Information Security Engineer with SIEM solution frame work administration and monitoring in RSA envision, Arcsight, Imperva Securesphere, Cyberark, CA Identity Solution support with over 10 years of experience. I have performed various roles in network security administration, users and system administration, IT risk and compliance. This includes managing access of users to different applications and servers, Information Security Incident, SOX & PCI compliance check and Threat Analysis with reporting and remediation. I have been auditing different IT systems like mainframe, windows, UNIX checking the non-compliances with respect to Global IT Security standards. Also coordinated with different IT teams and users to ensure that they adhere to best security practices and procedures without violation of standard norms. Have led teams to strive for common shared goal and ensuring quality in service delivery. Provided transition to new team-members and mentoring during projects.
Key Skills
Security Information and Event Management(SIEM).
RSA enVision 3.5, 4.0 and 4.1
ArcSight ESM.
Information security Log monitoring and reporting
Qualys Guard certificied
Privilege Access management on UNIX, linux and Active Directory
ITIL V3 Process( Incident Management, Change Management and Problem Management)
Incident handling Tools- BMC Remedy, HPSC, ServiceNow
Database Vulnerability and compliance solution(Imperva Securesphere)
Regulatory Compliance
Risk Management
Securonix UEBA certified
CA Identity Manager v12.6
Preparing for CISSP certification
Projects handled within Wipro Technologies
Apr 2018 till Date Project#6 Identity Governance/Management Client-United Energy, Melbourne
Project Description: This project is about onboarding of new users within United Energy domain and governing their accesses to different applications and systems using CA Identity Manager. Post user end-date decommissioning system access and user attributes in accordance with best Industry standards.
Responsibilities:
Create User (add or on-board) – Provide access for a new employee, contractor or service provider.
Modifying a user’s profile including manager, department, contact details etc.
Requesting changes to access to system(s) or service(s), adding, removing or modifying existing access rights on the basis of requests coming into ServiceNow remedy tool.
Disable User (remove or off-board) – Remove access rights for a departing employee, contractor or service provider.
Running queries to perform upload of users list in bulk for mapping/un mapping to roles.
Bulk Updates – Perform bulk changes for a number of scenarios such as an organizational structure change or on-boarding a new service provider.
Re-Activate User – Re-enable access rights for a returning contractor or service provider employee.
Access Review – Conduct reconciliation between IAM access records and application access rights and address any inconsistencies.
Approve Requests – Approve access to key applications, systems and/or services.
Action/Initiate/Implement Requests – Perform activities in relation to SNOW requests relating to UAM.
Helping in migration of user identities from CA Identity Manager to Sailpoint Identity Solution.
Jan 2018 till Mar 2018 Project#5 Network Application On-boarding Client-Optus Systems, Sydney
Project Description: This project is about onboarding of new applications with the roles and privileges for offshore users. The activities involve requirements gathering, interface contract documentation, integration of applications with the User access management (UAM) system, UAT and go live stages.
Responsibilities:
Requirement validation for manual and AD based applications on-boarding to Optus UAM system.
Build & Configure roles in UAM tool (Avatier).
Add additional new privileges to existing applications configures in UAM tool.
Re-build form based applications to privilege based application and re-map their user list.
Running queries to perform upload of users list in bulk for mapping/un mapping to roles.
Interface contract (IC) documentation for all above changes and new applications.
Unit testing for applications roles being on-boarded to Optus UAM as part of this Agreement
Support for User Access Testing of configured roles upto a maximum of 5 working days from the day the build is delivered.
To draft daily status report of the project milestones and issues and circulate among the stakeholders.
Doing regular follow-ups with the platform and application teams through conference calls to track various dependencies and identified issues. This would ensure on-time delivery of project to the business and BAU operations team.
Apr 2014 till Dec 2017 Project #4 TD-SERVICED STAFF Client-Lloyds Bank, London
Project Description: This project is about the User administration, Security Monitoring, Oversight & Investigations for Lloyds Bank network. The Monitoring & Oversight team provides independent verification that the security and integrity of all Business Critical and SOX databases/servers/applications supported by Group IT are compliant with the Group’s standards and that any detected abuse of system administration privileges is investigated. Protect confidentiality, integrity, and availability of information and systems. Overall to ensure adherence to SOX & PCI compliance and best Security practices.
Responsibilities:
Troubleshooting end user issues of login to allowed authentication method.
