Home

Deepak Manam - IT Security Engineer / Security Manager

[email protected]

Location: Waltham, Massachusetts, USA

Relocation: open for Relocation anyhere in USA

Visa: GC

Deepak Manam - (978) 800-7432 - [email protected] PROFESSIONAL SUMMARY: With over 10 years of experience in IT security, specializing in Threat Detection, SIEM (Splunk, QRadar), Vulnerability Assessment (Rapid7, Akamai, Qualys), AWS & Azure services, and Incident Response, expertise includes managing data encryption in Databricks, automating incident response with SOAR, and leading SAST/DAST vulnerability assessments. Proficient in cloud security (AWS, Azure, Google Cloud), with additional skills in IAM integration, firewall rule management, network segmentation, DLP policies in Microsoft 365, and threat management. Knowledgeable in OWSAP Top 10 vulnerabilities, SAML-Ping Federate, database activity monitoring (DAM), and building high-performing cybersecurity teams. PROFESSIONAL EXPERIENCE: Amwell, Massachusetts Oct 22 to Till Date Security Engineer/IT Security Manager (Blue Team-SECOPS) Worked on Threat Platforms providing Security information and recommendations on latest emerging threats & Vulnerabilities. Reported on customer data from Customer security appliances and SIEM to identify risks on AWS & Azure cloud-based accounts. Design and develop integration and automation between the organization s cyber security departmental tooling and software suites that maintain platforms. Implemented robust encryption mechanisms for data at rest and in transit within Databricks environments, ensuring compliance with industry standards. Developed and implemented a SOAR solution to streamline the incident response process and improve security operations. Managed the migration of the client s on-premises Exchange Server to Microsoft 365, ensuring a seamless transition with minimal downtime. Led the implementation of an enterprise-wide risk management framework for a multinational corporation, resulting in a 30% reduction in security incidents and improved regulatory compliance. Customize dashboard creation on SIEM for UBA, cisco, Checkpoint and Palo alto firewalls, switches, routers, legacy servers in Splunk, QRadar, MSS Onboard devices into SIEM (Splunk and QRadar) for log monitoring. Implemented Checkmarx for automated static application security testing, improving code quality and security. Implemented Cribl stream to legacy SIEM for easy onboarding of log sources. Getting data into your SIEM easier using Cribl stream. Ensured adherence to GDPR, HIPAA, and SOC 2 compliance standards through stringent data governance policies and regular audits. Integrated Checkmarx with CI/CD pipelines to enable continuous security checks and reduce time to detect vulnerabilities. Led the design and implementation of the SOAR platform, including integration with existing security tools and systems. Configured Microsoft Defender for Office 365 to provide advanced threat protection, including safe links and safe attachments. Functioned as primary focal point for customer regarding vulnerability scanning, web app scanning (Qualys,akamai), reviewing results, organizing findings into spreadsheet, facilitating recurring calls to disseminate and prioritize findings, providing recommendations to mitigate, and continuing to follow-up. Developed vulnerability management. Developed and implemented a third-party vendor risk management program ensuring all vendors met the organization s security standards before onboarding. Conducted security training and awareness programs to promote best practices within the team. Performed ADHOC scanning, discovery for legacy environments using qualys and tenable. Create NIST 800-53,800-53A,37 for running compliance-based access controls Analyze and review data from SIEM - QRadar for suspicious activity and trigger alerts to the concerned teams and applying rules and Building Blocks to SIEM. Designed and implemented a Zero Trust security architecture, leveraging IAM principles such as least privilege, continuous authentication, and network segmentation, resulting in enhanced protection against insider threats. Involved in leading Security Incident Response Team (SIRT) Performed vulnerability scanning using Qualys and Nessus. Extensive experience in securing Kubernetes clusters, ensuring containerized applications are protected against vulnerabilities and threats.Integrated SOAR with SIEMs, endpoint protection systems, and threat intelligence platforms to enhance overall security posture. Dedicated security monitoring and analysis of cyber security events (Triage) of tracking phishing URLs, and emails and deep dug investigations Designed architecture layout For VPN Integration with Ping Identity for Multifactor Authentication with Ping Identity Products. Designed and implemented data backup and recovery strategies for Databricks to ensure business continuity and data availability in case of disasters or data loss incidents. Integration of different devices/applications/databases/ operating systems with QRadar SIEM For configuration required to integrate PingID Multi-Factor authentication (MFA) into your VPN or remote access system Monitor security alerts from IBM QRadar and report any issues to the concerned team Monitor and analyze data feeds of events and logs from firewalls, routers, and other network devices or host systems for security violations and identify vulnerabilities-Qualys. Implemented network segmentation within Kubernetes clusters to isolate sensitive workloads and minimize attack surfaces. Implemented MFA for accessing Databricks environments to add an extra