Senior Information Technology Security Analyst - SST Team

• Apr 2018 - Present

Worked extensively on SIEM to secure the state clients from cyber threatWorked as a SOC Analyst in 24/7 environment with 12 Hours shifts both day and Night on rotation based. Usually shift time were 8AM to 8PM and 8PM to 8AMWorked on Q Radar SIEM for logs sourcesWorked with state client for any requirement, gathered information and created procedure as per client and trained to the team member about process and procedure.Reviewed the tickets created by Team members and correct them if any errors found to maintain quality.First point of contact to all team members to explain any procedure so that they understand reason for what they are working.Develop and continually improve incident response runbooks to ensure we efficiently and effectively analyze and respond to security alertsWork on suspicious email submitted to DIS by different agencies which were suspected to be a Phishing.Triage and investigate cybersecurity alertsMonitor and respond to alerts generated by Q Radar SIEMFollow established incident response processes to triage security eventsTriage issues escalated to the SOC team ensuring quick and appropriate follow-up actions are takenDevelop and tune cybersecurity alerts and dashboardsDocument and manage investigations and incidents in our Incident Management SystemImprove our detection capabilities by building and enhancing alert rules and actively hunting for evidence of malicious activity Show less

Security Analyst Lead - K12 Project

• Jun 2016 - Apr 2018

Provide Linux Support and System Administration for over 254 HP Servers Gen7 and Gen8: DL160, DL165, DL380P, etc.Work with all internal groups and customer to ensure data integrity and security.Design and implement complex network solutions in compliance with customer requirements.Analyzing business cases, architectural diagrams, and supporting documents for connectivity requests.Planned, scheduled and coordinated with K-12 clients for swap of the server.Installed snort on servers for monitoring their network activity.Updated the snort versions 2.9.7.2, 2.9.8.0 and 2.9.8.3 on sensors as per the requirements.Monitoring the server’s performance on Nagios.Perform vulnerability scan with Nessus for improper configurations, missing patches, hosts, network, and insecure credentials and accounts.Involved in the process of identification, prioritization and remediation of vulnerabilities before threat actors exploit them, thus eroding the CIA of enterprise assets.Determined the Scan configuration and scan criteria for Vulnerability management.Monitors security incident and event management (SIEM) and logging environments for security events and alerts to potential (or active) threats, intrusions, and/or compromisesRespond to network and host-based security events.Minimize the dwell time of threat actors by monitoring, triaging, and validating security events, while maintaining thorough documentation in the case management system.Operate with little-to-no direction and define relationships between seemingly unrelated events through deductive reasoning.Actively hunt for and dissect previously unidentified threats in the environment.Participate in intelligence sharing and trust groups, then apply this knowledge to security controls.Lead the project for transition of K-12 clients to under Cisco umbrella security Platform Show less

Security Analyst - DHS Project

• Apr 2015 - Jun 2016

Planned, scheduled and Implemented OS patches on Linux boxes as a part of proactive maintenance. Co-ordinate with clients to make the server up ASAP if it is down due to any reason.Harden and secure LINUX servers as well as monitor security reports and logs.Consistently reduced or eliminated downtime through troubleshooting and timely repairs.Scheduled and Maintained daily IDS and Malware reports for all clients.Worked extensively on SIEM to secure the state clients from cyber threat.Worked on Q Radar SIEM for logs sources.Monitoring the traffic of various state clients on SIEMRaising of incident report on IRT if some suspicious traffic is monitored on SIEMCompleted the smooth transition of project from Division of Information Security (DIS) to Security Law Enforcement Division (SLED) including Asset management, Audit for last 10 Years. Show less

NSOC Analyst

• Jun 2020 - Present

Create, maintain, and document tools and automation for handling system state and operational excellence Knowledge of network troubleshooting, traceroutes, pings, Monitor fault and performance of network infrastructure and networked applications Investigate and research improvements on existing workflows to improve efficiency Worked on monthly reports to calculate total outage, outage during business hours, non-business hours and any impact on business Worked on disaster recovery and back up plan in case of disaster. Lead the project for availability of business application talked to various business owner to understand what impacted the business; and identified the most common reason. Configured Solarwinds ;Created modified alerts;Monitored and analyzed systems utilizing Solarwinds Performed routine checks and triage, escalation of any critical alerts Created and updated documentation, policies and Procedures. Experience with identity and access management solutions such as LDAP, Active Directory, XAML, SAML and multi factor authentication Worked with Audit teams to assess and provide reports Worked with AD teams on SSL certs and service account renewal procedure and created documents for end users Show less

Security Analyst

• Apr 2018 - Present

Cyber Security Analyst

• Apr 2018 - Present

Security Analyst

• Aug 2019 - Jun 2020

Oftentimes, vessels are unable to visit business-oriented websites due to ZScaler restrictions.Cybersecurity wishes to have the SOC whitelist sites as needed. So perform analysis before whitelist using online tools.Analyze alerts setup to monitor for Impossible logins due to location data within O365 and Azure.• The vSOC responsibility will be to kill VPN connections of compromised accounts after the Impossible Travel alert has come in and the user’s password has been resetCustomers who couldn’t access certain websites raised tickets, so we investigate the website looking is it malicious or not accordingly whitelist if it is safeWhitelist website on Zscaler if it is safeprovide initial investigation when a FW is reported down in Crowley’s environment and follow next step procedures accordinglyWorked on alerts for Firewall down and escalate accordingly by call, email and texting to on call person.Log in Firewall and check logs and timestamp to make sure everything looks good Show less

Security Analyst

• May 2019 - Mar 2020

Responded to Splunk alerts in a prescribed manner, thus improving the effectiveness of information security. Alerted the notable events according to playbook and standard operations procedures Escalated the Critical alerts to Tier 2 by call and email. Ensure SOC Analyst team provide excellent customer service Worked on diagnosing risk, Security and compliance incidents with issues involving extensive analysis Assist to recommending security resolutions to management for better malware detection and endpoint security. Providing Security Operation Centre (SOC) support, analyze a variety of network and host-based security logs. Worked on priority of events like Critical; high and medium. Worked on log analysis using Splunk SIEM Worked on development of new Usecases procedures. Show less

Cyber Security Engineer

• Jan 2015 - Feb 2019

Linux System Administrator

• May 2013 - Dec 2014

Jr Linux Admin

• Mar 2011 - Feb 2013