Injamum Hossain
Loudonville,NY
Summary
Dynamic Cyber Security Engineer with a robust background in Risk Management, Identity and Access Management (IAM), and Trust & Vulnerability Management. Proven track record in implementing and managing comprehensive IT security systems to safeguard sensitive data. Adept at collaborating with cross-functional teams to enhance threat detection and vulnerability management standards, ensuring a resilient security posture. With a Bachelor's degree in Computer Operations from Farmingdale State College, I possess a strong foundation in cybersecurity principles that I bring to my current position.
Overview
8
8
years of professional experience
Work History
Sr. Cyber Security Engineer
Intra-Cellular Therapies
09.2023 - Current
- Led the implementation and management of IT Security systems, including End Point Detection & Response, Data Loss Prevention, Intrusion Detection, and SIEM, using tools such as Varonis, Arctic Wolf, Barracuda, Sophos, CyberArk, Recorded Future, and Forcepoint
- Acted as the primary point of contact for security-related tickets from Arctic Wolf, ensuring prompt resolution and effective communication with stakeholders
- Enforced IT security standards and best practices, recommending and implementing security enhancements for systems, networks, and cloud environments
- Played a key role in shaping vulnerability management standards and security policies, utilizing tools such as Varonis, Arctic Wolf, Barracuda, and CyberArk
- Conducted regular reviews of vulnerability management processes, proposing and implementing change controls and security exceptions where necessary
- Provided weekly reporting of cybersecurity incidents and events, using tools like Varonis, Arctic Wolf, and Recorded Future to analyze and report findings
- Managed and utilized security tools including Varonis, Arctic Wolf, Barracuda, Sophos, CyberArk, Recorded Future, and Forcepoint to maintain a secure environment
- Generated detailed reports for management, containing remediation steps using tools such as Varonis, Arctic Wolf, and CyberArk
- Supported the implementation of new initiatives such as Dark Web Monitoring, Enterprise Password Management, DLP, CASB, and TPRM, leveraging tools like Varonis, CyberArk, and Sophos to enhance security measures
- Coordinated with third-party security information and event management (SIEM) providers to maintain protections and predict threats.
Security and Compliance Engineer
Bluesight
01.2022 - 07.2023
- Implemented and monitored SOC 2, HIPAA, and ISO compliance standards for a medication intelligence company, ensuring internal practices were up-to-date and effective
- Represented Bluesight's security posture and operations maturity to customers, building trust and confidence in the product
- Led internal and third-party risk assessments, identifying critical vulnerabilities and providing recommendations for risk mitigation
- Developed and managed security tools, increasing the efficiency of threat detection by 25% and reducing incident response times
- Spearheaded security policy and process management initiatives, ensuring alignment with industry standards and regulatory requirements
- Collaborated with diverse teams to develop, deliver, and monitor organization-wide security training programs and best practices
- Implemented vulnerability management strategies, resulting in a 30% reduction in potential security risks
- Integrated security into the fabric of cloud-based services by developing innovative, reliable, and low-friction security solutions
- Monitored multi-level security networks using advanced tools to identify and respond to potential security violations and malicious activities
- Collaborated with cross-functional teams to promptly report security incidents to higher authorities, ensuring compliance with regulations and policies
- Implemented required IA security measures to mitigate the impact of security incidents and protect sensitive data
- Managed Cyber Threats by collaborating with cross-functional teams, including DevOps and IT, to identify and mitigate security risk
- Developed a comprehensive library of RFI and RFP materials to streamline vendor selection processes
- Provided subject matter expertise in security best practices, enabling quick risk assessments and prioritizing overall benefits to the company
Information Security Analyst
Orion Innovation
01.2021 - 12.2021
- Provided real-time intrusion detection and host-based monitoring services using Qradar and Endpoint solutions
- Experienced IT Security Professional with expertise in IT Infrastructure, Vulnerability, Risk Security, SOC Analyst, SIEM, Information Security, and Cyber Security
- Conducted thorough intrusion detection analyses, documenting incidents and data for further analysis and improvement
- Successfully performed routine IA administrative tasks in adherence to established guidelines and instructions
- Contributed to routine preventive and corrective maintenance, conducting tests and monitoring network activities to ensure the integrity of IA systems
- Conducted monthly and quarterly scans using Office 365 DLP and escalated critical data found on shared devices and drives
- Spearheaded the successful design and implementation of Security Orchestration, Automation, and Response (SOAR) workflows utilizing Microsoft Sentinel and Defender platforms
- Streamlined incident response procedures by creating end-to-end automation workflows, reducing response times by 60%
- Collaborated closely with cross-functional teams to identify key use cases, develop playbooks, and configure automation scripts within the SOAR framework
- Proactively working alongside software engineers to identify and address security flaws and vulnerabilities, ensuring a proactive security posture
- Leveraging my industry experience to take ownership and drive the resolution of complex security incidents, policy inquiries, and technical security challenges
