A professional Security Consultant & Full Stack Security Integration Developer with more than 10 years of industrial experience. I have strong coding skills in multiple languages and worked with the most recent security tools to protect corporate environment with high-end cyber security techniques that can challenge complex modern cyber-attacks. My experience lies in automating Security Information & Event Management (SIEM), Threat Hunting, Investigating, PCI compliance, Splunk Enterprise Security, etc.
Built operational SOC for Cover-More Travel Insurance, Insurance Australia Group (IAG) and Qantas.
Rollout DLP for Suncorp Group using Symantec DLP.
Identified some major threats in the Qantas network that are not been blocked by the protective tools.
Performing auditing and advising on security best practises & enhancements for Mash Marketing and Queensland Supreme Court.
Always at timely delivery with all the contracts I worked so far.
Qualification
Course
Institute
Completion
Certified Ethical Hacker
xx xxxxxxx
Aug 2018
Master of Information Technology (MIT)
xxxxx xxxx xxxxxxxxxx
Discontinued
Computer Science & Engineer
xxxx xxxxxxxxxx
Oct 2011
ISO 27001
xxx xxxxxx
Oct 2019
SOC Engineer
xxxxx-xxxx xxxxxx xxxxxxxxx
Oct 2018 - Current
Built an operational Security Operations Centre using Splunk & Service-Now.
Leading a team, I am managing projects, BAU and compliance while handling security attacks.
Assigning contractors their tasks and helping them with any technical challenges.
Maintaining good relationship with staff and clients and providing them support in timely fashion.
Automating the Security Incident Response process using python scripts and web APIs.
Designing use-cases for their security tools based on Mitre Framework.
Tuning logs and triggering adaptive responses to block the incident or sent for investigation.
Performing vulnerability scans and assessing the risks.
Managing all BAU activities including Proxy, DLP, Firewall, scanning.
Installing and setting up tools such as TrendMicro Apex1, HSM.
Resetting up the Trend Micro Data Loss Prevention with fresh policies and rules.
Maintaining PCI DSS, ISMS, SOC 2 and GDPR compliance.
Senior Security Engineer
xxxxxxxxx xxxxxxxxx xxxxx (xxx)
Oct 2017 - Oct 2018
Highly involved in building the SOC, and the transformation program to upgrade the proxy, data loss prevention and CASB using Symantec Bluecoat and Symantec DLP.
Setting up data-loss prevention for Endpoint, Web and Email channels by installing the on-prem detection servers and cloud-based email connector for Office 365 and message labs
Implementing web based DLP using ICAP request modifications or response modifications in proxy and performing SSL interception.
Wrote data-loss policies for PCI, PII, various regulatory compliance using both predefined templates as well as custom using regular expressions.
Testing the policies using wireshark packet capture and other online tools.
Tuned DLP policies by writing Regex based exceptions to decrease the number of false positives.
Security Analyst
xxxxxxx xxxxx
Jun 2017 - Oct 2017
Installing, configuring and managing Symantec Enforce Console on Three Tier Platform and writing policies for data loss prevention that supports Windows 7 Embedded in Thin Client Wyse Terminals.
Setting up the entire data-loss prevention including POC, Pilot and rollout to 15000 Endpoints.
Upgrading bluecoat proxies to SG400-30
Upgrading Blue Coat Content Analysis CAS to S400-A3
Upgrading Blue Coat Malware Analysis to MAA-S500-10
Reviewing and updating firewall policies of F5.
Setting up Splunk add-ons, on-boarding logs and creating dashboards and generating Splunk reports.
Monitoring DLP and Firewall policy behaviour in Splunk.
Creating Splunk dashboard for Application Security Management (ASM/WAF).
Creating Splunk dashboard for Blue Coat traffic & bandwidth of internal staff.
Testing network compliance using Splunk logs.
Security Engineer
xxxx xxxxxxxxx
Jan 2017 - Jun 2017
Improving the company Security Posture.
Reviewing the ruby on rails code and updating the large-scale application to the latest version of ruby & latest version of rails with thousands of lines of hand written code.
