Summary
Overview
Work History
Education
Skills
Personal Information
Preferred Work Location
Technical Acumen
Timeline
Generic

Syed Ahmed

Plainfield,USA

Summary

Experienced Cyber Security Consultant with 8+ years of IT experience with a focus on designing and developing security solutions. Provide guidance, recommendations, and best practices. For Symantec DLP operations, stabilize and optimize DLP system performance, including rules and reports, assist with DLP upgrades, installations and configuration. Experience in installation, Configuration, and day-to-day management of Symantec Endpoint protection. Experience in analyzing Security logs generated by Intrusion Detection/Prevention Systems, firewalls, network flow system, and Anti-virus. Expertise in improving the Risk and Control functions against Governance, Risk Management and Compliance (GRC). Become a trusted advisor in Symantec DLP with our customers and clients. Administer and maintain the corporate DLP environments while structuring and documenting the corporate DLP infrastructure environments. Expertise in Gathering and analyzing metrics, key risk indicators and maintain scorecards defined within the area of information security to ensure our information security program is performing effectively and efficiently. Familiar with general security risk management principals and best practices. Experience in Implementing and managing Symantec Data Loss Prevention version 14.6, MP1, 15.5, 15.7, and 15.7 MP1. Supported the information security audit and third-party assessment initiatives during planning, execution, and remediation phases, as well as coordinating and tracking remediation activities. Created auditing program for all current DLP policies bringing them in line with the new policy structure thus allowing more growth within DLP infrastructure. Experience with Symantec DLP upgrades and patches. Knowledge of data encryption (transparent encryption), data-at-rest, and unstructured data protection, Key Management Solution (KMS). Worked as a Part of 24//7/365 team delivering real time proactive monitoring and maintenance of supported security tools and associated rules and signatures.

