Cyber Security Information
Resume:
Name: Syed Qadri
Email: *******@*****.***
Phone: +1-571-***-****
Cyber Security Engineer
SUMMARY
Over 8+ Years of professional IT Experience in Security Engineer particularly focused on performing technical activities such as Code review, Vulnerability Analysis, Penetration testing, Secure Application Testing based on OWASP.
Log source management research like defining the High- and Low-level events from Security tools like Windows events, AWS, GCP, firewalls, EDR, and other tools.
Leads junior threat hunters in identifying current threat landscape, hypothesis creation, application and formal review of client deliverable prior to submission •
Builds threat hunting pseudo queries which can be used by the team in applying supporting TTPs across numerous clients leveraging various EDR, SIEM solutions and writing detections which are converted to SOC alerts.
Good strategic appreciation and vision in Security Incident and Event Monitoring (SIEM) tools, information security best practices etc.
Working on multiple SIEM tools like ArcSight, Qradar, Splunk, LogRhythm and McAfee Nitro, etc.,
Having a strong knowledge on EDR tools like CrowdStrike Falcon Insight, Symantec Endpoint Protection, Carbon Black, RSA Net Witness Endpoint and Tanium.
Having a good knowledge in malware analysis, network forensics and anti-phishing/spam techniques.
Knowledge of Cyber Security concepts as Authentication, Encryption, Database Security, Denial of Service Attacks, Intrusion Detection System and Intrusion Prevention System.
Expertise in installation of McAfee EPO, McAfee Solid core, Qualys Vulnerability Scanning tool.
Experienced skills in RSA Encryption techniques as User login, authentication, and profile setup.
Expertise on End Point Security Products like DLP\HIPS\Application Control (McAfee EPO).
Administered user access for Linux Servers, McAfee and Firewall management.
Worked on Identity and Access Management (IAM).
EDUCATION
Bachelor’s degree in computer science engineering from JNTUH, India. (2010 – 2014)
Master’s degree in Cybersecurity from Saint Leo University, USA. (2021 – 2023)
Majors in Cyber/Computer Forensics and Counterterrorism.
CERTIFICATIONS
Project Management Professional (PMP)
https://www.credly.com/badges/90259c3f-e879-44d3-ac47-50831a97b055
ISACA Certified Information Security Manager (CISM)
https://www.credly.com/badges/a9039b38-3fb0-442a-a222-58ed2a2ef603/public_url
Microsoft Certified: Cybersecurity Architect Expert
https://learn.microsoft.com/api/credentials/share/en-us/SyedQadri-1164/600DBEE93B72FE28?sharingId=47709513EBB315B8
Microsoft Certified: Azure Security Engineer Associate
https://learn.microsoft.com/api/credentials/share/en-us/SyedQadri-1164/ACB026093AB7C83A?sharingId=47709513EBB315B8
CompTIA Security + 701
https://www.credly.com/badges/84e7f072-e82d-4de8-8d53-7dbff6a0e0e8/public_url
AWS Certified Solutions Architect
https://www.credly.com/badges/fd523c4a-35ac-4c5d-adfb-79033a9626b3/public_url
AWS Certified Cloud Practitioner
https://www.credly.com/badges/4fc545b6-8afa-4d65-a28d-f5595f631d87/public_url
Network Defense and Countermeasures (uCertify)
Certificate ID – RxWqBOd5
Certified Qualys Vulnerability management
Diploma in Industrial Automation.
Air Voice Engineering
Robotics and Embedded systems.
Air my Page Softech
TECHNICAL SKILLS
Security Tools
Web-Based Application Vulnerabilities (OWASP Top 10), Vulnerability Research, Application Security, Code Maintenance & Review, Azure Active Directory Reconnaissance, SIEM Tools
Azure Services
Azure Entra ID, Azure Landing Zone and Blueprint, Azure Sentinel, Azure Vnet, Azure Policy, Azure AppInsight, Azure DevOps, Azure Monitor, CosmosDB, Key-vault, Security center, VM etc.
AWS Services
AWS CloudFormation, Code pipelines, RDS, VPC, EC2, Cloudwatch, CloudTrail, S3, EBS, IAM etc.
