Home

Bhargav - Network Engineer

[email protected]

Location: Terre Haute, Indiana, USA

Relocation: Yes

Visa: H1B

Professional summary:- Experienced Security Consultant with 8+ years of IT experience with a focus on designing and developing security solutions. Skilled & technically proficient with multiple firewall solutions, network security, and information security practices. Perform ongoing gap analysis of policies, procedures, and practices as they relate to established guidelines outlined by NIST, OMB, and FISMA. Manage SOX and PCI compliance program, controls and remediation efforts Knowledge and experience in standard security and regulatory frameworks including ISO 27001/31000, NIST 800 - 71, HITRUST CSF and PCI DSS Served as Security SME for Centers for Medicare and Medicaid Services (CMS) major applications Worked on many Cisco and Siemens control system devices supporting modern manufacturing environment Establish roadmaps for implementing policies and standards to align with COBIT Managed Security Expertise in Gathering and analyzing metrics, key risk indicators and maintain scorecards defined within the area of information security to ensure Data leakage prevention using Symantec, McAfee, Encryption & Key management with McAfee. Globalscape Implementing and administering SIEM tools like Q Radar, AccelOps & Splunk Experience in Security Information and Event Management Tools like IBM QRadar, Splunk and RSA Archer. Knowledge on PKI Certificate Management, Vulnerability Management using Qualys scanner appliances. Implementing and administering antivirus tools like Sophos, MacAfee AV & Cylance Performing internal security audits and based on ISO 2700, SOX compliance & CCPA. Knowledge on managing IDS/IPS Systems, NAC, and Access Management Experience in Change, Release, and Incident Management as per ITIL framework Implemented IPS for Hosted websites, as well as for all incoming traffic in Palo Alto Firewall Creating and troubleshooting Pulse Secure & Cisco based VPN platforms. Experience of executing projects and implementing tasks under ITIL standards. Expertise in Gathering and analyzing metrics, key risk indicators and maintain scorecards defined within the area of information security to ensure our information security program is performing effectively and efficiently. Familiar with gener-l security risk management principals and b practices. Been a focal contact for departments client Policies and Standards based Audit for ISO/IEC27001:2013 Standard Experienced in design, installation configuration, Administration and troubleshooting of LAN/WAN infrastructure and security using Cisco routers/Switches/firewalls. Monitored and researched Cyber Threats with a direct & indirect impact to the organization internally. Worked on Fireeye for Management Systems and for Threat Intelligence. Advanced knowledge in Cisco Switches and Routers Configurations. Advanced knowledge in TCP/IP suite and routing protocols, such as OSPF, BGP, and EIGRP. O Conduction of Security Awareness and Network training for NOC and SOC staffs Experienced in conducting Disaster Recovery drills, and following best practices for network operations and security Commendable experience in auditing, implementing & managing HIPAA, SOX, GLBA, FFIEC, ISO, NIST, PCI DSS, FISMA, SAS 701 & 11 Standards/Guidelines Assisted in the migration from traditional VPN solutions to Zscaler Private Access (ZPA) for secure access to internal applications without exposing them to the public internet. Supported multi-tenant network architectures for global enterprise clients with ZPA over 20,000 users, ensuring secure and scalable connectivity across diverse environments. Expertize skillset includes solutions for clients in the financial, retails, chemical & technology services domain. Collaborate with security teams to integrate access controls with SIEM and other security monitoring tools to detect suspicious activities Managed encryption protocols for securing VPN and SSH connections, ensuring safe and encrypted remote access Extensive experience in balancing Information Security requirements by having a broader perspective on the business process of security administration Hands on skills includes end-to-end security management (security aspects in all stages of product development) and end-to-end product development (from functional design of the system to testing and deployment) TECHNICAL SKILLS:- Qualys Continuous Monitoring: Vulnerability Management, Web Application Scanning, ThreatProtect, Policy Compliance, Cloud Agents and Asset Management Event Management: RSA Archer, Blue Coat Proxy, Norse, Splunk, NTT Security, LogRhythm Security Tools: Metasploit, NMAP, Wireshark, Kali, Burpsuite, SIEM, Solarwinds, OWASP, Splunk, Micestro, Tenable Nessus