IT/Cyber security professional with 10 years’ experience in various domains of security. Graduated with BSc Honors in Software engineering & Computing Oxford Brookes University, UK. Seeking a challenging position as an IT/Cyber security specialist with a company that promotes learning and growth and needs a highly motivated and skilled employee.
Overview
12
12
years of professional experience
1
1
Certification
Work History
Lead Engineer (Manager)
Cyber Security Office // Synapxe
11.2020 - Current
Project Management (09-11-2020 – 31-12-2022)
Management of EDR solution’s deployment across public healthcare systems as part of advanced security operation center project
Meet the stake holder expectation by assuring diligent service provided
Regular review of vendor’s work progress to ensure that SLA expectations are met
Active involvement in issue resolution pertaining to deployment
Security risk assessment
Review security tests, audits and reviews conducted, to assess gaps identified and measures proposed to address the gaps.
Propose countermeasures where necessary.
Oversee the implementation of such measures.
Perform on-going risk assessments of security gaps surfaced in IT projects/systems.
Security Operations (Cloud) management (01-01-2023 to Current)
Provide inputs to improve security monitoring rules and alerts.
Document processes related to security monitoring.
Participate in change advisory boards for security related changes, including reviewing on-going requests for security configuration changes. Propose improvements required.
Audit projects (Trusted advisor and Security hub for AWS)
Monitoring and maintenance of various Web application firewalls (Imperva and AWS)
Operational maintenance of next generation firewalls (Palo Alto and FortiGate)
Vulnerability management (Tenable)
Standards and Procedures
Review or prepare SOPs to support security operations management.
Software Assessment
Assessment and review of new softwares and latest versions of existing ones
Decision making based on license type, functionalities, business justification and vulnerability check
Strategic Security Advisor
Proficio
03.2020 - 10.2020
First point of contact for clients, key business and IT stakeholders
Create and integrate new process for new services such as integrating the EDR services into SOC operations
Review technical security posture for existing and newly acquired businesses or services
Technical liaison between Proficio and its customers
Help customers achieve their business goals and outcomes by providing timely, proactive recommendations that will benefits customers’ on-going usage of Proficio’s Services
Develop relationships with key business and IT stakeholders and become an expert on a customer’s implementation by understanding their top business goals and priorities
Provide problem resolutions, advice, proposals, technical presentations, and other customer communications
Utilizing technical expertise, recommend SIEM use cases, tuning, reports and operational procedure to ensure that clients are getting the most value possible from their services
Handle advisories, ensuring they are handled properly and correctly
Identify, prioritize and ensure resolution of client issues/concerns; coordinate with appropriate internal departments to provide response and/or solutions
Cyber Security Engineer
DBS (NTT DATA Contract)
03.2019 - 03.2020
As a cyber security engineer in SOC:
Performing health check of DLP servers
Amendment (change management) of existing DLP rules upon request by CISO
Logs extraction from SIEM (QRadar)
Password retrieval from Cyber Ark (Privileged Account Security)
Developed use cases for Exabeam (User and entity behavior analytics-UEBA) to detect insider threat
Co-ordination with vendors during various phases of correlation rules creation for use cases
Preparation of monthly compliance and usage reports for stakeholders
Security Engineer (Log Management)-Level2
Dimension Data
01.2018 - 03.2019
Information and Event Management using ArcSight SIEM (ArcSight logger appliances and ArcSight connector appliances (Management centers).
-Formulated and configured logger and connector appliances during the build phase.
-Hardened the appliances as per the guidelines of security audit firm to meet client’s expectation
-Maintain SIEM operations and document current environment.
-Manage, upgrade and maintain operational data flow and ArcSight platforms
PAR (privileged activity review)-Own and co-ordination execution of processes to ensure review of in-scope system logs, relating to privileged activity and subjected to review by the Compliance Monitoring team.
DLP (Data leakage prevention) - Own and co-ordination execution of processes to ensure in scope DLP violations are subjected to review by the Compliance Monitoring team.
