Information Security Engineer
Resume:
Vijay Kumar Sira
**********@*****.*** 954-***-****
Information Security Engineer
Professional Summary:
Over 9 years of experience in and SOC operations across diverse enterprise environments.
Expertise in SIEM tools (QRadar, Splunk, Microsoft Sentinel, CrowdStrike Falcon) for real-time monitoring, log analysis, and incident response.
Strong knowledge of networking fundamentals (OSI, TCP/IP, DNS, DHCP) and firewall technologies (Cisco ASA, Checkpoint, Fortinet).
Skilled in DLP policy creation, CASB management, Netskope proxy troubleshooting, and vulnerability management using Qualys and AWS GuardDuty.
Proficient in incident lifecycle management, threat hunting, phishing analysis, and endpoint security with Microsoft Defender and CrowdStrike.
Experienced in ITIL processes (Incident, Change, Problem Management) and collaborating with cross-functional teams to ensure business continuity and security solution execution.
Key Technical Skills:
SIEM & Security Tools: QRadar, Splunk, Microsoft Sentinel, CrowdStrike Falcon, IBM AppScan, HP Fortify, WebInspect, Qualys, AWS GuardDuty, Tufin (Secure Track/Secure Change), Netskope (CASB/DLP), McAfee IPS, Cisco Firepower
Firewall & Network Security: Cisco ASA, Checkpoint, Fortinet, Juniper, VPN Configuration, IDS/IPS, TCP/IP, DNS, DHCP, OSI Model
Vulnerability & Threat Management: Vulnerability Scanning (Qualys, Nessus), SAST/DAST, Metasploit Framework, Nmap, DDoS Mitigation, Phishing Analysis
Endpoint Protection: Microsoft Defender, CrowdStrike Falcon (EDR)
Cloud & CASB: AWS GuardDuty, Netskope Proxy & CASB, Cloud Security Policies
Identity & Access Management (IAM): Ping Identity (MFA), Multi-Factor Authentication (MFA)
Monitoring & Analysis: Log Correlation, Packet Capture, Behavioural Threat Analysis
Compliance & Frameworks: PCI-DSS, SOX, ITIL (Incident/Change/Problem Mgmt.), Disaster Recovery
Scripting & Automation: SIEM Rule Tuning, Automated Reporting (Tufin, Splunk)
Operating Systems: Windows, Linux
Professional Working Summary:
Information Security Engineer
TransUnion- Chicago, IL Sep 2023 to Present
Project Name: Security Operations
Roles & Responsibilities:
Troubleshoot connectivity, latency, and high spike issues related to the Netskope Client, ensuring a seamless user experience.
Coordinated with users and internal teams to resolve Netskope-related issues, driving efficient service resolution.
Managed juniper and security systems, establishing and enforcing security policies while defining and monitoring access controls.
Installed, configured, and troubleshooted firewalls (Cisco, Checkpoint, Juniper, Fortinet) and associated software to ensure secure network infrastructure.
Utilized Tufin SecureTrack to perform advanced firewall policy analysis, identifying and eliminating redundant, shadow, and overly permissive rules across Cisco ASA, Fortinet, and Checkpoint platforms.
Automated compliance and audit reports using SecureTrack to support regulatory frameworks (e.g., PCI-DSS, SOX), significantly reducing manual audit efforts and ensuring regulatory compliance.
Monitored firewall device changes and rule deployments, using SecureTrack's topology-aware analysis to maintain the integrity of network segmentation and security baselines.
Integrated Tufin SecureChange to automate firewall rule provisioning workflows, improving service request turnaround time while ensuring adherence to security policy compliance.
Configured and optimized approval-based workflows in SecureChange, aligning firewall rule requests with business justifications and change management protocols.
Led firewall rule remediation and clean-up projects using Tufin analytics, improving rule base hygiene and reducing potential security risks.
Managed and enforced enterprise-wide network security policies through tools such as Tufin, Netskope CASB, and Splunk, ensuring alignment with organizational security standards and access control models.
Maintained comprehensive audit trails and version-controlled change histories to support incident response and forensic reviews.
Generated and configured PCI compliance reports via Tufin, working on remediating identified compliance failures.
Monitored, maintained, and troubleshot Netskope Proxy and CASB deployments, resolving client connectivity and latency issues promptly.
Defined and implemented custom Data Loss Prevention (DLP) detection policies using IDM and regular expressions in Netskope.