Professional. Frameworks: NIST SP 800-171, ISO 27001/31000, HIPPA, HITRUST CSF, PCI DSS Security Intelligence: WhiteHat Web Security, iDefence, NTT Security, LogRhythm, Splunk. Switches: Cisco Catalyst VSS 1440 / 6513 / 6509 / 4900/ 3750-X / 2960 Routers: Cisco Routers ASR 1002 / 7606 / 7304 / 7206 /3945 / 2951 / 2600 Firewalls: Check Point, ISA 2004/2006, Palo Alto PA3000/5000 Routing: OSPF, EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization, Static Routing Switching: VLAN, VTP, STP, PVST+, RPVST+, Inter VLAN routing & Multi-Layer Switching, Multicast operations, Layer 3 Switches, Ether channels, Transparent Bridging Protocols: TCP/IP, L2TP, PPTP, IPSEC, IKE, SSL, SSH, UDP, DHCP, DNS Nexus: Nexus 7010 / 5548 UP / 5020 / 2232 PP / 2248 TP / 1000 V UCS: Fabric Interconnect 6248/6120, IOM 2208/2204/2104, B200 M2, HP VC FLEX-10 ANS: F5 BIG-IP LTM 6900/6400, Array APV 5200/2600/TMX 5000, Cisco CSM, CSS VPN: ASA 5520, Cisco Concentrator 3030, Nortel Contivity Extranet 1500 NMS: NAM, Sniffer, Solarwinds NPM, Cisco Secure ACS 5.2, CiscoWorks Operating Systems: Windows, NT, Windows 98/XP/ 2000/2003/2007, MS-DOS, Linux Networking: Conversant in LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Fiber, Firewalls/IPS/IDS Hardware: Dell, HP, CISCO, IBM, SUN, CheckPoint, SonicWall, Barracuda Appliances, SOPHOS email appliances Education:- Bachelor s in science Master of Science. PROFESSIONAL EXPERIENCE:- Client: Penske Truck leasing Reading, PA Jan 2023 -present Role: Sr Cyber Security Network Engineer Roles & Responsibilities: - Perform real-time security log and event analysis and take action to contain and mitigate information security threats. The events will originate from SIEM, DLP, IDS/IPS, and antivirus, firewalls, and system security logs. Evaluate enterprise risks, document processes and systems in flowchart and narrative form, and design audit programs. Planning and implementing overall risk management process Conducted security assessments and penetration testing on access control mechanisms to identify potential risks Assisted in security incident management, focusing on access control-related events and working with cross- functional teams to implement remediation Provide strategic recommendations for the integration of PKI and KMS to manage and secure encryption keys for various applications and communications Oversee encryption audits and assessments, identifying vulnerabilities and ensuring encryption strength meets evolving security threats Developed IT helpdesk policies and procedures to streamline ticket handling and improve response times Supervised a team of helpdesk technicians, providing guidance and technical support for resolving IT issues across the organization Worked with internal security teams to enhance SIEM capabilities and improve the accuracy of incident detection Maintained detailed documentation of SIEM processes and security event investigations for future reference and compliance audits Created and optimized saved searches and reports to monitor system health, performance metrics, and security events Configured and maintained network switches, routers, firewalls, and VPN connections to secure and optimize the organization's network Monitored system performance and network traffic using monitoring tools like Nagios, SolarWinds, and PRTG, addressing potential issues before they impacted operations Provided timely updates to security teams on zero-day vulnerabilities, outlining the risk and mitigation steps Monitored threat intelligence feeds and security bulletins to stay ahead of new vulnerabilities and security advisories Regularly updated threat hunting playbooks to reflect new attack tactics, techniques, and procedures (TTPs) Assisted in the development and tuning of threat detection rules and alerts to minimize false positives and enhance detection accuracy Trained and mentored junior analysts on digital forensics methodologies, ensuring adherence to best practices and forensic tools. Prepare detailed forensic reports for use in legal contexts, maintaining chain of custody throughout investigations Provided support for MFA systems such as Duo, RSA SecurID, and Microsoft Authenticator, resolving issues related to authentication failures Assisted in the development of a zero trust security model, enforcing least privilege access with MFA as a critical security layer Manage and optimize Carbon Black Protection and ThreatLocker for enterprise-wide endpoint security, ensuring robust protection against malware, ransomware, and insider threats Deployed and configured Carbon Black Protection to secure endpoints across multiple environments, creating security policies to block unauthorized software and prevent fileless malware attack Implement Google Chronicle to enhance