Home

Patrick - Cyber Security

[email protected]

Location: Remote, Remote, USA

Relocation: NO

Visa: H4 EAD

ProfessionalSummary: Highly motivated Cyber Security Analyst with 10+ years of experience in IT Security.Experienced withcrossfunctionalexperienceincludesSOCOperations,InfraSecurity&VulnerabilityManagement. MonitoringSIEMtool,AnalyzeEventLogs,AlertslikeMalwareactivities,Networksecurityevents,Application compliance, Asset monitoring, Firewall alerts and appropriately escalate InformationSecurityincidents per definedprocess. Lead and support tasks on engagements related but not limited to Systems Implementation,OperationsandMaintenance,SecurityOperations&IndustryBestPractices,IncidentResponse&ChangeManagement &BCP. GenerateactionableITforensicsbyaggregatingandcorrelatingadiversesetoflogsandevents. AnalyzingthelogeventsinSIEM&deepdiveintoForensicinvestigationforthesuspicioustraffic. Responsibleforsecurityadvisory/roadmap,Critical-Situationsupport,Businessalignment,serviceroadmap and enhancement. VulnerabilityManagement (Scanning,Incidentmanagement,Remediation) ResponsibleforStandardOperatingProcedures,runbook,process owDocumentationandProcessadherence. IdentifyanomaliesandpossiblethreatsortoreviewnetworkusageandperformancetohelpmeetIT service-level responsibilities. Understandingoforganization sneeds,objectives,securityrequirements,theorganizationalprocessesused & SecurityStandards. Buildingnetworkstrategiestosafeguardinformationassetsandensuringcompliancewithregulatorymandates. ImplementingthebestpracticesinSecurityControlsinITEnvironment.CreateKnowledgebasearticlefor project. Familiarwithbestpracticesecuritytechnologies:Firewalls,IDS/IPS,Malwareanalysis,gatewaysecurity, host security & encryption, Antivirus, vulnerability management, SIEM for SecurityOperations. AreasofExpertise: SOCOperations NetworkandEndpointSecurity IncidentResponse&Triage CyberThreatIntelligence VulnerabilityManagement Regulatory&AuditAdherence Policy/ProcessPlanning&Implementation DisasterRecovery&BCP RiskAssessment&ImpactAnalysis Tools&Certi cation: SecurityOperationsTool/Technologies OtherTools SplunkEnterprise&EnterpriseSecurity Rapid7,Qualys guard NetFlowmonitoring,MalwareAnalysis SolarWinds AWSSecuritySpecialist,MVisionCASB,SOAR,UEBA Infoblox&Intermapper Qradar,RSASecurityAnalytics, Azure defender for cloud apps McafeeePO,CrowdStrikeEDR McAfeeNitro,EPO,DLP,PaloAlto BMCRemedy&ServiceNow Experience Summary: Client: IT Trailblazers-Aug 2016 Till Date Project: UHG IT Role:CyberSecurityAnalyst Duration: Nov 2019 Present, NJ Responsibilities: AsSOCAnalyst: ResponsibleforallaspectsofInformationSystems,dataavailability,integrity,confidentiality. ResponsibilitiesincludeSecurityAdvisory/Roadmap,Critical-SituationSupport,businessalignment,service roadmap & Securityenhancement. ResponsibleforStandardOperatingProcedures,Runbook,process owDocumentationandProcessadherence. Involve in Security Strategic Planning, Design and Security Systems Improvements for project ITInfrastructureSecurity. SupportingoverallcybersecurityInfrastructureandoperationale ectivenessthroughcybersecuritypreparedness,threatprediction,detection,incidentresponseandguidancethroughoutthe enterpriseand involvedin bothdesign, engineering. Operational activities include protecting enterprise information, intellectual assets and businessoperationsfromaccidental,intentionaldisruption,disclosureordestruction. VulnerabilityManagement (Scanning,Incidentmanagement,Remediation).Assistintheresponsibility for the reviewing vulnerabilities' data from multiple sources (i.e., external / internalpenetration testing, internal / external vulnerability scanning, etc.) across multiple technologiesand a changing environment including infrastructure and applications to determine risk rating ofvulnerabilitiesto business assets. Assist in improving and automating existing vulnerability management