L3 Vulnerability and patch management SME Lead
Microland
Total years of experience :12 years, 5 Months
Perform system and application vulnerability testing on Windows Servers, Linux Servers and network to ensure complete security coverage of the IT infrastructure environment.
• Identifying and responding to cyber security incidents and vulnerabilities including analysis of event data through Qualysguard, rapid7 InsightVM.
• Review, mitigate /remediate vulnerabilities on infrastructure and prioritizing remediation activities with various operational teams through risk ratings of vulnerabilities and recommend security patches and any other measures.
• Monitor security and vulnerability information from vendors and third party applications.
• Collaborate with information technology and business departments to implement and coordinate remediation required by audits, and document vulnerability remediation exceptions as necessary.
• Help develop the next generation vulnerability management program including formalized assessment criteria, integration with asset inventory, enterprise vulnerability scanning, and remediation tracking and governance. Keep the vulnerability management program in compliance with security policy and with published SLAs.
• Approve or modify proposed plan of action based on penetration testing. Authorize pro-active action through risk ratings and severity of vulnerabilities and assets.
• Knowledge of industry standard scoring models such as CVSS, CVE and NVD.
• Identify security exposures that currently exist, or are emerging, and that create potential threats to IT infrastructure, Servers, applications, systems and data.
• Communicating risk mitigating strategy to leadership, clients and various other teams and advising sound recommendation on security breaches and vulnerabilities.
• Deploying security patches and threat remediation techniques after confirmation on downtime of infrastructure and applications if applicable.
• Implement Servers, applications and infrastructure updates to include patches, upgrades and new releases so as to meet with monthly compliance standards
Conduct detailed analysis of suspect systems infrastructure using forensic techniques so as to identify and remediate malware/adware.
• Checking and analyzing which Servers can be retired from usage with respective owners and initiating retire process with proper documentation.
• Managing web application framework and perimeter security improvement projects.
• Doing Research and investigation on Emails as Email forensics expert to find out email phishing and email scams.
• Perform vulnerability scanning, analysis on Production websites and test websites and reporting for any issues via Qualysguard and Burp Suite tool.
• Checking IP addresses if the IP hits are received from known IP or is it a malicious attacks/threats and vulnerabilities and employing counter measures like getting them blocked in WAF firewall and Load balancer ( LB ).
• Closely monitoring server and network for SQL injection exploit attempts, ZmEu Exploit scan, Morfeus recon scan, MYSQL brute force attack, SSH brute force attack and Havij based web attack.
• Providing security operations and enterprise security.
• Windows server administration tasks such as patch deployment, firmware upgrades in an enterprise scale environment
• Doing application migration on servers using AppZero tool
• Worked on server certifications, installing patches and hotfixes on servers
• Assisting in troubleshooting patch / release management issues
• Doing Sanity test of Websites.
• Putting up Critical communication messages on websites during Server and website maintenance and during website errors and issues and removing them once the issue/maintenance is taken care.
• Monitoring & resolving issues on Windows Servers ( Wintel ), Application Servers, database Servers with security and monitoring tools like MCC ( management command center ), NSM ( network and server monitor ), SOI (Security operations insight), DB TESA & TESA for issues like Low memory, high CPU utilization and logical drive usage, DB critical alerts, Server down related issues.
• Create, monitor, modify, and publish Service Catalog workflows with approvals
• Running queries on Oracle SQL developer platform.
• Monitoring & resolving network Routers, switches and AP (access point) issues.
• Managing and un-managing Servers regularly.
• Rebooting, restarting, powering on/off Dell servers DRAC for any issues with servers or during maintenance.
• Creating & deployment of Packages/ Software’s onto Servers through DSM.
• Handling Job failures by Autosys tool.
• Working as a liaison between ISP and the Client to achieve defined SLA and bridge L3 team to get issue resolved with accurate resolution.
• Monitoring associated links and server health with the help of monitoring tools: CA-NSM, Big-Brother and CA-Spectrum, MCC (Management command console).
• Experience in handling all P1 and P2 incidents for Server and Network related issues for India, USA, Thailand, Korea, and Malaysia.
