• Develops Policy on Vulnerability management and Web application security for the company’s custom internal critical applications • Develops runbooks for step-by-step guidance on strategic Scan Policy creation and scheduling • Works with 3rd party Vendors for Vulnerability Scans and Remediation plan execution • Works with functions team leads from Server Administrators/Network administrators/Application Developers• Coordinates the web application and web site security program• Conducts web application and web site vulnerability security scans and tracks remediation tasks (NetSparker)• Coordinates Scan depth based off risk mitigation tool • Creates user cyber awareness training and tracks effectiveness• Coordinates and tracks cyber security remediation task based on OWSAP Top 10 • Coordinates with 3rd party vendor risk assessments

Participates in the day-to-day security operations monitoring and response from the Cybersecurity Operations Center.• Performs malware analysis, reverse engineering, and de-obfuscation techniques• Evaluates, responds, and mitigates alerts that originate from the SIEM and the Cybersecurity product suite, e.g. NGFWs, IDS/IPS, Anti-virus, Web Application Firewalls, NAC Solution, Azure, MCAS, and Office 365• Implements or recommend mitigations including the creation and development of new alerts and rules within the various cyber security tools.• Able to analyze and identify malicious activity during the various attack stages.• Maintaining a high level of technical expertise on Cyber Security defense-in-depth technology and best practices by performing ongoing research and engagement to maintain awareness of industry trends, best practices.• Collaborates with the Cyber Security Engineering and IT Operations teams• Familiar with common attack vectors, DDoS attacks, Phishing, web & application attacks, and malware• Knowledge of common critical network protocols and layer 7 technologies such as SMTP, HTTP, HTTP/S, SSL/TLS, DNS, FTP, SSH, and others• Familiar with a SIEM platform and various cyber security technologies such as EDR, AV, IDS/IPS, and WAFs• Familiarity with advanced persistent threats and their tactics, techniques, and procedures• Familiarity with the incident response Kill Chain• Utilize the EDR tool CrowdStrike to investigate malicious artifacts found on end point devices with accuracy.

Incident Detection Analyst March,2020-OCT 2021• Conducts Event Detection, Incident Triage, Incident. Handling, Hunting activities by leveraging our detection/response platforms.• Continuously monitors levels of service as well as interpret and prioritize threats through use of cyber threat intelligence, intrusion detection systems, firewalls and other boundary protection devices, and any security incident management products deployed• Provide 24x7 incident detection and monitoring service, and performance report on regular basis.• Escalates cyber security events according to playbook and standard operation procedures (SOPs).• Remediate non-compliance with technical and security requirements.• Escalates high or critical severity level incidents to Incident Investigators. • Assists with containment of threats and remediation of environment during or after an incident.• Performs triage of service requests from customers and internal teams.• Develop and implement remediation plans in response to incidents.• Update’s procedures and configure tools for Monitoring Analysts consumption• Consumes threat intelligence and disseminate findings to relevant parties• Conducts hunting activities based on internal and external threat intelligence

•Develop and integrate security incident response procedures and manages system-wide security incident response plan using the NIST process framework and IBM’s Resilient Ticketing system•Engineer, deploy and operate incident response tools such as Q-Radar, Trap X, and Perch, Snort, Azure, MCAS, and Office 365•Coordinate annual cybersecurity exercise purple Team events •Perform computer forensic response, investigation, and reporting; coordinate forensic service activities with other departments such as compliance, human resources and legal•Design, configure, analyze, and tune vulnerability management/threat management systems using Cylance Endpoint Security, Firemon, and Cisco Content security management console, Microsoft defender ATP, Microsoft cloud application security suite. (MCAS)•Coordinate threat activities with managed security operations services, external agencies, and information sharing organizations•Actively research new and emerging threats; maintain enterprise threat matrix and inventory of ongoing vulnerabilities, exploits and security incidents using Recorded Future service platform•Work with system owners, systems administrators, and vendors on implementing secure configurations using ZingBox for medical devices •Develop and distribute threat reports and alerts to stakeholders and senior leadership using internal ticketing •Perform vulnerability scanning and coordinates independent internal and external penetration tests using Attack IQ, and Nexpose •Troubleshoot server/storage/network related issues impacting business and clinical applications/services using PuTTY, VMware vSphere Client •Analyze/evaluate and remediate security events across the enterprise using Tableau, Apex data collection, and RSAM ticketing System•Update incident response scenarios and procedures to adapt to changing organization/cultural/system configuration

Experience performing routine tasks of establishing or resetting of accounts, passwords and unlocking accounts.· Performing basic computer system checks for viruses, unauthorized materials and security violations.·  Providing basic assistance to staff on the operation and functions of computer equipment to include printers, scanners, modems and basic office software.· Providing training to staff on basic computer applications utilized by the agency (i.e., Excel, Adobe, Microsoft Word, PowerPoint, etc.).· Implement Microsoft Exchange Server· Implement Anti-Virus software · Configure a computer to join a domain· Implement VM ware ·  Knowledge of network systems.· Knowledge of LAN systems.· Knowledge of information security procedures and policies.· Skill in organizing and managing projects· Configure Local Group Policy in Active Directory · Performs backup of Configuration files on a Network Device · Correct a Malfunction on a Local Area Network· Determine a Subnet Using Variable Length Subnet Mask (VLSM)· Perform Hard Drive Imaging· Implement Local area network form a network plan· Configure OSPF on a router · Implement a Dynamic Host Control Protocol  Server

• Maintained security of network infrastructure and communications systems• Oversaw Information Systems and Network Security view monitoring administration and development of signatures for Intrusion Detection and security information management systems on assigned networks• Utilized IT hardware and software to combat unauthorized access and damage to sensitive and classified data• Researched and developed security requirements in the implementation of new systems and major system revisions• Responsible for the real-time analysis of incoming cyber security alerts using ArcSight ESM and Splunk log analysis • Initial triage and escalation of the alert, as well as the investigation and remediation of all types of potential cyber threats ranging from minor events to major incidents• Played a key role in refining, implementing, and identifying new processes, technologies and solutions; actively shaped the way HP performs cyber security operations • Communicated and coordinated with other HP cyber security teams, internal business units and upper management• Utilized ArcSight Logger to actively threat hunt within the HPI internal network