Cybersecurity Resume

Candidate Pitch:

SUMMARY: ________________________________________ • Cybersecurity professional with over 8 years of experience in leading security investigations, building NIST-aligned IR workflows, and responding to advanced threats in hybrid cloud and on-prem environments. Adept at identifying and remediating sophisticated attacks using SIEM (Splunk, QRadar), EDR (CrowdStrike, Microsoft Defender), SOAR, and threat intel integrations. Skilled in conducting root cause analysis, malware triage, and forensic investigations using network logs, endpoint telemetry, and behavioral analytics. Proven experience in Incident Response, Digital Forensics, Threat Hunting, and enterprise security architecture. Designed and implemented threat detection and hunting strategies based on MITRE ATT&CK, CVSS, and OWASP, and regularly engaged in proactive threat hunting missions leveraging custom SIEM queries and IOCs. Strong knowledge of regulatory frameworks including SOX, PCI-DSS, HIPAA, SOC1/SOC2, with practical experience implementing NIST 800-61, 800-53, and ISO 27001 controls. Led GRC and vulnerability management initiatives using tools like RSA Archer, Rapid7 InsightVM, Qualys, and conducted risk assessments across business-critical assets. • Experienced in automating incident response and detection workflows using Python and PowerShell, integrating APIs across EDR, SOAR, and threat intel platforms. Technically proficient in cloud security (AWS, Azure), endpoint protection (Tanium, Defender), and network defense technologies including firewalls (Palo Alto, Fortinet), IDS/IPS (Snort, McAfee), and encryption (TLS/SSL, HSMs). • Passionate about driving security maturity through continuous monitoring, red/blue team collaboration, and secure access architecture (RBAC, ABAC, OAuth2.0). Excellent cross-functional communicator, effective in high-pressure environments requiring fast response and regulatory reporting. Client- Bank of America July 2021 - Present Senior Cybersecurity Engineer • Investigated security incidents using EDR tools (CrowdStrike, MS Defender, Tenable, Splunk), identifying threats and leading remediation. • Developed and maintained incident response procedures based on NIST SP 800-61 and NIST RMF to align with compliance requirements. Triaged phishing, malware, and unauthorized access incidents, minimizing impact and dwell time. Managed vulnerability lifecycle with Rapid7 InsightVM and Qualys, prioritizing fixes based on risk and asset criticality. • Conducted root cause analysis by correlating SIEM (Splunk, QRadar) data with endpoint and network logs. • Ensured compliance with SOX, SOC1/2, PCI DSS, and NIST 800-53; maintained risk frameworks aligned with ISO 27001. Automated threat containment by integrating EDR with response workflows to isolate compromised systems rapidly. Created Power BI dashboards integrating vulnerability data for real-time security posture insights. • Configured OAuth 2.0 scopes for granular access control; enforced least privilege via IAM policy reviews. • Conducted red team exercises on AWS; used AWS Security Hub, GuardDuty, IAM Access Analyzer, CloudTrail for threat monitoring. • Integrated SIEM/SOAR tools with ServiceNow for streamlined incident management and reporting. • Enhanced identity management through Azure AD and ITDR tool integrations. • Led triage and full incident lifecycle for phishing, malware infections, and unauthorized access attempts, adhering to NIST SP 800-61 guidelines. Integrated CrowdStrike and Microsoft Defender for Endpoint with automated containment workflows to isolate compromised hosts in real-time. • Built custom SOAR playbooks to standardize response for lateral movement, ransomware, and insider threat scenarios. Tuned SIEM alerts (Splunk, QRadar) to reduce false positives and enhance SOC efficiency, directly improving MTTR (Mean Time to Respond). • Conducted hunt missions based on threat intelligence indicators (e.g., C2 infrastructure, phishing lures, newly released CVEs). Integrated Threat Intelligence feeds into Splunk to enrich hunt data and cross-reference TTPs across internal environments. • Conducted post-incident reviews and delivered executive-level reports with remediation recommendations and RCA. Performed TLS/SSL audits and automated certificate monitoring to reduce cryptographic risks. • Built incident response