Conducted packet captures and led User Acceptance Testing (UAT) sessions with users and stakeholders to validate policy changes.
Installed, upgraded, and maintained firewall platforms, including Cisco ASA, Fortinet, Juniper, and Checkpoint, ensuring optimal performance and security.
Executed firewall rule changes, VPN configurations, and security patch deployments, adhering to change control protocols.
Performed behavioural threat analysis and enforced access policies on CASB platforms, ensuring robust security posture.
Managed web access controls and encrypted traffic policies, ensuring secure and compliant internet usage within the organization.
Led cross-departmental coordination for firewall refresh projects and conducted proof-of-concept (PoC) evaluations for new security tools.
Utilized tools like Splunk and QRadar for log correlation, incident triage, and refining alerting mechanisms for optimal security monitoring.
Implemented firewall-related changes based on client service requests, ensuring proper security approval and following change management protocols.
Managed firewall hardware refresh and security patching, ensuring continuous security updates and resilience.
Collaborated with engineering and project teams to determine appropriate firewall platforms for necessary changes and configurations.
Managed and maintained security technologies, including firewalls, authentication devices, encryption, event log monitoring, and incident response systems.
Performed firewall administration activities, fine-tuning configurations to optimize network security.
Resolved common production issues such as high CPU/Memory usage, packet drops, and failover scenarios through effective troubleshooting and packet capture analysis.
Restored servers and appliances to fully operational states by diagnosing and resolving technical issues.
Managed and monitored VPN connections to remote offices, ensuring secure remote access for users via the internet.
Security Engineer
Neustar, Inc, Sterling, VA Jan 2019 – Aug 2023
Project Name: Comprehensive Vulnerability Management & SIEM Integration
Roles & Responsibilities:
Conducted data analysis and reviewed security logs from SIEM tools (QRadar, Splunk) to identify suspicious activity, triggering alerts for immediate response by relevant teams.
Integrated Qualys vulnerability scanning tool with QRadar and Splunk, enhancing the organization's security posture.
Troubleshot and investigated security incidents using QRadar, Splunk Network Flow, and Log Activity data to mitigate potential threats.
Analyzed logs from diverse sources, including firewalls, routers, switches, web servers, and network devices, to detect security incidents.
Assisted in the deployment of network infrastructure configurations across multiple products and technologies, ensuring secure setup and integration.
Acted as the primary responder for security incidents related to client firewalls and network infrastructure components, providing swift resolutions.
Maintained and updated the Disaster Recovery and Business Continuity Plans, ensuring readiness for security contingencies.
Collaborated as part of the Blue Team to identify vulnerabilities and implement proactive defense mechanisms.
Supported the Incident Response (IR) team by collecting, analyzing, and performing forensic activities on logs.
Investigated security logs and payloads to identify and resolve incidents such as server crashes, DDoS attacks, SQL injection, XSS vulnerabilities, and SPAM.
Installed and configured Qualys for on-premises and cloud environments, ensuring vulnerability scanning across critical systems.
Conducted vulnerability assessments using Qualys to identify potential weaknesses in high-priority systems.
Configured and scheduled automated Qualys vulnerability scans in QRadar, ensuring routine checks to maintain system security.
Analyzed and reviewed data from SIEM (QRadar) to identify suspicious activities, triggering alerts for relevant teams and applying rules and building blocks to enhance SIEM capabilities.
Led the Security Incident Response Team (SIRT) to effectively manage and respond to security incidents.
Integrated SIEM with Nexpose and Qualys to streamline security monitoring and threat detection processes.
Conducted dedicated security monitoring and triage of cybersecurity events, including tracking phishing URLs and emails, and performed in-depth investigations to mitigate risks.
Designed architecture for VPN integration with Ping Identity, enabling multifactor authentication (MFA) using Ping Identity products.
Integrated various devices, applications, databases, and operating systems with QRadar SIEM for centralized security monitoring.
Configured and integrated PingID Multi-Factor Authentication (MFA) into VPN and remote access systems to enhance secure access protocols.
Monitored security alerts from IBM QRadar and promptly reported issues to the appropriate teams for swift resolution.
Analyzed and monitored data feeds from firewalls, routers, and other network devices or host systems to identify security violations and vulnerabilities.
