Sr. Cyber Defense Consultant
Resume:
Cyber Security Engineer Information Security analyst Cyber Security Analyst
SUMMARY
I am an accomplished and versatile cybersecurity professional with a 10 years track record spanning various domain, including incident response, threat hunting, intelligence gathering, penetration testing, vulnerability scanning, digital forensics assessments, and cybercrime investigations. My leadership has been instrumental in designing and strengthening infrastructure and application security in both on-premises and cloud environments, seamlessly integrating with SIEM platforms like Azure Sentinel and Splunk. Proficient in Privileged Identity Management (PIM), Privileged Access Management (PAM), and Active Directory technologies, I excel in risk analysis, proactive security measures, and ensuring compliance with industry standards. My proven ability to lead cross-functional teams consistently yields exceptional results in challenging, dynamic environments. Additionally, I have effectively managed organizational infrastructure environments, encompassing VMware, Citrix XenApp/XenDesktop, Active Directory/Azure AD, Exchange, Office 365, SharePoint, and various Web IAAS and PAAS platforms.
Here's a concise breakdown of my qualifications:
Seasoned IT Security Professional with a strong background in IT Infrastructure Monitoring, Security Automation, Vulnerability Management, Risk Assessment, CSOC Analysis, Azure Sentinel SIEM, Information Security, and Application Security.
Proficient in Incident Response Automation, employing Azure Sentinel Playbooks and Splunk Phantom for efficient threat mitigation.
Demonstrated expertise in investigating and mitigating ransomware infections across workstations, endpoints, servers, and applications.
Successfully deployed security solutions such as Symantec EP Protection Manager and Defender for endpoints, enhancing security posture against various malware strains.
Skilled in content development, integration, and testing of multiple data feeds into SIEM tools for effective threat detection.
Adept at resolving configuration and implementation issues related to Linux and Windows server environments.
Proficiency in scripting languages like JavaScript and Python for creating user controls and simple animations.
Experienced in conducting risk assessments for vendor onboarding, policy reviews, and business continuity planning.
Strong technical knowledge spanning various security tools across multiple domains, including IDPS, Web Proxy, SIEM, File Integrity Monitoring, Antivirus, and EDR.
Proficiently handled VPN login and unauthorized endpoint incidents using ticketing systems like ServiceNow, JIRA, and Remedy Helix.
Recognized vulnerabilities and recommended corrective measures while ensuring the adequacy of existing information security controls.
Expertise in onboarding new log sources and monitoring networks using SIEM solutions such as Azure Sentinel, Splunk, and Wireshark.
Accomplished in implementing platform and infrastructure security, identity management, and pioneering security controls and processes to align with business objectives.
Proficient in creating correlation rulesets, visualization dashboards, and playbooks using Splunk ESM and Azure Sentinel.
Skilled in hardening Windows and Linux server instances in AWS and Azure for internet-facing application.
AREAS OF SKILLSET:
Security Operations & Orchestration
Business case and RFP writing.
Business Continuity plan and Disaster Recovery
Conditional Access Policy
Certificate Authority and public SSL implementation Security Testing & Automation
Cloud Security Models & Architecture
SIEM MDR EDR TDR DLP
Vulnerability Analysis
Incident Handling & Containment
Identity Privileged Access Management
Security Awareness Phishing Training
Cyber Security – Incident Management
Nessus, Nexpose, OpenVAS, Qualys, Insight-VM.
Multifactor Authentication
Data classification and user awareness.
Web Application Security
Web Application Firewalls
Reverse Engineering
Theft & Fraud Detection
Attack Malware Analysis
Breach Investigation & Crime Response
DNS Protocols
Digital Forensics & E-Discovery
Security Audits
Exchange Online, office 365
Power Apps, Power BI
VMware – vCenter
IIS and Apache Servers
Azure Application Gateway, load balancer and Traffic manager, Azure AD
Azure Sentinel, Playbook and Automation Rules
CERTIFICATIONS & TRAINING:
Aws Solutions Architect (Associate)
Microsoft Certified AZ-104 Azure Administrator
Microsoft Certified SC-200 Security Operations Analyst Associate
Microsoft Certified Professional
Microsoft 365 Certified: Security Administrator
Microsoft Certified Azure Solutions Architect Expert
Microsoft Certified: Information Protection Administrator Associate
EDUCATIONAL BACKGROUND:
Bachelors of Engineering in Computer science from Jawaharlal Nehru Technology University, 2009.
PROFESSIONAL EXPERIENCE:
DXC Technologies, Lincolnshire, IL Aug 2020 -Present
Sr. Cyber Defense Consultant
Responsible for Managing, Administrating and securing various Azure Security center solutions which included
Azure Security Architecture Design
Identity and Access Management (IAM)
Azure cloud SEIM configuration, monitoring and maintenance of Azure Security Center, Azure Sentinel, Defender, Intune, Log Analytics
Azure Key Vault and Azure Disk Encryption to secure sensitive data at rest Incidence response drill.