Overview

9
9
years of professional experience

Work History

CYBERSECURITY ENGINEER / SECURITY ANALYST

Brown Brothers Harriman
08.2021 - Current
  • Performed destruction scans and policy tuning in Symantec to detect and mitigate web-based threats.
  • Managed URL whitelisting and access control based on business needs and security policies.
  • Handled user access requests, policy exceptions, and change tickets in coordination with the security team.
  • Participated in the transition from Symantec to Zscaler, maintaining continuity in security controls and policy enforcement.
  • Managed and monitored Incident Receiver within Zscaler Internet Access (ZIA) to collect and analyze real-time logs for security incident investigation.
  • Configured and maintained ZIA Incident Receiver settings to ensure accurate delivery of logs and alerts to SIEM/SOC platforms for incident triage and threat detection.
  • Administered Zscaler policies for web filtering, threat protection, and DLP to ensure consistent user protection post-migration.
  • Acted as a Security Coordinator, submitting and tracking requests for access and security services across teams.
  • Regularly reviewed security incidents and DLP alerts, identifying false positives and escalating true positives as needed.
  • Tuned incident response rules and DLP policies to reduce alert noise and enhance data loss prevention effectiveness.
  • Ensured sensitive data was not leaked by continuously optimizing detection rules based on incident outcomes.
  • Collaborated with SOC and IT teams to align policies with real-time incident trends and business requirements.
  • Led and engineered security operations, vulnerability assessments, and risk analysis using tools such as Zscaler DLP, Microsoft Purview, Splunk, and Symantec DLP.
  • Engineered and deployed security solutions, including DLP policies, data inspection tools, and cloud security frameworks for sensitive data protection.
  • Configured and enforced data loss prevention (DLP) policies across various platforms, ensuring protection of data in transit and at rest.
  • Implemented and managed contextual data inspection with Zscaler to identify and prevent leakage of sensitive data (PII, PCI-DSS, HIPAA).
  • Engineered and maintained incident response protocols, overseeing detailed reporting on DLP violations, security incidents, and security posture improvements.
  • Collaborated with cross-functional teams, working alongside network and cloud engineers to ensure seamless integration of security solutions within the existing infrastructure.
  • Conducted vulnerability assessments using tools like Nessus and Qualys, providing actionable insights for mitigating risks in system configurations.
  • Designed and executed security improvements and compliance measures to align with regulatory standards, ensuring the organization's overall security posture remained robust.
  • Installed and configure DG (Digital Guardian) agent for DLP on Data in use.
  • I work on a Data protection and enablement team where I review sampling of events for targeted use cases.
  • A sampling of events is taken to ensure use cases are performing as expected and tuning for DLP rules is completed, as necessary.
  • Proficient in Symantec DLP, Forcepoint Suite, McAfee DLP, Office 365 DLP, CASB, Outlook, Salesforce.
  • Taken care of the alert response phase for quarantine, block, alert/detect, encrypt for Data loss prevention tools Fidelis and Digital Guardian.
  • Implemented data loss prevention for On-prem and cloud solution for tools (Symantec, Digital Guardian, Fidelis) Symantec DLP UBA (User behavior analytics), AD Groups.
  • Fidelis (Data in motion) and Digital Guardian (Data in use/Data at rest).
  • Working with multiple users to identify proxy issues.
  • Analyze rules that are not being triggered and clean to reduce the volume of rules and perform advanced troubleshooting on CLI and WEBUI for Forcepoint Proxy.
  • Performed Installation and Configuration for DLP Detection servers for Version 14.6, 15.0, 15.1, 15.5, 15.7, and 15.7 MP1.
  • Work within established configuration and change management policies to ensure awareness, approval, and success of changes made to the network infrastructure, analyze and monitor ingress/egress traffic traversing through a network and thereby enforcing policies and various security profiles on DLP, Checkpoint.
  • Managed universal Symantec DLP policies with a centralized platform for detection, incident remediation workflow and automation, reporting, system management and security.
  • Making new changes in the environment for primary business objectives modernized, updated, the current enterprise DLP posture for Fidelis and Digital guardian services.
  • Troubleshoot network traffic.
  • During Network Segmentation; exporting traffic reports for each site.
  • Experience in configure DLP policies, policy rules, and share policy with compliance by import/export.
  • Analyzed Symantec DLP events and reports.
  • Monitor the health and logs using Smart view tracker and smart monitor on the Checkpoint.
  • Migrate Policies from one firewall platform to another special migration to Fortinet appliances.
  • Plan, coordinate and execute modifications to the client's firewall rule base in a production environment without causing adverse impact to the enterprise and working with stakeholders to implement and maintain security standards/policies/procedures.
  • Extensive experience with Symantec DLP architecture and implementation for enterprise level.
  • Developed SPL queries in Splunk to detect threats and send daily reports to DLP AD group outlook and modified Digital team process by creating reports at centralize location for Retail and PBM business.
  • Maintain troubleshooting tickets and complete them in a timely manner.
  • Keep a record of all requests for change (RFC) tickets in ServiceNow.
  • And help the auditor to track and locate the changes made on firewall per RFC.
  • Implemented Symantec DLP in monitoring, warning and blocking mode.
  • Keep track of all the passwords in the KeePass tool to place security credential align for all the tools, Main Excel tracker for all the events to present KPI's report on weekly call.
  • Working with multiple users to identify Proxy issues required for applications, create change requests on ServiceNow to allow/make the necessary changes on DLP, Checkpoint and Palo Alto Firewalls and track the traffic via CLI, Forcepoint, Panorama for troubleshooting.
  • Implemented EDM, IDM, EMDI, VML, and DCM data profile to protect data in motion, data at rest, and data in use.