lifecycle. Including but notlimited,dataingestion&normalization,compliancemetricsanddetectionsonassets. Assist in partnering with tools and technology teams to troubleshoot, develop, select, implementandautomateappropriatesecuritysolutionstokeepsystemdataprotectedfrominternalandexternalthreats.Assistinprovidingsupportandresolutionforscanningandvulnerabilityremediationreportingissues. AssistinworkingwiththeBusinesstoe ectivelycommunicatetherisksofidentifiedvulnerabilitiesandmakerecommendationsregardingtheselectionofcost-e ectivesecuritycontrols to mitigate identified risks. Stay current with vulnerability information across all theproductsin the organization. Providetechnicalsupportforvulnerabilitymanagementprojects.Providesanalysisandvalidationpost remediation, opportunities for improvements and out of the box thinking for optimizationsandsolving road blocks. Performreoccurringandondemandscanningactivitiesofbothcorporateandcloudenvironmentsutilizing enterpriseplatform. Assist in ensuring scan results are presented in appropriate dashboards, reports, and forwardedto other data systems as necessary. Assist in interfacing with third-party vendors TAC support inimprovingthe overall scanning process. ManageMVision CloudAccessSecurityBrokerManagement,DLPControls,CASBservicesmonitoring,remediationofconfiggaps. ManageCloudmigrationprojectslikeZscalerInternetGateway,ProofpointEmailGateway,SecureEmailGateway,ImpervaWebApplicationFirewall,PrismaAccessPOC,MacAfee, Mvision. MonitoringSIEMtool,AnalyzeEventLogs,AlertslikeMalwareactivities,Networksecurityevents,Application compliance, Asset monitoring, Firewall alerts and appropriately escalate InformationSecurityincidents per definedprocess. ProactivelyhuntforpotentialmaliciousactivityacrossmultipleplatformsusingthetoolslikeRSA,Splunk,Qradar. BuildIndicatorsofcompromise,threadfeedintomonitoringtoolsusinginternalandexternalsourcestointegratethesetoolswithoneanothertoprovidedataenrichment. AnalyzingthelogeventsinSIEMcorrelatedlogsanddeepdiveinvestigationforthesuspicioustraffic.DeepDiveintoForensicInvestigationofnetworkattacks. GoodKnowledgeinPowerShellscripting,deployfunctionstoread,write,modify,fetchdatafromfilesystemsandrequiredchangesinthefilesandfolders.Executecommandsforconfiguring, getting, deleting, services health check, windows process/programs run check etc.,tolargegroupofsystemsforday-to-dayoperationaltasks. Overseemonitoring,logging,alerting,malwaredetection,incidentresponse,vulnerabilityscanning&implementtherecommendationsofpenetrationtesting,securityarchitecture. Managevulnerabilityandsecuritypatchmanagementprograms.Analyze,understand,andprovide remediation plans for active threats and vulnerabilities. Review network and systemsvulnerabilityassessments&penetrationtestsreports.Document,collaborateandtransitionincidentdetails to appropriateleadership. CMDB: Configuration management data base - Creating, modifying, removing the configurationitemsin theCMDB module basedon the inventoryupdates. ReviewthesignificantITInfrastructurechangestoensuretheimpactstoconfigurationmanagement data are properly addressed. Keep DB updated with all relevant information likedevice name, serial, model number, IP address, hostname, hosted application, server owner,businessowner,ITowner,mappedsystemsetc., Analyze & detect security threats using cyber threat intelligence-based detection, attack behavior& user behavior analytics. Ability to understand network traffic, system logs, Meta data, pattern,characteristics,anomaliestotrendorbaselineactivity,correlateforalerts,activitiesanddetections. Develop & follow standard operating procedures, playbooks, run books & checklist that alignswith organizational policy, standards and guidelines with respect to best practices of MITREATT&CKtechniques. Monitor Security Systems for threats, alerts, manage incidents and mitigate risks. Provide threatand risk analysis