layer of security, ensuring only authorized users could gain access. Conducted SAST and DAST with tools like HP Fortify, IBM Appscan, Web inspect, Nmap, Nessus,Qualys Analyzed the Exploited systems with vulnerabilities using Metasploit framework Static and dynamic scanning of various application using HP Fortify and HP Web inspect, identify false positives and reports it to SOC Configure and install McAfee IPS sensors, and Cisco ASA with Firepower Appliances. Created automated scripts and tools to perform regular security compliance checks on Databricks environments, reducing manual effort and ensuring continuous compliance. Troubleshot and resolved client communication problems, and firewall and McAfee IPS blocking problems Implemented and maintained McAfee Endpoint Encryption system to protect computers Advanced threat detection, Antivirus, MacAfee IDS/IPS rule sets and signature creation, packet analysis Coordinate with subject matter experts to resolve any security incidents and correlate threat assessment data as needed Research and recommend corrective actions to ensure information dissemination regarding targeted or potentially targeted attacks Support in the detection, understanding and resolving information security incidents affecting information systems & the business Configured and optimized Microsoft Defender for Office 365 s Advanced Threat Protection (ATP) to detect and block sophisticated email-based attacks. Responsible for the maintenance of the Disaster Recovery for incremental Backups Responsible for IBM QRadar SIEM monitoring and configuration aligned to internal PCI and SOX controls Performed day-to-day administration of McAfee EPO 5.1 for maintenance of system policies, container maintenance, coordination of system maintenance and client upgrades for desktop environment Responsible for assisting various sites with troubleshooting and integrating all aspects of the ePO5.3 suite to include HIPS, Asset Baseline Monitor, AV, Rogue System detection, Policy Auditor Perform vulnerability scanning and assist with compliance auditing to ensure customer networks conform to all relevant compliance standards, including NIST PCI-DSS, HIPAA and Sarbanes-Oxley Manages PCI Compliance Program for organization protecting cardholder data and executing the PCI-DSS Program Life Cycle. Shell - Houston, TX Apr 19 to Sep 22 Security Engineer/Security Operations Analyze and review data from SIEM - QRadar for suspicious activity and trigger alerts to the concerned teams and applying rules and Building Blocks to SIEM Involved in leading Security Incident Response Team (SIRT). Monitored and analyzed Checkmarx scan results to identify trends and recurring security issues, driving improvements in coding practices. SIEM integration with Qualys Led the development of an automated incident response system using SOAR technology to enhance the efficiency of the security operations center (SOC). Configured and maintained Checkmarx for various programming languages and frameworks, ensuring comprehensive security coverage. Secured Kubernetes clusters deployed across AWS, Azure, and Google Cloud by implementing unified security policies and automated compliance checks. Dedicated security monitoring and analysis of cyber security events (Triage) of tracking phishing URLs, and emails and deep dug investigations Integration of different devices/applications/databases/ operating systems with QRadar SIEM Ran ad-Hoc scans using Qualys vulnerability scanner Monitor security alerts from IBM QRadar and report any issues to the concerned team. Developed and implemented security policies within Checkmarx to enforce secure coding standards and guidelines. Monitor and analyze data feeds of events and logs from firewalls, routers, and other network devices or host systems for security violations and identify vulnerabilities Conducted SAST and DAST with tools like HP Fortify, IBM Appscan, Web-inspect, Nmap, Nessus. Designed and configured the SOAR system to integrate with existing security tools, including SIEM and threat intelligence platforms. Analyzed the Exploited systems with vulnerabilities using Metasploit framework Static and dynamic scanning of various application using HP Fortify and HP Web inspect, identify false positives and reports it to SOC Configure and install McAfee IPS sensors, and Cisco ASA with Firepower Appliances Troubleshot and resolved client communication problems, and firewall and McAfee IPS blocking problems Implemented and maintained McAfee Endpoint Encryption system to protect computers Advanced threat detection, Antivirus, MacAfee IDS/IPS rule sets and signature creation, packet analysis Coordinate with subject matter experts to resolve any security incidents and correlate threat assessment data as needed. Automated image scanning and vulnerability management using Aqua Security integrated with CI/CD pipelines. Support in the detection, understanding and resolving information security incidents affecting information systems & the business Integrated the SOAR platform with threat intelligence feeds and existing security systems to enrich detection capabilities. Research and recommend corrective actions to ensure information dissemination regarding targeted or potentially targeted attacks Responsible for the maintenance of the Disaster Recovery for incremental Backups Responsible for IBM QRadar SIEM monitoring and configuration aligned to internal PCI and SOX controls Performed day-to-day administration of McAfee EPO 5.1 for maintenance of system policies, container maintenance, coordination of system maintenance and client upgrades for desktop environment