playbooks for ransomware, insider threats, and lateral movement scenarios. • Led post-incident reviews, producing detailed reports with remediation recommendations. • Tuned SIEM alerts to reduce false positives and improve SOC efficiency. • Collaborated with SOC, compliance, and risk teams to ensure adherence to NIST, ISO, HIPAA, and GDPR standards. • Developed and reviewed security policies and procedures; delivered security awareness training. • Conducted vendor risk assessments using RSA Archer; reviewed security questionnaires and managed third-party risk lifecycle. Configured and maintained RSA Archer modules including risk, compliance, vendor management, and policy management. Automated risk assessments and control testing workflows using RSA Archer to improve visibility and reduce manual effort. • Conducted forensic investigations by correlating endpoint telemetry, log data, and threat intelligence to trace attacker behavior and dwell time. • Used CrowdStrike, Tanium, and Splunk logs to extract system-level artifacts (file drops, persistence mechanisms). • Implemented TLS/SSL certificate auditing and cryptographic posture analysis to support forensic validation of MITM attempts. • Communicated effectively with management and vendors to convey security status, risks, and remediation plans. • Automated log parsing and threat intelligence extraction via Python and PowerShell scripts. Client- Visa Oct 2019 – June 2021 Cybersecurity Engineer | Vulnerability Management Specialist • Supported enterprise security, privacy, and business continuity initiatives to strengthen company security programs. Ensured system designs complied with cybersecurity frameworks; developed policies to protect critical data and systems. Created and enforced security policies aligned with NIST SP 800-37, ISO 27005, and CIS benchmarks for better governance and risk management. • Assessed vulnerabilities and implemented risk mitigation strategies. • Managed AWS WAF and Shield to defend against DDoS and OWASP Top 10 threats. • Used Rapid7 InsightVM for vulnerability scanning, asset grouping, and vulnerability classification per OWASP and SANS. Analyzed endpoint and network logs during incident containment and root cause analysis. • Performed manual log extraction from Linux and Windows systems to detect anomalies, failed authentications, lateral movement, and privilege escalation. Supported forensic response to unauthorized data access using Blue Coat proxy and network traffic capture tools like Wireshark. Evaluated cryptographic controls (HSM, TLS configurations) and uncovered insecure cipher usage in internal systems. • Developed and maintained AWS IAM policies enforcing least privilege across services like EC2, S3, and RDS. • Followed info security standards and NIST practices to organize systems and interpret regulations. • Classified systems for appropriate controls; escalated critical vulnerabilities as needed. • Automated compliance with Terraform scripts adhering to CIS, NIST, and GDPR frameworks. • Generated risk and compliance dashboards and reports in Rapid7 InsightVM to track SLAs. • Conducted cryptography security assessments using HSM and integrated EDR tools for threat detection. • Correlated threat intelligence with logs to prioritize alerts and reduce noise. • Reviewed security reports to identify cybersecurity issues and recommend improvements. • Developed vulnerability management documentation, TTPs, and RACI matrices for team responsibilities. • Participated in Red eam/Blue Team exercises; used Rapid7 InsightIDR to validate detection and response capabilities. • Used Rapid7 InsightIDR for behavioral analytics and user deviation detection, targeting lateral movement or compromised credentials. • Participated in threat simulation exercises and applied findings to refine SIEM queries and alert tuning. • Collaborated with engineering teams to write custom detection rules to identify command-and-control behavior, DNS tunneling, and privilege misuse. • Handled escalated incidents from SOC involving advanced persistent threats (APT) and misconfigured IAM roles in AWS. Performed structured IR for cloud environments, leveraging AWS CloudTrail, IAM Analyzer, and Security Hub. • Supported Red Team / Blue Team exercises to validate detection capabilities and refine response protocols. • Created and enforced incident