User permission verification if unable to see the desired account in PVWA.
Logon & Reconcile account verification.
Publishing CyberArk report to senior management regarding non-compliance.
As a part of IT Security Monitoring, Oversight & Investigation team (MOI) responsible for the internal scanning of database/servers and monitoring of IT transactions across all platforms(Mainframe, Windows, Unix) and different Databases like MSSQL, Oracle and DB2.
Application Security Assessment based on OWASP and ISSAF standards.
Involved in coordinating and schedule scanning activities with website owners, performing on-going vulnerability scanning of websites using different scan policies.
Involved with Pen Testing teams to initiate penetration tests against thick client software (Windows/Java applications with a database backend).
Referring to CIS benchmarks for different systems on www.cisecurity.org and checking latest CVE’s on national vulnerability database(NVD) https://www.nist.gov/programs-projects/national-vulnerability-database-nvd .
Validate scan and assessment results to eliminate false positives, generate reports to communicate security problems and recommended fixes to web site owners. Log issues in defect management systems (ALM) and assign to developers etc.
To ensure the patching of databases and servers and installation of latest service packs.
Bi-Weekly/Monthly status updates to clients with overall cumulative progress of security assessments.
Aug 2013 to Mar 2014 Project #3 System Administration and Support AMP Insurance Client- AMP, Sydney
Project Description: This project is about managing the system infrastructure access of the users within AMP. It also covers reviewing the access on a quarter bases to ensure the users follow best security practices.
Responsibilities:
Managing access to Applications and File Shares using a web based identity management tool, Tivoli Identity Manager (TIM)
Tivoli Identity Manager holds the identities of all the users in AMP, their accesses, the applications used and file shares.
Creating, Modify and Amend different levels of accesses in Tivoli Identity Manager.
Creation of File shares on windows, giving access to them and updating their access.
Delegating Approvals in Tivoli Identity Manager. Handling escalations through email and telephonic conversations.
On-boarding and updating Applications that are used by Insurance customers.
Attending stand up meetings on a weekly basis to discuss common issues among users and ways of improving current standard operating procedures.
The System Access Review process which is a quarterly recertification process that involves verification of accesses for all users on Windows, Mainframe and UNIX platforms.
Creation of External and Business Partner user accounts in Windows, Mainframe and UNIX.
Assisting users to reset their password from TIM, involving in calls to guide them to raise TIM requests for Application / file share.
Managing critical information (User name and passwords) effectively. Involvement in User termination procedures, especially emergency terminations.
Conducted training to offshore team for new Applications Provisioning.
Jan 2009 to Jul 2013 Project #2 McGraw-Hill Network Security Monitoring Services Client- MGH, India
Project Description: McGraw-Hill is well known US based Publisher and this project deals with Securing of McGraw Hill Network from threats and viruses and from unauthorized persons . Client network contains IDS, Firewalls, Windows DCS and VPNs and Symantec Antivirus devices so we are monitoring all devices through RSA Envision, analyzing logs and reporting the incidents by creating remedy tickets. Also we are creating tickets for infected systems in GCC remedy and MGH remedy over B2B source.
RSA Envision Administration:
Creation of Correlation rules, reports and Views and their management.
View, correlation rules and report system’s resource optimization.
Backup/Archival of log and monitoring.
Log Data Collection and Management and Log Storage and Lifecycle Management.
Device (log server) integration with SIEM for log collection and processing.
Proactive System health monitoring, reporting & remediation initiation.
UDS support, developing parsers for envision unsupported devices using ESI.
Monitor and record potentially malicious activity and raise alarms on thresholds.
Isolate actual breaches while recording and suppressing false positives.
Responsibilities:
SIEM L1/L2 Security operation support from global security operation center(GSOC) 24/7 Operation Support Installation, configuration & management of SIEM product/tool.
Performing logs analysis for understanding and detecting any security violations.
Administration of SIEM tool RSA envision for real time monitoring and collecting logs from 5000+ log sources for the clients to be PCI-DSS compliant.
To create correlation rules based on log analysis to detect various security threat and malicious activity on the network.
Making MOM (Minutes of Meeting) after Daily Operational Meeting as per requirements and handover the shift updates to the next shift.
Integrating the different kind of devices to RSA envision console. Creating advanced/customized dashboard reports for near real time monitoring of security incidents/threats. Creating, updating, and scheduling/automating the reports for email alerting.