Monitoring Tools
Splunk, AWS Cloudwatch, Azure Monitor
Version Control
Git, GitHub, Bitbucket, SVN, TFS
Build/Automation
Puppet, Jenkins, Maven, Ansible, Chef, Ant
Bug Tracking
JIRA, ITSM and ServiceNow
Scripting
Bash, Shell, Ruby, PowerShell, Python, Perl, YAML
Databases
MySQL, SQL Server, MongoDB, PostgreSQL
Web/App Server
Apache, IIS, TFS, Tomcat,
Web/Programming
XML, HTML, Javascript, Java, Python, Shell, Ruby, YAML
Operating Systems
RHEL/CentOS 5.x/6.x/7.x, Ubuntu/Debian/Fedora, Sun Solaris, Windows
PROFESSIONAL EXPERIENCE
Inland Empire Health Plan (IEHP) August 2024 – Present Cybersecurity Engineer
Configured and deployed MDE for advanced threat detection and endpoint protection across the organization.
Conducted threat hunting and incident investigations using MDE’s advanced analytics and telemetry data.
Implemented automated remediation workflows in MDE to respond to endpoint vulnerabilities and attacks.
Managed device compliance policies and conditional access settings using Intune to enforce security baselines across Windows, iOS, and Android devices.
Deployed mobile device management (MDM) and mobile application management (MAM) to secure corporate data on personal and company-owned devices.
Automated software deployment and security patching for applications across endpoints using Intune.
Deployed Qualys agents across multiple environments to continuously scan and assess security vulnerabilities in real-time.
Conducted vulnerability assessments and created detailed reports to prioritize remediation efforts using Qualys Vulnerability Management (VM).
Automated security compliance checks and patch verification across endpoints and servers using Qualys Patch Management.
Managed enterprise-wide software deployment, including applications, updates, and patches, using SCCM.
Configured and automated SCCM task sequences for OS imaging, ensuring consistent deployment across user devices.
Implemented SCCM inventory management to monitor software and hardware assets across the organization.
Developed and enforced security baselines and compliance settings through SCCM configuration items and baselines.
Automated third-party patch management for enterprise applications using Patch My PC, streamlining the update process.
Ensured compliance with security patching policies by integrating Patch My PC with SCCM and Intune.
Managed a catalog of third-party applications, ensuring that all critical patches and updates were deployed promptly.
Monitored patch status and success rates, providing detailed reporting on patch deployment effectiveness.
Configured Advanced Threat Protection (ATP) and Data Loss Prevention (DLP) policies to protect sensitive data across Microsoft 365 services.
Utilized Microsoft Defender for Office 365 for email security, monitoring, and response to advanced threats like phishing and malware.
Implemented Azure Entra ID Premium P2 for identity protection, including MFA, Permission Management, Entitlement Management, PIM and Conditional Access policies.
Developed and implemented comprehensive patch management strategies to ensure timely deployment of critical updates and security patches across the organization.
Managed patching schedules and policies for both operating systems and third-party applications using SCCM and Intune.
Conducted risk assessments to prioritize patching based on the criticality of vulnerabilities and business impact.
FPL Feb 2024 – July 2024 Cybersecurity Analyst
Responsible of administrative role and duties of cyber security applications like FireEye, Network intrusion detection system, McAfee e-policy orchestrator, Symantec data leakage and protection,
Confidential, Symantec control compliance suite, Net flow integrator.
Integrated IDS/IPS to Confidential ESM and analysed the logs to filter out False positives and add False negatives using Qualys into IDS/IPS rule set.v
Batch closed tickets with approved remediation in Qualys.
Migrated the on-premises workloads to AWS & Azure cloud based on the requirement.
Implemented and managed a Cloud Access Security Broker (CASB) solution to monitor and secure cloud-based applications and services.
Configured CASB policies and rules to enforce data loss prevention (DLP) controls, encryption, and access controls across multiple cloud platforms.
Worked in an AGILE development environment responsible for cyber security compliance activities.
Performed intermediate threat management, threat modelling, threat vector identification and developed use cases for security monitoring.
Provided continuous monitoring of assets by doing asset management and asset categorization by using Tanium Discover.
