Senior IT Security Analyst
Lennox International
Total des années d'expérience :12 years, 3 Mois
• Performing Vulnerability Assessment, Penetrating Testing, Web Application Security testing for the
servers and applications that are placed across Geographical Locations.
• Finding Vulnerabilities in the Network using Nexpose, Nessus, QualysGuard and Create Comprehensive
Vulnerability assessment reports that lead to do Exploitations.
• Have streamlined the vulnerability process and designed the architecture.
• Responsible to fix the security loopholes identify during testing/audit and ensure all reported issues
are addressed during post implementation review.
• Automated the Workflow between Nexpose and SCCM to automate the Patch Work Flow.
• Dedicatedly Manage Europe Infrastructure for our company and taking care of end to end Cyber
security Related issues.
• Maintaining the servers with the MS security patches and ensure 100% patch compliance using the
WSUS & SCCM.
• Securing computers from all type of cyberattack using Mcafee ePO. Responsible for pushing the
Policies and covering the DAT version for newly released threat across the Globe.
• Perform Threat Hunting, proactively collect IOC’S and feed it to SIEM, Fortinet, Barracuda to stay on
top of Cyber Threats.
• Works as IRT Member and investigate the Cyber Security Incidents and share the appropriate
workarounds for the Monitoring Team.
• Analyze the Phishing emails, understand the header pattern and identify from where it originates and
take appropriate action to prevent it.
• Part of PCI Audit and accountable for Scanning and Remediating the PCI in scope devices. Gather
appropriate evidence and share with the external auditors as and when required.
• Conduct trainings on information security controls, policies and guidelines.
• Performing Vulnerability Assessment, Penetrating Testing, Web Application Security testing for the
client
• Assisting client in fixing the security loopholes identified during assessment and make sure that all
identified vulnerabilities/issues are addressed and closed before the next reporting cycle.
• Take the ownership in closing the identified vulnerabilities, providing the mitigation steps
and coordinate with the respective stakeholders to close the vulnerability.
• Answering vendor questionnaire on behalf of client by studying and understating their IT Security
Policy
Offering clients, a way to stay ahead of data breach threats through security consulting services which
involves Vulnerability Assessment, Penetrating Testing, Web Application Security Testing & Security
Baseline Configuration Audit.
• Helping clients to fix the security loopholes identify during testing/audit and make sure that all
reported issues are fixed after testing
• Securing computers from all type of Virus attack using Symantec Endpoint protection and Trend Micro
Deep Security Manager.
• Patch Management - Patch verification, testing and deployment.
• Performing Periodic Port scan and Firewall policy audits to meet the Security Policy Standards
• Define Security Policies, Procedures and Guidelines for the latest technology.
• Hardening Linux & Windows servers based on CIS benchmark for better security.
• Handling security incidents like Virus attack, Hack attempt, ISMS policy violation and so on.
• Developing and implementing IT processes aligned with business objectives for effective data
management.
• Designing templates and streamlining reporting processes.
• Designing appropriate security controls & audit procedures for effective and efficient implementation
and measurement of enterprise security.
• Helped in the process of companies CERT IN Certification It's a rigorous process and consists of
vulnerability assessment identifying, exploiting and reporting vulnerabilities followed by rounds of
interview
• Keeping computers up-to-date with the latest patches using Kaseya patch management software.
• Conducting periodic vulnerability assessment using Nessus against servers and other network devices
to fix any reported vulnerabilities.
• Performing penetration testing using Acunetix against websites/applications during security incidents
and as a part of SDLC to identify and address the security loop holes.
• Facing external/internal ISMS and QMS audit and work with auditors to close the gaps reported for
continuous process improvement.
• Conducting periodic firewall audit, review and approve new port opening requests as per Firewall
policy to minimize the potential risk.
• Monitoring network traffic via Snort IDS and taking necessary action against valid suspicious alert
Responsible for all Network Essentials, day-to-day troubleshooting in LAN/standalone PCs and OS
Installation.
• Network and Security Administration.
• Extensive background in internetworking, LAN, and WAN technologies.
courses: Certified Ethical hacker
courses: Certified Specialist in Vulnerability management from Qualys Guard
.