Creating daily ticket sheet, alerts abnormalities (Spike) reporting, making rules and reports as per the client requirements, follow up the clients and RSA cases, making Weekly Trend Report, Weekly Status Report, Monthly SIM Matrics, updating Email trackers, Task matrics.
Creating tickets in GCC (Internal Remedy) and mapping BMC Remedy through B2B and also follow up the cases, updating ticket details in remedy tracker. Handle all escalations with regard to Security Threats Process adherence and Compliance to various Security Standards Problem Management and Root cause Analysis to fix recurring threats.
Performing Vulnerability Assessment and remediation on Databases.
Responsible for coaching, guiding and mentoring junior members in team to help them to scale up faster for handling daily operations and SIEM administration.
Jul 2008 to Dec 2008 Project # 1 Security ID Provisioning Client- CIGNA, India
Project description: CIGNA is a global health service company based in US, dedicated to helping people improve their health, well-being and security.
Responsibilities:
Creating ID’s for Cigna employees and disabling as and when required using ITIM.
Adding the job roles and sub roles to profiles using Active Directory and Tivoli Access Manager.
Setting up client’s mailbox and configuring folders.
Providing remote support through analysis of diagnostic files & WebEx to customer’s PC.
Proactive monitoring of customer environment.
Creation of File shares, giving access to them and updating their access.
Under server administration adding the servers in inventory and removing them once they become redundant.
Adhere to the agreed SLA with the customer.
Co-ordination with on-site team members to ensure successful project completion.
Trainings
ITIM and ITIL Training in Wipro Technologies.
Vulnerability Assessment/Penetration Testing using Nessus
Basic Security Related Training in Wipro Technology.
Microsoft windows, active directory and IIS.
Cyberark support
Python scripting to discover new assets in the inventory.
DevOps and Agile framework
Learnt C/C++ while graduating.
Education
June 2004 – April 2007 Bachelors in Physics, Loyola College, Chennai
April 2011 – March 2012 Post-Grad Diploma in Computer Applications, Sikkim Manipal University
Language Skills: Proficient in English language.
Personal Interest: Reading, writing, travelling and experiencing diverse cultures.
Information Security Engineer with SIEM solution frame work administration and monitoring in RSA envision, Arcsight, Imperva Securesphere, Cyberark, CA Identity Solution support with over 10 years of experience. I have performed various roles in network security administration, users and system administration, IT risk and compliance. This includes managing access of users to different applications and servers, Information Security Incident, SOX & PCI compliance check and Threat Analysis with reporting and remediation. I have been auditing different IT systems like mainframe, windows, UNIX checking the non-compliances with respect to Global IT Security standards. Also coordinated with different IT teams and users to ensure that they adhere to best security practices and procedures without violation of standard norms. Have led teams to strive for common shared goal and ensuring quality in service delivery. Provided transition to new team-members and mentoring during projects.
Key Skills
Security Information and Event Management(SIEM).
RSA enVision 3.5, 4.0 and 4.1
ArcSight ESM.
Information security Log monitoring and reporting
Qualys Guard certificied
Privilege Access management on UNIX, linux and Active Directory
ITIL V3 Process( Incident Management, Change Management and Problem Management)
Incident handling Tools- BMC Remedy, HPSC, ServiceNow
Database Vulnerability and compliance solution(Imperva Securesphere)
Regulatory Compliance
Risk Management
Securonix UEBA certified
CA Identity Manager v12.6
Preparing for CISSP certification
Projects handled within Wipro Technologies
Apr 2018 till Date Project#6 Identity Governance/Management Client-United Energy, Melbourne
Project Description: This project is about onboarding of new users within United Energy domain and governing their accesses to different applications and systems using CA Identity Manager. Post user end-date decommissioning system access and user attributes in accordance with best Industry standards.
Responsibilities:
Create User (add or on-board) – Provide access for a new employee, contractor or service provider.
Modifying a user’s profile including manager, department, contact details etc.
Requesting changes to access to system(s) or service(s), adding, removing or modifying existing access rights on the basis of requests coming into ServiceNow remedy tool.
Disable User (remove or off-board) – Remove access rights for a departing employee, contractor or service provider.
Running queries to perform upload of users list in bulk for mapping/un mapping to roles.
Bulk Updates – Perform bulk changes for a number of scenarios such as an organizational structure change or on-boarding a new service provider.