to management, coupled with recommendations. Assist management in thedevelopment of process, standards, policies and procedures. Interested in malware sandbox andanalyzethe cloud sandbox results. Event Log analysis, Triage, Flow analysis, Forensic investigation by correlating it to find the attackpatterns&workformitigation.FormulateanITSecurityincidentresponsestrategyandimplementbest practices of action plan. Identifyweaknessesandpotentialthreatstoexistinginformationsecuritytoolsets. Threat advisories during the malware outbreak and outbreak prevention plan for various securitythreats. Identify anomalies and possible threats or to review network usage and performance tohelp meet IT service-level responsibilities. Incident management process, creating tickets for truepositive and coordinating with the respective stake holders to remediate the Identified threats/attacks. Creationofreports,dashboardsandalertsforsuspiciousthreatsinSplunkSIEM.FixthevulnerabilitybasedonthethreadfeedsandupdateofC&C,blacklistedIPstowatchlist. Monitor Denial of Service and Intrusion detection systems for alerts and incident response.Tuningofrules,filtersandpoliciesfordetectionrelatedsecuritytechnologiestoimproveaccuracy and visibility. Processes security incident communications to include initial reporting,follow-upsrequestforinformation&remediation. Writingcorrelationrulesbasedonthecustomerrequirement&emergingattacks. Use all of the collected data to do forensic analysis of security events along with compliancemanagement and reporting. Create/Review the attack trend reports on weekly and monthlybasis. Sending threat advisory feeds to the customer on the latest attacks and vulnerability.Suggestionstofinetunerulestoreducethefalsepositiveandthussavingmonitoringtime. Project:Chevron IT, NJ Duration:Aug 2016 Oct 2019 Responsibilities: Vulnerability Management (Scanning, Incident management, Remediation). Manage Vulnerabilities & SecurityPatchManagementprograms. VulnerabilityManagement(Rapid7,Nessus,Tenable.io,Qualys Guard)experienceScanning, Incident Management, Effective Remediation with prioritized, sanitized Reports & Plan. Analyze,Understand,andprovideremediationplansforactive/ZeroDayThreatsandVulnerabilities. Plan,Implement,Deploy,Configure,Manage,Troubleshoot,Hardware/Softwareupgrades,HardenSecuritymeasures and Controls, Fix security vulnerabilities on Infrastructure Systems. Assist in gathering vulnerabilities'data from multiple sources (i.e., external / internal penetration testing, internal/ external vulnerability scanning,etc.)acrossmultipletechnologies,tools,systems,applicationstodetermineriskratingofvulnerabilitiestoBusinessassets. ReviewVulnerabilityAssessments&Penetrationtestsreports.PrioritizeandPreparemitigationplantoreducetheSecurityRiskpostureoftheOrganization.AssistinimprovingandautomatingexistingVulnerabilityManagement Lifecycle. Effectively communicate the risks of identified vulnerabilities & make recommendationsregardingtheselectionofcost-effectiveSecurityControlsorCompensatingControlstomitigateidentifiedrisks. Leadvulnerabilityassessmentsandsecurityreviewsthroughacomprehensivetestingprocesstoidentifyingweaknessesandvulnerabilitieswithinthesystemsthataffecttheconfidentiality,integrityandavailabilityofelectronicprotectedhealthinformationandothersensitivecompanydata. Webapplicationsecurityassessments(e.g.,exploitingwebappvulnerabilitiessuchassqlinjection,cross-sitescripting,parametermanipulation,sessionhijacking).Analyzevulnerabilitytestreportsandsuggestremediation / mitigation plan. Update security tools for logging /monitoring, and increasing coverage of existingtools.Responsibleforexecutingprogramsforuserawareness,compliancemonitoring,andsecuritycompliance. Collect, aggregate, synthesize, analyze and report on data from multiple sources and formats. Provide technicalsupport to system owners to propose mitigation and remediation