MOHAMMED IBRAHIM ABRAR

• Design and implementation of IT Audit GRC Compliance workflow automation process in CyberOne using SalesForce.
• Plan, develop, and execute security data analytics using Business Intelligence tools (Tibco Spotfire, Xtraction, Tableau ) and act as the data security analytics subject matter expert (SME) supporting the IT Compliance team, Risk Management team, Information Security team and all other functional units with regards to IS security data.
• Managed third party/vendor risk assessment oversight for security applications/tools - check for data security protection mechanism (data-at-rest & data-in-transit), data retention, application authentication, access control, incident response, media protection and regulatory and compliance standard the vendor adhere to
• Lead Information Security Governance and Risk’s continuous process improvement projects such as application security risk assessment and self-assessment processes against IS standards.
• Advance knowledge in security threat intelligence gathering from various security tools such as Security Information and Event Management (SIEM) Systems - RSA Netwitness, RSA eCAT, CyberArk, Active Directory, Identity Management (IDM), Nexpose, and Infoblox.
• Perform the review of the RSA Security SIEM log and NetWitness Security Event Log - analyze various logs from various appliances such as Cisco IDS, Proofpoint, Big-IP, Snort, application firewalls; thus providing a strong threat intelligence security data point for the Information Security team.
• Review and Approve/Deny firewall rules and maintaining Palo Alto Firewalls & Analysis of Firewall logs.
• Work extensively on various streams of Identity and Access Management (IAM) compliance with regards to - account management, web access management (Citrix VDI), password management and user provisioning systems using LANDesk, CyberArk and Active Directory (AD)
• Develop and monitor Risk Management central data repository, in order to identify potential threats and vulnerabilities, tracking identified gaps and recommended technical remediation.
• Assess and review periodically over 24 enterprise and security endpoint agents, in order to evaluate and track the agent deployment process on all active endpoints and ensure swift agent deployment for non-compliant endpoints.
• Provide Executive Security Metrics and Dashboards on various compliance and security findings to Executive Management.(i.e. SIEM metrics, Asset Inventory report, Security Agent gap analysis report, patch and vulnerability management status report, Active Directory Metrics)
• Subject Matter Expert & training facilitator for IS Security and Compliance data analyses, using data to drive organization’s Security, Risk and Compliance exercises.
• Perform security monitoring, vulnerability management, risk management and security incident response in identifying, coordinating and remediating various identified vulnerabilities.
• Architecting and configuring secure cloud VPC using private and public networks through subnets in AWS.
• Configure VPC and ether channel- LACP and PAGP and create the Vlan interfaces with HSRP.
• Knowledge of AWS cloud computing concepts and cloud infrastructure technologies services such as config, IAM, CloudWatch events, Guard Duty, CloudTrail etc.
• Working on IT Security and Compliance Tools such as Tripwire, NetWitness, Cylance, Beyond Trust, McAfee ePolicy Orchestrator (McAfee ePO), McAfee DLP, RSA MFA, RSA SIEM, CyberArk, AirWatch MDM.

Environment: CyberOne (Salesforce), Tibco Spotfire, Xtraction, Tableau, RSA Netwitness, RSA eCAT, CyberArk, Active Directory, IDM, Nexpose, Infoblox, Cisco IDS, Proofpoint, Big-IP, Snort, LANDesk, Tripwire, Cylance, BeyondTrust, McAfee ePO, McAfee DLP, RSA MFA, RSA SIEM, AirWatch MDM, AWS (Config, IAM, CloudWatch Events, Guard Duty, CloudTrail).