security analytics and threat detection, utilizing its scalable data storage and advanced analytics capabilities for long-term data retention and insights Lead incident response efforts, analyzing security incidents and breaches with Microsoft Sentinel and Google Chronicle, and coordinating remediation actions with IT and security teams Performed vendor due diligence, assessing the security posture and reputation of software providers before making purchasing decisions. Supported incident response activities by providing expertise on CIS hardening practices and their impact on security incidents Prepared and presented financial reports to stakeholders, highlighting key budgetary issues, risks, and opportunities Create technical and managerial level reports and risk assessments for Cloud based applications and infrastructure O Identify processes/procedures for how to handle a cloud security event, including forensic isolation and mitigation with Digital Forensics and Incident Response (DFIR/IR) teams Develop ISO-based controls that address regulatory requirements associated with PCI, HIPAA and SOX. Deliver security awareness training to employees focused on PCI DSS compliance and safe handling of payment card data Create/ enhance tools for Risk Management. Also create tools to help partners to better manage project and funds. Direct and perform reviews of internal control procedures and security for systems under development and/or enhancements to current systems Preparing, Implementing and Testing of Project specific Business Continuity Plan (BCP) Conducting Full Interruption Test to ensure the BCP preparedness Participated in all kind of BCP Activities (Business Continuity Plan) O Investigate the security logs, mitigation strategies and responsible for preparing Generic Security incident report Reported the status of projects the ISSM/ISSO office was working, to local management Review and updated System Security Plan (NIST SP 800-18), Risk Assessment (NIST SP 800-30), and Security Assessment Report (NIST SP 800-53 ). Evaluates POA&M activities to ensure identified Led enterprise security operations for infrastructure spanning 1,000+ servers and 200+ locations, managing comprehensive security stack including Zscaler Private Access (ZPA) infrastructure supporting 25,000+ users across multiple tenants, achieving 99.9% uptime and reducing security incidents by 40%. Established and executed comprehensive security frameworks for multi-tenant environment serving 20,000+ users, ensuring compliance with NIST, PCI, CIS, and IRS standards while maintaining zero security breaches Developed and implemented automated security monitoring protocols. Monitored, analyzed, and resolved security issues related to Zscaler services, ensuring optimal performance and security postur Provided training to IT staff and end-users on ZIA/ZPA configurations, best practices, and troubleshooting technique Worked with cross-functional teams to implement Zscaler and troubleshoot network-related issues, providing comprehensive technical support and maintenance Managed daily operations of Zscaler ZIA, including configuration of URL filtering, bandwidth control, and security policies for remote workers and on-site employees. Managed web proxy solutions, including Zscaler, to enforce internet security policies, control traffic, and prevent unauthorized access to web resources Conduct FISMA complaint security control assessments to ascertain the adequacy of management, operational, technical and privacy controls. Other responsibilities: Site ISSM/ISSO. Ensured site systems were compliant with required local and national security standards Compliance standards and frameworks such as PCI, NIST 800-53, HIPAA, HITRUST and Privacy standards and frameworks such as Generally Accepted Privacy Principles (GAPP) Reviewing and documenting Risk Assessme mitigation strategies Perform system and information control reviews to include system development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery, and system maintenance. Identify gaps and area of opportunities in the process followed and suggest ways to fix them Configure network scans, schedule network scans to run with bandwidth usage and ensure accurate vulnerability assessment analysis results are generated and disseminated to system owner/ISSM/ISSO Security SME for new interface between CMS and private insurance community Worked with independent auditing firms (EY, Deloitte) on SOX audits. Perform direct assist for the external auditor for SOX testing. Replaced the external auditor hired to perform SOX ITGC testing for SEC. Responsible for real time proactive monitoring of complex systems and response to known and emerging threats against the EY network via intrusion detection software Familiar