Monitored and managed endpoint security alerts, reducing the time to detect and respond to threats.
Integrated MDE with Microsoft Sentinel for a unified security management and reporting solution
Deployed Windows Updates and other third-party software patches using Tanium.
Administered Tanium to support workstation patching and endpoint management.
Provided Tanium support for the AWS cloud solution by Implementing Multifactor Authentication (MFA) for AWS root accounts, password rotation policies.
Configured app protection policies to safeguard data in sanctioned apps and ensure compliance with organizational security policies.
Developed automated security response workflows using Microsoft Defender XDR to detect and remediate security incidents.
Ensured compliance with regulatory requirements through Microsoft 365 Compliance Center by implementing retention and information protection policies.
Managed zero-touch device enrollment and lifecycle management using Intune Autopilot for seamless device provisioning.
Knowledge of AWS & Azure cloud IaaS, SaaS and PaaS services. Deployment, maintenance and troubleshooting applications on Microsoft Azure Cloud infrastructure.
Wise IT (USA) - (Internship) May 2023 – August 2023 Cybersecurity Analyst
Provide support to the management of Cyber Security in supporting analysis and recommendation of mitigations for events and incidents identified in tools, networks, and IT assets.
Participated in penetration tests reconnaissance stages using Kali Linux and tools like Nmap, Nikto, OpenVAS, Nslookup, and OSINT.
Performed vulnerability scans using Nessus.
Participated in threat hunting exercises.
Performed configuration of Firewalls, IDS/IPS and SIEM tools.
Provide accurate and up to date supporting documentation.
Assisting in preparing and delivering security awareness training.
Shell Infotech Pvt Ltd. (Contractor for Delloite) August 2019 – July 2021 Cybersecurity Engineer
Worked with a wide range of tools to include Vulnerability Manger, Rapid 7 Nexpose, Nessus, Tripwire, Qualys, and Kali Linux.
Conducted regular security assessments and audits, identifying, and addressing potential vulnerabilities in systems and applications.
Managed security risk oversight, ensuring compliance with industry standards and regulations.
Conducted regular reviews of security controls and implemented necessary adjustments.
Utilized NIST/NVD and CVSS to assess the severity of vulnerabilities and prioritize remediation efforts.
Worked closely with teams from various departments to create and deploy automated security solutions, fostering a forward-thinking strategy for identifying and addressing potential threats.
Performed in-depth analysis of API security logs and incidents, ensuring timely detection and response to potential breaches.
Recognized by leadership for overseeing a Vulnerability Analysis and Penetration Testing (VAPT) project for SAP servers, led a junior security analyst; mitigated security risk by discovering and closing unnecessary ports and services; exposed vulnerabilities.
Contributed towards a penetrating testing project for the Digital Team Web Application by documenting vulnerabilities; collaborated with a 2-member project team. Performed black, grey, and white box testing on Windows and Linux servers.
Executed company-wide vulnerability analyses; leveraged Nessus to scan all network devices, including Firewall switches as well as Windows and Linux servers; reported security risks to network administrators and followed up for vulnerability patching.
Contributed to crafting and executing CI/CD pipelines with Bamboo to ensure seamless integration and continuous delivery.
Engaged in version control and collaborative coding practices through Bitbucket within the Atlassian Suite.
Played a role in deploying and overseeing applications within containerized environments, leveraging Docker and Kubernetes for efficient management.
Developed custom Dashboards for client leadership, including executive leadership for displaying useful DLP & security event metrics, Threat Protection summary and other key risk insights.
Implemented API and Cloud Exchange integrations with SIEM solutions and CrowdStrike EDR for monitoring security events, and bidirectional sharing of IoCs for advanced threat protection.
Successfully performed several insider threat investigations through DLP and SIEM tools, conducted interviews and authored threat investigation reports for escalations.
Conducting third-party information security assessments; managing third-party information security assessment contractors; implementing and systems administration of Process Unity GRC tool.
Configure MCAS (Aka Defender for Cloud Apps) - configure policy and create playbooks for detection and alerts.
Consolidating analysis of suspicious Splunk data security event logs (Windows Defender and Audit Events).
Implemented Cloud Access Security Broker (CASB) into environment.
