Crowdstrike, Tenable IO

Managing Information Security Team and continuing my duties in Vulnerability Scanning, SIEM, Antivirus, Reviewing User access, firewall exceptions, Crowdstrike nextgen antivirus, Office365 reviewing Spam and Phishing emails and ISO audits.

Worked in the Information Security team, my main duties are performing Vulnerability Scans, SIEM Management, and Antivirus Management. • Vulnerability Scanning on Linux, Windows, and network devices.• Validating and coordinating with the platform team on the Zero-Day vulnerabilities.• Review and process vulnerability scan results.• Managing McAfee and Deep Security antivirus across the Datacenters - Deploying updates, managing policies, tagging for running automated jobs.• Whitelisting the internal applications using the standard approval process and getting a valid business justification for the exception.• Blocking the internet on all the in-house servers and updating the virus definitions by setting up a smart scan protection server and an internal proxy through which the definitions get updated.• Working on Crowd Strike falcon EDR solution – detecting threats, analyzing them, and closing the incidents. Create custom policies for the host groups and update the agents automatically.• Working on Directory watcher settings to monitor the critical filesystem using a File integrity manager solution.• Analysis of the logs to identify and investigate security incidents in the identity, cloud, and on-prem applications environments.• Reviewing the SIEM logs on the user login failures and working with the respective server owners to identify the root cause of the login failures. • Upgrading the Security tools like McAfee, Deep Security, Nessus, ELK SIEM.• Working on Client specific audits and collecting the evidence.• Working on Annual and quarterly ISO 27001 and SOC2 audit controls.• Actively participating in security management calls and sharing the artifacts as per the customer’s request. • Reviewing the user access, SFTP, Firewall, and network exception requests from the Infosec team.• Actively participating in the Governance Calls. • Working on the Risk register and raising the security incidents if there are risks identified.

Worked on Remote Infrastructure services which include - Security Operations - Alien Vault SIEM, McAfee Solidcore Modules - Application Control, Change Control, and Integrity Monitoring Control, Tenable Security Center - Nessus Vulnerability scanner, OpenVAS Vulnerability Scanner.RHEL, OEL, OVM, Netapp Storage - 7 Mode, CDOT• As a security team worked with tools like Tenable Security Center, Alien Vault, OpenVAS, and McAfee Solid core modules.• Scheduling Vulnerability scans using the Security center on customer-based servers, sharing the reports with the customer, and getting downtime to fix the vulnerabilities.• Working on Alien Vault SIEM tool across Datacenter hosted servers to find out reported log events and fix them.• Working on Tenable Nessus Vulnerability scanner for scheduling Monthly scans and On-Demand scans for the customer-based scans.• Working McAfee Endpoint Security – Deploying updates, managing policies, tagging for running automated jobs.• Working on McAfee Solid core modules, Change Control, Application Control, and Integrity monitoring.• Actively participating in security management calls and sharing the artifacts as per the customer’s request. • Attended Alien Vault Security Engineer training.• Monitoring and maintenance of storage provisioning for local data centers; managed storage-related servers, and software.• Working on Netapp Storage both in 7-Mode and CDOT by taking snapshot backups upon DBA's request.

• Active participation in PCI DSS, ISO, and internal audits, running through all the servers making 100% compliance.• Active involvement in internal and external Pentest scans and maintaining 100% PCI compliance for all Kony Hosted customers.• Fixing all vulnerabilities reported as per the defined SOPs.• Strong Linux administration skills.• Strong in server installations, performance tuning, and security.• Actively working on Vulnerability Assessment and fixing reported vulnerabilities on Kony Hosted Customers.• Installing and managing Apache, JBoss application servers, patch updates, and plug-ins.• Managing AWS servers, deploying Kony scripts and securing AWS infrastructure.• Apache, JBoss application server administration on cloud platforms in setting up development, testing, and production environments.• Managing servers, and SSL certificates, adding or removing servers from existing platforms, and communicating with external hosting vendors like Rackspace.• Interacting with Rackspace engineers in creating, and modifying VIPs and adding pool members to the VIPs, and working on various configurations at Load balancers.• Install new / rebuild existing servers or VMs (VM Ware and Amazon Web Services) and configure services, settings, directories, storage, etc.,• Having knowledge of VMWare in building Linux Servers for Kony In-house environment.• Server hardening Linux servers as per the CIS standards which meet PCI requirements.• Taking snapshots before proceeding with maintenance activities.• Providing production support for deployments, infrastructure monitoring, logs monitoring, and resolving infra security issues.• Expertise in installing, configuring, and troubleshooting Kony middleware on Tomcat, and JBoss servers.• Installed and configured various monitoring tools like Application manager, Xymon, and monit to get real-time alerts in the Production environment.

Works as a Sys Admin in ProKarma and providing Production Support for Yesmail Interactive as Application System Administrator on DNS, Apache, Tomcat, JBoss etc.,• The key responsibility of a Sys Admin is to provide Application-level support.• Managing the Jboss, Tomcat, Apache, Postfix, FTP, and DNS involving Solaris & Linux O/S.• Monitoring the server’s performance and tuning in Big Brother, Zenoss, and Splunk.• Maintain daily and weekly reports on projects and overall systems health status.• Deploy the War files in Jboss & Tomcat server on QA & Production environment.• Analyzing and troubleshooting various application issues by checking system logs.• Configuration of New Client Launch, Web service, and DNS Entry.• Taking thread dump (OOM errors and Java Heap Space errors) and analyzing the thread dump logs. • Creating FTP users account in Enzo/gremlin/scrambler.• Create Dev center user logins and send them to the requestor.• Enabling company DB usernames in Test and Production Environments for E6 and E7.• Joining the severity calls whenever sysadmin required and acting upon them.

• Building, provisioning, and supporting the Linux Servers.• Installed, configured, and maintained Nagios Server for GSS Infrastructure.• Installing Kernel PAE for Linux servers as per the requirement.• Integrated Media wiki to Nagios for standard SLAs and SOPs• Installation of Linux servers through kick start.• Compiling Apache and integrating with PHP and troubleshooting in enabling modules.• Documenting technical issues. • Adding ssh keys for passwordless authentication• Creating FTP user accounts using the Webmin tool as per the ticketing requests.• LVM administration.• Handling Storage requests for the VMs.• Providing Remote Administration support in Linux Operating Systems to the clients• Involves managing change, incidents, and request tasks using the Remedy trouble ticket system, simply following the ITIL Process• Server Hardening before exposing to the Internet.• Troubleshooting Critical production servers which alert from Nagios.• Describing the Root cause analysis for the incident.

• Providing Remote Administration support in Linux Operating Systems to the clients• Achieving the SLA s and 100%Server uptime.• Building, provisioning, and supporting the Linux Servers.• Involves managing change, incidents and request tasks using Remedy trouble ticket system, simply following the ITIL Process.• Describing the Root cause analysis for the incident.• LVM administration• Compiling Apache through tar ball.• Adding SSH keys for password less authentication• Daemon & Process management (stopping, starting, refreshing).• Configuring YUM server• Configuring Apache server.• Configuring DNS, DHCP servers.