SYMANTEC ENDPOINT PROTECTION ADMINISTRATOR & CYBERSECURITY ANALYST

DTE Energy
11.2019 - 07.2021
  • Installed and configured Symantec Endpoint Protection (SEP) across desktops, laptops, and servers, ensuring seamless integration into the IT environment.
  • Created and updated security policies for virus protection, firewall settings, device control, and intrusion prevention.
  • Monitored security incidents, investigated malware detections, and generated compliance reports for endpoint security status.
  • Conducted vulnerability assessments and security scans to identify weaknesses and deliver actionable remediation recommendations.
  • Provided ongoing support for incident management and contributed to organizational risk management strategies.
  • Monitored and investigated security incidents, including malware detections and DLP alerts, providing Tier 1 triage and escalating complex cases to Tier 2 and Tier 3 teams.
  • Installed, configured, and upgraded Symantec Endpoint Protection (SEP) and Data Loss Prevention (DLP) systems, including Enforce Server and Network Discover components, ensuring robust data security across endpoints and network.
  • Tuned and customized DLP policies for HIPAA, PCI, PII, and other compliance frameworks to reduce false positives and improve incident response accuracy, supporting Tier 2 and Tier 3 analysis.
  • Developed and maintained SOPs, runbooks, and daily operational procedures for incident management, policy enforcement, and system health checks to streamline SOC workflows across all tiers.
  • Installed and configure Symantec DLP to protect confidential Data in motion, Data in use, and Data at rest.
  • Work closely with the information security team and security project management office to roll out a DLP solution in compliance.
  • Performed three tier Installation of Symantec DLP for Production.
  • Upgrade Symantec DLP version 15.0, 15.0.1 MP1, 15.1, and 15.5.
  • Installed and configure Enforce Server Administration console to manage Endpoints, policies, policy rules, Agent groups, Incidents, manage DLP servers, and etc.
  • Installed and Configure Endpoint Prevent and Discover detection server to protect Data in use.
  • Symantec Vontu DLP upgrade 11.6.2 to version 14.5 Lotus notes environment.
  • Symantec Vontu Endpoint Network monitor and Discover server.
  • Create a view into the operational security of the environment by leveraging Symantec Control Compliance Suite (Symantec CCS) dashboards and reports to represent threats and vulnerabilities in the environment.
  • Installed and Configure Network Discover server to discover data at rest and Configure Network protect to protect data at rest by Quarantine, Copy and Encrypt data.
  • Performed vendor File share scan with Symantec DLP by setting up Site-to-site VPN.
  • Configure AD with Enforce Server to assign appropriate policy to agent groups.
  • Gained experience with Symantec DLP Software: DLP Cloud Prevent for Microsoft Office 365, DLP.
  • Support all Endpoint encryption activities, documentation of SOP's, known risk and automation assurance.
  • Assist with the expansion of Symantec CCS in the environment to include additional platforms and integration with external data sources.
  • Implement daily standard operating and sustainment procedure (e.g. DLP system health check, policy/rule tuning/implementation, policy and Incident maintenance, event categorization, and Incident reporting).
  • Configure, test, and troubleshoot LDAP Manager Lookup plugins.
  • Troubleshoot Symantec DLP Issues and provided support remotely for DLP issues.
  • Customized and fine-tuned DLP policies to reduce rate of false positives in alerts and align them with business needs incident response.
  • Configure HIPPA, HITECH, PII, PCI, SOX, and PHI policies and rules.
  • Managed and System events and Messages.
  • Ensured smooth transition for all the Security Applications, Prepared Team Metric report and project status report weekly/monthly presenting to the customer.
  • Created and managed DLP Runbook.

CYBER SECURITY ENGINEER

Express Scripts
01.2018 - 10.2019
  • Managed enterprise-wide security tools, including SIEM solutions (Splunk, QRadar), Bluecoat Websense, Trend Micro, and McAfee Endpoint Encryption.
  • Conducted vulnerability scanning and penetration testing using Nessus and Qualys Guard, identifying critical security vulnerabilities.
  • Managed data leakage prevention (DLP) policies, including McAfee's full disk encryption and device control to secure endpoints and sensitive data.
  • Led the deployment of encryption solutions and managed incident response in a 24x7 Security Operations Center (SOC).
  • Provided threat analysis and reporting, contributing to the detection and mitigation of internal and external security risks.
  • Assessed and built a data protection program through data classification skills and a clear understanding of privacy standards and regulation.
  • Installed and managed detection servers and cloud detectors.
  • Deliver the implementation, setup, and management of Symantec DLP.
  • Provide a solutions-driven, customer-centric approach to clients' data-security challenges.
  • Generated compliance and risk score reports for servers through Symantec CCS and remediated them as part of the server hardening project.
  • Performed Single tier Installation of Symantec DLP for test purpose.
  • Also performed two tier and three tier installations.
  • Troubleshot BitLocker Drive Encryption issues.
  • Conducted security assessment by creating test cases and test scenarios against Session management, Cryptography, Sensitive data, Auditing and logging.
  • Experience with Symantec Vontu DLP product.
  • Worked incidents within Vontu and worked with teams to isolate PII.
  • Worked with Symantec DLP version 14.6 and 15.0.
  • Provide DLP support to end users remotely and Onsite.
  • Manage and deployed 3000+ endpoints and 100+ detection servers.
  • Managed DLP Users and their roles.
  • Proficient in Symantec DLP, Forcepoint Suite, McAfee DLP, Office 365 DLP, CASB, Outlook, Salesforce.
  • Installed and configure Network Prevent for Email to protect High confidential data in motion.
  • Installed and Configure Network Prevent for Web to protect Confidential data in motion.
  • Installed and configured Enforce Server Administration console, Network Prevent for Email & Web, Network Discover and Protect, and Mobile protection for Compliance.
  • Analyze network attacks, blocks, detects, and regular Health checkups in environment.
  • Tuned policies for HIPPA, HITECH, PII, PCI, PHI and SOX.
  • Scanned oracle, Microsoft, IBM, and Sybase database.
  • Setup scan for confidential data stored on the endpoint including laptops and desktops in order to inventory, secure, or quarantine data.