Re-Activate User – Re-enable access rights for a returning contractor or service provider employee.
Access Review – Conduct reconciliation between IAM access records and application access rights and address any inconsistencies.
Approve Requests – Approve access to key applications, systems and/or services.
Action/Initiate/Implement Requests – Perform activities in relation to SNOW requests relating to UAM.
Helping in migration of user identities from CA Identity Manager to Sailpoint Identity Solution.
Jan 2018 till Mar 2018 Project#5 Network Application On-boarding Client-Optus Systems, Sydney
Project Description: This project is about onboarding of new applications with the roles and privileges for offshore users. The activities involve requirements gathering, interface contract documentation, integration of applications with the User access management (UAM) system, UAT and go live stages.
Responsibilities:
Requirement validation for manual and AD based applications on-boarding to Optus UAM system.
Build & Configure roles in UAM tool (Avatier).
Add additional new privileges to existing applications configures in UAM tool.
Re-build form based applications to privilege based application and re-map their user list.
Running queries to perform upload of users list in bulk for mapping/un mapping to roles.
Interface contract (IC) documentation for all above changes and new applications.
Unit testing for applications roles being on-boarded to Optus UAM as part of this Agreement
Support for User Access Testing of configured roles upto a maximum of 5 working days from the day the build is delivered.
To draft daily status report of the project milestones and issues and circulate among the stakeholders.
Doing regular follow-ups with the platform and application teams through conference calls to track various dependencies and identified issues. This would ensure on-time delivery of project to the business and BAU operations team.
Apr 2014 till Dec 2017 Project #4 TD-SERVICED STAFF Client-Lloyds Bank, London
Project Description: This project is about the User administration, Security Monitoring, Oversight & Investigations for Lloyds Bank network. The Monitoring & Oversight team provides independent verification that the security and integrity of all Business Critical and SOX databases/servers/applications supported by Group IT are compliant with the Group’s standards and that any detected abuse of system administration privileges is investigated. Protect confidentiality, integrity, and availability of information and systems. Overall to ensure adherence to SOX & PCI compliance and best Security practices.
Responsibilities:
Troubleshooting end user issues of login to allowed authentication method.
User permission verification if unable to see the desired account in PVWA.
Logon & Reconcile account verification.
Publishing CyberArk report to senior management regarding non-compliance.
As a part of IT Security Monitoring, Oversight & Investigation team (MOI) responsible for the internal scanning of database/servers and monitoring of IT transactions across all platforms(Mainframe, Windows, Unix) and different Databases like MSSQL, Oracle and DB2.
Application Security Assessment based on OWASP and ISSAF standards.
Involved in coordinating and schedule scanning activities with website owners, performing on-going vulnerability scanning of websites using different scan policies.
Involved with Pen Testing teams to initiate penetration tests against thick client software (Windows/Java applications with a database backend).
Referring to CIS benchmarks for different systems on www.cisecurity.org and checking latest CVE’s on national vulnerability database(NVD) https://www.nist.gov/programs-projects/national-vulnerability-database-nvd .
Validate scan and assessment results to eliminate false positives, generate reports to communicate security problems and recommended fixes to web site owners. Log issues in defect management systems (ALM) and assign to developers etc.
To ensure the patching of databases and servers and installation of latest service packs.
Bi-Weekly/Monthly status updates to clients with overall cumulative progress of security assessments.
Aug 2013 to Mar 2014 Project #3 System Administration and Support AMP Insurance Client- AMP, Sydney
Project Description: This project is about managing the system infrastructure access of the users within AMP. It also covers reviewing the access on a quarter bases to ensure the users follow best security practices.
Responsibilities:
Managing access to Applications and File Shares using a web based identity management tool, Tivoli Identity Manager (TIM)
Tivoli Identity Manager holds the identities of all the users in AMP, their accesses, the applications used and file shares.
Creating, Modify and Amend different levels of accesses in Tivoli Identity Manager.
Creation of File shares on windows, giving access to them and updating their access.
Delegating Approvals in Tivoli Identity Manager. Handling escalations through email and telephonic conversations.
On-boarding and updating Applications that are used by Insurance customers.
Attending stand up meetings on a weekly basis to discuss common issues among users and ways of improving current standard operating procedures.
The System Access Review process which is a quarterly recertification process that involves verification of accesses for all users on Windows, Mainframe and UNIX platforms.