Implemented Threat hunting using Azure Security Center Standard Tier, Advanced Threat Protection (ATP) for Azure resources and Application Security audit, Azure Security Center security policy configuration the threat detection settings and Azure Sentinel's Kusto Query Language (KQL) or other supported query languages to create custom queries.
Develop architectural documents and manage deployment of Privileged Access Management systems and Privileged Identity Management system.
Standard Solution and Security Architecture: Implement Infrastructure and application security frameworks to ensure data flows for critical infrastructure is securely available. Planned, developed, design, and implemented security architecture
Collected information to evaluate the developing system. Analyzed business procedures or problems to define data processing needs. Prepare detailed flow charts and diagrams outlining systems capabilities and processes. Research and recommend hardware and software development, purchase, document system problems and resolutions for future reference. Assist team in developing feasible solution
Cloud Implementation: Designed and Implemented Azure Cloud Security with HUB and Spoke model and migration on-premise application to Azure cloud by leveraging Microsoft's cloud security framework ensuring secure and scalable deployments across various Azure services.
Configured and managed Azure Active Directory (Azure AD) to enforce role-based access controls (RBAC) and multi-factor authentication (MFA) for enhanced identity protection. Implemented Privileged Identity Management (PIM) to minimize privileged access risks.
Develop architectural documents and manage deployment of Privileged Access Management systems
Conducted analysis of cyber threats, the discovery of vulnerabilities, monitoring for cyber intrusions, troubleshoot and response to security incidents detected from Azure Sentinel (Azure Security Center)
Implemented Azure Monitor and Log Analytics to centrally collect and analyze security logs, enabling proactive monitoring for security events and anomalies.
Web Application Firewalls (WAFs) that are properly set and managed to protect web applications from various cyber threats such as SQL injection, cross-site scripting (XSS), and other OWASP top 10 vulnerabilities.
Custom rule sets and policies for WAFs were developed based on unique application requirements, ensuring excellent security without sacrificing functionality.
Regularly analyzed WAF logs and monitored real-time traffic to detect and mitigate potential security breaches or suspicious behaviors.
Working with development and DevOps teams, I integrated WAFs into the CI/CD pipeline, automating security tests and assuring continuous protection throughout the development lifecycle.
SSL/TLS certificates were installed and maintained to secure web traffic and encrypted communication between clients and servers.
Conducted regular security assessments and audits to maintain a strong security posture by implementing Azure Policy and Azure Blueprints.
Developed and tested incident response plans for Azure environments. Collaborated with cross-functional teams to promptly investigate and mitigate security incidents.
Selected to pioneer and define a new role and function within the organization and lead the Security Operations Center in Confidential activities.
Evaluated and selected all tools to be utilized and implement policies and procedures while independently serving as the primary Confidential analyst covering all service delivery network and systems.
Configuration and development of solutions with Azure identity and Office 365 services.
Managing Azure services related to application hosting, configuration and development.
Leveraged Azure Automation and Azure Functions to automate security tasks, such as continuous security assessments and incident response actions.
Developed custom security dashboards using Power BI to provide executive-level visibility into Azure cloud security status and compliance metrics.
Performed gap analyses, search and seizure, collection, acquisition and analysis utilizing standards and best
practices to forensically preserve evidence. Conduct security gap analysis to generate documentation on the
Integrated Azure Sentinel with Azure Security Center and other data sources to enhance threat intelligence, correlation, and automated response capabilities.
Citrix NetScaler’s are expertly configured and deployed to optimised application delivery and load balancing in high-availability situations.
Managed and monitored traffic, ensuring that client requests were distributed efficiently over numerous servers to preserve performance and availability.
SSL offloading was used on Citrix NetScaler’s to boost application speed and reduce server processing overhead.
Capacity planning and scalability studies were performed to meet future growth and spikes in application demand.
Collaboration with networking teams to set up proper firewall rules and access controls on NetScaler’s to safeguard the network perimeter.
Performed risk assessments; developed risk remediation processes for on-Prem AD groups migration to M365, AD cleanup, LDAP synchronization, management of type of AD group ownership on Azure post migration, AD group creation utility self-service portal updates with knowledge articles for users.
Led internal and external cloud security assessments, ensuring adherence to industry standards (e.g., ISO 27001, NIST, GDPR) and providing recommendations for improvements.
Onboard new log sources with log analysis and parsing to enable Azure SIEM correlation.
Analyzed large datasets to identify metrics, drivers, performance gaps and opportunities for improvement
Review and advice on Sandboxing, Threat Intelligence, key management, Indicator of Compromise (IOC) hunting, machine learning, and active response.