INFORMATION TECHNOLOGY SECURITY ENGINEER

AMEX
09.2016 - 11.2017
  • Developed and enforced information security policies to ensure compliance with regulatory standards such as ISO 27001 and FedRAMP.
  • Implemented and configured cloud security solutions, including Netskope CASB, to protect enterprise data across cloud environments.
  • Managed McAfee Drive Encryption and Data Loss Prevention solutions, securing data stored on endpoint devices and removable media.
  • Conducted penetration testing on web and thick client applications to identify vulnerabilities and improve security posture.
  • Supported PCI DSS audits, coordinating with external auditors to ensure compliance and security best practices.
  • Resolved all LAN/WAN connectivity other issues.
  • Analyze Vulnerabilities reports from various scans and assessments by acting on high risk / critical Vulnerabilities to other Vulnerabilities.
  • Management of system security and file system security policies and analyzing systems to determine ways of improving performance.
  • Performed Single tier Installation of Symantec DLP for test purpose.
  • Also performed two tier and three tier installations.
  • Conducting routine checks, warranty claims, hardware failure, replacement, software up-gradation, download patches and hotfixes.
  • Infrastructure deployment from the very basis to complete function and Information Security Policy as per PCI-DSS Audit Compliance.
  • Experience with Symantec Vontu DLP product.
  • Review controls related to various business process of entity for compliance with COSO framework.
  • Responsible for conducting structured security certification and accreditation (C&A) activities utilizing the Risk Management Framework and in compliance with the Federal Information Security Modernization Act (FISMA) requirements.
  • Experience with deployment of Symantec DLP- Endpoint Prevent, Network Prevent for Email, and Network Prevent for Web, Network Discover, and ITA.
  • Performing OS updates and upgrading application.
  • Used Splunk to monitoring/metric collection for applications in a cloud-based environment.
  • Install and configure the Qradar SIEM including all its components, local & or remote log collectors.
  • Worked on SIEM tool Qradar for reporting and data aggregation.
  • Security Audit, Budget Violation, Operational Violation, Best practice check in client AWS environment.

Education

Master of Science - information technology management

Campbellsville University
Campbellsville, KY, India
11.2018

Skills

  • Qualys continuous monitoring
  • Vulnerability management
  • Web application scanning
  • Threat protect
  • Policy compliance
  • Cloud agents
  • Asset management
  • Governance
  • Risk management and compliance
  • McAfee Data Loss Prevention (DLP)
  • Symantec DLP
  • FireEye CMS
  • Cisco FMC1500
  • FMC2000
  • FMC3500
  • Tcpdump
  • RSA Archer
  • Blue Coat Proxy
  • ArcSight
  • LogRhythm
  • Metasploit
  • Kali
  • NIST SP 800-171
  • ISO 27001/31000
  • HIPPA
  • HITRUST CSF
  • PCI DSS
  • WhiteHat Web Security
  • IDefence
  • NTT Security
  • McAfee Nitro (SIEM)
  • McAfee ePO
  • McAfee Endpoint Protection Suite
  • IBM QRadar security manager
  • IBM Qradar 732
  • QualysMacAfee nitro
  • Data loss preventionIBM QRadar
  • Incident responseMcAfee Vulnerability management solutions
  • Security policy managementSolarWinds
  • Security operationsCyberArk
  • NmapTripwire
  • WiresharkSymantec Endpoint Security
  • SplunkWAF (Fortinet fortiweb)
  • SnortImperva
  • ZenmapCheckpoint
  • OpenAppIDASA
  • PfsenseWindows2008
  • Palto AltoWindows-2012 Checkpoint firewallUNIX
  • VPNLinux
  • VMwareUbuntu
  • Microsoft SQL ServerMalware analysis
  • MYSQL workbenchCybersecurity frameworks
  • Microsoft Office SuiteSecurity awareness training
  • Microsoft Office 365Disaster recovery planning
  • NetFlow integratorAccess control
  • SolarwindsSecurity information and event management