Responsible for assisting various sites with troubleshooting and integrating all aspects of the ePO5.3 suite to include HIPS, Asset Baseline Monitor, AV, Rogue System detection, Policy Auditor. Upgraded and optimized the existing SOAR platform to handle increased data volumes and improve response capabilities. Perform vulnerability scanning and assist with compliance auditing to ensure customer networks conform to all relevant compliance standards, including PCI-DSS, HIPAA and Sarbanes-Oxley Manages PCI Compliance Program for organization protecting cardholder data and executing the PCI-DSS Program Life Cycle. Integrated IAM with data protection mechanisms to enforce role-based access controls (RBAC) for sensitive datasets, reducing insider threat risks and ensuring that only authorized personnel could access critical data. Southwestern Energy - Spring, TX Aug 16 to Mar 19 Security Engineer Analyze and review data from, SIEM QRadar, Splunk for suspicious activity and trigger alerts to the concerned teams Integrated Vulnerability scanning tool Qualys into QRadar, Splunk Troubleshoot and researched security incidents based on QRadar, Splunk Network Flow and Log Activity Analysis of multiple log sources including firewalls, routers, switches, web servers and multiple networking devices Responsible for assisting with deployment of network infrastructure configurations across multiple product and technologies Integrated compliance tools and reporting requirements into the SOAR platform. Acted as the primary responder for managed security incidents pertaining to client firewalls and all network infrastructure components Responsible for the maintenance of the Disaster Recovery plan and Business Continuity Plans Part of the Blue Team to identify the vulnerabilities and have a defense mechanism in place Learned and helped IR team with Log collections, analysis, and forensic activities Investigating logs and payloads for server crashes/core dumps, DDoS attacks, SQL/XSS, SPAM, etc. Automated security checks using tools like Trivy and Anchore during CI/CD, preventing the deployment of vulnerable images. Installing and configuring Qualys in premises and on cloud environment Responsible for performing vulnerability assessment on critical systems using Qualys Configured and scheduled Qualys Scanner in QRadar to perform scan on regular intervals Collaborate with team members in tuning SIEM applications to establish a baseline for network activity and rule out false positive events Coordinate with SMEs to resolve any security incidents and correlate threat assessment data as needed Support in the detection, understanding and resolving information security incidents affecting information systems & the business Research and recommend corrective actions to ensure information dissemination regarding targeted or potentially targeted attacks. Developed custom scripts for automating security audits and generating compliance reports for management. Investigate, document and recommend appropriate corrective action plans relating to IT security Provide root cause analysis and remediation techniques for management regarding security incidents and governance documents. Citigroup New York, NY Feb 14 to July 16 Security Analyst Monitor, Analyze and respond to security incidents in the infrastructure Troubleshoot any security issues found in the infrastructure per the security standards and procedures Expert in using Burp Suite for web application penetration tests Actively used NMAP for port scanning and made sure only appropriate ports are in use Actively researched on any security gaps that are beyond the ability of detection by any security scanner Responsible for performing periodic Vulnerability assessment (VA) as per the security policy and standards Involved in documenting all web applications and systems, audit data and ensuring compliance with legal and regulatory requirements Engaged the development team to incorporate security in all phases of SDLC and to perform Threat Modeling, Risk Management, Logging, Penetration Testing, etc. Conducted application penetration testing of 20+ business applications and compliance audits. TECHNICAL SKILLS: SIEM Tools: QRadar, Splunk, Symantec MSS EDR: Crowd strike, MS-Defender ATP, Mcafee, Cylance, carbon black Security/Vulnerability: Snort, Wireshark, Insight Vm Nexpose, Nessus, Qualys Appscan, Web inspects, Fortify Firewalls Checkpoints, Palo Alto next gen PA820, PA3200, PA220 Fortigate 1500,3600,3700 Compliance: SOX (CoBIT, Coso) PCI, NIST SP 800-53,53A, HIPAA, HITRUST, MARS-E 2.0, FISMA Networking Protocols: TCP/IP, HTTP/HTTPS, SSH, SSL, DNS, SNMP Networking Monitoring: Routers, Switches, Load balancers, Cisco VPN, NAC/NAP Email Security Tools: O-365 Suite, Barracuda-spam firewall, Guava-E-mail Filtering Service MFA & SSO: Ping Identity (Ping-one, Ping-Federate) Encryption: Two fish, Blowfish, AES Threat Management: Fire eye, MacAfee _epos & Hips, Websense, I prism (URL filtering service), Fortinet s Network Monitoring: ScienceLogic, Solar winds (NPM, SAM) Patch Management: Lumension-Prism, sccm Certificate Monitoring: Digi-cert Operating Systems: Linux (kali Linux, red hat Linux), Windows Ticketing Systems: Service Now, Remedy, Heat, Clarify DAM: IBM Info Sphere Guardium DLP & EDR TOOLS: SYMENTEC, digital guardian, Mcafee EDUCATION: Bachelor of Technology in Mechanical Engineering JNTU, Hyderabad, India - 2011 M.S. Mechanical Engineering - The University of Texas, Austin, TX (2011-2013) Keywords: continuous integration continuous deployment active directory information technology hewlett packard microsoft New York Texas Virginia