solutions to identified vulnerability and securityissues. Configure Scheduled, Reoccurring & On demand vulnerability and compliance scans for On Premise and CloudInfrastructure. Work with Vendors, stake holders, third parties, TAC support groups to discuss and remediate thevulnerabilities on timely fashion. Work on Continuous Improvement plan for Vulnerability management toenhance the security posture within theEnterprise with respect to vulnerabilitymanagement. Analyze,GatherCommonVulnerabilitiesandExposures(CVE)andprioritizethefactorslikewhenthreatactivityisidentified;reportincidentsthatmaycauseimmediateand/orongoingimpacttotheenvironment. AnalyzevulnerabilitySecurityforums,gatherthreatfeedsonzero-dayvulnerabilitiesandexploitstomitigatesecurityvulnerabilities. Activelypartneringwithtechnologyandtoolsteamstoreviewvulnerabilities,plantheremediationeffort,monitor plan, schedule rescan, and report. Providing analysis and validation post remediation, opportunities forimprovements and out of the box thinking for optimizations and solving road blocks. Developing vulnerabilitydashboardrequirementstoprovidetechnicalteamsandexecutiveleadershipkeydata.Trackingandreportingthestatusofvulnerabilitiesandtheirremediationonaweeklybasis. Client:Infosys Project: MSSP (Managed Security Services Provider) SOC Role:SecurityAnalyst Duration:May2013 May2016, India Responsibilities: AsaSecurityAnalyst: SIEMtoolmonitoring,logmanagementfornetworkattacksandintrusionattempts.AsTier1Analyst,Responsiblefor monitoring and analysis of Cyber Security Events, Initial incident Triage. Utilize Security Event and incidentmanagementsystemtodetectanomalousormaliciousactivity.Analyzeandescalateasappropriate. Follow standard operating procedures for detecting, classifying and reporting incidents under the supervision ofTier2andTier3staff. MonitorandescalateincomingsecurityrequestsandeventsofinterestfromdifferentexternalandinternalsourcesincludingtheITServiceDesk. Process incident communications to include initial reporting, follow-up, requests for information and resolutionactivity. Torespondtosecurityeventsbyinitiatingandcoordinatingemergencyactionstoprotectcompanyassets&itsclients. Useallofthecollecteddatatodoforensicanalysisofsecurityeventsalongwithcompliancemanagement&reporting.AnalyzingtheoffensesforBotnet,P2Pactivity,Virusthreat,Trojan,Malware,Bruteforceattack,vulnerabilityandpolicyviolationactivities. Checkingunauthorizedintrusionsintocomputersystemsfromtheexternalnetwork.Creatingticketsforthevalidoffensesandcoordinatingwiththecorrespondingteamstoremediatetheidentifiedthreats. Configurelogsourcesandgettheappliancecollectinglogs.InstallingALEagentintheservers,pointingtotheQradarcollectorandaddinglogsourcestotheQradarforthelogcollection. Allsecurityevents,networktransactions and additional contextual information (derived from correlation sets) observed during an attack orviolation. Customer-specificpolicyrulesareeasilycreatedusingtheQRadarrulesengine.Creating,modifyinganddeletingtherulesaccordingtotherequirement. Finding out the false positive offenses, modifying the rules to ignore the legitimate traffic & reducing the offensecount. Findingthefalsenegativebyanalyzingevents,flowcountinthedashboard&finetuningtherulestotriggertheoffense.Searchacrosslogsondifferentnodesandtimeperiodsbasedonspecificcriteria. Responsible for creating documentation to help the company in-case there are any breaches. Monitor & audit theinformation system security database to isolate & identify occurrences of unauthorized access; prepare reports &recommendcorrectiveaction. Useallofthecollecteddatatodoforensicanalysisofsecurityeventsalongwithcompliancemanagement&reporting.Configurelogsourcesandgettheappliancecollectinglogs. Education: Bachelor sDegreeinBiotechnology(July2008-April2012),JeppiaarEngineeringCollege,India Keywords: cprogramm database information technology New Jersey