• As Cyber Security Engineer my principle duties and responsibilities is supporting NARA IT Security Operation and its Security Posture, monitoring and utilizing security tools and providing security for all Stakeholders, by conducting vulnerability scans and assessments against agency information systems, web applications and web services.
• Create customized Tenable.sc reports for System Owners and ISSO's to continuously improve vulnerability assessments.
• I work with IT Operations, IT POC's, and System Owners to understand and remediate vulnerabilities, implement security controls, or integrate secure solutions per FISMA system and also conduct assigned activities within the security Incident response and handling lifecycle.
• Part of my responsibilities is to provide daily administration and maintain operations of HBSS servers by providing technical support and troubleshoot HBSS product issues and outages.
• Produce vulnerability, configuration, and coverage metrics and reporting to demonstrate assessment coverage and remediation effectiveness by using Rapid 7 Nexpose.
• Generate scheduled and ad-hoc reports for different vulnerability scans using Rapid 7 Insight VM and Tenable Nessus.
• Install, configure and administer latest approved versions of the DOD HBSS, McAfee endpoints and resolve ePO server issues.
• These activities could include: detection, triage, analysis, containment, recovery and reporting.
• Coordinate response, triage and recovery activities for security events affecting the agency's information assets.
• Assist with expanding and maturing existing vulnerability management and incident response processes and activities.
• Coordinate with system owners and IT operations to remediate and resolve issues discovered during security scans, system assessments, system audits, and cyber security investigations.
• Conduct security assessments and testing for agency's different cloud platform types (i.e., IaaS, SaaS, PaaS)
• Conduct on-demand scans, assessments, and audits to assess the cyber security posture of the various on-premises and cloud-based NARA information systems.
• Deployed the following Azure services to enable IT Security and IT Operations to move applications into the Azure cloud environment.
• Administration of Cyber Ark Privilege Accounts and Vaulting services.
• Build Safes and add servers into the safes as needed.
• Reviewed security logs (LogRythm SEIM) to ensure compliance with policies and procedures and identifies potential anomalies.
• Integrated IDS/IPS to ArcSight ESM and analysed the logs to filter out False positives and add False negatives in to IDS/IPS rule set.
• Well versed in both remote and on-site user Splunk (SIEM) Support.
• Provide security engineering reviews and recommendations to agency System Owners and Information System Security Officers.
• Understanding of systems cyber security architecture and updating plug-ins, security center feed, Host Discovery and policies on Security Center.
• Understanding of systems Cyber Security Architecture and applying DISA STIGS for compliance and assisting with ACAS scanning, identifying security issues, remediation of vulnerabilities using ACAS in accordance with Government compliance and cybersecurity guidelines.
• Cyber Ark Vault Maintenances. Building CyberArk safes and adding different applications/portfolios in the safes.
• Develop and implement technical solutions to help mitigate security vulnerabilities
• Analyze network and host-based security logs to identify potential security threats
• Develop/review documentation for Security Operations procedures.
• Troubleshoot and fix all problems that arose in Cyber Ark due to ill-usage of the cyber ark from different users.
• Cross trained engineers so they could build their technical knowledge faster and with more focus being placed on Agile technologies.

Environment: Tenable.sc, Rapid 7 Nexpose, Rapid 7 Insight VM, Tenable Nessus, DOD HBSS, McAfee endpoints, McAfee ePO, Azure services, Security Center, ACAS.