with Splunk, Fidelis XPS, IP Address Management (IPAM), Microsoft Active Directory Application Mode (ADAM), Firewalls, SEP, and Stealth-watch knowledge base Conduct security assessments on networks and Industrial Control System (ICS), design cyber security solutions, support implementation of those solutions, and identify security trends and practices. Creates and maintains authentication records for all flavours of UNIX (Linux, AIX, and Solaris) and Windows, as well as for databases using Basic and Cyber-Ark Vault authentication records. Scope includes entire Novartis global data centers and work sites using QualysGuard. Experience with security tools from various vendors to include: Cisco, CheckPoint, IronPort, McAfee, Symantec, Sourcefire, Sophos, ArcSight, Tenable, Juniper, Imperva, BlueCoat, Encase, Fire Eye, Bitlocker Conduct operational, compliance, financial and investigative audits Monitored Security Management Console for Security Operation Centre (SOC) for ensuring confidentiality, Integrity and Availability of Information systems Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, Solutionary and LogRhythm. O Managed Cyber Security threats through prevention, detection, response, escalation and reporting in effort to protect Enterprise IT Assets through Computer Security Incident Response Team (CSIRT). Responsibilities for CSIRT included SIEM, Context Filtering, Web Security, Incident Tracking, IPS/IDS and Malware Analysis. Developing customized Shell scripts in order to install, manage, configure multiple instances of Splunk forwarders, indexers, search heads, deployment servers. Used SPLUNK forwarders to provide reliable and secure collection and delivery of data to the Splunk platform for indexing, storage and analysis. Managed enterprise-wide Splunk deployment including index configuration, capacity planning, and performance optimization across multiple departments Implemented and maintained Splunk Universal Forwarders across distributed environments, ensuring efficient data collection and transmission Conducted thorough research and testing of Splunk add-ons to enhance data parsing and visualization capabilities Integrated Splunk with SIEM and security tools to create comprehensive security monitoring and alerting framework Implemented role-based access control (RBAC) in Splunk environment to ensure secure data access and compliance Provide regular support guidance to Splunk project teams on complex solution and issue resolution Assisted administrators to ensure whether SPLUNK is actively and accurately running and monitoring on the current infrastructure implementation Responsible to check the SPLUNK logs for web server so as to avoid server time down during production Managing TCP hosts through SPLUNK deployment server. Pushing configurations and grouping servers to push similar configurations at the same time Worked on setting up Splunk to capture and analyze data from various layers Load Balancers, Web servers and application servers. Device Vulnerability and Threat management with Cyber Security Team DLP- Data Loss Prevention monitoring and investigations using Risk Fabric & Symante Enforcer Stealth Watch for Net Flow and Network Security Monitoring O Training new Employees in Security Incident Management Procedures Monitor security functionality (IDS/IPS and Endpoint) and report daily operational metrics; provide scheduled management reports on risk status of network infrastructure, applications, internet activity, email filtering, vulnerability management and security metrics Designed core scripts to automate Splunk Maintenance and alerting tasks. Expert in Analyzing the Security Related Logs from various sources using SIEM system which creates alerts whenever it detects Anamolous Transactions and also blocks malicious activities. Designed core scripts to automate Splunk Maintenance and alerting tasks Provided necessary designs and implemented security solutions for egress/ingress points using the IPS/IDS sensors across the networks to provide better incident handling and event monitoring Managed a Vulnerability Remediation Team (VRT) for reporting all the scan reports and guided them to fix the vulnerabilities and patches using the QID's, Bugtraq ID's and CVE ID's from knowledge base from vendors Managed to secure the devices across entire network by using the ThreatProtect Module from Qualys. Measured the level of Severity of devices to fix the issues arising from them by providing solution Client: Collins Aerospace Aguadilla, PR Jul 2019 Dec 2022 Role: Cyber Security/ Information Security and Compliance Analyst As a member of Infrastructure security team, responsible for configuration, implementation & maintenance of various cyber security technologies like Forcepoint web proxy, O365 