Fanniemae, Urbana, MD Sep 2016 - July 2020
Information Security Engineer - Associate
Responsible for monitoring, analyzing and reporting security events from commonly used infrastructure, including on-premises servers, firewalls, routers, and switches, to detect and respond to potential cyber threats.
Conducted regular vulnerability assessments and penetration tests on legacy systems to identify and remediate security weaknesses, enhancing the overall security posture.
Utilized security information and event management (SIEM) solutions, such as ArcSight and Splunk, to aggregate and correlate security logs for real-time threat detection.
Integrated diverse log sources, including firewalls, servers, routers, and switches, with ArcSight ESM to enable comprehensive security event analysis and correlation.
Conducted regular health checks and performance tuning for ArcSight ESM
Implemented and maintained ArcSight ESM dashboards and alarms, providing real-time visibility into security events and enabling swift response to critical incidents.
Collaborated with threat intelligence teams to integrate external threat feeds into ArcSight ESM
Investigated and responded to security incidents, collaborating with cross-functional teams to mitigate the impact of cyber-attacks and minimize downtime.
Administered Splunk Enterprise to collect, index, and analyze machine data for real-time security monitoring and threat detection.
Developed and optimized custom Splunk searches, dashboards, and reports to provide security insights and facilitate data analysis for security analysts.
Integrated diverse data sources, including logs from servers, network devices, applications, and security tools, with Splunk for comprehensive security visibility.
Assisted in the development of Splunk alerts and correlation searches, enabling timely detection and response to critical security events.
Work with respective operating companies to solve their internal and external vulnerabilities based on severity level.
Worked closely with Application Teams to create new Splunk dashboards for Operation teams.
Conduct network vulnerability assessments using Nessus to evaluate attack vectors, identify system vulnerabilities, and develop remediation plans and security procedures.
Created tuning filters, indexers, search head queries, rules etc. in Splunk for monitoring purposes.
Prepared quarterly reports frequently with statistical trend analysis.
Malware detection and Analysis (Cisco AMP, Symantec Endpoint Protection)
Reviewed, analyzed and correlate malware, security events and reported and performing data and risk thought various tools IBM Radar SIEM, Splunk, Fire eye, Carbon Black (Bit9) to identify suspicious and malicious activities.
Transferred Knowledge on LAN, WAN, TCP/IP, Spanning-tree, Metro, Ipv6, SD-WAN, MPLS.
Verizon, Schaumburg, IL June 2013 - Aug 2016
Network Security Analyst
Utilized Wireshark as network protocol analyzer to capture and inspect network packets, aiding in troubleshooting and identifying security issues.
captured and examined packets using Wireshark, aiding in the detection of potential security breaches, malware, and other network anomalies.
Implemented Wireshark's packet filtering and capture filters to focus on relevant network traffic, streamlining the analysis process and reducing noise in large-scale environments.
Validated the effectiveness of firewall rules and Intrusion Detection Systems (IDS), against network firewall rule standards internally ensuring the network's security measures were functioning as intended.
Utilized Cisco ASDM and Check Point Smart Dashboard to configure and manage firewall settings, ensuring secure traffic flow and protecting the network from unauthorized access
Created firewall rules using Cisco ASDM and Check Point Smart Dashboard, optimizing the rule base for improved security and network performance.
Defined and enforced access control policies, restricting network access to authorized users and devices. configure NAT rules, ensuring seamless communication between internal and external networks while maintaining security.
Implemented logging and monitoring features using Cisco ASDM and Check Point Smart Dashboard, allowing real-time visibility into firewall activity and aiding in the early detection of security incidents.
Configured firewall high availability using Cisco ASDM and Check Point Smart Dashboard, ensuring uninterrupted network security and minimal downtime in the event of a failure.
Review all sensor logs, snort & Firewall for intrusion attempts and anomalies.
Developed knowledge pertaining to Information security standards (NIST, ISO) related to information security and privacy practices (HIPAA, SSA, PCI, SOX) and effectively transferred knowledge to team members.
Utilized Nessus to conduct vulnerability assessments and identify potential weaknesses in network devices and systems
Tested and performed vulnerability analysis (VA) for the client through Nessus & Qualys Guard Scan and McAfee Found stone.
Performed network packet Capture and Analysis using tools like tcpdump and Microsoft Network Monitor were utilized for packet capture and analysis.
Created security reports, documentation, and incident response playbooks on Microsoft Excel and Word.
Risk Manager for aligning the Operational Risk Department’s policies and procedures with Regulatory Guidelines.
Coordinated meetings with application data owners, security admins, report generators, and developers to verify data accuracy, identify security gaps, vulnerabilities, and authorizing controls in their production applications.
Contact this candidate