Information Security Technology
Resume:
Ismail Mohammed
******************@*****.***
Can Work On W2
Summary:
·Over 6+ years of combined IT and cybersecurity experience as a cybersecurity analyst with competent and deep experience and a good knowledge of information technology. Specialized in proactive monitoring of SIEM networks (Splunk, ArcSight).
·Deep knowledge in Security tools around logs and performing packet analysis. Finally, malware analysis can be carried out with the general objective of guaranteeing the confidentiality, integrity, and availability of systems, networks, and data.
·Expert in network security implementation, SIEM tools, new concepts, identity management, new security technologies, cloud security architecture, and new security controls and in the development of innovative security controls and processes that meet business and government need to protect information.
·Can use different environments: Microsoft Cloud App Security, Azure, SEP 14, Symantec ERD, Nexpose, Sourcefire, PowerShell, Blue Coat, VMware vSphere, VMware Service Manager, ServiceNow, Active Directory, Joe Sandbox
·Knowledge of the fundamentals of networks IT, SOC components, OSI model, TCP / IP logs, basic concepts of data back up and Information threats and attacks
·Experience with processes within the security assessment and authorization environments, such as categorization security, security, and contingency plan development, security testing and evaluations, system accreditation, and monitoring
·Information security engineer/analyst with good experience in security incident analysis, vulnerability and penetration testing, network monitoring, information security, and network security functions.
·Experience in collecting and analyzing metrics, key risk indicators, and maintaining defined dashboards in the information security field to ensure that our information security program works effectively and efficiently
·Information protection solutions, including security monitoring, DLP, and auditing solutions from Symantec.
·Experience in collecting and analyzing metrics, key risk indicators, and maintaining defined dashboards in the information security field to ensure that our information security program works effectively and efficiently
·In-depth knowledge of NIST 800 Special publications, Federal Information Processing Standards (FIPS), and other important federal regulations
·Knowledge of server maintenance, including security logs configuration, network configuration, and troubleshooting.
·Experience with various endpoint tools such as McAfee EPO, Carbon Black, BigFix, Symantec EPO (IDS / IPS)
·Automated centralized detection of security vulnerabilities using scripts for vulnerability assessment tools such as Qualys Guard and Nessus .
·Security Operations Center (SOC) experience with hands-on experience planning, coordinating, and maintaining an organization's information security and CSOC incidents and alerts
·Ability to multitask, work independently and as part of a team, strong analytical and quantitative skills, and effective interpersonal and verbal / written communication skills
··Participation in a one-to-one project where I performed a detailed analysis of a malicious packet capture using tools such as Wireshark, Snort, Nessus, and Net witness Investigator.
·Experience configuring and deploying modules and products like McAfee ePO, McAfee VSE, McAfee HIPS, McAfee Endpoint Encryption
·Monitor events, respond to incidents, and report results.
·Experience in installation and maintenance of the Windows 2008/2012 server operating system.
·Experience with network monitoring with SIEM IBM QRadar and Wireshark, configuration, and functions for information security and network security.
·Knowledge of common cybersecurity technology tools such as Firewalls, IPS / IDS, DLP, CASB, Network Access Control, DDOS Mitigation, Antimalware, Antivirus, Encryption, and Two-Factor Authentication
·Knowledge of penetration testing, vulnerability analysis, threat detection, and development of security programs by performing vulnerability scans with Nessus and generating reports
·Configured and involved to configure WAF (Web Application Firewall) architecture to inspect HTTP traffic with content filtering capabilities to prevent SQL injection, cross-site scripting, buffer overflow, cookie contamination, and security misconfiguration.
Technical Skills:
DLP Websense, Symantec & McAfee
End Point Security McAfee Suits (VSE, HIPS & HDLP), McAfee MOVE AV, Safe boot
IPS/IDS McAfee IPS, HP Tipping Point, Cisco IDS, SecureWorks IDS/IPS
SIEM RSA Envision, Arcsight, Splunk security manager, IBM QRadar
MSS Vulnerability Assessment, Content Filter, Antispam, IDS/IPS Management
Vulnerability Management Tools Found stone, QualysGuard, Nessus 7.0, Nmap, Nexpose, Wireshark
Security Tools Splunk ES, McAfee Vulnerability management solutions, Burp suite, OpenVAS, Nessus, Qualys, Solarwinds, Forescout, DarkTrace.
Platforms/Applications Continuous Monitoring Vulnerability Management, Web Application Scanning, threat Protect, Policy Compliance, Cloud Agents, Asset Management, Governance, Risk Management and Compliance, Solarwinds, Nexpose, Forcepoint, Rapid7 Event Management RSA Archer, Blue Coat Proxy, Splunk, NTT Security, Log Rhythm, HP Arcsight PenTest Tools Metasploit, NMAP, Wireshark and Kali
Security Software Nessus, Ethereal, NMap, Metasploit, Snort, RSA Authentication, McAfee EPO Mcafee Epo Patch Management, Mcafee dlp, discover Mcafee drive encryption Mcafee ATD Symantec endpoint manager. Splunk log management tool.