Security, McAfee IPS, ArcSight SIEM. Roles & Responsibilities:- Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce the risk of vulnerability to IT assets Developed various functions including identifying, protecting, detecting, responding and recovering for performing concurrent and continuous operation of dynamic security risk Provided suggestions and inputs for Global Security Council and Privacy as a part of project consulting towards Information Security and Cyber Intelligence Designed and implemented methods to discover risk in in-house products and services and track them to resolve by providing solutions Planning audit activities, including coordination, scheduling, reporting results, and follow up Trained employees on access control best practices and the importance of secure password management and MFA Manage access control configurations for various systems, ensuring that roles, permissions, and entitlements adhere to the principle of least privilege (PoLP) Develop and enforce encryption policies that align with organizational security objectives and compliance requirements Implemented robust encryption solutions to secure financial data and critical business communications Monitor and analyze security logs and reports to detect and address suspicious activity in real-time Tracked and resolved IT support tickets using IT service management tools, maintaining high customer satisfaction and fast resolution times Monitored security events using SIEM tools, correlating log data from firewalls, IDS/IPS, antivirus, and endpoint security solutions Developed use cases and alerts for SIEM to detect common attack patterns such as brute force, data exfiltration, and malware infections. Configured network services such as DNS, DHCP, and file/print sharing, maintaining consistent uptime and efficient operation Oversee the deployment and management of Active Directory, DNS, DHCP, and network file shares, providing secure and efficient user access to resources Leveraged threat intelligence and indicators of attack (IoAs) to uncover malicious behavior and reduce dwell time of attackers Led daily threat hunting operations, analyzing network and endpoint data for suspicious activity and potential threats Recover deleted or encrypted data using advanced forensic tools, ensuring integrity and accuracy of evidence for legal proceedings Worked closely with legal teams to provide expert testimony and detailed forensic reports for litigation and regulatory purposes. Performed risk assessments and gap analyses, evaluating existing authentication methods and identifying areas for MFA implementation Integrated MFA with identity providers and single sign-on (SSO) systems, providing seamless and secure authentication for users Monitor threat activity using behavioral analytics, leveraging Carbon Black's advanced threat detection capabilities to proactively detect and respond to suspicious activities Worked closely with IT operations to ensure seamless deployment of Carbon Black and ThreatLocker agents across Windows and Linux endpoints Implemented Microsoft Defender s suite of security tools across the organization, providing protection against malware, ransomware, and other advanced threats Conduct security assessments using Microsoft Defender s built-in threat intelligence and Google Chronicle s analytics to identify potential vulnerabilities and threats Assisted in the development of Software procurement policies and procedures, incorporating best practices and lessons learned from previous acquisitions Implemented and managed CIS hardening benchmarks for a range of operating systems, applications, and network devices, improving security posture and reducing attack surfaces Supported the implementation of financial controls and processes to ensure accurate budgeting and reporting Provided technical support and training to IT staff on the use of ZIA and other web proxy tools, ensuring effective utilization and compliance with security standards Develop, implement, and review security policies and procedures to enhance organizational adherence to PCI DSS and data security best practices Worked with clients to implement multi-factor authentication (MFA), encryption, and other critical PCI DSS requirements Monitored RSA Archer as a Security Management Console to see Data Loss Prevention Events, ePO Detections, SourceFire Events Classifications, Bluecoat Malware Detections and Analysis of WhiteHat Web Application security scanning Implement necessary security controls and enhancements on the ICS. O RSA Archer used as an audit management tool for inputting various information and dashboards to showcase to improve the risk and control functions against Risk, IT Governance and Compliance Opened, Assigned and closed the tickets