Conducted Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) using tools such as HP Fortify, IBM AppScan, WebInspect, Nmap, Nessus, and Qualys.
Analyzed exploited systems and identified vulnerabilities using the Metasploit framework to improve threat response strategies.
Performed static and dynamic scanning of applications with HP Fortify and WebInspect, identifying and reporting false positives for further investigation and remediation.
Configured and installed McAfee IPS sensors and Cisco ASA with Firepower appliances to enhance network security posture.
Security Analyst
T-Mobile-Killeen, TX Jun 2016 – Dec 2018
Project Name: Security Monitoring & Operations
Roles & Responsibilities:
Monitored and analyzed SIEM alerts and security events, raising security incidents via the ticketing tool Manage Engine.
Provided 24x7 monitoring for P1, P2, and P3 alerts in SOC operations, analyzing logs from security and industrial appliances using Microsoft Sentinel, Splunk, and QRadar.
Managed daily health checks, and created, modified, and updated SIEM tools (Microsoft Sentinel and QRadar) to enhance security monitoring.
Developed dashboards on SIEM platforms such as Splunk, Microsoft Sentinel, and QRadar to visualize and analyze security data.
Conducted triage of O365 alerts using integrated tools, and escalated incidents as necessary for further investigation.
Created metrics and supported KPIs, dashboards, and trackers, analyzing and updating DLP incident reports daily, weekly, and monthly.
Escalated incidents meeting thresholds for deeper investigation, reviewed DLP logs, and closed incidents per established procedures.
Monitored DLP, email, web logs, NIS malware, and spam emails, escalating to L2 when required and ensuring timely incident closure.
Supported the implementation of network security policy changes across firewall infrastructure, collaborating with L2/L3 engineering teams and adhering to compliance standards.
Coordinated change requests and security reviews for firewall rule modifications using structured workflows like Tufin SecureChange.
Assisted in firewall policy enforcement and audit readiness, contributing to the tracking of changes for regulatory alignment and SOC escalation.
Participated in firewall monitoring and rule validation processes, ensuring secure and compliant firewall operations.
Delivered 24x7 real-time security event monitoring in a SOC environment utilizing QRadar, Microsoft Sentinel, and Splunk.
Investigated alerts related to O365, DLP, malware, phishing, and insider threats, escalating incidents per defined thresholds.
Created and customized correlation rules, dashboards, and KPI reports to optimize SIEM platform functionality.
Conducted endpoint investigations using Microsoft Defender and CrowdStrike Falcon for enhanced endpoint security.
Analyzed email, web, firewall, and IDS logs for anomaly detection and incident response activities.
Utilized Qualys and AWS GuardDuty for vulnerability assessments and remediation workflows.
Applied ITIL methodologies in managing security events, changes, and problem records, ensuring a structured and efficient process.
Performed IP blacklisting/whitelisting, managed spam filters, and conducted root cause analysis for network anomalies.
Collaborated with service providers to tune SIEM detection thresholds and continuously improve incident response quality.
Conducted log monitoring and incident analysis for devices such as firewalls, IDS/IPS, databases, and web servers.
Leveraged strong knowledge of the TCP/IP model to address real-world networking and security challenges.
Demonstrated effective communication and collaboration skills with cross-functional teams.
Developed and fine-tuned correlation rules in Microsoft Sentinel and QRadar to refine alerting and incident detection processes.
Collaborated with customer-designated personnel to continually optimize SIEM rules, incident classification, and prioritization.
Adjusted report queries and performed various SIEM configuration tasks to ensure optimal performance.
Assisted clients in fully optimizing Microsoft Sentinel and QRadar, including log source tuning and audit logging.
Worked with managed service teams to ensure SIEM solutions met client-specific requirements and operated efficiently.
Utilized Microsoft Defender for Endpoint and CrowdStrike Falcon for Endpoint Detection and Response (EDR) activities.
Engaged in vulnerability management through Qualys and AWS GuardDuty, remediating reported findings and securing endpoints.
Conducted blacklisting/whitelisting of IP addresses for both endpoints and network levels to mitigate security threats.
Monitored network traffic, established baseline behavior and thresholds, and analyzed anomalies for potential threats.
Initiated cloud-based DDoS mitigation efforts, assessed impacts, and investigated phishing and spam-related activities.
Education:
Bachelor's in Information Technology from Marri Laxman Reddy Institute of Technology, (2016)
Contact this candidate