Ensure that issues/risks identified during operation activities are managed, and where appropriate escalated to service operations lead to ensure appropriate governance and remedial actions
Identify skill enhancement and training requirements within the team to ensure good capabilities within PAR/DLP
Assisting Cyber security project team to deliver incremental improvements across PAR/ DLP
Supporting Cyber security operations team during major security incidents and providing subject matter expertise
Overall administration of reviews (via RSA archer) related to risk and compliance data of PAR and DLP
Overall administration of DLP reviews (via Symantec data loss prevention)
Performing report generation and data search in Splunk (SIEM tool) on ad hoc basis
Manage stakeholder’s expectations related to different platforms (Unix, Windows, Database, CyberArk, Business Applications, Network)
Adherence to regulatory rules of various authorities (MAS, HKMA & FINMA)
Security Analyst
NEC Asia Pacific Pte Ltd
01.2016 - 11.2016
Information and event management using MacAfee SIEM (MacAfee ESM (9.6.0))
- Logs Reviewing of various devices
- Correlation rules Management
- Device configuration in ESM console
Management of Web Orion Defacement Monitor
-Website Defacement Monitoring of URLs
-Escalations via phone and email regarding the downtime and changes of websites to clients
Preparing Monthly Security incidents report for client submission
Reviewing Security advisories and updating clients
Supporting 24
7 SOC (Security operation center) operations
Performing security escalations via phone and email to clients within SLA
Handling of incident ticket using iTop
-Provides escalation assistance to the team, acts as an escalation point and owns escalated incidents
Security Analyst
Accenture Pte Ltd
07.2014 - 12.2015
Information and Event Management using ArcSight SIEM (ArcSight express, ArcSight logger and ArcSight connector.
-Generating reports from ArcSight express and logger
-ArcSight correlation rule's management
-Real time monitoring of high priority events
-Flex connector creation
-Remote Management of ArcSight appliances using iLO
Privileged account security management using CyberArk
-Enrolling of Unix accounts and Windows accounts to cyber ark
-Preparation of privileged accounts usage and activity reports
-Policy management
-Conducting cyber ark's DR replication exercise
-Password Vault web access URL management
-Storing sensitive information to safes
Identity Management (IAM) using Oracle Identity federation, Oracle access manager, Oracle Internet directory and Oracle identity manager.
RSA Console management in terms of live monitoring of authentication events, RSA token status and report generation.
Enforcing the usage of iron key (Encrypted flash drives), cable lock and digital signature to prevent data loss (DLP)
Network Analyst
Citi Bank (Comtel Pte Ltd contract)
12.2012 - 07.2014
Perform event and fault management of the firm’s network infrastructure for the Americas, Europe, Africa, and Asia Pacific regions through the Smarts NMS (Network Management System).
Provide rapid response to alerts in order to execute proactive NMS based support model.
Perform highly effective event and fault management of the firm’s network infrastructure for the Americas, EMEA, and Asia Pacific regions through the Smarts NMS (Network Management System).
Mitigate potential or current business impact by taking immediate action.
Introspectively review operating procedures, daily support practices, major incident support, etc. and provide feedback.
Troubleshooting skills in Routers, Switches & WAN accelerator (Cisco, Juniper &Riverbed)
Possess basic knowledge of enterprise TCP/IP communications; knowledge of standard Ethernet media types: Fast Ethernet, Gigabit and Ten Gigabit.; knowledge of Cisco routers and switches, WANs, (T1, T3, MPLS); knowledge of the following routing protocols: EIGRP, BGP, OSPF, RIP.
Education
BSc Honors - Software engineering & Computing
Oxford Brookes University
United Kingdom
01.2011
Diploma - Mobile wireless computing
Temasek Polytechnic
Singapore
01.2007
GCE ‘A’ level -
MKM HSS
India
01.2004
Skills
ELK (Elasticsearch, Logstash, Kibana) SIEM
UEBA (User and entity behavior Analytics) - Exabeam
PAM (Privileged Access Management) – Cyber Ark
IAM (Identity Access management) – OAM, OIF, OID & OIM
Director Cyber Security Response Policy at National Office of Cyber Security - Department of Home AffairsDirector Cyber Security Response Policy at National Office of Cyber Security - Department of Home Affairs
Armed Officer at AGB Investigative Services I Chicago Security Guards & Cyber Security ServiceArmed Officer at AGB Investigative Services I Chicago Security Guards & Cyber Security Service