assigned in SOC Security Management Console towards Qualys for various Remediation Process and Patch Management Process Support security compliance initiatives and assessments including responses to client security organization audits, questionnaires Created & Managed Lifecycle Plan for proper usage of the scanners all over the network and planned future deployments Experienced working on Solarwinds SIEM to instantly improve security and compliance Vulnerability Management: Configured Qualys Guard Tool for Vulnerability Analysis of Devices and Applications. Monitored them constantly through the dashboard by running the reports all the time Created Asset Groups, scheduled Scans/Reports for smooth remediation process and assigned the correct sensors to those scanners placed in the network. Managed all the scans including discovery maps, authentication scans to ensure proper scheduling, reporting and smooth functioning of IP's. Managed Qualys Cloud Agents. Assisted in installing them over the devices, servers or also for remote users Scanned the entire devices using the cloud agents whenever needed for employees working from home and provided the solutions to fix the vulnerability Configured and optimized Private and Public Service Edges within Zscaler to enhance application connectivity and ensure seamless, secure access for large enterprise environments with 20,000+ ZPA users Implemented advanced troubleshooting and problem resolution for high-availability network setups, managing multiple firewalls, switches, routers, and load balancers across 1,000+ servers and over 200 locations to maintain optimal security Implemented Zscaler dashboards and analytics to monitor traffic, security events, and performance metrics, ensuring continuous optimization of Zscaler services. Regularly provided reports on Zscaler performance, detailing security threats blocked, bandwidth usage, and compliance to executives and stakeholders. Worked on Qualys Web Application Scanning for monitoring the Web Applications, filtering and crawl scoping to detect the vulnerabilities in the web applications and fix them Log analysis from various devices such as proxies, firewalls, IPS/IDS, Desktops, laptops, servers, SIEM tool logs, routers, switches, AD servers, DHCP servers, Access Control Systems, etc Perform user administration, Active Directory user management functions like Identity Management, Access Management, Directory Management, Single Sign-On, Federation, and Role Based Access systems Work on technical examination, analysis and reporting of computer-based evidence Utilize forensic tools and investigative methods to find electronic data, including Internet use history, word processing documents, images, and other files. Created and maintained Splunk correlation rules for detecting security anomalies in aerospace manufacturing systems Implemented automated Splunk data ingestion for critical aerospace control systems and security appliances Developed custom Splunk apps and dashboards for real-time monitoring of aerospace systems and security metrics Client: Volkswagen Credit, NY Nov 2018 - Jun 2019 Role: Network & Security engineer. High-risk system access reviews for CCPA scoped applications, data centers, and domain user accounts using Termination, provisioning review methods, encryption, Vulnerability management and Penetration testing Access reviewer tool to review High privileged accounts & highly sensitive application that contains PCI & PII Data. Roles & Responsibilities:- Experience on conducting full interruption test to test the BCP preparedness Extended my support to Transition Risk Management team in reviewing RAD Coordinate the VA testing in advance with the system ISSO and the Government SOC TM to assure coordination with network maintenance, availability, and operations. Coordinate with system owner/ISSM/ISSO any necessary changes to the schedule Investigate the security logs, mitigation strategies and Responsible for preparing Generic Security incident report. Performed risk analysis using State approved risk analysis methodology based on NIST SP 800-30 and ISO IEC 17799 methodologies Assisted in PCI DSS assessments by preparing documentation, supporting audits, and working with security vendors to address vulnerabilities Provided consulting services to clients on PCI DSS compliance, guiding them through the entire process from gap analysis to certification Utilize Qualysguard as primary tool to monitor tickets and vulnerabilities. Utilize Qualysguard as primary tool to monitor and report Policy Compliance, based on NIST, ISO2007 and CIS Benchmarks Conduct Business Impact Analysis (BIA) to analyze mission-critical business functions, and identify and quantify the impact those functions if these are interrupted Provided