• As an Infrastructure Engineer, responsible for handling Servers, computers and network issues.
• Good understanding of infrastructure technologies (Servers, Email and Messaging Services and Networking, etc.)
• Checking Web Server and application Server health on daily basis and maintaining them.
• Checking Server logs (Jboss logs and DB logs) during server downtime and during website failure or at the time of website errors and issues.
• Service Asset and Configuration Management
• Populating the CMDB
• Ensuring the pre-defined activities are aligned with the Change Management process
• Ensuring the CMS provides accurate and up to date information.
• Triggering an auditing process on the CMDB
• Making recommendations for Service Improvement Plans
• Developing a Service Asset and Configuration Management process model for the role of Service Asset and Configuration Manager.
• Take ownership and manage all support cases via ticketing systems, provide regular updates to end users/requesters and close tickets within agreed timescales.
• Incident Management
• Clearly document investigative steps undertaken during threat analysis and incident reporting for audit and internal knowledge base.
• Co-ordinate with level 3 teams and brings the issues to closure. Identify the alerts which qualify to go to next level.
• Experience in handling High priority incidents\outages on a daily basis.
• Follow the management defined Incident policies, processes and procedures
• Follow up and coordinate incidents from incident logging tickets till closure
• Responsible for all coordination for Incident Resolution and repair activities
• Provide adequate means for efficient handling of Critical Incidents, example: IVR updates,
• Maintain a Knowledge Base of all incidents occurred and workarounds available and provide necessary information to Business users and clients in the event of a re-occurrence of the Incident and thus reducing the downtime.
• Driving conference calls for obtaining RCA (Root Cause Analysis) pertaining to various incidents.
• Send out daily incident reports to senior management and other stakeholders and organise conference calls for further discussions.
• Active Participation in Problem Management and Change Management process.
• Participate in Problem management service quality review call and prepare the action items for each major Incident and ensure the action items are addressed within the stipulated time.
• Review status of open Incidents on a regular basis
• Maintaining and handling Servers and networks of Kellogg’s, Loblaws, CPPIB, Visit Florida and Panera bread.
• Creating user accounts and disabling user accounts on active directory of users located worldwide.
• Moving user’s profile from one domain to another in AD.
• Copying and moving data from one server to another via Robocopy.
• Creating new mailbox.
• Trouble shooting user’s computer for no power, no post, no boot, no video scenarios.
• Trouble shooting for internet connectivity issue (Both wired and wireless).
• Creating, resetting and disabling the user account password in active directory.
• Providing System and network security via Firewall/Firewalls load balancer and Antivirus database maintenance.
• Installing and upgrading software’s and drivers.
• Installing and troubleshooting the problems related to desktop, network, printers.
• Using of remote desktop for remotely solving problems (dell connect, logmein, Timbuktu).
• Installing of operating systems (windows xp, windows vista, windows 7, windows server 2003 and Windows server 2008.
• Configuring and troubleshooting MS Outlook.
• Troubleshooting VPN issues and auto sync. Changing VPN password, enabling and disabling VPN accounts.
• Supporting and installing business applications like Real Servicing, Real Trans, Real Resolution, and speed pay, Resware, Citrix, Homeward citrix.
• Consumer outreach program (Cop) leads project and doing appropriate documentation with fusion software.
Course Institution University/Board Percentage (Aggregate) E&CE Visvesvaraya Bangalore university 61.71% college of engineering
DIPLOMA (Electronics & communication Engg) KCT Polytechnic College, Gulbarga, Karnataka. Board Of Technical Education, Bangalore 64.48% ACADEMIC PROJECT: "ADVANCED EVM USING RFID & GSM NETWORKS" It's an Electronic Voting Machine (EVM) operating on the principle of Radio Frequency Identification (RFID) and Global System for Mobile Communication (GSM) Networks, which consist of an AVR ATMEGA 128 microcontroller. Advanced EVM has many useful features of saving of considerable printing stationery and transport of large volumes of electoral material and involves no invalid entries i.e. bogus voting and also it's an ecofriendly. Each and every candidate will be having a unique RFID card or tag along with a unique password. The polling result can be announced within a fraction of seconds.