Protocols TCP/IP, L2TP, PPTP, n, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS
Operating System Windows, Linux, Unix
Security Intelligence White Hat Web Security, iDefence, NTT Security, LogRhythm
SIEM Splunk, Solarwinds, Arcsight, Nitro, IBM QRadar, Forcepoint, Rapid7 Nexpose
Routers Cisco Routers ASR 1002 / 7606 / 7304 / 7206 / 3945 / 2951 / 2600
Information security standard's ISO 27001, PCI, NIST, SOS
Education Details:
Masters in Sciences Business Analytics from Trine University (2023) from Angola Indiana, USA.
Bachelors of Commerce and Computers from Osmania University ( 2015 ) from Hyderabad, India.
Professional Summary:
Secretary of State Illinois. (Remote) May 2024 To Present.
SOC Analyst
Responsibilities:
Security Operations Center (SOC) Duties.
Monitored, analyzed, and responded to security incidents and alerts in real-time.
Monitored and triaged phishing alerts using PhishER and other email security tools; investigated and escalated threats based on IOC analysis and user reports.
Analyzed and responded to CrowdStrike Falcon endpoint detections, including malware, ransomware, and hands-on-keyboard activity.
Investigated and remediated identity-based threats using CrowdStrike Identity Protection, including lateral movement, privilege escalation, and credential theft.
Correlated phishing incidents with endpoint and identity telemetry to identify coordinated attacks and reduce dwell time.
Created detailed incident tickets and timelines for phishing and identity-based attacks; documented findings and remediation steps
ServiceNow Integration with Security Tools:
Spearheaded the integration of ServiceNow with key security tools to streamline incident management and response workflows.
Customized ServiceNow dashboards and reports for enhanced visibility into security operations.
Coordinated with cross-functional teams to ensure seamless integration and optimized performance.
Provided training and support to team members on utilizing integrated security tools within ServiceNow
Univar Solutions ( Remote ) June 2023 To Apr 2024.
SOC Analyst
Responsibilities:
Experience in Security Operation Center (SOC) Process and incident handling.
Monitor incoming event queues for potential security incidents, identify and act on anomalous network activity.
Performed initial analysis, identification, remediation, and documentation of Security Incidents
Managed Incident Responses and coordinate remediation with customers.
Conduct highly technical examinations, analysis and reporting of computer-based evidence related to security incidents (intrusion artifacts/IOCs) or investigations.
Actively participate in large scope high impact cyber breaches and manage Incident Response workflow and activities to support response and remediation
Communicate incident response actions to both technical and non-technical management.
Improve the detection, escalation, containment, and resolution of incidents
Analyzed complex malware analysis through endpoint and network traffic forensics to determine if systems are impacted.
Performed malware analysis and forensic analysis of Security Incidents.
Analyzed threat alerts, determine current impacts, and coordinate remediation actions as necessary.
Managed Malware and Phishing attacks.
Works closely with the Security Operation Center, Legal and Loss Prevention teams to support tier 1 and 2 security incident management.
Creating updating and Fine-tuning of SOP Process and Procedures.
Excellent analytical abilities and a strong ability to think creatively when approaching issues
Understanding of emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack.
Hands on experience in providing the technical expertise to manage and resolve large Malware outbreaks.
Reporting and monitoring of Threat.
Create the Standard Operating Procedure and update the knowledge database documentation whenever required.
Participating in M&A (Mergers and acquisitions) due diligence and integration processes.
Environment: Splunk, Sentinel One, Recorded Future, Abnormal Security [Potentially], Duo Security, Outsourced MSSP for Tier1/2 analysis, Red Canary, Cyderes.
Frontier Business Systems Pvt Ltd AUG 2019 to APR 2021
Security Analyst
Responsibilities :
Experience in Security Operation Center (SOC) Process and incident handling.
Monitor incoming event queues for potential security incidents, identify and act on anomalous network activity.
Performed initial analysis, identification, remediation, and documentation of Security Incidents
Handling incident escalations as necessary from other L1 And L2 analysts.
Managed Incident Responses and coordinate remediation with customers.
Conduct highly technical examinations, analysis and reporting of computer-based evidence related to security
incidents (intrusion artifacts/IOCs) or investigations.
Actively participate in large scope high impact cyber breaches and manage Incident Response workflow and
activities to support response and remediation
Communicate incident response actions to both technical and non-technical management.
Improve the detection, escalation, containment, and resolution of incidents
Analyzed complex malware analysis through endpoint and network traffic forensics to determine if systems are
impacted.
Performed malware analysis and forensic analysis of Security Incidents.
Analyzed threat alerts, determine current impacts, and coordinate remediation actions as necessary.