Personal Information

  • Title: Cyber Security Engineer/ Cyber security analyst
  • Visa Status: GC-EAD(I don’t need sponsorship)

Preferred Work Location

Remote/ Hybrid

Technical Acumen

  • Qualys continuous monitoring
  • Vulnerability management
  • Web application scanning
  • Threat protect
  • Policy compliance
  • Cloud agents
  • Asset management
  • Governance
  • Risk management and compliance
  • McAfee Data Loss Prevention (DLP)
  • Symantec DLP
  • FireEye CMS
  • Cisco FMC1500
  • FMC2000
  • FMC3500
  • Tcpdump
  • RSA Archer
  • Blue Coat Proxy
  • ArcSight
  • LogRhythm
  • Metasploit
  • Kali
  • NIST SP 800-171
  • ISO 27001/31000
  • HIPAA
  • HITRUST CSF
  • PCI DSS
  • WhiteHat Web Security
  • IDefence
  • NTT Security
  • McAfee Nitro (SIEM)
  • McAfee ePO
  • McAfee Endpoint Protection Suite
  • IBM QRadar security manager
  • IBM Qradar 7.3.2
  • Incident response
  • Security policy management
  • SolarWinds
  • Security operations
  • CyberArk
  • Nmap
  • Tripwire
  • Wireshark
  • Symantec Endpoint Security
  • Splunk
  • WAF (Fortinet fortiweb)
  • Snort
  • Imperva
  • Zenmap
  • Checkpoint
  • OpenAppID
  • ASA
  • Pfsense
  • Windows 2008
  • Palto Alto
  • Windows-2012
  • Checkpoint firewall
  • UNIX
  • VPN
  • Linux
  • VMware
  • Ubuntu
  • Microsoft SQL Server
  • Malware analysis
  • MYSQL workbench
  • Cybersecurity frameworks
  • Microsoft Office Suite
  • Security awareness training
  • Microsoft Office 365
  • Disaster recovery planning
  • NetFlow integrator
  • Access control
  • Solarwinds
  • Security information and event management

Timeline

CYBERSECURITY ENGINEER / SECURITY ANALYST

Brown Brothers Harriman
08.2021 - Current

SYMANTEC ENDPOINT PROTECTION ADMINISTRATOR & CYBERSECURITY ANALYST

DTE Energy
11.2019 - 07.2021

CYBER SECURITY ENGINEER

Express Scripts
01.2018 - 10.2019

INFORMATION TECHNOLOGY SECURITY ENGINEER

AMEX
09.2016 - 11.2017

Master of Science - information technology management

Campbellsville University

Similar Profiles

  • Keshav Bagratee

    Keshav BagrateeKeshav Bagratee

    Client Service Supervisor, Alternative Funds at Brown Brothers Harriman (Luxembourg) S.A.Client Service Supervisor, Alternative Funds at Brown Brothers Harriman (Luxembourg) S.A.

  • GRACE MOELLER

    GRACE MOELLERGRACE MOELLER

    Cost Accounting Specialist at Brown Brothers HarrimanCost Accounting Specialist at Brown Brothers Harriman

  • cheryl Lynch

    cheryl Lynchcheryl Lynch

    Senior Business Analyst at Brown Brothers HarrimanSenior Business Analyst at Brown Brothers Harriman

  • John Kwesi Mensah

    John Kwesi MensahJohn Kwesi Mensah

    Psychiatric Nurse at Carle Health Methodist HospitalPsychiatric Nurse at Carle Health Methodist Hospital

  • DEBORAH J. BRINE

    DEBORAH J. BRINEDEBORAH J. BRINE

    Accounts Payable Specialist at Winchester Interconnect CM CorpAccounts Payable Specialist at Winchester Interconnect CM Corp

CREATE PROFILE
Syed Ahmed