Implemented robust cyber security infrastructure for AWS services such as AWS CloudFormation, Code pipelines, RDS, VPC, EC2, Cloudwatch, CloudTrail, S3, EBS, IAM etc.
General Electrics (GE) - Hyderabad, India. Oct 2017 – July 2019
Cyber Security Engineer
Ensure the SOC analyst team provides excellent customer service and support.
Investigate security incidents and threats using CrowdStrike and Splunk as a SIEM tool.
Daily CrowdStrike tasks include Assess alerts that are displayed within the CrowdStrike console.
Security Agent Endpoint testing of CrowdStrike SaaS, SentinelOneSaas, and ForcePoint DLP on Windows and Mac systems.
Conducts Threat Hunting using CrowdStrike.
Utilized CrowdStrike Falcon and Sentinel One EDR solutions to perform triage analysis with the goal of detecting and responding to incidents on computer workstations and other Endpoints.
Implemented and maintained stringent security posture on Azure Cloud Platform using services such as Azure AppInsight, Azure DevOps, Azure Monitor, CosmosDB, Key-vault, Security center, VM etc.
Acted as a bridge between offensive (Red) and defensive (blue) security teams to optimize strategies.
Responsibilities include supporting 24/7 SOC environment.
Oversee the daily operation in a SOC and responsible for managing Tier1 and Tier 2 Security analysts on my shift.
Delegate duties SOC Analyst (Tier 1 & 2) and manage escalation.
Conducted threat hunting within the environment to identify anomalous and potentially malicious activity.
Operated in a 24/7/O365 CSIRT SOC that monitors and responds to Cyber & Information Security incidents.
Improved the Risk and Control functions against Governance, Risk Management and Compliance
Configuring and monitoring Security Information and Event Management (SIEM) platform for security alerts, reports and dashboards.
Azure Security Centre monitoring to address threats and resolve security vulnerabilities.
Enhanced Conventional incident response methods and Security Operations by employing and combining Intrusion Prevention, Cyber kill chain model analysis, and Cyber Threat Analysis.
Configured and Monitored Azure Sentinel (SIEM - Security Information and event management tool)
Experience with industry recognized SIEM (Security Information and Event Management) solutions such as IBM QRadar, Splunk, and LogRhythm.
Compliance standards and frameworks such as PCI, NIST 800-53, and Privacy standards and frameworks such as Generally Accepted Privacy Principles (GAPP)
Deploy, support and manage Tenable (Nessus, Container Security Centre).
Conduct periodic DLP tuning sessions to adapt to evolving data patterns and potential threats.
Customizing DLP rules based on specific business requirements is a key aspect of effective tuning.
Implemented and troubleshoot Zscaler cloud-based proxy solution for web content filtering, DLP tools.
Implement, configure, and maintain security solutions, DLP, antivirus, vulnerability scanners, IPS/IDS, web filters, VPN, SIEM, SOAR, etc. Perform daily security systems monitoring, verifying the integrity and availability of all systems and key processes.
Careator Technologies Pvt Ltd - Hyderabad, India Feb 2015 – Sep 2017 Network Engineer
Configured and installed various network devices and services (e.g., routers, switches, firewalls, load balancers, VPN, QoS)
Performed network maintenance and system upgrades including service packs, patches, hot fixes and security configurations.
Monitored performance and ensured system availability and reliability.
Monitored system resource utilization, trending, and capacity planning.
Provided Level 2/3 support and troubleshooting to resolve issues.
Worked within established configuration and change management policies to ensure awareness, approval and success of changes made to the network infrastructure.
Selected and implemented security tools, policies, and procedures in conjunction with the company’s security team.
Liaised with vendors and other IT personnel for problem resolution.
Comprehensive understanding of network services and networks such as TCP/IP, OSPF, MPLS, and EIGRP.
Ability to analyze and evaluate networks, identify issues and provide solutions to ensure networks are operating efficiently.
Designed, implemented and troubleshooted Wi-FI and security infrastructure.
Managed several projects simultaneously from design to implementation.
Communicated technical information to technical team members and coworkers in other departments who may not have knowledge of networking technical terminology.
Contact this candidate