Creation of External and Business Partner user accounts in Windows, Mainframe and UNIX.
Assisting users to reset their password from TIM, involving in calls to guide them to raise TIM requests for Application / file share.
Managing critical information (User name and passwords) effectively. Involvement in User termination procedures, especially emergency terminations.
Conducted training to offshore team for new Applications Provisioning.
Jan 2009 to Jul 2013 Project #2 McGraw-Hill Network Security Monitoring Services Client- MGH, India
Project Description: McGraw-Hill is well known US based Publisher and this project deals with Securing of McGraw Hill Network from threats and viruses and from unauthorized persons . Client network contains IDS, Firewalls, Windows DCS and VPNs and Symantec Antivirus devices so we are monitoring all devices through RSA Envision, analyzing logs and reporting the incidents by creating remedy tickets. Also we are creating tickets for infected systems in GCC remedy and MGH remedy over B2B source.
RSA Envision Administration:
Creation of Correlation rules, reports and Views and their management.
View, correlation rules and report system’s resource optimization.
Backup/Archival of log and monitoring.
Log Data Collection and Management and Log Storage and Lifecycle Management.
Device (log server) integration with SIEM for log collection and processing.
Proactive System health monitoring, reporting & remediation initiation.
UDS support, developing parsers for envision unsupported devices using ESI.
Monitor and record potentially malicious activity and raise alarms on thresholds.
Isolate actual breaches while recording and suppressing false positives.
Responsibilities:
SIEM L1/L2 Security operation support from global security operation center(GSOC) 24/7 Operation Support Installation, configuration & management of SIEM product/tool.
Performing logs analysis for understanding and detecting any security violations.
Administration of SIEM tool RSA envision for real time monitoring and collecting logs from 5000+ log sources for the clients to be PCI-DSS compliant.
To create correlation rules based on log analysis to detect various security threat and malicious activity on the network.
Making MOM (Minutes of Meeting) after Daily Operational Meeting as per requirements and handover the shift updates to the next shift.
Integrating the different kind of devices to RSA envision console. Creating advanced/customized dashboard reports for near real time monitoring of security incidents/threats. Creating, updating, and scheduling/automating the reports for email alerting.
Creating daily ticket sheet, alerts abnormalities (Spike) reporting, making rules and reports as per the client requirements, follow up the clients and RSA cases, making Weekly Trend Report, Weekly Status Report, Monthly SIM Matrics, updating Email trackers, Task matrics.
Creating tickets in GCC (Internal Remedy) and mapping BMC Remedy through B2B and also follow up the cases, updating ticket details in remedy tracker. Handle all escalations with regard to Security Threats Process adherence and Compliance to various Security Standards Problem Management and Root cause Analysis to fix recurring threats.
Performing Vulnerability Assessment and remediation on Databases.
Responsible for coaching, guiding and mentoring junior members in team to help them to scale up faster for handling daily operations and SIEM administration.
Jul 2008 to Dec 2008 Project # 1 Security ID Provisioning Client- CIGNA, India
Project description: CIGNA is a global health service company based in US, dedicated to helping people improve their health, well-being and security.
Responsibilities:
Creating ID’s for Cigna employees and disabling as and when required using ITIM.
Adding the job roles and sub roles to profiles using Active Directory and Tivoli Access Manager.
Setting up client’s mailbox and configuring folders.
Providing remote support through analysis of diagnostic files & WebEx to customer’s PC.
Proactive monitoring of customer environment.
Creation of File shares, giving access to them and updating their access.
Under server administration adding the servers in inventory and removing them once they become redundant.
Adhere to the agreed SLA with the customer.
Co-ordination with on-site team members to ensure successful project completion.
Trainings
ITIM and ITIL Training in Wipro Technologies.
Vulnerability Assessment/Penetration Testing using Nessus
Basic Security Related Training in Wipro Technology.
Microsoft windows, active directory and IIS.
Cyberark support
Python scripting to discover new assets in the inventory.
DevOps and Agile framework
Learnt C/C++ while graduating.
Education
June 2004 – April 2007 Bachelors in Physics, Loyola College, Chennai
April 2011 – March 2012 Post-Grad Diploma in Computer Applications, Sikkim Manipal University
Language Skills: Proficient in English language.
Personal Interest: Reading, writing, travelling and experiencing diverse cultures.