• Involved in installation and configuration of QualysGuard vulnerability management system
• Following NIST 800-53 standards in design and development of applications
• Deployment and on boarding of Application Identify Manager.
• Conducted attack analysis on the IDS reports to detect the attacks and reported the analysis.
• Initial set-up, installation and implementation of new SIEM solution (IBM Qradar).
• Developed and Managed a Risk Management program.
• Assist customers with troubleshooting McAfee ePO, McAfee Drive Encryption, and Data Loss Prevention.
• Involved in daily operations of investigating threats discovered through SIEM.
• Developed intelligence based Counter Threat Operations program to mature the hunt process using the MITRE ATT&CK framework.
• Provide Managed Security Services for Carbon Black Response and Carbon Black Defense (Cloud and On-Prem): Sensor
• Managed our endpoint security system FireEye through which I created policies and procedures to comply with Commonwealth standards as well as monitor and react to alerts generated through FireEye.
• Maintain security sensors and tools i.e. Splunk, FireEye
• Work with other teams within the SOC like Threat Hunt, Forensics, Engineering, and Cyber Threat Intelligence to thwart threats to the organization.
• CyberArk Administration and troubleshooting.
• Implemented the CyberArk PAS solution for the client, installing the CyberArk components including
• As a threat hunter continues Monitoring External Feeds information, existing correlated offences, and End Device Logs Source, Real time log threat abnormality activity, and further investigation triage.
• Information Security Platform by providing support on known/ unknown vulnerabilities/ threats found via security devices/ product.
• Tested the disaster recovery in CyberArk.
• Knowledge transfer to client on existing CyberArk solution.
• Worked on creating and scheduling CyberArk daily backup.
• Worked on creating autodetection and autodiscovery process for account upload in CyberArk
• Supported the McAfee network management and antivirus products, which were designed to monitor and allow remote configuration of multiple OS types over a LAN environment
• Migrating existing Reports and Alerts from RSA envision to IBM Qradar.
• Vulnerability management utilizing commercial products such as Rapid7 Nexpose, Tenable Nessus, Qualys, Appscan and other top industry tools.
• Deploy new Splunk systems and Monitor Splunk internal logs to identify and resolve existing or potential issues
• Current on security threats by on onboarding various data source such as FS-ISAC, Bluecoat Proxy Data, ScoutVision, iDefense, Looking Glass, Arcsight configuration and automation.
• Analyzed the Policy rules, monitor logs and documented the Network/Traffic flow diagram of the Palo Alto Firewalls placed in the Data Center with MS Visio.
• Assisting NTIS network group with their Cisco Firepower/FireSight
• Configure and install McAfee IPS sensors, and Cisco ASA with Firepower Appliances
• Reproduce customer issues, file bug reports and escalate cases to Splunk support as necessary
  Perform Enterprise Linux tasks as they pertain to supporting the Splunk application
• Solve complex Splunk Integration challenges; Debug complex Splunk configuration issues.
• Indexing data from apache log servers into Splunk and creating dashboards
• Expertise in Active Directory design and support (Group Policy Object (GPO), Active Directory (AD) Schema, Organization Unit (OU), LDAP, Sites, Replication, etc.)
• Aggregate, correlate, and analyze log data from network devices, security devices and other key assets using Qradar
• Deployed Cisco FireSight/FirePower appliance and Cisco ASA Firepower inline.
• Troubleshot and resolved client communication problems, and firewall and McAfee IPS blocking problems
• Support for McAfee ePolicy Orchestrator (ePO), McAfee Drive Encryption (MDE), and Data Loss Prevention (DLPe)
• Created dashboards, alarms, correlation rules, setup reports to help the SIEM team, SOC, and other teams for visibility
• Review new threats and help assess the risk level to Brightree servers and workstations from generated Nexpose findings.
• Created SIEM dashboard for Qradar and reconciliation with Storage, Database Server, Workstation and Server and Network Devices.
• Monitoring the Active Directory Replication status of the Domain Controllers.
• Active Directory Services, DNS, Lync Administration, Power Shell in a very large network.
• Manage and configure Nexpose vulnerability scanner for security patching and vulnerability scanning.
• Assist multiple security projects with the goal of exceeding compliance objectives.
• Created several white papers that have established and postured business growth for Information Assurance and Cyber Security
• Have a solid network of people to include small businesses that provide services in areas critical to mission needs related to Information Assurance and Cyber security.
• Helped teams to create SIEM content utilizing reports, dashboards and correlation rules.

Environment: QualysGuard, Application Identity Manager, IBM QRadar SIEM, McAfee ePO, McAfee Drive Encryption (MDE), McAfee Data Loss Prevention (DLP), Carbon Black Response, Carbon Black Defense, FireEye, Splunk, CyberArk, Rapid7 Nexpose, Tenable Nessus, Appscan, Cisco Firepower/FireSight, Cisco ASA with Firepower.