Performing database migrations and adding encryptions & hashing to the sensitive data wherever required.
Writing use-cases for Splunk to create dashboards, generate reports and generate alerts. Investigating events and performing drilldown searches to identify the origin.
Performing penetration testing and improving the WAF rules wherever required.
Security Analyst
xxxxxx
Sep 2016 - Jan 2017
Building their SOC by writing Splunk use-cases in Splunk ES.
Automating actual incidents to trigger a script with response action.
On a daily-basis, I did review the incidents in Splunk Enterprise Security and look through dashboards & run search queries to investigate it.
Designed & developed Splunk use-cases to create alerts for detecting anomaly & vulnerabilities in IAM. IRM, DSS, DLP, PCI Compliance, Malware, Firewalls, DNS, Proxies, etc.
Migrating logs, dashboards and search strings from ArcSight to Splunk.
Designed Splunk dashboards to visually identify the treats and WAF activities to identify the potential & actual treats that are not blocked by WAF.
Monitored logs from 9000 servers hosted in AWS, IBM, TCS, Fujitsu & other data centres and work on Windows, RHEL, Solaris, Mainframe, AIX, etc.
Security Engineer
xxxx xxxxxxxxx
Jan 2016 - Aug 2016
On a daily-basis, I did review the incidents in McAfee ePO dashboard & AWS WAF and respond to the incidents.
Created AWS instances with security groups, disk encryptions, IAM, installing patches, backing up, snapshotting.
Setup cloudfront, AWS WAF, replicating data across multiple availabilities zones, monitoring EC2 performance & usage.
Installed McAfee ePO and did setup DLP rules and application access rules for the client workstations.
Created auto scaling groups for the AWS instances.
Configured VPN connection with proxy servers.
Installing Splunk and Splunk Enterprise Security App for SIEM and compliance monitoring.
Developing Splunk use-cases for PCI continuous monitoring.Performed Penetration Testing.
Security Integration Developer
xxxxx xxxx
Sep 2015 - Jan 2016
Configured network as per PCI Compliance Regulations Checklist.
Designed the application as per the standards of OWASP.
Connected the ReSTful API to call Sphinx using encryption.
Deployed the AWS instances for this project.
Configured firewall and IAM rules for the AWS instances.
Security Integration Developer
xxxxxxxxxx xxxxxxx xxxxx
Jan 2015 - Sep 2015
Designed the application as per the standards of OWASP.
Deployed the AWS instances for this project.
Configured the WAF and McAfee tools in the instance.
Create Splunk to detect security breaches, analytics.
Assembled IAM roles within the web application for access management.
Built ReST API for external access of the application.
Configured the web server and mail server with SSL certificates.
Monitoring events in ArcSight for identity access management, web application firewall and improving WAF & firewall rules.
Blockchain Developer
xxxxxxxx xxxxxxx
Jul 2014 - Jan 2015
Initially developing apps for Bitcoin Blockchain to sign plain text message into Bitcoin Blockchain.
Created API to generate wallets.
Created apps & API to sign transactions.
Created API to sign plain text with the public key and decrypting it using private key.
Created API to check the blockchain for transaction history, confirmations, balance, etc.
Worked on data encryption, key pairs, distributed ledgers, etc.
Later connected it to Ethereum using Solidity (in 2016 soon Ethereum arrived in market).
Configured the network as per PCI compliance regulations checklist.
Developed a payment gateway for bitcoin.
Security Integration Developer
xxxxxxx (xxx)
Dec 2013 - Jul 2014
Designed Web Application as per PCI Compliance Regulations for Web Application.
Created Web Application as per OWASP.
Deployed the dedicated cloud server for this project.
Configured IAM for this web application.
Created encryptions for REST API for EAN XML & JSON API.
Built up WAF and cloudflare, configured firewall rules, web server, SSL, mail servers, etc.
Configured ArcSight to monitor server workloads, network traffic, applications usage, Endpoint events, anti-malware events, firewall events, identity access management, etc.