documentation (TTPs, playbooks, RACI matrices) for SOC and engineering teams. • Automated repetitive IR tasks via Python scripts, reducing manual analyst workload. • Integrated open-source intelligence and OSINT feeds into alert triage and enrichment routines. • Installed and configured Blue Coat Proxy servers securing Linux, Unix, and Windows systems. • Collaborated on IAM strategies aligned with security goals and compliance. • Configured and troubleshot TCP/IP, UDP, ICMP, and SNMP protocols for secure network communication. • Prepared security assessment plans, secured resources, and led assessment kick-offs. • Standardized deployment policies with Terraform for audit readiness; investigated and resolved security incidents. Client: Comcast July 2018 - Sep 2019 Network Engineer • Responsible for installation and maintenance of new network connection for the customers. • Proficient with TCP/IP and relative OSI models. • Configured all the required devices and equipment for remote vendors at various sites and plants. • In-depth expertise in the implementation of analysis, optimization, troubleshooting and documentation of LAN/WAN networking systems. • Configured and deployed VDC and VPC between Nexus 7018 and Nexus 5548 switches along with FEX 2248. Deployed Horizontal connectivity using OTV. Have a good understanding of Fabric Path. • Design and Implementation of Bluecoat Proxy Infrastructure. • Upgrading Radware Appwall WAF (Web Application Firewall) and fixing hot fixes and patches. • Supported nationwide LAN infrastructure consisting of Cisco 4510 and catalyst 6513. • Worked with cisco routers 2600, 2900, 3600, 3800, 7200 and 7600 and switches 2900, 3560, 3750, 4500, 4900, 6500. • Implementing various policies as per client compliance to restrict web access, troubleshooting proxy related access issues and generate Internet access reports using Websense web proxy. • Configure, maintain and design network security solutions including firewalls (CheckPoint, Cisco ASA and Fortinet), IDS/IPS (Cisco, CheckPoint and Sourcefire), VPN, ACLs, Web Proxy, etc. • Upgrade, manage and troubleshoot various issues with Cisco IPS. • Initiated a Third-Party Vendor Risk Assessment Program. • Used virtualization tools such as VMware and Virtual Box to build server infrastructure for Arc Sight security solutions. POC and assisted in deployment for Bluecoat Security Analytics across Data centers and remote offices, scripting and data extraction for SSL/TLS CPU utilization, malware, firewall and F5 capacity management and high availability planning. • Design and implement a vendor risk assessment scorecard - to establish a risk benchmark, identify areas needing improvement, and as a periodic tool to assess overall risk status. • Configuring and implementing F5 BIG-IP, LTM, GTM load balancers to maintain global and local traffic. Client: Real Page June 2015 – Dec 2017 Jr. Security Analyst • Worked on OWASP Top 10 critical vulnerabilities. • Maintain confidentiality with sensitive information. • Work with Devops team to integrate on CI/CD Pipeline edition to integrate SAST tool. • Deliver continuous improvement year over year by providing accurate information, timely case entry, enhancing problem solving skills, and sound decision making. • Build solid peer-to-peer relationships in a team environment to meet operational needs. • Communicate effectively and clearly on a daily, weekly, monthly basis to provide exceptional customer service regarding routine and escalated requests. • Responsible for answering alarms in the access control system, reviewing video, and entering service request when necessary. Evaluate potential security products, technical solutions, and capacity requirements to meet business needs and recommend changes to mitigate risk. • Support quality control and compliance programs to include weekly camera audits, documenting PCI sites according to procedures, accurate case classification, and tracking of physical security issues. • Utilize specialized tools to search social media and the internet for potential threats against the company, associates, contractors, and visitors. • Ability to conduct in depth research on various entities as request by our business partners. • Respond promptly to requests and complete concise and timely reports. • Ability to handle both common and crisis situations calmly and efficiently.