided detailed incident reports, summarizing key findings for further investigation
• Assisted in security incident containment, working with IT teams to mitigate potential risks
• Followed established playbooks and procedures for responding to malware infections, phishing attacks, and unauthorized access attempts
• Performed log analysis to detect anomalies and suspicious patterns in system and network activities
• Assisted in threat intelligence gathering, monitoring cyber threat feeds to stay updated on new attack techniques
• Cross-referenced security alerts with known threats, helping senior analysts correlate potential cyber incidents
• Identified false positives and fine-tuned alerting rules to reduce unnecessary escalations
• Ensured adherence to ISO 27001, NIST, and organizational security policies while monitoring security events
• Assisted in maintaining SOC documentation and knowledge base, improving efficiency in future incident handling
• Reviewed security policies and provided recommendations to enhance access control and log retention policies
• Worked closely with senior SOC analysts and security engineers, learning advanced cybersecurity techniques
• Provided basic security awareness training to employees, educating them on phishing and password security
• Participated in SOC team meetings and knowledge-sharing sessions, improving security response capabilities
03/2018 to 04/2019 IT Helpdesk Support
Alliance Pro IT Pvt Ltd – Hyderabad, India
• Provide prompt and appropriate response to phone and e-ticket inquiries and requests for assistance with the associated computer systems; Perform initial problem analysis, triage, identify, troubleshoot customer issues, provide advice and assistance and appropriately refer technical issues to the network team or subject matter experts when appropriate
• Provide direct assistance to customers via telephone and email
• Coordinate efforts with staff associates and subject matter experts to resolve problems; maintain liaison with network users and technical staff to communicate the status of problem resolution; assist with monitoring network management systems
• Log and track each request and appropriate demographic data related to each request
• Assist with compiling data and prepare reports setting forth progress, adverse trends, and appropriate recommendations based on information from the Call Management Tracking System
• Assist with compiling and regularly maintaining a log of Frequently Asked Questions (FAQ) originating with all categories of customers
• Assist with providing and managing official answers to all FAQs and distribute same to all interested stakeholders
• Contribute to the preparation of procedure manuals and documentation for help desk use; conduct periodic customer satisfaction surveys and track customer problem trends; make recommendations for improvements to customer experience and create reports based on information provided from customer surveys and trend analyses
• Assist in the development of a comprehensive help desk plan; assist in personnel who provide backup coverage and in users related to the operation and maintenance of systems
• Perform other related duties including unlocking user accounts and helping with password reset support
EDUCATION
12/2024 Master of Science: Information Studies
Trine University - Angola, IN
Contact this candidate