leadership in architecting and implementing security solutions towards Qualys and SIEM tools like Splunk, Solutionary, LogRhythm, SCCM, Altiris, LanDesk, BigFix, McAfee/Symantec, Cabon Black, NXlo Deploy and support information security systems and solutions such as key management, IPS/IDS, SIEM, MDM, NAC, APT detection, and endpoint management for remote user Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention Perform and document audit activities in accordance with professional standards such as COBIT, COSO and SOX internal control frameworks Audit Project. Coordinate special projects such as Segregation of Duties (SOD) and SOX Compliance audit. Provide a security review of system documentation, audit logs, rule set and configuration to validate policy compliance, Report IT security incidents in accordance with established procedures Plan, develop, implement, and maintain an Incident Response and Audit Program for events of interest and address Plan of Action and Milestones (POA&Ms) in continuous monitoring with various point of contact Audit risk-based Quarterly Account Provisioning, and Role Change/Job Transfer Reconciliations. Prepare project scorecards and provide status updates in granular level to SSE IT Controllership team on a weekly basis and key stakeholders on a bi-weekly basis. Prioritize remediation of gaps based on internal and external audits. Prepare security and compliance reports by collecting, analyzing, and summarizing data. Assist in providing support of the enterprise vulnerability management program. Collect and present detailed status at a granular level (trackers, reports, documentation) Consolidate the IT inventory of systems in scope (App/DB/OS) Identify reviewers and map in the inventory. Create assets in Access Reviewer Tool if required for performing the review. Monitor and track the responses for the review of timeline. Extract 'after list' and validate the change implementation. Review and validate the review document for completeness and accuracy Experience with EndPoint management software, such as Tanium, Sophos, Altiris, Avast, Symantec, Gravityzone, Avira, Kaspersky, Webroot, F-Secure Led migration of legacy logging systems to Splunk, reducing incident response time by 40% Configured Splunk Universal Forwarders across 1000+ endpoints for comprehensive log collection and analysis Developed custom Splunk dashboards for monitoring financial transaction security and fraud detection Plus91 Technologies Pvt Ltd Pune India. July 2015 to Aug 2017 Role: Security Engineer Configuring Qualys scans and creating accounts for the business security team to verify the vulnerabilities and remediation procedures. Providing the base line option profiles for businesses to scan their devices and monitor traffic logs using Accelops SIEM tool. Roles & Responsibilities:- Monitored SIEM and IDS/IPS feeds to identify possible enterprise threats. Investigate and triage threats to determine nature of incident. Conduct Security Risk Assessment on all new applications, IT Systems or changes to existing IT systems to verify if they satisfy established security baseline before adoption into Corporate Assist management in authorizing the IT Systems for operation on the basis of whether the residual risk is at an acceptable level or whether additional compensating controls should be implemented. plans, training and testing were executed appropriately and discuss lessons learnt Monitor and respond to Qualys incidents which couldn t be resolved by L2 s. Creation of baseline policies with all the QID s for business to use. Helped to research open-source intelligence feeds for current and emerging threat information. Ability to conduct manual Penetration Tests on sensitive systems. Utilized tools such as NMAP, Nessus, Qualys to accomplish network reconnaissance and surveillance in preparation for exploitation. Assisted in engineering integration to other key security systems. Handling the compatibility issues that arises due to Qualys scans. Risk analysis using Qualys console for specific asset groups based on the request. Preparing the Standard operating procedures and basic documentation for known issues Coordination with the Qualys vendor for new(unknown) issues Created and supported security awareness programs to inform and educate employees. Testing source code and running code Participate in meetings to discuss system boundaries for new or updated systems to help determine information types for categorization purposes. Determine the classification of information systems to aid in selecting appropriate controls for protecting the system Keywords: business intelligence database active directory information technology ffive hewlett packard microsoft Idaho New York Pennsylvania Virginia Wisconsin