- Undertaking the design, construction, and secure utilization of cloud infrastructure at scale, adhering to best practices for cloud security
- Deployed and configured McAfee Endpoint Security and built a data protection program through data classification skills and a clear understanding of privacy standards and regulations
- Formulated systems and methodologies and responded to security-related events
CyberSecurity Engineer
Protiviti
10.2019 - 12.2020
- Deployed and implemented Symantec DLP product suite for AIG team, including monitoring client online status by group and creating reporting on product versions
- I have conducted security event monitoring, incident triage, and reporting using various SIEM tools such as Splunk Enterprise, Splunk ITSI, Splunk ES, Splunk Phantom, and App Dynamics
- Utilized Symantec DLP Cloud Prevent for Microsoft Office 365, Windows, and OSX to monitor and detect data loss events and potential security breaches
- Managed system configurations and monitored network activities, promptly identifying and mitigating security breaches
- Orchestrated incident detection and response procedures, minimizing the impact of security incidents and ensuring swift recovery
- Expertise in DLP policy compliance and regulatory standards including SOX, PCI, and HIPAA
- Worked closely with the technical services team and cross-functional departments to remediate identified security risks
- Successfully integrated external security tools, including Splunk and Qradar, into the Sentinel/Defender SOAR environment, expanding data visibility and enhancing response capabilities
- Implemented API-driven integrations to orchestrate actions across the security stack and maximize the value of existing investments
- Improved detection rates and reduced false positives by tuning Office 365 DLP and updating DLP policies
- Implemented a comprehensive vulnerability scanning program, reducing critical vulnerabilities by 40% within the first quarter of deployment
- Played a key role in developing and delivering a company-wide security awareness campaign, resulting in a 60% increase in employee adherence to security best practices
- Administered and installed both single and multiple-tier installations of Symantec DLP for testing purposes
- Performed regular security audits to identify any potential vulnerabilities
Security Engineer
Quest Diagnostics
04.2019 - 09.2019
- Involved in NIST Project for contributing to the development and implementation of security policies and procedures
- Provided guidance and education on HIPAA compliance to departments affected by the Health Information Portability and Accountability Act, performing tasks such as inventory, gap analysis, and risk assessments
- Demonstrated leadership in implementing security solutions, including Qualys and SIEM tools like Splunk, Solution ARY, and LogRhythm
- Enforced security configuration compliance, adhering to relevant requirements like Health Insurance Portability and Accountability Act (HIPAA/HITRUST) and state/federal regulations
- Managed and maintained various security tool sets, ensuring their effective functionality and reliability
- Designed and delivered security awareness training programs for the organization, fostering a security-conscious culture
- Participated in the Splunk Phantom SOAR Proof of Value (POV) project and tested out-of-the-box use cases
- Developed and implemented SIEM content across multiple platforms, including Splunk, ArcSight, and QRadar
- Created and maintained dashboards for real-time analysis of security threats
System Security Analyst
SoftNice
11.2016 - 04.2019
- Implemented real-time intrusion detection and host-based monitoring services using Symantec DLP (Data Loss Prevention) and EndPoint solutions
- Generated Symantec DLP reports, including version reporting and client online status by group report
- Led the implementation and deployment of Symantec DLP products as part of the team, ensuring comprehensive data loss prevention measures
- Successfully deployed Symantec DLP Cloud Prevent for Microsoft Office 365, Windows, and OSX to strengthen data loss prevention capabilities
- Conducted regular reviews and recertification of DLP policies, TLS domain whitelisting, and collaborated with BU Risk for policy enhancements
- Demonstrated proficiency in installing and configuring Single Tier 2 and 3 instances of Symantec DLP for testing purposes, as well as two-tier and three-tier installations
- Contributed to the development of comprehensive enterprise security documents, including policies, standards, baselines, guidelines, and procedures
Education
Bachelor's degree - COMPUTER OPERATIONS
Farmingdale State College
Farmingdale, NY01.2018
Associate of Arts and Sciences - AAS - COMPUTER OPERATIONS
LaGuardia Community College
Long Island City, NY01.2016
Skills
- Managed Detection and Response
- Identity and Access Management
- Threat Management
- Incident response management
- Vulnerability Management
- Security Incident Response
- Security Policy Development
- Risk Assessment
- Cloud Security
- Regulatory compliance
- EDR and DLP Solution
Timeline
Sr. Cyber Security Engineer
Intra-Cellular Therapies
09.2023 - Current
Security and Compliance Engineer
Bluesight
01.2022 - 07.2023
Information Security Analyst
Orion Innovation
01.2021 - 12.2021
CyberSecurity Engineer
Protiviti
10.2019 - 12.2020
Security Engineer
Quest Diagnostics
04.2019 - 09.2019
System Security Analyst
SoftNice
11.2016 - 04.2019
Bachelor's degree - COMPUTER OPERATIONS
Farmingdale State College
Associate of Arts and Sciences - AAS - COMPUTER OPERATIONS
LaGuardia Community College
Similar Profiles
Megan McCurdyMegan McCurdy
Associate Director, Human Resources at INTRA-CELLULAR THERAPIESAssociate Director, Human Resources at INTRA-CELLULAR THERAPIES
Kristine D'AmbrosioKristine D'Ambrosio
Neuroscience Sales Specialist II at Intra-Cellular TherapiesNeuroscience Sales Specialist II at Intra-Cellular Therapies
Natalie DowneyNatalie Downey
Neuroscience Sales Specialist II at Intra-Cellular TherapiesNeuroscience Sales Specialist II at Intra-Cellular Therapies