Managed Malware and Phishing attacks.
Works closely with the Security Operation Center, Legal and Loss Prevention teams to support tier 1 and 2
security incident management.
Creating updating and Fine-tuning of SOP Process and Procedures.
Excellent analytical abilities and a strong ability to think creatively when approaching issues
Understanding of emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the
scope of the attack.
Hands on experience in providing the technical expertise to manage and resolve large Malware outbreaks.
Reporting and monitoring of Threat.
Create the Standard Operating Procedure and update the knowledge database documentation whenever
required.
Participating in M&A (Mergers and acquisitions) due diligence and integration processes.
Environment: Splunk, Sentinel One, Recorded Future, Abnormal Security [Potentially], Duo Security, Outsourced MSSP for Tier1/2 analysis, Red Canary, Cyderes.
Reliance Jio Infocomm Ltd January 2017 to till July 2019
System Administrators
Responsibilities:
System administrators are responsible for managing and maintaining an organization's IT infrastructure. Their roles and responsibilities include:
*Server Management*: Installing, configuring, and maintaining servers, both physical and virtual, to ensure reliable and efficient operation.
*Network Administration*: Managing network components like routers, switches, and firewalls to ensure secure and smooth data communication.
*User Management*: Creating, modifying, and deleting user accounts, granting appropriate permissions, and managing access to resources.
*Security*: Implementing security measures such as firewalls, encryption, and access controls to safeguard data and systems from unauthorized access.
*Backup and Recovery*: Regularly backing up data and developing disaster recovery plans to minimize downtime and data loss in case of system failures.
*Software Installation and Updates*: Installing, configuring, and updating software applications, operating systems, and patches to ensure optimal performance and security.
*Monitoring and Troubleshooting*: Continuously monitoring system performance, identifying issues, and resolving them promptly to minimize disruptions.
*Hardware Maintenance*: Managing hardware components, diagnosing hardware failures, and coordinating repairs or replacements when necessary.
*Documentation*: Maintaining thorough documentation of system configurations, procedures, and troubleshooting steps for future reference.
*Capacity Planning*: Analyzing system usage patterns and forecasting resource requirements to scale the infrastructure as needed.
*Compliance*: Ensuring systems adhere to relevant industry regulations and security standards.
*Collaboration*: Collaborating with other IT teams and departments to address technical challenges and implement solutions.
*Incident Response*: Responding to security incidents and breaches, taking appropriate actions to contain and mitigate the impact.
*Automation*: Developing scripts and tools to automate repetitive tasks and streamline administrative processes.
*Vendor Management*: Interacting with technology vendors for procurement, support, and maintenance of hardware and software.
. *Training*: Providing training and support to end-users on IT tools, security practices, and best practices.
These responsibilities may vary based on the organization's size, industry, and specific needs, but generally, system administrators play a crucial role in maintaining a stable and secure IT environment
Reliance Digital Express June 2014 to December 2016
Fraud Analyst
Investigate the emails reported by the users for any malicious link or an attachment.
Perform detailed analysis on malicious attachments and take remediation steps accordingly.
Block HASHES in CrowdStrike and malicious URLs in OpenDNS.
Generate Monthly metrics on reported fraud/phishing emails.
Performed Header analysis, Blacklist check for IP, Hyperlinks, analyze encoded html files etc.
Work with legal team to take down fake domains that impersonate the real client domain.
Tools used: Online free available analysis tools
Lot Mobile Ltd July 2013 to June 2014
Service Desk Analyst
Responsibilities
•Engaged in effective interactions with customers and service groups to coordinate the fulfillment of requests and resolution of incidents.
•Used knowledge management techniques to advance their own learning to enable initial diagnosis of related issues and advises customers on known solutions where applicable.
•Provided information related to status updates, error resolution, changes in availability, and facilities.
•Assisted users in the more effective use of information technology processes, products, and services.
•Executed core processes and procedures related to service operations and documents diagnostic information, analysis, activities, progress, and resolution.
Other duties as assigned.
Univercell Mobiles, Hyderabad, IN August 2010 to June 2013
Help Desk Analyst
Responsibilities
Convinced the customer to buy a Product which includes Brand Achieving the Target.
Responding to queries via chat, email, or phone
Training other staff members on troubleshooting and diagnosing problems
Writing, editing, and revising training manuals for new and updated software and hardware
Providing technical assistance for questions and problems
Resolving problems with networks and other computer systems
Diagnosing system errors and other issues
Following up with customers to ensure full resolution of issues
Requesting feedback and/or monitoring calls and other methods of correspondence to improve training methods
Running reports to analyse common complaints and problems
Installing or changing software to fix issues
Remotely accessing hardware or software for clients to make changes and fix problems
Maintaining a proper data of user and customers having good relationship with the dealers.
Responsible to update the sellout data in the server.
At end of the day the stock & sale reports updated to the team leader.
Contact this candidate