• Establish a strong GRC (Governance, Risk, and Compliance) practice to ensure adherence to best practices, regulatory requirements, and ISO 27001.
• Work with McAfee ePO for managing client’s workstations to provide endpoint security.
• Facilitate implementations of information security policies, account security policies, and standards for logical and physical security.
• Coordinate and facilitate PCI DSS external audits, including end-to-end coordination and support during onsite assessments using tools like Splunk, ArcSight, Solutionary, LogRhythm, SCCM, Altiris, LanDesk, BigFix, McAfee/Symantec.
• Automate DLP incident metrics using Splunk, develop monthly and weekly metrics, and create dashboards using Splunk.
• Provide leadership in architecting and implementing security solutions utilizing Qualys and SIEM tools like Splunk, ArcSight, Solutionary, LogRhythm, SCCM, Altiris, LanDesk, BigFix, McAfee/Symantec.
• Configure advanced CyberArk integration with AD through LDAP, 2-factor authentication, and email integrations.
• Conduct risk assessments and support malware analysis using Cobit I.
• Coordinate closely with disaster recovery and data security teams.
• Enhance risk culture across the organization based on the COSO framework, apply and implement COSO framework across the organization.
• Allocate and coordinate work within a team or project, provide valuable input into risk reports and present reports to business areas and CTS management.
• Serve as Device Management in-charge providing technology support, installing, maintaining, upgrading, and troubleshooting servers, networks, and other security products; provide solutions to complex hardware/software problems.
• Perform Vulnerability Assessment and Management (using Nessus & Qualys), conduct security risk analysis, and report using SPLUNK.
• Utilize Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS/IPS), Data Leakage Prevention (DLP), forensics, sniffers, and malware analysis tools.
• Implement Symantec DLP and QRadar SIEM tools.
• Deploy and configure McAfee products for clients; provide Subject Matter Expertise (SME) for McAfee suite of products like McAfee ePO, McAfee Endpoint Encryption, McAfee DLP Endpoint.
• Manage IBM QRadar configuration files including inputs, props, transforms, and lookups; upgrade IBM QRadar Enterprise and apply security patches.
• Lead a SOC team for cyber incidence and compliance towards PCI DSS and NIST framework.
• Install, configure, and administer Splunk Enterprise Server and Splunk Forwarder on Redhat Linux and Windows servers.
• Track all incidents occurring in stores and use RSA Archer for recovery and settlements.
• Analyze logs and troubleshoot issues related to integration of applications using CA SiteMinder (Access Management), Identity Management tools, LDAP, and web-server agents, along with SiteMinder federation services.
• Install and configure CyberArk Vault, Password Vault Web Access (PVWA), Central Password Manager (CPM), and Privileged Session Manager (PSM) in production and DR environments.
• Work with security tools such as Deep Security, HIPPM, Nessus, and Symantec Control Compliance Suite 11.
• Responsible for troubleshooting and resolving firewall software and hardware issues, including VPNs, connectivity issues, logging, cluster configurations, and hardware installations for Checkpoint and Palo Alto firewalls.

Environment: McAfee ePO, Splunk, ArcSight, Solutionary, LogRhythm, SCCM, Altiris, LanDesk, BigFix, McAfee/Symantec, Qualys, CyberArk, Nessus, IBM QRadar, Deep Security, HIPPM, Symantec Control Compliance Suite 11, RSA Archer, CA SiteMinder.

• Resolved all LAN/WAN connectivity other issues.
• Analyze Vulnerabilities reports from various scans and assessments by acting on high risk / critical Vulnerabilities to other Vulnerabilities.
• Management of system security and file system security policies and analyzing systems to determine ways of improving performance.
• Monitored security events, correlating information, and identifying incidents, issues, threats, and vulnerabilities found by agency data sources, but are not limited to, vulnerability scanners, baseline configuration management systems, hardware asset management systems, software asset management systems, network contextual analyzer systems, intrusion detection systems (IDS).
• Conducting routine checks, warranty claims, hardware failure, replacement, software up-gradation, download patches and hotfixes.
• Infrastructure deployment from the very basis to complete function and Information Security Policy as per PCI-DSS Audit Compliance.
• Review controls related to various business process of entity for compliance with COSO framework.
• Responsible for conducting structured security certification and accreditation (C&A) activities utilizing the Risk Management Framework and in compliance with the Federal Information Security Modernization Act (FISMA) requirements.
• Performing OS updates and upgrading application.
• Maintaining all shared resource and monitor free and utilized disk space.
• Responsible of setting up projector, audio/video devices for meetings and lectures.
• Keeping and tracking inventory of all loaner laptops issued to students and staffs.
• Responsible of writing and updating training manuals.
• Install and configure the Qradar SIEM including all its components, local & or remote log collectors.
• Worked on SIEM tool Qradar for reporting and data aggregation.
• Used SIEM tool Qradar on adding the newly build windows and Linux log servers and creating policies for different alerts.
• Security Audit, Budget Violation, Operational Violation, Best practice check in client AWS environment.
• Coordinated with Network Administrator regarding BGP/OSPF/EIGRP routing policies and designs, worked on implementation strategies for the expansion of MPLS VPN networks.
• Troubleshooting the Network Routing protocols (BGP, MPLS EIGRP and RIP) during the Migrations and new client connections.

Environment: Vulnerability scanners, Baseline configuration management systems, Hardware asset management systems, Software asset management systems, Network contextual analyzer systems, Intrusion detection systems (IDS), IBM QRadar SIEM.